Heng Ye,Jiqiang Liu,Wei Wang,Ping Li,Tong Li,Jin Li

DOI: https://doi.org/10.1016/j.future.2018.03.034

IF: 7.307

2020-01-01

Future Generation Computer Systems

Abstract:A cyber–physical system is a mechanism controlled or monitored by computer-based algorithms, tightly integrated with the internet and its users. Cyber–physical systems such as smart grid, autonomous automobile systems, medical monitoring, process control systems, robotics systems, and automatic pilot avionics will use physical sensors to produce and collect data. Most of the data contains personal information, which is so called privacy, should be carefully protected. How to protect privacy is now a hot-topic not only in academia but also in industry. Differential privacy has been accepted as the privacy concept due to its concise definition and its simple implementation. However, the interactive model cannot achieve differential privacy without data provider’s timely answers, which means data provider should always be attachable. It is unrealistic to keep data provider online due to the risk of data provider be broken will grow rapidly as time goes by. With today’s differential privacy technology, a non-interactive model remains an open problem. To find an alternative, we consider implant whole dataset into a cloud server to provide all the functions instead of data provider. Nonetheless, once the server is compromised, the privacy of the data cannot be guaranteed. It appears that there should be a strong definition, the cloud server is completely trustworthy, before differential privacy can actually be implemented. An intuitive thought to improve this situation is to only upload encrypted datasets. Then, the server could be semi-honest or even fully malicious. Homomorphic encryption can make the encrypted dataset operable, but it requires considerable storage space and bandwidth, which are impractical. We realized that order-preserving encryption is a tradeoff between data utility and practicability. Thus, we propose a novel outsourcing differential privacy data release scheme in cyber–physical system. The proposed scheme allows data providers to outsource their datasets to a cloud service provider with low communication cost. Let the cloud service provider be the host that answers the queries from the data evaluator with noisy results. The data providers can go offline after uploading their encrypted datasets, which is one of the critical requirements for a practical system. In this paper, we present a detailed theoretical analysis, including proofs of differential privacy and security. We also report an experimental evaluation on real datasets.

Kai Fan,Tingting Liu,Kuan Zhang,Hui Li,Yintang Yang

DOI: https://doi.org/10.1016/j.jpdc.2019.09.008

IF: 4.542

2020-01-01

Journal of Parallel and Distributed Computing

Abstract:<p>With the development of computer technology, it makes malicious users more easily get data stored in cloud. However, these data are always related to users' privacy, and it is harmful when the data are acquired by attackers. Ciphertext-policy attribute-based encryption (CP-ABE) is suitable to achieve privacy and security in cloud. In this paper, we put forward a secure and efficient outsourced computation algorithm on data sharing scheme for privacy computing. Existing schemes only outsource decryption computation to the cloud, users still have heavy burden in encryption. In order to reduce the computing burden of users, most encryption and decryption computations are outsourced to the cloud service provider in our construction. At the same time, to apply in practice, we propose efficient user and attribute revocation. Finally, the security analysis and simulation results show that our scheme is secure and efficient compared with existing schemes.</p>

computer science, theory & methods

Alzubair Hassan,Rafik Hamza,Hongyang Yan,Ping Li

DOI: https://doi.org/10.1109/ACCESS.2019.2946202

IF: 3.9

2019-01-01

IEEE Access

Abstract:Cloud computing has been widely applied in numerous applications for storage and data analytics tasks. However, cloud servers engaged through a third party cannot be fully trusted by multiple data users. Thus, security and privacy concerns become the main obstructions to use machine learning services, especially with multiple data providers. Additionally, some recent outsourcing machine learning schemes have been proposed in order to preserve the privacy of data providers. Yet, these schemes cannot satisfy the property of public verifiability. In this paper, we present an efficient privacy-preserving machine learning scheme for multiple data providers. The proposed scheme allows all participants in the system model to publicly verify the correctness of the encrypted data. Furthermore, a unidirectional proxy re-encryption (UPRE) scheme is employed to reduce the high computational costs along with multiple data providers. The cloud server embeds noise in the encrypted data, allowing the analytics to apply machine learning techniques and preserve the privacy of data providers' information. The results and experiments tests demonstrate that the proposed scheme has the ability to reduce computational costs and communication overheads.

