Jian Liu,N. Asokan,Benny Pinkas

DOI: https://doi.org/10.1145/2810103.2813623

2015-01-01

Abstract:Encrypting data on client-side before uploading it to a cloud storage is essential for protecting users' privacy. However client-side encryption is at odds with the standard practice of deduplication. Reconciling client-side encryption with cross-user deduplication is an active research topic. We present the first secure cross-user deduplication scheme that supports client-side encryption without requiring any additional independent servers. Interestingly, the scheme is based on using a PAKE (password authenticated key exchange) protocol. We demonstrate that our scheme provides better security guarantees than previous efforts. We show both the effectiveness and the efficiency of our scheme, via simulations using realistic datasets and an implementation.

Kai He,Yijun Mao,Jianting Ning,Kaitai Liang,Xinyi Huang,Emmanouil Panaousis,George Loukas

DOI: https://doi.org/10.1109/access.2019.2906290

IF: 3.9

2019-01-01

IEEE Access

Abstract:Encryption technologies have become one of the most prevalent solutions to safeguard data confidentiality in many real-world applications, e.g., cloud-based data storage systems. Encryption outputting a relatively "static'' format of encrypted data, however, may hinder further data operations. For example, encrypted data may need to be "transformed'' into other formats for computation or other purposes. To enable encryption to be used in another device equipped with a different encryption mechanism, the concept of encryption switching was first proposed in CRYPTO 2016 for conversion particularly between Paillier and ElGamal encryptions. This paper considers the conversion between conventional identity-based and attribute-based encryptions and further proposes a concrete construction via the technique of proxy re-encryption. The construction is proved to be CPA secure in the standard model under q-decisional parallel bilinear Diffie-Hellman exponent assumption. The performance comparisons highlight that our bridging mechanism reduces computation and communication cost on the client side, especially when the data of the client is encrypted and outsourced to a remote cloud. The computational costs with respect to re-encryption (on the server side) and decryption (on the client side) are acceptable in practice.

Hui Li,Jingwen Shi,Qi Tian,Zheng Li,Yan Fu,Bingqing Shen,Yaofeng Tu

2024-04-10

Abstract:As cloud computing gains traction, data owners are outsourcing their data to cloud service providers (CSPs) for Database Service (DBaaS), bringing in a deviation of data ownership and usage, and intensifying privacy concerns, especially with potential breaches by hackers or CSP insiders. To address that, encrypted database services propose encrypting every tuple and query statement before submitting to the CSP, ensuring data confidentiality when the CSP is honest-but-curious, or even compromised. Existing solutions either employ property preserving cryptography schemes, which can perform certain operations over ciphertext without decrypting the data over the CSP, or utilize trusted execution environment (TEE) to safeguard data and computations from the CSP. Based on these efforts, we introduce Enc2DB, a novel secure database system, following a hybrid strategy on PostgreSQL and openGauss. We present a micro-benchmarking test and self-adaptive mode switch strategy that can dynamically choose the best execution path (cryptography or TEE) to answer a given query. Besides, we also design and implement a ciphertext index compatible with native cost model and query optimizers to accelerate query processing. Empirical study over TPC-C test justifies that Enc2DB outperforms pure TEE and cryptography solutions, and our ciphertext index implementation also outperforms the state-of-the-art cryptographic-based system.

Cryptography and Security,Databases

Li Xu,Chi-Yao Weng,Lun-Pin Yuan,Mu-En Wu,Raylin Tso,Hung-Min Sun

DOI: https://doi.org/10.1007/s11227-015-1515-8

2015-01-01

Abstract:Cloud storage is one of the most important applications in our daily lives. User can store their own data into cloud storage and remotely access the saved data. Owing to the social media develops, users can share the digital files to other users, leading to the amount of data growing rapidly and searching abilities necessarily. In the some cases, servers cannot avoid data leakage even if the server provides complete access control. The encrypted data is a best way to resolve this problem but it may eliminate original structure and searching may become impossible. Applying searchable encryption for each receiver may produce messy duplication and occupy the quota of cloud storage from each receiver. User requires keeping their shared documents belonging up to date which are compared with the latest version. To this aim, we thus propose a sharable ID-based encryption with keyword search in cloud computing environment, which enables users to search in data owners’ shared storage while preserving privacy of data. For the performance analysis, we demonstrate the compared resultant with others ID-based or ID-relative encryption. In addition to that, we show the formal proof to verify the security of our proposed.

