Xiaoliang Wang,Liang Bai,Qing Yang,Liu Wang,Frank Jiang

DOI: https://doi.org/10.1016/j.jisa.2019.04.010

IF: 4.96

2019-01-01

Journal of Information Security and Applications

Abstract:With the development of wireless sensor network and internet, ubiquitous eHealth care systems are booming. However, a great deal of data computing and storage processing restrict the scalability of ubiquitous eHealth. As a solution, cloud-based eHealth is coming up. However, using cloud-computing model often causes some privacy concerns. Massive medical data in eHealth system contain numerous sensitive information and electronic health records of users. Meanwhile, if data encryption is adopted to protect privacy, cloud center cannot process data. To solve this problem, a scheme based on fully homomorphism conception for privacy protection and data processing of eHealth is proposed in this paper. Our scheme not only meets the aforementioned dual requirements but also limit the arbitrary actions of patients and doctors.

Jinfei Liu,Juncheng Yang,Li Xiong,Jian Pei

DOI: https://doi.org/10.1109/icde.2017.117

2017-01-01

Abstract:Outsourcing data and computation to cloud server provides a cost-e ective way to support large scale data storage and query processing. However, due to security and privacy concerns, sensitive data (e.g., medical records) need to be protected from the cloud server and other unauthorized users. One approach is to outsource encrypted data to the cloud server and have the cloud server perform query processing on the encrypted data only. It remains a challenging task to support various queries over encrypted data in a secure and e cient way such that the cloud server does not gain any knowledge about the data, query, and query result. In this paper, we study the problem of secure skyline queries over encrypted data. The skyline query is particularly important for multicriteria decision making but also presents significant challenges due to its complex computations. We propose a fully secure skyline query protocol on data encrypted using semanticallysecure encryption. As a key subroutine, we present a new secure dominance protocol, which can be also used as a building block for other queries. Finally, we provide both serial and parallelized implementations and empirically study the protocols in terms of e ciency and scalability under di erent parameter settings, verifying the feasibility of our proposed solutions.

Hongcheng Xie,Xiaohua Jia,Yu Guo,Mingyu Wang

DOI: https://doi.org/10.1109/TCC.2022.3208711

IF: 5.697

2023-07-01

IEEE Transactions on Cloud Computing

Abstract:Encrypted range query schemes that enable range-based searches over encrypted data have become an effective solution for secure data outsourcing services. However, existing schemes are still inadequate on desired functionality and security. Specifically, supporting efficient multi-range queries while hiding the data ordering leakage remains a challenging research problem. Existing works on order-hiding query schemes only work for encrypted single-range search and incur significant computational overhead due to the protection of the ordering information. In this article, we present a privacy-preserving multi-range query scheme that can address the above problems simultaneously. It not only enables efficient multi-range queries over encrypted data but also guarantees the privacy of ordering information. To protect the ordering leakage, our design adopts an Order-hiding Encoding (OHE) scheme to support multi-range obfuscation. In addition, a novel order-hiding K-Dimensional tree (KD-tree) index structure is designed as the core technique underlying our scheme, which accelerates efficient multi-range queries and obfuscates ordering information of encrypted values. Finally, the formal security analysis confirms that our proposed multi-range query scheme is secure in the random oracle model. The extensive experimental results conducted on real-world datasets demonstrate the practicality of our design.

Computer Science

Fei Tang,Xujun Zhou,Haining Luo,Guowei Ling,Jinyong Shan,Yunpeng Xiao

DOI: https://doi.org/10.1109/tsc.2024.3436573

IF: 11.019

2024-10-11

IEEE Transactions on Services Computing

Abstract:In cloud-assisted electronic health (eHealth) systems, the exponential growth of electronic health records (EHRs) has prompted healthcare organizations to move it to the cloud. However, EHRs are encrypted before being outsourced for privacy. Although searchable encryption schemes for EHRs have been proposed, their search efficiency and functionality for massive EHRs with high-dimensional are still insufficient. In this paper, we adopt an attribute hierarchy structure for medical datasets, enabling efficient multi-dimensional range search and reducing high-dimensional EHRs to low-dimensional vectors. To further improve search efficiency, we design an index tree that require no additional storage and computational overhead, significantly improving efficiency in search, trapdoor generation, and index building. Our scheme is well-suited for large-scale medical data scenarios, especially in dealing with high-dimensional and massive datasets. Extensive experiments demonstrate the superiority of our scheme over existing solutions, particularly in large-scale medical data scenarios. Compared to the classic EDMRS scheme, our scheme has a computational overhead in index building and search that is only about 1/500 and 1/10 of EDMRS when the number of keywords and electronic health records is 3,000 and 6,000, respectively. Moreover, as medical data and keywords increase, our scheme shows slower computational overhead growth compared to EDMRS.