Ping Li,Heng Ye,Jin Li

DOI: https://doi.org/10.1007/978-3-319-72389-1_39

2017-01-01

Abstract:Differential privacy has received considerable attention for privacy-preserving machine learning applications. In particular, in the cloud computing environment, data are outsourced from different users. Processing outsourced computations on the joint distribution of multi-party’s data under multiple public keys with differential privacy is a significant and difficult problem. In this paper, we propose a scheme named 1, multi-party security computation with differential privacy over outsourced data ( $$\mathtt {MSCD}$$ ) by using a combination of public-key encryption with a double decryption algorithm (DD-PKE) and $$\epsilon $$ -differential privacy to solve this problem. In our work, the cloud server adds the corresponding different statistical noises according to different queries of the data analyst, which differs from previous works in which noise is added by the data provider. In the random oracle model, our scheme is proven to achieve the goal of outsourced computation on the data sets of multiple parties without privacy leakage.

Ximeng Liu,Baodong Qin,Robert H. Deng,Yingjiu Li

DOI: https://doi.org/10.1109/TSC.2015.2511008

IF: 11.019

2017-01-01

IEEE Transactions on Services Computing

Abstract:In this paper, we propose a new efficient privacy-preserving outsourced computation framework over public data, called EPOC. EPOC allows a user to outsource the computation of a function over multi-dimensional public data to the cloud while protecting the privacy of the function and its output. Specifically, we introduce three types of EPOC in order to tradeoff different levels of privacy protecti...

Wei Wang,Lei Chen,Qian Zhang

DOI: https://doi.org/10.1016/j.comnet.2015.06.014

IF: 5.493

2015-01-01

Computer Networks

Abstract:According to the recent rule released by Health and Human Services (HHS), healthcare data can be outsourced to cloud computing services for medical studies. A major concern about outsourcing healthcare data is its associated privacy issues. However, previous solutions have focused on cryptographic techniques which introduce significant cost when applied to healthcare data with high-dimensional sensitive attributes. To address these challenges, we propose a privacy-preserving framework to transit insensitive data to commercial public cloud and the rest to trusted private cloud. Under the framework, we design two protocols to provide personalized privacy protections and defend against potential collusion between the public cloud service provider and the data users. We derive provable privacy guarantees and bounded data distortion to validate the proposed protocols. Extensive experiments over real-world datasets are conducted to demonstrate that the proposed protocols maintain high usability and scale well to large datasets.

Rishabh Gupta,Ashutosh Kumar Singh

DOI: https://doi.org/10.48550/arXiv.2211.13542

2022-11-24

Abstract:Nowadays, more and more machine learning applications, such as medical diagnosis, online fraud detection, email spam filtering, etc., services are provided by cloud computing. The cloud service provider collects the data from the various owners to train or classify the machine learning system in the cloud environment. However, multiple data owners may not entirely rely on the cloud platform that a third party engages. Therefore, data security and privacy problems are among the critical hindrances to using machine learning tools, particularly with multiple data owners. In addition, unauthorized entities can detect the statistical input data and infer the machine learning model parameters. Therefore, a privacy-preserving model is proposed, which protects the privacy of the data without compromising machine learning efficiency. In order to protect the data of data owners, the epsilon-differential privacy is used, and fog nodes are used to address the problem of the lower bandwidth and latency in this proposed scheme. The noise is produced by the epsilon-differential mechanism, which is then added to the data. Moreover, the noise is injected at the data owner site to protect the owners data. Fog nodes collect the noise-added data from the data owners, then shift it to the cloud platform for storage, computation, and performing the classification tasks purposes.

