Lingling Lu,Zhenyu Wen,Ye Yuan,Binru Dai,Peng Qian,Changting Lin,Qinming He,Zhenguang Liu,Jianhai Chen,Rajiv Ranjan

DOI: https://doi.org/10.1109/tdsc.2022.3228908

2023-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Blockchain, a distributed and shared ledger, provides a credible and transparent solution to increase application auditability by querying the immutable records written in the ledger. Unfortunately, existing query APIs offered by the blockchain are inflexible and unscalable. Some studies propose off-chain solutions to provide more flexible and scalable query services. However, the query service providers (SPs) may deliver fake results without executing the real computation tasks and collude to cheat users. In this article, we propose a novel intelligent blockchain analytics platform termed iQuery , in which we design a game theory based smart contract to ensure the trustworthiness of the query results at a reasonable monetary cost. Furthermore, the contract introduces the second opinion game that employs a randomized SP selection approach coupled with non-ordered asynchronous querying primitive to prevent collusion. We achieve a fixed price equilibrium, destroy the economic foundation of collusion, and can incentivize all rational SPs to act diligently with proper financial rewards. In particular, iQuery can flexibly support semantic and analytical queries for generic consortium or public blockchains, achieving query scalability to massive blockchain data. Extensive experimental evaluations show that iQuery is significantly faster than state-of-the-art systems. Specifically, in terms of the conditional, analytical, and multi-origin query semantics, iQuery is 2 ×, 7 ×, and 1.5 × faster than advanced blockchain and blockchain databases. Meanwhile, to guarantee 100% trustworthiness, only two copies of query results need to be verified in iQuery , while iQuery 's latency is $2 \sim 134$ × smaller than the state-of-the-art systems.

Shiming Wang,Liyao Xiang,Bowei Cheng,Zhe Ji,Tianran Sun,Xinbing Wang

DOI: https://doi.org/10.1145/3658644.3690367

2024-11-26

Abstract:A surge in data-driven applications enhances everyday life but also raises serious concerns about private information leakage. Hence many privacy auditing tools are emerging for checking if the data sanitization performed meets the privacy standard of the data owner. Blackbox auditing for differential privacy is particularly gaining popularity for its effectiveness and applicability to a wide range of scenarios. Yet, we identified that blackbox auditing is essentially flawed with its setting: small probabilities or densities are ignored due to inaccurate observation. Our argument is based on a solid false positive analysis from a hypothesis testing perspective, which is missed out by prior blackbox auditing tools. This oversight greatly reduces the reliability of these tools, as it allows malicious or incapable data curators to pass the auditing with an overstated privacy guarantee, posing significant risks to data owners. We demonstrate the practical existence of such threats in classical differential privacy mechanisms against four representative blackbox auditors with experimental validations. Our findings aim to reveal the limitations of blackbox auditing tools, empower the data owner with the awareness of risks in using these tools, and encourage the development of more reliable differential privacy auditing methods.

Cryptography and Security

Faisal Hamman,Jiahao Chen,Sanghamitra Dutta

DOI: https://doi.org/10.1145/3593013.3594086

2023-06-06

Abstract:Existing regulations prohibit model developers from accessing protected attributes (gender, race, etc.), often resulting in fairness assessments on populations without knowing their protected groups. In such scenarios, institutions often adopt a separation between the model developers (who train models with no access to the protected attributes) and a compliance team (who may have access to the entire dataset for auditing purposes). However, the model developers might be allowed to test their models for bias by querying the compliance team for group fairness metrics. In this paper, we first demonstrate that simply querying for fairness metrics, such as statistical parity and equalized odds can leak the protected attributes of individuals to the model developers. We demonstrate that there always exist strategies by which the model developers can identify the protected attribute of a targeted individual in the test dataset from just a single query. In particular, we show that one can reconstruct the protected attributes of all the individuals from O(Nk \log( n /Nk)) queries when Nk<<n using techniques from compressed sensing (n: size of the test dataset, Nk: size of smallest group). Our results pose an interesting debate in algorithmic fairness: should querying for fairness metrics be viewed as a neutral-valued solution to ensure compliance with regulations? Or, does it constitute a violation of regulations and privacy if the number of queries answered is enough for the model developers to identify the protected attributes of specific individuals? To address this supposed violation, we also propose Attribute-Conceal, a novel technique that achieves differential privacy by calibrating noise to the smooth sensitivity of our bias query, outperforming naive techniques such as the Laplace mechanism. We also include experimental results on the Adult dataset and synthetic data.