computer science, information systems, software engineering

Kaiping Xue,Shaohua Li,Jianan Hong,Yingjie Xue,Nenghai Yu,Peilin Hong

DOI: https://doi.org/10.1109/TIFS.2017.2675864

2017-01-01

Abstract:Industries and individuals outsource database to realize convenient and low-cost applications and services. In order to provide sufficient functionality for SQL queries, many secure database schemes have been proposed. However, such schemes are vulnerable to privacy leakage to cloud server. The main reason is that database is hosted and processed in cloud server, which is beyond the control of data owners. For the numerical range query (“>,” “<,” and so on), those schemes cannot provide sufficient privacy protection against practical challenges, e.g., privacy leakage of statistical properties, access pattern. Furthermore, increased number of queries will inevitably leak more information to the cloud server. In this paper, we propose a two-cloud architecture for secure database, with a series of intersection protocols that provide privacy preservation to various numeric-related range queries. Security analysis shows that privacy of numerical information is strongly protected against cloud providers in our proposed scheme.

Anselme Tueno,Florian Kerschbaum

DOI: https://doi.org/10.48550/arXiv.1802.01138

2018-02-04

Cryptography and Security

Abstract:Order-preserving encryption allows encrypting data, while still enabling efficient range queries on the encrypted data. Moreover, it does not require any change to the database management system, because comparison operates on ciphertexts as on plaintexts. This makes order-preserving encryption schemes very suitable for data outsourcing in cloud computing scenarios. However, all order-preserving encryption schemes are necessarily symmetric limiting the use case to one client and one server. Imagine a scenario where a Data Owner encrypts its data before outsourcing it to the Cloud Service Provider and a Data Analyst wants to execute private range queries on this data. This scenario occurs in many cases of collaborative machine learning where data source and processor are different entities. Then either the Data Owner must reveal its encryption key or the Data Analyst must reveal the private queries. In this paper, we overcome this limitation by allowing the equivalent of a public-key order-preserving encryption. We present a secure multiparty protocol that enables secure range queries for multiple users. In this scheme, the Data Analyst cooperates with the Data Owner and the Cloud Service Provider in order to order-preserving encrypt the private range queries without revealing any other information to the parties. We implemented our scheme and observed that if the database size of the Data Owner has 1 million entries it takes only about 0.3 s on average via a loopback interface (1.3 s via a LAN) to encrypt an input of the Data Analyst.

Songrui Wu,Qi Li,Guoliang Li,Dong Yuan,Xingliang Yuan,Cong Wang

DOI: https://doi.org/10.1109/icde.2019.00062

2019-01-01

Abstract:Data outsourcing to cloud has been a common IT practice nowadays due to its significant benefits. Meanwhile, security and privacy concerns are critical obstacles to hinder the further adoption of cloud. Although data encryption can mitigate the problem, it reduces the functionality of query processing, e.g., disabling SQL queries. Several schemes have been proposed to enable one-dimensional query on encrypted data, but multi-dimensional range query has not been well addressed. In this paper, we propose a secure and scalable scheme that can support multi-dimensional range queries over encrypted data. The proposed scheme has three salient features: (1) Privacy: the server cannot learn the contents of queries and data records during query processing. (2) Efficiency: we utilize hierarchical cubes to encode multi-dimensional data records and construct a secure tree index on top of such encoding to achieve sublinear query time. (3) Verifiability: our scheme allows users to verify the correctness and completeness of the query results to address server's malicious behaviors. We perform formal security analysis and comprehensive experimental evaluations. The results on real datasets demonstrate that our scheme achieves practical performance while guaranteeing data privacy and result integrity.

