Wanzong Peng,Tongliang Lu,Wenju Peng,Zhongpan Wang

DOI: https://doi.org/10.1038/s41598-024-69011-4

2024-08-03

Abstract:File sharing, being the foundation of the Internet, has traditionally relied on a centralized service architecture resulting in significant maintenance costs. Moreover, due to the lack of an effective file management system, instances of sensitive information going out of control and loss of confidentiality in file sharing have occurred frequently. In order to address the difficulty of tamper detection and the lack of supervision in the entire process of file transfer in the current Internet environment, this paper designs a blockchain-based system architecture for secure sharing of electronic documents. An efficient blockchain model is used in our framework, and with the help of distributed storage system and asymmetric encryption technology, file sharing can be controlled, reliable and traceable in the transfer process. Referring to existing consensus mechanisms, e.g., Delegated Proof of Stake (DPoS) and Practical Byzantine Fault Tolerance (PBFT), we propose a new consensus for efficient and secure file sharing. Our experimental results show that our framework can maintain a higher throughput than existing schemes.

Jingwei Li,Chunfu Jia,Jin Li,Zheli Liu

DOI: https://doi.org/10.1109/incos.2012.28

2012-01-01

Abstract:With the rapid growth of data, it is desirable to outsource data on remote storage server. The emergency of cloud computing makes the dream true and more and more sensitive data are being centralized into cloud for sharing. Since the public cloud server cannot be fully trusted in protecting them, encryption is a promising way to keep confidentiality but leads to high communication and computation overhead for some useful data operations. Searchable encryption initiated by Song et al. provides an efficient solution to support for keyword-based search directly on encrypted data. Nevertheless, existing work depends on key sharing among authorized users, which inevitably causes the risks of key exposure and abuse. In this paper, the keyword search over encrypted data with differential privileges is addressed. We provide a novel framework for secure outsourcing and sharing of encrypted data on hybrid cloud. The framework is full-featured: i) it enables authorized users to perform keyword-based search directly on encrypted data without sharing the same private key, ii) it provides two-layered access control to achieve fine-grained sharing of encrypted data. The security analysis shows that the proposed generic construction satisfies the requirements of message privacy and keyword privacy.

Li, ZiTong,Yan, Zhengmao,Liu, Yi,Zeng, Detian,Yu, Haoyang

DOI: https://doi.org/10.1007/s12083-024-01856-y

IF: 3.488

2024-12-01

Peer-to-Peer Networking and Applications

Abstract:The evolution of cloud computing towards X-as-a-Service models and the adoption of microservices architecture have significantly matured the field. As these technologies advance, they bring challenges such as data consistency, transaction traceability, and efficient information processing, particularly in edge computing environments. This paper explores the integration of microservices architecture, edge computing, and blockchain technology to address these challenges, with a focus on secure file sharing. We present a framework that uses identity authentication and leverages Ethereum blockchain, IPFS, and HDFS for decentralized, tamper-resistant file sharing. Our implementation in the FsMbe system fetches data using the DHT of the distributed network after authentication by Ethereum and employs multi-round AES encryption for data sharing. Extensive experiments were conducted to evaluate our framework's performance in various scenarios, including small data communication between microservices in edge groups and large file transfers between edge nodes in larger groups. The framework demonstrated stable data transfer performance, particularly for small payloads, even as the number of clients increased. This research contributes to secure and efficient data management in edge computing and microservice environments, providing a robust solution for decentralized file sharing with enhanced performance and security.

computer science, information systems,telecommunications

Jingwei Li,Jin Li,Zheli Liu,Chunfu Jia

DOI: https://doi.org/10.1002/cpe.3067

2013-01-01

Concurrency and Computation Practice and Experience

Abstract:SUMMARYWith the rapid development of cloud computing, more and more data are being centralized into remote cloud server for sharing, which raises a challenge on how to keep them both private and accessible. Although searchable encryption provides an efficient solution to support keyword‐based search directly on encrypted data, considering its application in file sharing, existing work depends on key sharing among authorized users, which inevitably causes the risks of key exposure and abuse. In this paper, aiming at enabling efficient and secure data sharing in cloud computing, we provide a generic construction for this purpose. The proposed construction is full‐featured: (i) It enables authorized users to perform keyword‐based search directly on encrypted data without sharing the unique secret key; and (ii) it provides two‐layered access control to limit unauthorized user's access to the shared data. On the basis of the proposed generic construction, we utilize the existing techniques on identity‐based broadcast encryption and public key searchable encryption to instantiate a concrete construction. Copyright © 2013 John Wiley & Sons, Ltd.