Machine Learning,Artificial Intelligence,Cryptography and Security,Computers and Society

Jeremiah Blocki,Nicolas Christin,Anupam Datta,Ariel D. Procaccia,Arunesh Sinha

DOI: https://doi.org/10.48550/arXiv.1303.0356

2013-03-06

Abstract:Effective enforcement of laws and policies requires expending resources to prevent and detect offenders, as well as appropriate punishment schemes to deter violators. In particular, enforcement of privacy laws and policies in modern organizations that hold large volumes of personal information (e.g., hospitals, banks, and Web services providers) relies heavily on internal audit mechanisms. We study economic considerations in the design of these mechanisms, focusing in particular on effective resource allocation and appropriate punishment schemes. We present an audit game model that is a natural generalization of a standard security game model for resource allocation with an additional punishment parameter. Computing the Stackelberg equilibrium for this game is challenging because it involves solving an optimization problem with non-convex quadratic constraints. We present an additive FPTAS that efficiently computes a solution that is arbitrarily close to the optimal solution.

Computer Science and Game Theory,Cryptography and Security

Ya-Ting Yang,Tao Zhang,Quanyan Zhu

2024-04-25

Abstract:Privacy-preserving AI algorithms are widely adopted in various domains, but the lack of transparency might pose accountability issues. While auditing algorithms can address this issue, machine-based audit approaches are often costly and time-consuming. Herd audit, on the other hand, offers an alternative solution by harnessing collective intelligence. Nevertheless, the presence of epistemic disparity among auditors, resulting in varying levels of expertise and access to knowledge, may impact audit performance. An effective herd audit will establish a credible accountability threat for algorithm developers, incentivizing them to uphold their claims. In this study, our objective is to develop a systematic framework that examines the impact of herd audits on algorithm developers using the Stackelberg game approach. The optimal strategy for auditors emphasizes the importance of easy access to relevant information, as it increases the auditors' confidence in the audit process. Similarly, the optimal choice for developers suggests that herd audit is viable when auditors face lower costs in acquiring knowledge. By enhancing transparency and accountability, herd audit contributes to the responsible development of privacy-preserving algorithms.

Cryptography and Security,Computer Science and Game Theory

Qingxuan Wang,Chi Cheng,Rui Xu,Jintai Ding,Zhe Liu

DOI: https://doi.org/10.1109/TSC.2020.3041324

IF: 11.019

2022-01-01

IEEE Transactions on Services Computing

Abstract:Recently, Zhang et al. proposed a lattice-based data outsourcing scheme with public integrity verification (DOPIV), which enables an original data owner to delegate a proxy to generate the signatures of data and outsource them to the cloud server. They employed a third party auditor (TPA) to check the integrity of the outsourced data and any TPA can verify the data integrity efficiently. DOPIV is claimed to achieve proxy-oriented secure data outsourcing as well as storage correctness guarantee. Unfortunately, we find that there exist vulnerabilities in DOPIV which allow the cloud server to simply delete the received data without being noticed by the TPA. Fortunately, we come up with a simple and efficient solution to thwart the proposed attack. Our improved scheme maintains all the features claimed in DOPIV.