Cryptography and Security,Machine Learning

Jinxue Zhang,Jingchao Sun,Rui Zhang,Yanchao Zhang,Xia Hu

DOI: https://doi.org/10.1109/INFOCOM.2018.8486242

2018-10-08

Abstract:User-generated social media data are exploding and of high demand in public and private sectors. The disclosure of intact social media data exacerbates the threats to user privacy. In this paper, we first identify a text-based user-linkage attack on current data outsourcing practices, in which the real users in an anonymized dataset can be pinpointed based on the users' unprotected text data. Then we propose a framework for differentially privacy-preserving social media data outsourcing for the first time in literature. Within our framework, social media data service providers can outsource perturbed datasets to provide users differential privacy while offering high data utility to social media data consumers. Our differential privacy mechanism is based on a novel notion of E - text indistinguishability, which we propose to thwart the text-based user-linkage attack. Extensive experiments on real-world and synthetic datasets confirm that our framework can enable high-level differential privacy protection and also high data utility.

Computer Science

Jiayun Yan,Jie Chen,Chen Qian,Anmin Fu,Haifeng Qian

DOI: https://doi.org/10.1016/j.sysarc.2024.103190

IF: 5.836

2024-01-01

Journal of Systems Architecture

Abstract:In cloud computing, the current challenge lies in managing massive data, which is a computationally overburdened environment for data users. Outsourced computation can effectively ease the memory and computation pressure on overburdened data storage. We propose an outsourced unbounded decryption scheme in the standard assumption and standard model for large data settings based on inner product computation. Security analysis shows that it can achieve adaptive security. The scheme involves the data owner transmitting encrypted data to a third-party cloud server, which is responsible for computing a significant amount of data. Then the ripe data is handed over to the data user for decryption computation. In addition, there is no need to give the prior bounds of the length of the plaintext vector in advance. This allows for the encryption algorithm to run without determining the length of the input data before the setup phase, that is, our scheme is on the unbounded setting. Through theoretical analysis, the storage overhead and communication cost of the data users remain independent of the ciphertext size. The experimental results indicate that the efficiency and performance are greatly enhanced, about 0.03S for data users at the expense of increased computing time on the cloud server.

Ximeng Liu,Tengfei Yang,Zhuoran Ma,Jianfeng Ma,Yinbin Miao

DOI: https://doi.org/10.1109/ICC.2019.8761251

2019-01-01

Abstract:With the advances of outsourced computation, the threats of data leakage and loss of computational accuracy over rational domain are attracting increasing concerns. In this paper, we propose a framework for Privacy-preserving Data Sharing and high-accurate outsourced Computation system, referred as PDSC. PDSC system can perform secure data sharing with multiple data providers. Besides, the original data and computed results in the rational field can be securely processed and stored in the cloud without privacy leakage. Specifically, we design privacy-preserving computation protocols over rational numbers to guarantee computational accuracy and handle outsourced operations on-the-fly. Detailed security analysis and experimental results demonstrate that PDSC system is secure and feasible, respectively.

Bing Rao,Zhigang Zhou,Hongli Zhang,Shuofei Tang,Renfu Yao

DOI: https://doi.org/10.1007/978-3-642-35795-4_14

2013-01-01

Abstract:Cloud computation allows the users with limited computing power outsource their data to the cloud of large-scale computing power through payment method. However, the security issue has been always the obstacles to the widely use of the computing outsourcing, especially when the end-user's privacy data need to be processed on the cloud. Secure outsourcing mechanisms are in great need to not only protect privacy information, but also protect customers from malicious behaviors by validating the computation result. A mechanism of general secure computation outsourcing was recently shown to be feasible in theory, but to design mechanisms that are practically efficient is a very challenging problem. General research is based on a basic model. The model we used in this paper including Data Owner (DO), Cloud Service Provider (CSP) and End-User (EU). Focus on considering the DO, CSP and EU. Over-encryption is a good method to protect the security of the users' data. Our proposal is based on the application of selective encryption as a means to enforce authorizations. Two layers of encryption are imposed on the data blocks. This paper talks about the over-encryption mechanism and proposes a novel over-encryption mechanism which can protect the security of the data on the Cloud. Last, we do some experiments to verify the performance of our mechanism. © Springer-Verlag Berlin Heidelberg 2013.