Lili Sun,Yonggang Zhang,Yandong Zheng,Weiyu Song,Rongxing Lu

DOI: https://doi.org/10.1109/tsc.2023.3259642

IF: 11.019

2023-01-01

IEEE Transactions on Services Computing

Abstract:The Internet of Things (IoT) boom has enabled Internet Service Providers (ISPs) to collect an enormous amount of high-dimensional data. Performing range queries on such data can effectively reuse them to help ISPs offer better services. Owing to the low cost and high resource utilization of cloud computing, an increasing number of ISPs are inclined to outsource data and services to it. However, as the cloud is not fully trusted, data need to be encrypted before being outsourced, which inevitably hinders many query services, e.g., range queries. Various schemes were proposed for privacy-preserving range queries, yet they struggled to extend to high-dimensional scenarios and did not support dimension selection. Aiming at this challenge, in this paper, we propose an efficient and privacy-preserving high-dimensional range query scheme (PHRQ) based on an iMinMax tree while supporting dimension selection. Specifically, we first build an iMinMax tree for high-dimensional data and utilize a symmetric homomorphic encryption technique to design a suite of privacy-preserving protocols to achieve secure high-dimensional range queries. Then, we design a sub-dimensional range determination protocol to support dimension selection. Further, based on the iMinMax tree and our privacy-preserving protocols, we propose our PHRQ scheme. Finally, security analysis shows that our scheme is privacy-preserving, and performance evaluation demonstrates that our scheme is efficient in high-dimensional range query processing.

computer science, information systems, software engineering

Bharath K. Samanthula,Wei Jiang,Elisa Bertino

DOI: https://doi.org/10.48550/arXiv.1401.3768

2014-01-15

Cryptography and Security

Abstract:With the many benefits of cloud computing, an entity may want to outsource its data and their related analytics tasks to a cloud. When data are sensitive, it is in the interest of the entity to outsource encrypted data to the cloud; however, this limits the types of operations that can be performed on the cloud side. Especially, evaluating queries over the encrypted data stored on the cloud without the entity performing any computation and without ever decrypting the data become a very challenging problem. In this paper, we propose solutions to conduct range queries over outsourced encrypted data. The existing methods leak valuable information to the cloud which can violate the security guarantee of the underlying encryption schemes. In general, the main security primitive used to evaluate range queries is secure comparison (SC) of encrypted integers. However, we observe that the existing SC protocols are not very efficient. To this end, we first propose a novel SC scheme that takes encrypted integers and outputs encrypted comparison result. We empirically show its practical advantage over the current state-of-the-art. We then utilize the proposed SC scheme to construct two new secure range query protocols. Our protocols protect data confidentiality, privacy of user's query, and also preserve the semantic security of the encrypted data; therefore, they are more secure than the existing protocols. Furthermore, our second protocol is lightweight at the user end, and it can allow an authorized user to use any device with limited storage and computing capability to perform the range queries over outsourced encrypted data.

Zhuolin Mei,Huilai Zou,Jinzhou Huang,Caicai Zhang,Bin Wu,Jiaoli Shi,Zhengxiang Cheng

DOI: https://doi.org/10.4018/ijwsr.340391

2024-03-12

International Journal of Web Services Research

Abstract:In recent years, more and more data has been stored on the cloud to provide various services. These data often contain users' private information, which inevitably raises concerns about data security. Encryption before outsourcing is a direct solution to mitigate these concerns. However, traditional encryption schemes such as block encryption make basic data services hard to support. Therefore, this paper proposes a secure and fast range query scheme for encrypted multi-dimensional data, called SFRQ. The scheme constructs a secure index over the ciphertexts of multi-dimensional data, utilizing the R-tree index, Bloom filter, and 0-1 encoding techniques. This secure index enables the cloud to provide fast range query services over the ciphertexts of multi-dimensional data. The authors have evaluated SFRQ through extensive experiments, which demonstrate its high efficiency. Additionally, the security analysis shows that no external entity, including the cloud, can obtain additional information during the entire query process.