Jie Zhao,Hejiao Huang,Chonglin Gu,Zhongyun Hua,Xiaojun Zhang

DOI: https://doi.org/10.1109/jsyst.2021.3125835

IF: 4.802

2021-01-01

IEEE Systems Journal

Abstract:In real-world scenarios, in order to encourage one to report others crimes, judicial department usually rents independent cloud storage spaces to receive the precious evidences from whistleblowers. Since the uploaded data are not controlled by cloud users, remote data integrity is very important. Public cloud auditing enables an auditor to periodically check the integrity of outsourcing data on behalf of users, without retrieving the entire data file. However, most existing data auditing schemes have potential security vulnerabilities, and thus cannot defense many security attacks (e.g., the man-in-the-middle attack). Meanwhile, it is significant to protect whistleblowers identity privacy, reward the real data uploader, and further trace the responsibility of slanders accurately. From the aforementioned requirements, we present an efficient blockchain-assisted conditional anonymity privacy-preserving public auditing (BA-CAPPPA) scheme with reward mechanism. The Ethereum blockchain is integrated into BA-CAPPPA to enhance the security level of the whole public auditing mechanism. Theoretical analysis results show that the BA-CAPPPA achieves man-in-the-middle attack resistance, storage correctness guarantee, data privacy-preservation, conditional identity anonymity, and reward mechanism. Performance evaluations and comparisons demonstrate that BA-CAPPPA could outperform some state-of-the-art data auditing schemes.

computer science, information systems,telecommunications,engineering, electrical & electronic,operations research & management science

Jianming Du,Guofang Dong,Juangui Ning,Zhengnan Xu,Ruicheng Yang

DOI: https://doi.org/10.1038/s41598-024-58325-y

IF: 4.6

2024-03-31

Scientific Reports

Abstract:With the continuous development of cloud computing, the application of cloud storage has become more and more popular. To ensure the integrity and availability of cloud data, scholars have proposed several cloud data auditing schemes. Still, most need help with outsourced data integrity, controlled outsourcing, and source file auditing. Therefore, we propose a controlled delegation outsourcing data integrity auditing scheme based on the identity-based encryption model. Our proposed scheme allows users to specify a dedicated agent to assist in uploading data to the cloud. These authorized proxies use recognizable identities for authentication and authorization, thus avoiding the need for cumbersome certificate management in a secure distributed computing system. While solving the above problems, our scheme adopts a bucket-based red–black tree structure to efficiently realize the dynamic updating of data, which can complete the updating of data and rebalancing of structural updates constantly and realize the high efficiency of data operations. We define the security model of the scheme in detail and prove the scheme's security under the difficult problem assumption. In the performance analysis section, the proposed scheme is analyzed experimentally in comparison with other schemes, and the results show that the proposed scheme is efficient and secure.

multidisciplinary sciences

Karan Chadha,Matthew Jagielski,Nicolas Papernot,Christopher Choquette-Choo,Milad Nasr

2024-02-15

Abstract:Differential privacy (DP) offers a theoretical upper bound on the potential privacy leakage of analgorithm, while empirical auditing establishes a practical lower bound. Auditing techniques exist forDP training algorithms. However machine learning can also be made private at inference. We propose thefirst framework for auditing private prediction where we instantiate adversaries with varying poisoningand query capabilities. This enables us to study the privacy leakage of four private prediction algorithms:PATE [Papernot et al., 2016], CaPC [Choquette-Choo et al., 2020], PromptPATE [Duan et al., 2023],and Private-kNN [Zhu et al., 2020]. To conduct our audit, we introduce novel techniques to empiricallyevaluate privacy leakage in terms of Renyi DP. Our experiments show that (i) the privacy analysis ofprivate prediction can be improved, (ii) algorithms which are easier to poison lead to much higher privacyleakage, and (iii) the privacy leakage is significantly lower for adversaries without query control than thosewith full control.

Cryptography and Security

Chao Li,Gerome Miklau

DOI: https://doi.org/10.48550/arXiv.1202.3807

2012-02-16

Databases

Abstract:We propose a novel mechanism for answering sets of count- ing queries under differential privacy. Given a workload of counting queries, the mechanism automatically selects a different set of "strategy" queries to answer privately, using those answers to derive answers to the workload. The main algorithm proposed in this paper approximates the optimal strategy for any workload of linear counting queries. With no cost to the privacy guarantee, the mechanism improves significantly on prior approaches and achieves near-optimal error for many workloads, when applied under (\epsilon, \delta)-differential privacy. The result is an adaptive mechanism which can help users achieve good utility without requiring that they reason carefully about the best formulation of their task.