Shunrong Jiang,Jianqing Liu,Liangmin Wang,Seong-Moo Yoo

DOI: https://doi.org/10.1109/icc.2019.8761146

2019-01-01

Abstract:Outsourcing storage and computation to clouds is popular but also raises security concerns. Most existing solutions mainly focus on an honest-but-curious cloud server, while security designs against a malicious server have not drawn enough attention. Although there are a few works addressing the issue of verifiable designs that enable the data owner to verify the integrity of search results. Unfortunately, these verification schemes are not efficient and or applicable from one scenario to another. Motivated by this, in this paper, we propose a publicly verifiable search framework for outsourced encrypted data based on blockchain. In our framework, we store the encrypted index in a decentralized blockchain (Ethereum) while outsourcing the corresponding encrypted data to the cloud or Interplanetary File System (IPFS). Thus, once a user is authorized, he/she can get the query results and check the query integrity efficiently by the designed smart contract anytime without data owner being online. Besides, to guarantee the privacy of the data user in the Ethereum, we construct a stealth authorization scheme to achieve access authorization delivery. The security analysis and performance evaluation show that the proposed scheme is secure and practical for verification of encrypted data.

Shengmin Xu,Xingshuo Han,Guowen Xu,Jianting Ning,Xinyi Huang,Robert H. Deng

DOI: https://doi.org/10.1109/tsc.2023.3321314

IF: 11.019

2024-01-01

IEEE Transactions on Services Computing

Abstract:Cloud computing is the widespread acceptance of a promising paradigm offering a substantial amount of storage and data services on demand. To preserve data confidentiality, many cryptosystems have been introduced. However, current solutions are incompatible with the resource-constrained end-devices because of a variety of vulnerabilities in terms of practicality and security. In this article, we propose a practical and secure data-sharing system by introducing a new design of attribute-based encryption with verifiable outsourced decryption-attribute-based encryption (VO-ABE for short). Our system offers: (1) data sharing at a fine-grained level; (2) a scalable key issuing protocol without any secure channel; (3) a verifiable outsourced decryption mechanism for resource-constrained end-devices against the malicious cloud service provider; and (4) adaptive security against the real-world attacks. To formalize our solution with cryptographic analysis, we present the formal definition of VO-ABE and its concrete construction with provable security. In particular, our design leverages the techniques of the traditional ABE, verifiable outsourced decryption, and randomness extractor to support fine-grained access control, cost-effective data sharing, and security assurance with high entropy. Moreover, our design is provably secure in the adaptive model under the standard assumption, which offers a stronger security guarantee since the state-of-the-art solution is selectively secure under the non-standard assumption and suffers from a variety of real-world attacks. The implementation and evaluation demonstrate that our solution enjoys superior functionality and better performance than the relevant solutions. More importantly, our solution is compatible with the resource-constrained end-devices since the decryption mechanism takes around 1.1 ms and is 22.7x faster than the state-of-the-art solution.

Jianfei Sun,Guowen Xu,Tianwei Zhang,Hu Xiong,Hongwei Li,Robert H. Deng

DOI: https://doi.org/10.1109/tcc.2021.3117998

IF: 5.697

2021-01-01

IEEE Transactions on Cloud Computing

Abstract:Benefiting from the powerful computing and storage capabilities of cloud services, data sharing in the cloud has been permeated across various applications including social networks, e-health and crowdsourcing transportation system. Intuitively, outsourcing data to untrusted cloud commonly raises concerns about data privacy breaches. To combat this, one approach is exploiting Broadcast Based Searchable Encryption (BBSE) for secure data sharing. Nevertheless, the latest proposed BBSE is still defective in either security or efficiency. In this article, we propose ESPD, an Efficient, Scalable and Privacy-preserving Data sharing framework over encrypted cloud dataset. Different from previous works, ESPD supports sharing target data to multiple users with distinct secret keys, and keeps a constant ciphertext length with the changes of the amount of system users. This feature significantly improves search efficiency and makes ESPD scalable in real-world scenarios. We show a formal analysis to prove the security of ESPD in terms of file privacy, keyword privacy and trapdoor privacy. Also, extensive experiments on real-world dataset are conducted to indicate the desirable performance of ESPD compared to other similar schemes.