Zheli Liu,Haoyu Ma,Jin Li,Chunfu Jia,Jingwei Li,Ke Yuan

DOI: https://doi.org/10.1007/978-3-642-38631-2_32

2013-01-01

Abstract:Outsourcing database has attracted much attention recently due to the emergence of Cloud Computing. However, there are still two problems to solve, 1) how to encipher and protect the sensitive information before outsourcing while keeping the database structure, and 2) how to enable better utilization of the database like fuzzy queries over the encrypted information. In this paper we propose a new solution based on format-preserving encryption, which protects the privacy of the sensitive data and keeps the data structure as well in the encrypted database. We also show how to perform fuzzy queries over such enciphered data. Specially, our scheme supports fuzzy queries by simply exploiting the internal storing and query mechanism of the databases, thus the influence on both the inner relation of databases and the construction of applications are minimized. Evaluation indicates that our scheme is able to efficiently perform fuzzy query on encrypted database.

Jianting Ning,Jiageng Chen,Kaitai Liang,Joseph K. Liu,Chunhua Su,Qianhong Wu

DOI: https://doi.org/10.1109/tsc.2020.3004988

IF: 11.019

2022-01-01

IEEE Transactions on Services Computing

Abstract:Outsourcing encrypted data to cloud servers that has become a prevalent trend among Internet users to date. There is a long list of advantages on data outsourcing, such as the reduction cost of local data management. How to securely operate encrypted data (remotely), however, is the top-rank concern over data owner. Liang et al. proposed a novel encrypted cloud-based data share and search system without loss of privacy. The system allows users to flexibly search and share encrypted data as well as updating keyword field. However, the search complexity of the system is of extreme inefficiency, O(nd), where d is the total number of system files and n is the size of query formula. This article, for the first time, leverages the "oblivious cross search" technology in public key searchable encryption context to reduce the search complexity to only O(nf(w)), where f(w) is the number of files embedded with the "least frequent keyword" w. The new scheme maintains efficient encrypted data share and keyword field update as well. This article further revisits the security models for payload security, keyword privacy and search token privacy (i.e., search pattern privacy) and meanwhile, presents security and efficiency analysis for the new scheme.

Jingwei Li,Chunfu Jia,Jin Li,Zheli Liu

DOI: https://doi.org/10.1109/incos.2012.28

2012-01-01

Abstract:With the rapid growth of data, it is desirable to outsource data on remote storage server. The emergency of cloud computing makes the dream true and more and more sensitive data are being centralized into cloud for sharing. Since the public cloud server cannot be fully trusted in protecting them, encryption is a promising way to keep confidentiality but leads to high communication and computation overhead for some useful data operations. Searchable encryption initiated by Song et al. provides an efficient solution to support for keyword-based search directly on encrypted data. Nevertheless, existing work depends on key sharing among authorized users, which inevitably causes the risks of key exposure and abuse. In this paper, the keyword search over encrypted data with differential privileges is addressed. We provide a novel framework for secure outsourcing and sharing of encrypted data on hybrid cloud. The framework is full-featured: i) it enables authorized users to perform keyword-based search directly on encrypted data without sharing the same private key, ii) it provides two-layered access control to achieve fine-grained sharing of encrypted data. The security analysis shows that the proposed generic construction satisfies the requirements of message privacy and keyword privacy.

Hongwei Li,Dongxia Liu,Yuanshun Dai,Tom H. Luan,Xuemin (Sherman) Shen

DOI: https://doi.org/10.1109/tetc.2014.2371239

2015-01-01

IEEE Transactions on Emerging Topics in Computing

Abstract:In mobile cloud computing, a fundamental application is to outsource the mobile data to external cloud servers for scalable data storage. The outsourced data, however, need to be encrypted due to the privacy and confidentiality concerns of their owner. This results in the distinguished difficulties on the accurate search over the encrypted mobile cloud data. To tackle this issue, in this paper, we develop the searchable encryption for multi-keyword ranked search over the storage data. Specifically, by considering the large number of outsourced documents (data) in the cloud, we utilize the relevance score and k-nearest neighbor techniques to develop an efficient multi-keyword search scheme that can return the ranked search results based on the accuracy. Within this framework, we leverage an efficient index to further improve the search efficiency, and adopt the blind storage system to conceal access pattern of the search user. Security analysis demonstrates that our scheme can achieve confidentiality of documents and index, trapdoor privacy, trapdoor unlinkability, and concealing access pattern of the search user. Finally, using extensive simulations, we show that our proposal can achieve much improved efficiency in terms of search functionality and search time compared with the existing proposals.