Songrun Yang,Jinyong Chang

DOI: https://doi.org/10.1007/s10586-023-04239-9

2024-02-14

Cluster Computing

Abstract:In recent years, cloud storage services have risen widely, and how to ensure the integrity of outsourced data in cloud setting catches more and more attention. Kinds of integrity auditing protocols, additionally attaching tags on original data file, have been proposed. In order to compress the storage and communication overheads, Yang et al. presented a compressive auditing technique, which is identity-based and quantum computing resistant. Note that Yang et al. also claimed that their protocol is "suitable" for outsourcing auditing process to third party auditor (TPA). However, in this paper, we first pointed out that Yang et al.'s compressive protocol is essentially private auditing since the data owner needs to confidential transmit secret value to TPA. In fact, if TPA shares this value to cloud service provider (CSP), then Yang et al.'s scheme will become completely insecure. Then, we propose a new identity-based protocol, which is based on lattice and thus still secure in future quantum computing. Meanwhile, our proposed protocol belongs to public auditing instead of private auditing. Finally, we analyze the performance of our proposed protocol, which shows that it is competitive in the cloud storage applications.

computer science, information systems, theory & methods

Hao Yan,Yanan Liu,Zheng Zhang,Qian Wang

DOI: https://doi.org/10.1155/2021/6639634

IF: 1.968

2021-05-27

Security and Communication Networks

Abstract:Cloud computing is a fast-growing technology which supplies scalable, innovative, and efficient business models. However, cloud computing is not fully trusted, and the security of the data outsourced in cloud storage needs to be guaranteed. One of the hottest issues is how to ensure the integrity of the data in cloud storage. Until now, many researchers have proposed lots of provable data possession (PDP) schemes to deal with the problem of data integrity audition. Nevertheless, very little effort has been devoted to preserve the data uploader’s privacy while auditing the integrity of data shared in a group. To overcome the shortcoming, we propose a novel certificateless PDP protocol to efficiently audit the integrity of data shared in a workgroup with user privacy preserving. Due to the inherent structural advantage of the certificateless crypto mechanism, our PDP scheme eliminates the key escrow problem and the certificate management problem simultaneously. Moreover, the audition process in our scheme does not need any user’s identity which helps to keep the anonymity of data uploader. We give for our scheme a detailed security proof and efficiency analysis. Experiment results of performance evaluation demonstrate that our new scheme is very efficient and feasible.

computer science, information systems,telecommunications

Xin Wang,Xiaojun Zhang,Xinpeng Zhang,Yinbin Miao,Jingting Xue

DOI: https://doi.org/10.1109/tsc.2023.3315972

IF: 11.019

2023-01-01

IEEE Transactions on Services Computing

Abstract:Cloud storage provides Data Owners (DOs) with flexible data storage and management services, but simultaneously poses various security concerns, of which the integrity of outsourced data, as the most important security issue, determines the widespread use of cloud storage services. In this article, we present an $\mathbf {\overline{A}}$ nonymous $\mathbf {\overline{A}}$ uthorized $\mathbf {\overline{A}}$ uditing scheme over $\mathbf {\overline{K}}$ eyword-based $\mathbf {\overline{S}}$ earchable $\mathbf {\overline{C}}$ iphertexts (AAA-KSC) in cloud storage systems. In AAA-KSC, we devise an anonymous authorization mechanism, only the designated Third Party Auditor (TPA) could decrypt DO's identity and execute auditing tasks. In particular, by utilizing the verification metadata, without breaking the privacy of DO's concerned keyword, TPA could check the integrity of outsourced ciphertexts containing the specific keyword. More attractively, we design an identity-based homomorphic signature algorithm that makes use of the polynomial encapsulation mechanism to tackle with large scale data files, and thus AAA-KSC enables TPA to fulfil integrity verification with nearly constant computational costs, which are independent of the number of encrypted files that contain the same keyword. We provide the correctness, and prove that AAA-KSC is adequately secure. The performance evaluation experimentally demonstrates the high efficiency and feasibility of AAA-KSC in the real applications of cloud storage systems.