Ping Li,Tong Li,Heng Ye,Jin Li,Xiaofeng Chen,Yang Xiang

DOI: https://doi.org/10.1016/j.future.2018.04.076

IF: 7.307

2018-10-01

Future Generation Computer Systems

Abstract:With the fast development of cloud computing, more and more data storage and computation are moved from the local to the cloud, especially the applications of machine learning and data analytics. However, the cloud servers are run by a third party and cannot be fully trusted by users. As a result, how to perform privacy-preserving machine learning over cloud data from different data providers becomes a challenge. Therefore, in this paper, we propose a novel scheme that protects the data sets of different providers and the data sets of cloud. To protect the privacy requirement of different providers, we use public-key encryption with a double decryption algorithm (DD-PKE) to encrypt their data sets with different public keys. To protect the privacy of data sets on the cloud, we use ϵ -differential privacy. Furthermore, the noises for the ϵ -differential privacy are added by the cloud server, instead of data providers, for different data analytics. Our scheme is proven to be secure in the security model. The experiments also demonstrate the efficiency of our protocol with different classical machine learning algorithms.

Peiyi Tu,Xingjun Wang

DOI: https://doi.org/10.1007/978-981-97-0945-8_22

2024-01-01

Abstract:In recent years, the Database-as-a-Service (DAS) model has become increasingly popular for cost-effective data outsourcing to cloud service providers. To ensure data security and functionality, Searchable Encryption (SE) has been introduced. However, many existing SE schemes unintentionally leak access patterns, posing significant privacy risks. While solutions like Oblivious RAM (ORAM) and Fully Homomorphic Encryption (FHE) can mitigate this, they are computationally intensive, limiting their practicality for large-scale databases. In this paper, we design a dynamic and efficient SE scheme called DPDSE that exploits differential privacy obfuscation of access patterns. Specifically, we obfuscate the ciphertext by deploying Laplace and Randomized Response mechanism. DPDSE strikes a balance between privacy and storage costs, while maintaining compatibility with any SE scheme. We give a formal mathematical proof of the security of DPDSE and conduct experiments on real datasets. The results show that DPDSE is significantly more secure than traditional SE schemes at a storage cost of up to 2.5%.

Tong Li,Zhengan Huang,Ping Li,Zheli Liu,Chunfu Jia

DOI: https://doi.org/10.1016/j.jnca.2017.12.021

IF: 7.574

2018-01-01

Journal of Network and Computer Applications

Abstract:With the diversity of cloud services, remote data services based on the machine learning classification have been provided in many applications including risk assessment and image recognition. In a classification service, a classifier owner that acts a service provider establishes a protocol to allow a user to query for the evaluation of his/her data. However, such an owner has to keep on-line continuously and equip with enough bandwidth and computing resources. Although the owner can outsource the service to a powerful service, there remains a challenge that is protecting the privacy of the data and the classifier. In this paper, we propose a novel scheme for a classifier owner to delegate a remote server to provide the privacy-preserving classification service for users. In the proposed scheme, we design efficient classification protocols for two concrete classifiers respectively. We implement the prototype of the scheme and conduct experiments. The experimental results show that the scheme is practical.