Leo Yu Zhang,Yifeng Zheng,Jian Weng,Cong Wang,Zihao Shan,Kui Ren

DOI: https://doi.org/10.1109/tdsc.2018.2864748

2020-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:The wide adoption of cloud greatly facilitates the sharing of explosively generated media content today, yet deprives content providers' direct control over the outsourced media content. Thus, it is pivotal to build an encrypted cloud media center where only authorized access is allowed. Enforcing access control alone, however, cannot fully protect content providers' interests, as authorized users may later become traitors that illegally redistribute media content to the public. Such realistic threat should have been seriously treated yet is largely overlooked in the literature. In this paper, we initiate the first study on secure media sharing with fair traitor tracing in the encrypted cloud media center, through a new marriage of proxy re-encryption (for secure media sharing) and fair watermarking (for fair traitor tracing). Our key insight is to fully leverage the homomorphic properties residing in proxy re-encryption to embrace operations in fair watermarking. Two protocols are proposed for different application scenarios. We also provide complexity analysis for performance, showing that our work can also be treated as secure outsourcing of fair watermarking, and thus kills two birds with one stone. We thoroughly analyze the security strengths and conduct extensive experiments to validate the effectiveness of our design.

Lingjuan Lyu,Sid Chi-Kin Chau,Nan Wang,Yifeng Zheng

DOI: https://doi.org/10.1109/tcc.2020.3010235

IF: 5.697

2020-01-01

IEEE Transactions on Cloud Computing

Abstract:Cloud computing has been a dominant paradigm for a variety of information processing platforms, particularly for enabling various popular applications of sharing economy. However, there is a major concern regarding data privacy on these cloud-based platforms. This work presents novel cloud-based privacy-preserving solutions to support collaborative consumption applications for sharing economy. In typical collaborative consumption, information processing platforms need to enable fair cost-sharing among multiple users for utilizing certain shared facilities and communal services. Our cloud-based privacy-preserving protocols, based on homomorphic Paillier cryptosystems, can ensure that the cloud-based operator can only obtain an aggregate schedule of all users in facility sharing, or a service schedule conforming to service provision rule in communal service sharing, but is unable to track the personal schedules or demands of individual users. More importantly, the participating users are still able to settle cost-sharing among themselves in a fair manner for the incurred costs, without knowing each other's private schedules or demands. Our privacy-preserving protocols involve no other third party who may compromise privacy. We also provide an extensive evaluation study and a proof-of-concept system prototype of our protocols.

computer science, information systems, theory & methods

Zhiwei Wang,Nianhua Yang,Qingqing Chen,Wei Shen,Zhiying Zhang

DOI: https://doi.org/10.23919/jcc.fa.2020-0640.202401

2024-02-13

China Communications

Abstract:For the goals of security and privacy preservation, we propose a blind batch encryption- and public ledger-based data sharing protocol that allows the integrity of sensitive data to be audited by a public ledger and allows privacy information to be preserved. Data owners can tightly manage their data with efficient revocation and only grant one-time adaptive access for the fulfillment of the requester. We prove that our protocol is semanticallly secure, blind, and secure against oblivious requesters and malicious file keepers. We also provide security analysis in the context of four typical attacks.