Yingjiu Li,Lingyu Wang,Xiaoyang Sean Wang,Sushil Jajodia

DOI: https://doi.org/10.1007/3-540-47961-9_38

2002-01-01

Abstract:In this paper we study the feasibility of auditing interval-based inference. Sensitive information about individuals is said to be compromised if an accurate enoughin terval, called inference interval, is obtained into which the value of the sensitive information must fall. Compared with auditing exact inference that is traditionally studied, auditing interval-based inference is more complicated. Existing auditing methods such as audit expert do not apply to this case. Our result shows that it is intractable to audit interval-based inference for bounded integer values; while for bounded real values, the auditing problem is polynomial yet involves complicated computation of mathematical programming. To further examine the practicability of auditing interval-based inference, we classify various auditing methods into three categories: exact auditing, optimistic auditing, and pessimistic auditing. We analyze the trade-offs that can be achieved by these methods among various auditing objectives: inference security, database usability, and auditing complexity.

Lu Li,Xufeng Jiang,Fei Zhu,An Liu

DOI: https://doi.org/10.1007/978-981-15-3281-8_9

2020-01-01

Abstract:In the cloud computing paradigm, data owners could outsource their databases to the service provider, and thus reap huge benefits from releasing the heavy storage and management tasks to the cloud server. However, sensitive data, such as medical or financial records, should be encrypted before uploading to the cloud server. Unfortunately, this will introduce new challenges to data utilization. In this paper, we study the problem of skyline queries in a way that data privacy for both data owner and the client is preserved. We propose a hybrid protocol via additively homomorphic encryption system and Yao’s garbled circuits. By taking advantages of Yao’s protocol, we design a highly improved protocol which can be used to determine the skyline point and exclude the points dominated by others in an oblivious way. Based on this subroutine, we construct a fully secure protocol for skyline queries. We theoretically prove that the protocols are secure in the semi-honest model. Through analysis and extensive experiments, we demonstrate the efficiency and scalability of our proposed solutions.

Cong Wang,Qian Wang,Kui Ren,Wenjing Lou

DOI: https://doi.org/10.1109/tc.2011.245

2013-01-01

Abstract:Cloud Computing is the long dreamed vision of computing as a utility, where users can remotely store their data into the cloud so as to enjoy the on-demand high quality applications and services from a shared pool of configurable computing resources. By data outsourcing, users can be relieved from the burden of local data storage and maintenance. However, the fact that users no longer have physical possession of the possibly large size of outsourced data makes the data integrity protection in Cloud Computing a very challenging and potentially formidable task, especially for users with constrained computing resources and capabilities. Thus, enabling public auditability for cloud data storage security is of critical importance so that users can resort to an external audit party to check the integrity of outsourced data when needed. To securely introduce an effective third party auditor (TPA), the following two fundamental requirements have to be met: 1) TPA should be able to efficiently audit the cloud data storage without demanding the local copy of data, and introduce no additional on-line burden to the cloud user; 2) The third party auditing process should bring in no new vulnerabilities towards user data privacy. In this paper, we utilize and uniquely combine the public key based homomorphic authenticator with random masking to achieve the privacy-preserving public cloud data auditing system, which meets all above requirements. To support efficient handling of multiple auditing tasks, we further explore the technique of bilinear aggregate signature to extend our main result into a multi-user setting, where TPA can perform multiple auditing tasks simultaneously. Extensive security and performance analysis shows the proposed schemes are provably secure and highly efficient.