computer science, information systems, software engineering

Xuejiao Liu,Yingjie Xia,Wei Yang,Fengli Yang

DOI: https://doi.org/10.1016/j.neucom.2016.06.100

IF: 6

2018-01-01

Neurocomputing

Abstract:Information seeking is becoming an indispensable activity in daily life, especially in the medical cloud. Body Area Network (BAN) is becoming more and more popular with respect to the development and popularity of mobile devices. People are starting to back up the medical data to cloud, make data accessible by the doctors from almost anywhere using mobile terminals. In this paper, we present an efficient and secure fine-grained access control scheme which not only achieves authorized users to access the records in cloud storage, but also supports a small set of physicians to write on the records. In order to improve the efficiency, we put forward a novel technique called match-then-decrypt, which is used to perform the decryption test without decryption. Also, the scheme outsources bilinear pairing operations to a gateway without revealing the data content, and thus largely eliminates this overhead for users to a great extent. The performance assessments demonstrate the efficiency of our proposed solution in terms of computation, communication, and storage.

Chuan Zhang,Chenfei Hu,Mingyang Zhao,Yulin Wu,Tong Wu

DOI: https://doi.org/10.1109/icdis55630.2022.00029

2022-01-01

Abstract:Geographic range query, as a basic query function, has been widely leveraged in location-based services. To adapt to the explosive growth of location data, more and more businesses and individuals choose to store their massive amounts of data on the powerful cloud, which however may raise severe threats to users' privacy. To resolve this problem, the location data is often encrypted before outsourcing, but this may sacrifice the availability and utility of the location data. In this paper, we design a geographic range query scheme to support efficient and privacy-preserving arbitrary geographic range queries over encrypted location data. Specifically, we first utilize the polynomial fitting technique to generate trapdoors for arbitrary geographic query ranges. Then, we design a randomizable matrix multiplication method based on matrix decomposition to achieve geographic range queries between data owners and data requesters. Through rigorous security analysis, we demonstrate the privacy of location data and queries is well protected in our scheme. Extensive experiments and performance evaluations show that our proposed scheme is highly efficient in terms of computational cost and communication overhead.

Lanxiang Chen,Nan Zhang,Hung-Min Sun,Chin-Chen Chang,Shui Yu,Kim-Kwang Raymond Choo

DOI: https://doi.org/10.1007/s00607-019-00762-z

2020-01-01

Computing

Abstract:As the healthcare industry adopts the use of cloud to store personal health record (PHR), there is a need to ensure that we maintain the ability to perform efficient search on encrypted data (stored in the cloud). In this paper, we propose a secure searchable encryption scheme, which is designed to search on encrypted personal health records from a NoSQL database in semi-trusted cloud servers. The proposed scheme supports almost all query operations available in plaintext database environments, especially multi-dimensional, multi-keyword searches with range query. Specifically, in the proposed scheme, an Adelson-Velsky Landis (AVL) tree is utilized to construct the index, and an order-revealing encryption (ORE) algorithm is used to encrypt the AVL tree and realize range query. As document-based databases are probably the most popular NoSQL database, due to their flexibility, high efficiency, and ease of use, MongoDB, a document-based NoSQL database, is chosen to store the encrypted PHR data in our scheme. Experimental results show that the scheme can achieve secure and practical searchable encryption for PHRs. A comparison of the range query demonstrates that the time overhead of our ORE-based scheme is 25.5% shorter than that of the mOPE-based Arx (an encrypted database system) scheme.

Chang Xu,Ningning Wang,Liehuang Zhu,Kashif Sharif,Chuan Zhang

DOI: https://doi.org/10.1109/jiot.2019.2917186

IF: 10.6

2019-01-01

IEEE Internet of Things Journal

Abstract:The integration of wearable wireless devices and cloud computing in e-health systems has significantly improved their effectiveness and availability. Patients can upload their personal health information (PHI) files to the cloud, from where the health service providers (HSPs) can obtain appropriate information to determine the health state. This system not only reduces the costs associated to healthcare but also provides timely diagnosis to save lives. However, a number of privacy concerns arise while sharing sensitive information. In this paper, we propose a novel privacy-preserving patient health information sharing scheme, which allows HSPs to access and search PHI files in a secure yet efficient manner. We make use of the searchable encryption technique with keyword range search and multikey-word search. The proposed privacy-preserving equality test protocol allows different types of numeric comparison searches on encrypted data. We also use a variant of bloom filter and message authentication code to classify PHI files, filter false data, and check integrity of search results. The simulations on real-world and synthetic data show the feasibility and efficiency of the system, and security analysis proves the privacy-preservation properties.