Yuling Huang,Chuang Ma,Guangxia Xu

DOI: https://doi.org/10.1109/CloudNet59005.2023.10490083

2023-11-01

Abstract:With the rapid development of the internet economy, blockchain has emerged as one of the leading methods for data sharing. However, due to the high value and sensitivity of data assets, electronic data sharing faces challenges such as access control and privacy leakage. Traditional encryption schemes based on attributes have been ineffective in addressing these problems and still suffer from security vulnerabilities. In this paper, we propose a decentralized data sharing framework that combines keyword-searchable attributes encryption with proxy re-encryption using blockchain technology and Interplanetary File Systems. This framework offers high flexibility and efficiency by addressing the issues of a single point of failure and privacy leaks. We provide comprehensive and rigorous proofs of security and efficiency for our scheme, considering security proof and storage overhead. The simulation results demonstrate that our scheme satisfies the requirements for ciphertext and keyword security and is capable of resisting collusive attacks. Furthermore, our proposed scheme exhibits higher computational efficiency and better feasibility compared to existing schemes.

Computer Science

Mehmet Kuzu,Mohammad Saiful Islam,Murat Kantarcioglu

DOI: https://doi.org/10.48550/arXiv.1408.5539

2014-08-24

Cryptography and Security

Abstract:Nowadays, huge amount of documents are increasingly transferred to the remote servers due to the appealing features of cloud computing. On the other hand, privacy and security of the sensitive information in untrusted cloud environment is a big concern. To alleviate such concerns, encryption of sensitive data before its transfer to the cloud has become an important risk mitigation option. Encrypted storage provides protection at the expense of a significant increase in the data management complexity. For effective management, it is critical to provide efficient selective document retrieval capability on the encrypted collection. In fact, considerable amount of searchable symmetric encryption schemes have been designed in the literature to achieve this task. However, with the emergence of big data everywhere, available approaches are insufficient to address some crucial real-world problems such as scalability. In this study, we focus on practical aspects of a secure keyword search mechanism over encrypted data on a real cloud infrastructure. First, we propose a provably secure distributed index along with a parallelizable retrieval technique that can easily scale to big data. Second, we integrate authorization into the search scheme to limit the information leakage in multi-user setting where users are allowed to access only particular documents. Third, we offer efficient updates on the distributed secure index. In addition, we conduct extensive empirical analysis on a real dataset to illustrate the efficiency of the proposed practical techniques.

Zoe L. Jiang,Jiajun Huang,Zechao Liu,Xuan Wang

DOI: https://doi.org/10.1109/spac.2017.8304269

2017-01-01

Abstract:With the rapid popularization of cloud computing, people began to store data in the cloud server, to avoid the cumbersome local data management and to get more convenient services. However, on one hand the cloud server cannot guarantee absolute security, as Hackers will use a variety of unexpected method to intrude the cloud server. On the other hand, the cloud server administrator may leak data in database, which may lead to serious consequence. The data can be stored in the form of ciphertext for the sake of protecting the privacy of user data. One efficient method to prevent data leakage is data encryption. However, this brings a range of problems. For example, in what ways the encrypted data which stored in the cloud server can be searched by authorized data users? Motivated by this question, we proposed Attribute-based Queries over Outsourced Encrypted Database. This method enables a data user, whose attributes satisfy one specific data owners access control policy, search over the data owners outsourced encrypted database.

Jingwei Li,Jin Li,Zheli Liu,Chunfu Jia

DOI: https://doi.org/10.1002/cpe.3067

2013-01-01

Concurrency and Computation Practice and Experience

Abstract:SUMMARYWith the rapid development of cloud computing, more and more data are being centralized into remote cloud server for sharing, which raises a challenge on how to keep them both private and accessible. Although searchable encryption provides an efficient solution to support keyword‐based search directly on encrypted data, considering its application in file sharing, existing work depends on key sharing among authorized users, which inevitably causes the risks of key exposure and abuse. In this paper, aiming at enabling efficient and secure data sharing in cloud computing, we provide a generic construction for this purpose. The proposed construction is full‐featured: (i) It enables authorized users to perform keyword‐based search directly on encrypted data without sharing the unique secret key; and (ii) it provides two‐layered access control to limit unauthorized user's access to the shared data. On the basis of the proposed generic construction, we utilize the existing techniques on identity‐based broadcast encryption and public key searchable encryption to instantiate a concrete construction. Copyright © 2013 John Wiley & Sons, Ltd.