Honglu Jiang,S M Sarwar,Haotian Yu,Sheikh Ariful Islam

DOI: https://doi.org/10.48550/arXiv.2112.07061

2021-12-14

Abstract:Conventional private data publication mechanisms aim to retain as much data utility as possible while ensuring sufficient privacy protection on sensitive data. Such data publication schemes implicitly assume that all data analysts and users have the same data access privilege levels. However, it is not applicable for the scenario that data users often have different levels of access to the same data, or different requirements of data utility. The multi-level privacy requirements for different authorization levels pose new challenges for private data publication. Traditional PPDP mechanisms only publish one perturbed and private data copy satisfying some privacy guarantee to provide relatively accurate analysis results. To find a good tradeoff between privacy preservation level and data utility itself is a hard problem, let alone achieving multi-level data utility on this basis. In this paper, we address this challenge in proposing a novel framework of data publication with compressive sensing supporting multi-level utility-privacy tradeoffs, which provides differential privacy. Specifically, we resort to compressive sensing (CS) method to project a $n$-dimensional vector representation of users' data to a lower $m$-dimensional space, and then add deliberately designed noise to satisfy differential privacy. Then, we selectively obfuscate the measurement vector under compressive sensing by adding linearly encoded noise, and provide different data reconstruction algorithms for users with different authorization levels. Extensive experimental results demonstrate that ML-DPCS yields multi-level of data utility for specific users at different authorization levels.

Cryptography and Security

Ning Zhang,Jianming Zhu

DOI: https://doi.org/10.1007/978-3-319-69644-7_22

2016-01-01

Abstract:Considering of economy, efficiency and security, more and more small and medium economic and social organizations are trying to outsource their growing business data to one or multiple professional storage service providers. But the separation between actual data owners and operator leads the demands for the technology of secure distributed storage. In this condition, we don’t assume that the entity enforcing access control policies is also the owner of data and resources like in traditional access control models. In this paper, we discuss the current state of information security outsourcing and analyze outsourced data security in cloud, access control and secret sharing. And then a new privacy enhanced access control scheme for outsourced data in cloud based on secret share is presented. In this scheme, a sensitive outsourced data can be divided to many shares which are stored in multiple cloud servers separately. Furthermore, the proposed scheme uses several service providers to guarantee the availability of the services. The evaluations demonstrate that our data outsourcing framework is scalable and practical.

David Sánchez,Montserrat Batet

DOI: https://doi.org/10.1016/j.comcom.2017.06.012

2017-07-03

Abstract:Even though cloud computing provides many intrinsic benefits, privacy concerns related to the lack of control over the storage and management of the outsourced data still prevent many customers from migrating to the cloud. Several privacy-protection mechanisms based on a prior encryption of the data to be outsourced have been proposed. Data encryption offers robust security, but at the cost of hampering the efficiency of the service and limiting the functionalities that can be applied over the (encrypted) data stored on cloud premises. Because both efficiency and functionality are crucial advantages of cloud computing, in this paper we aim at retaining them by proposing a privacy-protection mechanism that relies on splitting (clear) data, and on the distributed storage offered by the increasingly popular notion of multi-clouds. We propose a semantically-grounded data splitting mechanism that is able to automatically detect pieces of data that may cause privacy risks and split them on local premises, so that each chunk does not incur in those risks; then, chunks of clear data are independently stored into the separate locations of a multi-cloud, so that external entities cannot have access to the whole confidential data. Because partial data are stored in clear on cloud premises, outsourced functionalities are seamlessly and efficiently supported by just broadcasting queries to the different cloud locations. To enforce a robust privacy notion, our proposal relies on a privacy model that offers a priori privacy guarantees; to ensure its feasibility, we have designed heuristic algorithms that minimize the number of cloud storage locations we need; to show its potential and generality, we have applied it to the least structured and most challenging data type: plain textual documents.