Lei Yang,Qingji Zheng,Xinxin Fan

DOI: https://doi.org/10.1109/infocom.2017.8056954

2017-05-01

Abstract:The integration of cloud computing and Internet of Things (IoT) is quickly becoming the key enabler for the digital transformation of the healthcare industry by offering comprehensive improvements in patient engagements, productivity and risk mitigation. This paradigm shift, while bringing numerous benefits and new opportunities to healthcare organizations, has raised a lot of security and privacy concerns. In this paper, we present a reliable, searchable and privacy-preserving e-healthcare system, which takes advantage of emerging cloud storage and IoT infrastructure and enables healthcare service providers (HSPs) to realize remote patient monitoring in a secure and regulatory compliant manner. Our system is built upon a novel dynamic searchable symmetric encryption scheme with forward privacy and delegated verifiability for periodically generated healthcare data. While the forward privacy is achieved by maintaining an increasing counter for each keyword at an IoT gateway, the data owner delegated verifiability comes from the combination of the Bloom filter and aggregate message authentication code. Moreover, our system is able to support multiple HSPs through either data owner assistance or delegation. The detailed security analysis as well as the extensive simulations on a large data set with millions of records demonstrate the practical efficiency of the proposed system for real world healthcare applications.

Yanguo Peng,Long Wang,Jiangtao Cui,Ximeng Liu,Hui Li,Jianfeng Ma

DOI: https://doi.org/10.1109/tdsc.2020.2974218

2022-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:In the era of cloud computing, to achieve convenient location-based service (LBS), consumers such as users, companies, and organizations prefer subcontracting massive geographical data to public clouds after encryption for privacy and security. However, numerous harmful cyber-attacks happen on those public clouds in an unpredicted and hourly manner. To alleviate those concerns, various secure query schemes on the encrypted data have been proposed in the literature. As a fundamental query of LBSs, forward-secure range query has not been well investigated. To address this issue, we propose a lightweight and forward-secure range query (LS-RQ) on geographically encrypted data, which soundly balances between security and efficiency. Promisingly, we design an index mechanism to manage geographical data on the public clouds, while not compromising the privacy of data. Moreover, our LS-RQ schemes provide a convenient approach to range query on geographically encrypted data on-the-fly. We also rigorously prove that LS-RQ is forward-secure. Finally, extensive experimental studies are performed on both real and synthetic datasets. By observation, our LS-RQ schemes are highly efficient in realistic environments. Particularly, on encrypted datasets with about 1000000 geographical data, our solution to secure range query takes strictly less than a second.

computer science, information systems, software engineering, hardware & architecture

Xiaochen Ma,Chenfei Hu,Zhuopeng Li,Haotian Liang,Tong Wu,Taiyuan Zhang

DOI: https://doi.org/10.1109/ithings-greencom-cpscom-smartdata-cybermatics60724.2023.00052

2024-01-01

Abstract:Recently, the cloud server has been extensively applied to store large amounts of location data and provide geometric range query services. However, this may pose severe privacy concerns. Existing privacy-preserving geometric range query schemes either rely on high-cost encryption techniques or cannot support arbitrary geometric range query. Moreover, in these schemes, location data can be queried and accessed by some unauthorized data requesters, and the data requester may acquire location data from some unauthorized data owners. The former will compromise the privacy of location data, and the latter will bring non-compliant data to the data requester. In this paper, we design an arbitrary geometric range query scheme that enables efficient and privacy-preserving querying with bilateral access control. Specifically, we use polynomial curves to fit arbitrary geometric ranges and extract the polynomial coefficients as query trapdoors. We employ random matrices to protect the privacy of location data, query trapdoors, and access policies. Then, due to the properties of random matrix multiplication, the cloud server can securely query encrypted location data with bilateral access control. Extensive experiments indicate that our scheme outperforms state-of-the-art work with respect to computational and communication overheads.