Zhirong Shen,Jiwu Shu,Wei Xue

DOI: https://doi.org/10.1109/jsen.2016.2634018

IF: 4.3

2016-01-01

IEEE Sensors Journal

Abstract:Cloud computing has become an increasingly popular service for data storage and processing. To keep users' data on the cloud from leaking to unauthorized users, probably including the cloud service providers, the data must be stored in an encrypted form. In the meantime, for data intended for sharing, an efficient access control must be provided. A common operation on the data is keyword search. Currently, search operation over encrypted search is performed at the cloud servers and access control for the in-cloud data is usually enforced by users. Separation of the two types of operations can lead to reduced efficiency and compromised privacy for users with a given set of access privileges to search over encrypted cloud data. In this paper, we study the problem of keyword search with access control over encrypted data in cloud computing. We first propose a scalable framework where user can use his attribute values and a search query to locally derive a search capability, and a file can be retrieved only when its keywords match the query and the user's attribute values can pass the policy check. Using this framework, we propose a novel scheme called KSAC. KSAC utilizes a recent cryptographic primitive called HPE to enforce fine-grained access control, perform multi-field query search, and support the derivation of the search capability. Intensive evaluations on real-world dataset are conducted to validate the applicability of the proposed scheme.

Keke Gai,Meikang Qiu,Hui Zhao,Jian Xiong

DOI: https://doi.org/10.1109/cscloud.2016.52

2016-01-01

Abstract:Privacy issues have become a considerable issue while the applications of big data are growing dramatically fast in cloud computing. The benefits us implementing these emerging technologies have improved or changed service models and improve application performances in various perspectives. However, the remarkably growing volume of data sizes has also resulted in many challenges in practice. The time execution of encrypting data is one of the serious issues during the processes of data processing and transmissions. Many current applications abandon data encryptions in order to reach an adoptive performance level, companions with privacy concerns. In this paper, we concentrate on privacy issue and propose a novel data encryption approach, named as Dynamic Data Encryption Strategy (D2ES). Our proposed approach aims to selectively encrypt data using privacy classification methods under timing constraints. This approach is designed to maximize the privacy protection scope by using a selective encryption strategy within the required execution time requirements. The performance of D2ES has been evaluated in our experiments, which provides the proof of the privacy enhancement.

Ming Li,Shucheng Yu,Kui Ren,Wenjing Lou,Y. Thomas Hou

DOI: https://doi.org/10.1109/mnet.2013.6574666

IF: 10.294

2013-01-01

IEEE Network

Abstract:Cloud computing is envisioned as the next generation architecture of IT enterprises, providing convenient remote access to massively scalable data storage and application services. While this outsourced storage and computing paradigm can potentially bring great economical savings for data owners and users, its benefits may not be fully realized due to wide concerns of data owners that their private data may be involuntarily exposed or handled by cloud providers. Although end-to-end encryption techniques have been proposed as promising solutions for secure cloud data storage, a primary challenge toward building a full-fledged cloud data service remains: how to effectively support flexible data utilization services such as search over the data in a privacy-preserving manner. In this article, we identify the system requirements and challenges toward achieving privacy-assured searchable outsourced cloud data services, especially, how to design usable and practically efficient search schemes for encrypted cloud storage. We present a general methodology for this using searchable encryption techniques, which allows encrypted data to be searched by users without leaking information about the data itself and users' queries. In particular, we discuss three desirable functionalities of usable search operations: supporting result ranking, similarity search, and search over structured data. For each of them, we describe approaches to design efficient privacy-assured searchable encryption schemes, which are based on several recent symmetric-key encryption primitives. We analyze their advantages and limitations, and outline the future challenges that need to be solved to make such secure searchable cloud data service a reality.

Amir Rezapour,Shiuan-Tung Chen,Hung-Min Sun

DOI: https://doi.org/10.1109/smartcity.2015.197

2015-01-01

Abstract:Company data are very often outsourced to cloud service providers in order to lower costs of maintaining hardware. If the outsourced data are to be kept secure from a third party, the connection between the cloud service provider and the company could be secured by a protocol similar to SSL. This, however, requires that the data is stored at the cloud service provider in plaintext form, meaning the company has to trust the cloud service provider and its administrators in order to perform search on the outsourced data.Alternatively, the data themselves could be encrypted, however, the outputs of typical cryptographic algorithms are not amenable to search. For example, if a client wishes to retrieve only documents containing certain words, it was not previously known how to let the data storage server perform the search and answer the query without loss of data confidentiality. By the advantage of our cryptography scheme a query generated at the client-side, is transformed into a representation so that it can be evaluated directly on encrypted data at the could storage server. The results might be processed by the client after decryption to determine the final answers. Additionally, we introduce an efficient common prefix keyword search which makes the scheme more tolerant of minor typos and format inconsistencies when exact keyword matching fails.