Yubo Zhao,Jinyong Chang

DOI: https://doi.org/10.1016/j.comnet.2022.109270

IF: 5.493

2022-10-24

Computer Networks

Abstract:In recent years, cloud storage has become an attractive service for data owners to store their personal data. Since they lose physical control of their data, it is necessary to regularly audit its integrity. The public auditing technique is very popular because it is suitable to outsource the auditing task to any third-party auditor, who has professional knowledge on auditing. However in many practical scenarios, the data owner may expect some designated verifier (instead of any) to audit its data. Thus, the public auditing scheme with designated verifier was proposed. In order to further reduce the cost of managing certificates, and to avoid the dependence on public key infrastructure, identity-based auditing scheme with designated verifier was recently proposed. Nevertheless, the proposed identity-based auditing scheme still suffers from the key escrow attack the risk of privacy leakage. In this paper, for the first time, we propose a certificateless public auditing protocol with designated verifier privacy-preserving property. More concretely, it can not only protect the privacy of the stored data against the designated verifier, but also resolve key escrow problem existed in identity-based technique. Its security is based on the Computational Diffie–Hellman and Weil Diffie–Hellman assumptions. Finally, the performance analysis experimental results of the proposed protocol show that our auditing scheme is efficient feasible to applications in real life.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Songrui Wu,Qi Li,Guoliang Li,Dong Yuan,Xingliang Yuan,Cong Wang

DOI: https://doi.org/10.1109/icde.2019.00062

2019-01-01

Abstract:Data outsourcing to cloud has been a common IT practice nowadays due to its significant benefits. Meanwhile, security and privacy concerns are critical obstacles to hinder the further adoption of cloud. Although data encryption can mitigate the problem, it reduces the functionality of query processing, e.g., disabling SQL queries. Several schemes have been proposed to enable one-dimensional query on encrypted data, but multi-dimensional range query has not been well addressed. In this paper, we propose a secure and scalable scheme that can support multi-dimensional range queries over encrypted data. The proposed scheme has three salient features: (1) Privacy: the server cannot learn the contents of queries and data records during query processing. (2) Efficiency: we utilize hierarchical cubes to encode multi-dimensional data records and construct a secure tree index on top of such encoding to achieve sublinear query time. (3) Verifiability: our scheme allows users to verify the correctness and completeness of the query results to address server's malicious behaviors. We perform formal security analysis and comprehensive experimental evaluations. The results on real datasets demonstrate that our scheme achieves practical performance while guaranteeing data privacy and result integrity.

Jaya Rao Gudeme,Syamkumar Pasupuleti,Ramesh Kandukuri

DOI: https://doi.org/10.1016/j.jpdc.2021.06.001

IF: 4.542

2021-10-01

Journal of Parallel and Distributed Computing

Abstract:With the increasing popularity of data sharing among users of a group in clouds, shared data auditing has become an important issue in the cloud auditing field. To address this issue, many shared data auditing schemes have been proposed in the literature based on either public key infrastructure (PKI) or identity-based cryptography (IBC). However, these schemes suffer from issues of complex certificate management or key escrow problem. To address these problems, recently, a certificateless shared auditing scheme was put forward. However, it cannot support data dynamics and does not protect data privacy against a verifier, i.e., the verifier can derive data content when verifying the data integrity, which affects the scheme's security. This paper proposes certificateless privacy preserving public auditing scheme for dynamic shared data with group user revocation in cloud storage (CLPPPA). CLPPPA protects the privacy of data from the verifier by leveraging a random masking technique. Further, CLPPPA also supports shared data dynamics and group user revocation. We formally prove the security of CLPPPA under computational Diffie-Hellman (CDH) and discrete logarithm (DL) assumptions in the Random Oracle Model (ROM). The performance of CLPPPA is evaluated by theoretical analysis, experimental results, and compared with the state-of-the-art ones. The results demonstrate that CLPPPA achieves desirable efficiency.

computer science, theory & methods

Yan Zhu,Gail-Joon Ahn,Hongxin Hu,Stephen S. Yau,Ho G. An,Chang-Jun Hu

DOI: https://doi.org/10.1109/tsc.2011.51

IF: 11.019

2011-01-01

IEEE Transactions on Services Computing

Abstract:In this paper, we propose a dynamic audit service for verifying the integrity of an untrusted and outsourced storage. Our audit service is constructed based on the techniques, fragment structure, random sampling, and index-hash table, supporting provable updates to outsourced data and timely anomaly detection. In addition, we propose a method based on probabilistic query and periodic verification for improving the performance of audit services. Our experimental results not only validate the effectiveness of our approaches, but also show our audit system verifies the integrity with lower computation overhead and requiring less extra storage for audit metadata.