telecommunications

Lo-Yao Yeh,Chih-Ya Shen,Wei-Chiao Huang,Wan-Hsin Hsu,Hsien-Chu Wu

DOI: https://doi.org/10.1109/jsyst.2021.3139319

IF: 4.802

2022-01-01

IEEE Systems Journal

Abstract:With the rise of blockchain technology, the peer-to-peer (P2P) network system has once again caught people's attention to equipping a blockchain with a big storage capacity. In the traditional P2P file-sharing network systems, such as InterPlanetary File System (IPFS), data stored in the other nodes cannot be revoked by the owner and can only be removed by other nodes themselves. To comply with the criteria of the European Union's General Data Protection Regulation, it is important to ensure that personal data can be completely removed by their owners. To improve the privacy and security of the P2P file-sharing system, we propose a revocable and monitorable P2P file-sharing system over a consortium blockchain to achieve revocation of files in the decentralized environment. By using a trusted execution environment, such as Intel Software Guard Extensions (SGX), the proposed scheme can verify the integrity of the executables of the P2P file-sharing system and generate a file authentication code for each IPFS node to make sure that the system is synchronized correctly. This scheme elaborately integrates the autonomous smart contracts and Intel SGX hardware to obtain the monitorable merit. The experimental results suggest that enhancing the security and privacy take modest computing costs into consideration. To the best of our knowledge, this scheme is the first attempt to achieve the P2P file-sharing system with securely revocable functions.

computer science, information systems,telecommunications,engineering, electrical & electronic,operations research & management science

Jhong-Ting Lou,Showkat Ahmad Bhat,Nen-Fu Huang,Bhat, Showkat Ahmad

DOI: https://doi.org/10.1007/s12083-023-01529-2

IF: 3.488

2023-08-12

Peer-to-Peer Networking and Applications

Abstract:Through the use of Ethereum, a framework is designed to simplify data exchange mechanism, improve food traceability, and improve privacy. A supply chain management system for agriculture is proposed and implemented in this paper to meet the confidentiality requirements of sensitive data and data ownership requirements. In a public blockchain environment, users can transparently verify every block generated at runtime and easily access data hosted on shared storage without authorization. To improve key distribution efficiency, we developed a proxy re-encryption scheme to manage the symmetric keys of encrypted data on shared storage. Blockchain services should improve the availability of persistent data. The interplanetary File System is used as a storage backend and to provide a file-based database that combined IPFS and a blockchain. Access control is a necessary function in the framework of multi-user data exchange. Users can manage permissions based on any data set in the Access Control List model using smart contracts that are defined by data owners. Finally, we demonstrate the system by developing a management application and integrating it into an existing food traceability system with a decoupled architecture. This demonstrates the system's ability to adapt to open data services while establishing a reliable hybrid architecture.

computer science, information systems,telecommunications

Wei Jiang,Adam Bowers,Dan Lin

DOI: https://doi.org/10.48550/arXiv.1901.10097

2019-01-29

Cryptography and Security

Abstract:Social networks, instant messages and file sharing systems are common communication means among friends, families, coworkers, etc. Due to concerns of personal privacy, identify thefts, data misuse, freedom of speech and government surveillance, online social or communication networks have provided various options for a user to guard or control his or her personal data. However, for most these services, user data are still accessible by the service providers, which can lead to both liability issues if data breach occurs at the server side and data misuse by the network administrators. To prevent service providers from accessing user data, secure end-to-end user communication is a must, like the one provided by WhatsApp. On the other hand, the services provided by such communication network can still be interfered by an authority. For a communication network to be stealthy, the following features are essential: (1) oblivious service, (2) complete user control and flexibility, and (3) lightweight. In this paper, we first discuss the features and benefits of a stealth communication network (SNET), and then we propose a theoretical framework that can be adopted to implement an SNET. By utilizing the framework and the existing publicly available cloud storage, we present the implementation details of an instance of SNET, named Secret-Share. Last but not least, we discuss the current limitations of Secret-Share and its potential extensions.

Xuexue Jin,Lingbo Wei,Mengke Yu,Nenghai Yu,Jinyuan Sun

DOI: https://doi.org/10.1109/ICCChina.2013.6671119

2013-01-01

Abstract:Cloud computing is viewed as the next generation architecture of IT companies. As promising as it is, cloud computing also brings forth many new security issues when users outsource sensitive data to cloud servers. To keep sensitive users' data confidential against untrusted servers, existing solutions usually apply cryptographic methods. With data encryption, the same file will become different from each other, thus deduplication which is widely adopted by cloud storage service providers meets some challenges. Current method to solve the problem is to make use of some information computed from the shared file to achieve deduplication of encrypted data, say convergent encryption. But this piece of information which is computable from the file via a deterministic public algorithm is not really meant to be secret. To this end, we propose a scheme to address the deduplication of encrypted data efficiently and securely with the help of ensuring the ownership of the shared file, encrypting data using keys at user's will and realizing the anonymous store through the digital credential. We achieve this aims through proof of ownership (POW), proxy re-encryption (PRE) and digital credential.