Jianfei Sun,Hu Xiong,Hao Zhang,Li Peng

DOI: https://doi.org/10.1016/j.ins.2019.08.026

IF: 8.1

2020-01-01

Information Sciences

Abstract:Never before has data sharing been more convenient with the rapid popularity and wide adoption of cloud computing. However, mobile access and flexible search with security for outsourced data in heterogeneous systems are two major obstacles prior to practical deployment of cloud computing. To meet the requirements in secure mobile access and flexible search to sensitive data, this paper, for the first time, proposes a versatile primitive referred to as an identity based proxy re-encryption system with outsourced equality test (IBPRE-ET). This primitive allows a data owner in an identity based broadcast encryption system (IBBE) seamlessly to share his/her data with a data sharer in an identity based encryption system (IBE). Moreover, it supports a data sharer in an IBBE system to perform search functionality on ciphertexts related to a data sharer in an IBE system. We also formally prove that the proposed IBPRE-ET system is selective secure using a random oracle model. Meanwhile, the theoretic evaluation and experimental result demonstrate our scheme is practical in the heterogeneous system. Finally, we show an application of our IBPRE-ET to the collaborative office automation system.

Jinkun Cao,Jinhao Zhu,Liwei Lin,Zhengui Xue,Ruhui Ma,Haibing Guan

DOI: https://doi.org/10.48550/arXiv.1904.12111

2019-04-27

Cryptography and Security

Abstract:As cloud computing becomes prevalent in recent years, more and more enterprises and individuals outsource their data to cloud servers. To avoid privacy leaks, outsourced data usually is encrypted before being sent to cloud servers, which disables traditional search schemes for plain text. To meet both end of security and searchability, search-supported encryption is proposed. However, many previous schemes suffer severe vulnerability when typos and semantic diversity exist in query requests. To overcome such flaw, higher error-tolerance is always expected for search-supported encryption design, sometimes defined as 'fuzzy search'. In this paper, we propose a new scheme of multi-keyword fuzzy search over encrypted and outsourced data. Our approach introduces a new mechanism to map a natural language expression into a word-vector space. Compared with previous approaches, our design shows higher robustness when multiple kinds of typos are involved. Besides, our approach is enhanced with novel data structures to improve search efficiency. These two innovations can work well for both accuracy and efficiency. Moreover, these designs will not hurt the fundamental security. Experiments on a real-world dataset demonstrate the effectiveness of our proposed approach, which outperforms currently popular approaches focusing on similar tasks.

Wei-Ting Lu,Wei Wu,Shih-Ya Lin,Min-Chi Tseng,Hung-Min Sun

DOI: https://doi.org/10.1007/978-3-319-46298-1_19

2016-01-01

Abstract:Nowadays the cloud security becomes a significant issue: while the single user keyword search on encrypted data has been proposed, encrypting files before uploading scarifies the advantage of the convenience of sharing data with others on the cloud. We design a searchable encryption for the multi-user case. We combine the advantage of efficiency of the symmetric encryption with authentication of the asymmetric encryption to provide a secure and efficient system of shareable keyword search on encrypted data.

Guowen Xu,Yan Ren,Hongwei Li,Dongxiao Liu,Yuanshun Dai,Kan Yang

DOI: https://doi.org/10.1109/icc.2017.7997105

2017-01-01

Abstract:In big data era, data are usually stored in databases for easy access and utilization, which are now woven into every aspect of our lives. However, traditional relational databases cannot address users' demands for quick data access and calculating, since they cannot process data in a distributed way. To tackle this problem, non-relational databases such as MongoDB have emerged up and been applied in various Scenarios. Nevertheless, it should be noted that most MongoDB products fail to consider user's data privacy. In this paper, we propose a practical encrypted MongoDB (i.e., CryptMDB). Specifically, we utilize an additive homomorphic asymmetric cryptosystem to encrypt user's data and achieve strong privacy protection. Security analysis indicates that the CryptMDB can achieve confidentiality of user's data and prevent adversaries from illegally gaining access to the database. Furthermore, extensive experiments demonstrate that the CryptMDB achieves better efficiency than existing relational database in terms of data access and calculating.