Cryptography and Security

Kui Ren,Cong Wang

2012-01-01

Abstract:Cloud computing economically enables a fundamental paradigm of data service outsourcing, which provides lower up-front capital costs and less hands-on management. However, outsourcing data services to the commercial public cloud deprives customers' control over the systems that manage their data, raising security and privacy as the primary obstacles to the adoption of the cloud. To address these challenges, in this dissertation we explore the problem of secure and privacy-assured data service outsourcing in cloud computing. We aim at deploying the most fundamental data services including data storage, search, and sharing on the commercial public cloud, with built-in security and privacy assurance as well as high level service performance, usability, and scalability. Our contributions are as follows: Firstly, we focus on privacy-preserving secure cloud storage auditing to maintain strong storage correctness guarantee, given the difficulty that data files are no longer locally possessed by data owners. We first develop a random-masking sampling approach to allow a third party auditor to perform on-demand privacy-preserving storage correctness auditing on behalf of data owners, without violating owners' data privacy. For storage correctness assurance with data dynamics, we further investigate a novel sequence-enforced Merkle Hash Tree and manipulate it with the random sampling approach to support fully dynamic data operations. Secondly, we focus on privacy-assured and effective cloud data search services with strong privacy-assurance, while enjoying high service-level performance inherently demanded by the large number of data users and huge amount data files. We first investigate a widely applicable fuzzy/similarity keyword search problem, and develop a brand new symbol-based trie-traverse searching approach, where transformed fuzzy keywords extracted from data files are stored using a multi-way tree structure, while protecting keyword privacy. To enable search result relevance ranking, we further investigate secure ranked search, which facilitates efficient server-side result ranking without leaking any keyword related information. Thirdly, we study how to enable scalable and owner-controlled cloud data sharing services, given the challenge that data no longer resides on owners' trusted domain. We first associate data with a set of meaningful attributes, use logical composition of attributes to reflect fine-grained data access, and enforce owner's control via attribute-based encryption. For the inherent scalability requirement of cloud system, we further leverage the cloud as a mediated proxy, to which data owners can delegate most cumbersome data/user management workload, without affecting the underlying data confidentiality.

Zhang Ji,Dong Xin,Yu Jiadi,Luo Yuan,Li Minglu,Wu Bin

DOI: https://doi.org/10.1109/cc.2014.7022529

2014-01-01

China Communications

Abstract:Multidimensional data provides enormous opportunities in a variety of applications. Recent research has indicated the failure of existing sanitization techniques (e.g., k-anonymity) to provide rigorous privacy guarantees. Privacypreserving multidimensional data publishing currently lacks a solid theoretical foundation. It is urgent to develop new techniques with provable privacy guarantees. is an element of-Differential privacy is the only method that can provide such guarantees. In this paper, we propose a multidimensional data publishing scheme that ensures is an element of-differential privacy while providing accurate results for query processing. The proposed solution applies nonstandard wavelet transforms on the raw multidimensional data and adds noise to guarantee is an element of-differential privacy. Then, the scheme processes arbitrarily queries directly in the noisy wavelet-coefficient synopses of relational tables and expands the noisy wavelet coefficients back into noisy relational tuples until the end result of the query. Moreover, experimental results demonstrate the high accuracy and effectiveness of our approach.

Chunhui Piao,Yajuan Shi,Jiaqi Yan,Changyou Zhang,Liping Liu

DOI: https://doi.org/10.1016/j.future.2018.07.038

IF: 7.307

2018-01-01

Future Generation Computer Systems

Abstract:With the growing availability of public open data, the protection of citizens’ privacy has become a vital issue for governmental data publishing. However, there are a large number of operational risks in the current government cloud platforms. When the cloud platform is attacked, most existing privacy protection models for data publishing cannot resist the attacks if the attacker has prior background knowledge. Potential attackers may gain access to the published statistical data, and identify specific individual’s background information, which may cause the disclosure of citizens’ private information. To address this problem, we propose a fog-computing-based differential privacy approach for privacy-preserving data publishing in this paper. We discuss the risk of citizens’ privacy disclosure related to governmental data publishing, and present a differential privacy framework for publishing governmental statistical data based on fog computing. Based on the framework, a data publishing algorithm using a MaxDiff histogram is developed, which can be used to realize the function of preserving user privacy based on fog computing. Applying the differential method, Laplace noises are added to the original data set, which prevents citizens’ privacy from disclosure even if attackers get strong background knowledge. According to the maximum frequency difference, the adjacent data bins are grouped, then the differential privacy histogram with minimum average error can be constructed. We evaluate the proposed approach by computational experiments based on the real data set of Philippine families’ income and expenditures provided by Kaggle. It shows that the proposed data publishing approach can not only effectively protect citizens’ privacy, but also reduce the query sensitivity and improve the utility of the data published.