Jiahao Liu,Junjian Li,Ruoyu Wang,Chao Li,Wuhao Xia

DOI: https://doi.org/10.1109/DSC59305.2023.00028

2023-08-18

Abstract:In today's digital economy, data sharing has become imperative for advancing economic growth and technology development, as multi-party collaboration requires secure data exchange. During data sharing, upholding data security and privacy is paramount. However, existing data sharing solutions mostly rely on cloud storage and transfer, which have risks of single-point failure and compromise privacy and security. To tackle these challenges, we propose a novel solution that leverages proxy re-encryption and digital watermarking technologies, and employs blockchain to achieve equivalent access control functions based on the cloud environment, thereby mitigating the single point of failure issue. Moreover, our solution can effectively prevent data requesters from illegally sharing data with others. If any requester leaks data without authorization, we can trace the source based on the watermark embedded in the leaked data. In summary, our proposed solution enables more secure and privacy-preserving data sharing, which can potentially benefit a wide range of data sharing applications.

Computer Science,Engineering

Shunrong Jiang,Jianqing Liu,Jingwei Chen,Yiliang Liu,Liangmin Wang,Yong Zhou

DOI: https://doi.org/10.1109/TSC.2022.3199111

IF: 11.019

2023-01-01

IEEE Transactions on Services Computing

Abstract:Cloud outsourcing provides flexible storage and computation services for data users in a low cost, but it brings many security threats as the cloud server may not be fully trusted. Previous secure outsourcing solutions mostly assume that the server is honest-but-curious while the adversary model of a malicious server that may return incorrect results is rarely explored. Moreover, with the increasing popularity of verifiable computations, existing verification schemes are yet not efficient and cannot cater to different scenarios in practice. In this paper, we propose a blockchain-based verifiable search framework for the adversarial cloud outsourcing context. When outsourcing the encrypted data to the cloud or Interplanetary File System (IPFS), we also store the encrypted data index in a decentralized blockchain (i.e., Ethereum in this paper) which is public and cannot be modified. Once a user is authorized, he/she can flexibly obtain the query results and efficiently check the query integrity via the pre-deployed smart contract, without the need of the data owner being online. Moreover, for user's privacy protection, we construct a stealth authorization scheme to deliver the access authorization without any identity disclosure. Finally, theoretical analysis and performance evaluation validate the security and efficiency of our proposed framework.

Jianfei Sun,Guowen Xu,Tianwei Zhang,Xuehuan Yang,Mamoun Alazab,Robert H. Deng

DOI: https://doi.org/10.1109/TIFS.2022.3226577

IF: 7.231

2023-01-01

IEEE Transactions on Information Forensics and Security

Abstract:The cloud-based data sharing technology with cryptographic primitives enables data owners to outsource data into paradigms and privately share information with arbitrary recipients without geographic barriers. However, we argue that most of existing efforts for outsourced data sharing are either inefficient, inflexible, or incompletely secure due to the following problems: (1) lack of efficient strategies for dynamically designating target ciphertexts to multiple recipients; (2) how to hide the identity of the recipient and (3) how to verify the correctness of outsourced ciphertext transformation without any denial. To the best of our knowledge, no previous work has thoroughly explored the above three issues, motivating us to design such an efficient and comprehensively secure outsourced data sharing mechanism. We design VF-PPBA, the first Verifiable, Fair and Privacy-preserving Broadcast Authorization framework for flexible data sharing in clouds. In more detail, we first invent a new primitive, privacy-preserving multi-recipient broadcast proxy re-encryption (PPMR-BPRE), which enables the authorization of a given ciphertext to different recipients with efficient ciphertext transformation, and further guarantees that any malicious adversary deduces nothing about the identity of the recipient. Then, we present VF-PPBA for flexible data sharing with PPMR-BPRE as the underlying structure, which in addition to inheriting all the functionalities of PPMR-BPRE, is capable of supporting the verifiability of the outcome correctness of the outsourced conversion task, and being immune to the malicious accusation if the outsourcing outcome is correctly completed. We formalize the adversarial models and render comprehensively strict security proofs to prove the security of our proposed solutions. Its performance is also validated via experimental simulations to showcase the practicability and effectiveness.