Zhuolin Mei,Jin Yu,Caicai Zhang,Bin Wu,Shimao Yao,Jiaoli Shi,Zongda Wu

DOI: https://doi.org/10.1016/j.is.2024.102343

IF: 3.18

2024-05-01

Information Systems

Abstract:Outsourcing data to the cloud offers various advantages, such as improved reliability, enhanced flexibility, accelerated deployment, and so on. However, data security concerns arise due to potential threats such as malicious attacks and internal misuse of privileges, resulting in data leakage. Data encryption is a recognized solution to address these issues and ensure data confidentiality even in the event of a breach. However, encrypted data presents challenges for common operations like access control and range queries. To address these challenges, this paper proposes Secure Multi-dimensional Data Retrieval with Access Control and Range Search in the Cloud (SMDR). In this paper, we propose SMDR policy, which supports both access control and range queries. The design of the SMDR policy cleverly utilizes the minimum and maximum points of buckets, enabling the SMDR policy is highly appropriate for supporting range queries on multi-dimensional data. Additionally, we have made modifications to Ciphertext Policy-Attribute Based Encryption (CP-ABE) to enable effective integration with the SMDR policy, and then constructed a secure index using the SMDR policy and CP-ABE. By utilizing the secure index, access control and range queries can be effectively supported over the encrypted multi-dimensional data. To evaluate the efficiency of SMDR, extensive experiments have been conducted. The experimental results demonstrate the effectiveness and suitability of SMDR in handling encrypted multi-dimensional data. Additionally, we provide a detailed security analysis of SMDR.

computer science, information systems

Hongyi Qiao,Cong Peng,Qi Feng,Min Luo,Debiao He

DOI: https://doi.org/10.1109/jiot.2024.3360141

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:Range query is commonly used to support ciphertext retrieval on encrypted databases in a cloud-based environment, and order-revealing encryption (ORE) plays an increasingly important role in range query for ciphertext field processing. Specifically, one can utilize ORE to facilitate comparators to determine whether the order of ciphertext(s) corresponds to the associated plaintext(s). Newer ORE designs include those that are resistant to common attacks (e.g., spectral attacks) and those that are capable of supporting both multi-client and single-client settings. However, in the scenario of cross-database range queries, existing multi-client ORE approaches generally pass the data owner’s query key to the searcher during the authorization process. Consequently, this results in agent transfer and permission extension, which can be exploited to facilitate unauthorized access to the database data. To solve these limitations, we propose om-ORE. The latter uses the oblivious pseudorandom function (OPRF) protocol to further enhance the security of token generation mechanism in ORE, and is designed to ensure that neither the data owner nor the authorized client reveals any secret key or expected query range to each other. Using the proposed om-ORE scheme as a building block, we design a secure multi-client ciphertext range query scheme that is resilient to both agent transfer and permission extension attacks. The performance evaluation shows that om-ORE inherits the advantages of state-of-the-art multi-client ORE approaches, in terms of ciphertext size and comparison efficiency, as well as having comparable performance in the token generation process.

computer science, information systems,telecommunications,engineering, electrical & electronic

Lu Li,Xufeng Jiang,Fei Zhu,An Liu

DOI: https://doi.org/10.1007/978-981-15-3281-8_9

2020-01-01

Abstract:In the cloud computing paradigm, data owners could outsource their databases to the service provider, and thus reap huge benefits from releasing the heavy storage and management tasks to the cloud server. However, sensitive data, such as medical or financial records, should be encrypted before uploading to the cloud server. Unfortunately, this will introduce new challenges to data utilization. In this paper, we study the problem of skyline queries in a way that data privacy for both data owner and the client is preserved. We propose a hybrid protocol via additively homomorphic encryption system and Yao’s garbled circuits. By taking advantages of Yao’s protocol, we design a highly improved protocol which can be used to determine the skyline point and exclude the points dominated by others in an oblivious way. Based on this subroutine, we construct a fully secure protocol for skyline queries. We theoretically prove that the protocols are secure in the semi-honest model. Through analysis and extensive experiments, we demonstrate the efficiency and scalability of our proposed solutions.