Shengmin Xu,Jianting Ning,Xinyi Huang,Yingjiu Li,Guowen Xu

DOI: https://doi.org/10.1109/tdsc.2021.3106393

2022-01-01

Abstract:Healthcare Internet-of-Things (IoT) enables lightweight devices to observe patients’ vital signals and outsource them to a remote cloud to enjoy flexible data sharing. However, it faces many security threats as the outsourced data is no longer physically controlled by data owners, and the cloud that hosts the outsourced data is not fully trusted. Many privacy protection technologies have been adopted to solve this problem, among which cryptographic mechanisms have become one of the most promising tools. Unfortunately, current cryptographic mechanisms in healthcare IoT mainly suffer from the following challenges: 1) dynamic user groups for managing users’ accessibility; 2) efficient revocation mechanism to mitigate the burden during user revocation; 3) forward and backward secrecy to ensure session independence in the presence of session key leakage; 4) revocable storage to prevent data users from learning any unauthorized data even the data is authorized before; and 5) information manipulation during data transmission. In this article, we introduce a practical and secure system to address the above problems. Our system provides fine-grained access control with dynamic user groups for optimizing scalability and functionality. We prove that our system is secure against numerous real-world threats. Extensive comparison and experimental analysis demonstrate that our system enjoys superior performance than the state-of-the-art solutions.

Li Xu,Chi-Yao Weng,Lun-Pin Yuan,Mu-En Wu,Raylin Tso,Hung-Min Sun

DOI: https://doi.org/10.1007/s11227-015-1515-8

2015-01-01

Abstract:Cloud storage is one of the most important applications in our daily lives. User can store their own data into cloud storage and remotely access the saved data. Owing to the social media develops, users can share the digital files to other users, leading to the amount of data growing rapidly and searching abilities necessarily. In the some cases, servers cannot avoid data leakage even if the server provides complete access control. The encrypted data is a best way to resolve this problem but it may eliminate original structure and searching may become impossible. Applying searchable encryption for each receiver may produce messy duplication and occupy the quota of cloud storage from each receiver. User requires keeping their shared documents belonging up to date which are compared with the latest version. To this aim, we thus propose a sharable ID-based encryption with keyword search in cloud computing environment, which enables users to search in data owners’ shared storage while preserving privacy of data. For the performance analysis, we demonstrate the compared resultant with others ID-based or ID-relative encryption. In addition to that, we show the formal proof to verify the security of our proposed.

Shangqi Lai,Xingliang Yuan,Joseph K. Liu,Xun Yi,Qi Li,Dongxi Liu,Surya Nepal

DOI: https://doi.org/10.14722/ndss.2021.24330

2021-01-01

Abstract:Network function virtualisation enables versatile network functions as cloud services with reduced cost. Specifically, network measurement tasks such as heavy-hitter detection and flow distribution estimation serve many core network functions for improved performance and security of enterprise networks. However, deploying network measurement services in third-party multi-tenant cloud service providers raises critical privacy and security concerns. Recent studies demonstrate that leaking and abusing flow statistics can lead to severe network attacks such as DDoS, network topology manipulation and poisoning, etc. In this paper, we propose OblivSketch, an oblivious network measurement service using Intel SGX. It employs hardware enclave for secure network statistics generation and queries. The statistics are maintained in newly designed oblivious data structures inside the SGX enclave and queried by data-oblivious algorithms to prevent data leakage caused by access patterns to the memory of SGX. To demonstrate the practicality, we implement OblivSketch as a full-fledge service integrated with the off-the-shelf SDN framework. The evaluations demonstrate that OblivSketch consumes a constant and small memory space (6MB) to track a massive amount of flows (from 30k to 1.45m), and it takes no more than 15ms to respond six widely adopted measurement queries for a 5s-trace with 70k flows.