Jian Zhang,Yang,Yanjiao Chen,Jing Chen,Qian Zhang

DOI: https://doi.org/10.1016/j.comnet.2017.08.019

IF: 5.493

2017-01-01

Computer Networks

Abstract:With the growing popularity of cloud storage, to guarantee the security of outsourced data becomes more and more important. In this paper, we make the first attempt to explore the intrinsic relationship between secure cloud storage and homomorphic encryption scheme, based on which we present a Generic way to design a Secure Cloud Storage protocol, denoted as G-SCS, using any homomorphic encryption scheme (HES). The proposed G-SCS is secure under a definition that satisfy the security requirement of cloud storage. To address various issues in real application scenarios, we further extend the protocol to support deterministic and randomized auditing, data dynamics (i.e., data insertion, deletion and modification), as well as third-party public auditing, while preserving the efficiency and security of the protocol. By instantiating all abstract semantics in G-SCS, we construct three concrete secure cloud storage protocols using RSA-based, Paillier-based and DGHV-based HESs, which are multiplicatively, additively and fully HESs, respectively. We conduct extensive theoretical analysis and experimental evaluations to validate the practicability of the proposed protocol.

Haifeng Li,Liangliang Liu,Caihui Lan,Caifen Wang,He Guo

DOI: https://doi.org/10.1109/access.2020.2991579

IF: 3.9

2020-01-01

IEEE Access

Abstract:Aiming at reducing the local storage burden and computational costs, numerous individuals and enterprises are willing to outsource their data to the cloud server. Meanwhile, due to the loss of the actual physical control over their data files once outsourced to the cloud server, how to guarantee the cloud server keep user's data integrity is an important security issue to be addressed urgently. Accordingly, multiple data integrity checking schemes based on the traditional cryptosystem have been proposed. However, with the advent and development of quantum computer, these existing data integrity checking schemes are no longer secure. Thus, it is necessary to study the new scheme which can resist quantum attack to adapt to the quantum era. In this work, we put forward a novel scheme named lattice-based privacy-preserving and forward-secure cloud storage public auditing scheme (LB-PPFS). Our proposed scheme is not only quantum-attack-against, but also enjoy the privacy-preserving and forward-secure property. In the proposed scheme, a curious auditor cannot learn any knowledge of user's data because the original data is encapsulated with a random number. In addition, the lattice basis delegation technique is adopted to achieve forward security for resisting key exposure attack. Based on the hardness assumptions of SIS problem from lattice, we prove that the proposed scheme can achieve formally provable security. Besides, the theoretical analysis and performance evaluation demonstrate that the proposed scheme is effective and feasible to guarantee the quantum security for the data integrity in cloud storage.

Hongyi Su,Geng Yang,and Dawei Li

2011-01-01

Abstract:Data storage is an important application of cloud computing. With a cloud computing platform, the burden of local data storage can be reduced. However, services and applications in a cloud may come from different providers, and creating an efficient protocol to protect privacy is critical. We propose a verification protocol for cloud database entries that protects against untrusted service providers. Based on identity-based encryption （IBE） for cloud storage, this protocol guards against breaches of privacy in cloud storage. It prevents service providers from easily constructing cloud storage and forging the signature of data owners by secret sharing. Simulation results confirm the availability and efficiency of the proposed protocol.

Xiaojun Zhang,Jie Zhao,Chunxiang Xu,Huaxiong Wang,Yuan Zhang

DOI: https://doi.org/10.1109/tsc.2019.2942297

IF: 11.019

2022-01-01

IEEE Transactions on Services Computing

Abstract:Public verification enables cloud users to employ a third party auditor (TPA) to check the data integrity. However, recent breakthrough results on quantum computers indicate that applying quantum computers in clouds would be realized. A majority of existing public verification schemes are based on conventional hardness assumptions, which are vulnerable to adversaries equipped with quantum computers in the near future. Moreover, new security issues need to be solved when an original data owner is restricted or cannot access the remote cloud server flexibly. In this paper, we propose an efficient identity-based data outsourcing with public integrity verification scheme (DOPIV) in cloud storage. DOPIV is designed on lattice-based cryptography, which achieves post-quantum security. DOPIV enables an original data owner to delegate a proxy to generate the signatures of data and outsource them to the cloud server. Any TPA can perform data integrity verification efficiently on behalf of the original data owner, without retrieving the entire data set. Additionally, DOPIV possesses the advantages of being identity-based systems, avoiding complex certificate management procedures. We provide security proofs of DOPIV in the random oracle model, and conduct a comprehensive performance evaluation to show that DOPIV is more practical in post-quantum secure cloud storage systems.

computer science, information systems, software engineering

Haifeng Li,Yuxin Wang,Xingbing Fu,Caihui Lan,Caifen Wang,Fagen Li,He Guo

DOI: https://doi.org/10.1016/j.jisa.2021.102927

IF: 4.96

2021-09-01

Journal of Information Security and Applications

Abstract:To reduce the local storage burden and enjoy the conveniently ubiquitous access, an increasing number of individuals and enterprises prefer to outsource their data to the cloud server. Due to the loss of physical control over data, how to guarantee the cloud server stores user's data honestly becomes an important security challenge. Meanwhile, most of existing public auditing schemes based on traditional public key cryptosystem either suffer from bearing the heavy burden of certificate management or possess an inherent key escrow drawback. Even worse, with the advent of powerful quantum computers, most of them could be cracked quickly by a large-scale quantum computer in polynomial time in the near future. To this end, we propose a novel post-quantum secure certificateless public auditing scheme in cloud storage (PSCPAC) from lattice assumptions. Compared with the existing schemes, our novel scheme enjoys the following promising merits: (1) removing the requirement for complicated certificate management in traditional PKI-based public auditing schemes; (2) eliminating the inherent key escrow problem in ID-based public auditing schemes; (3) providing resistance against quantum computers attacks. Correctness, security and performance analysis demonstrate that PSCPAC is provably secure, highly efficient and more practical for post-quantum security in cloud storage public auditing.

computer science, information systems

Xiaojun Zhang,Chunxiang Xu,Chunhua Jin

DOI: https://doi.org/10.1504/ijesdf.2016.073736

2016-01-01

International Journal of Electronic Security and Digital Forensics

Abstract:With the rapid development of cloud storage technology, users choose to store their data in the cloud server remotely. Without the burden of local data storage and maintenance, users can enjoy on-demand high quality cloud storage services. Recently, lattice-based cryptography has been considered as the best choice for post-quantum cryptography, which can resist quantum computer attacks. Considering the forthcoming of the quantum computer in the near future, in this paper, we propose an efficient identity-based cloud storage public auditing scheme, which is constructed based on lattice. We prove our scheme can guarantee public verifiability, unforgeability. Moreover, our scheme can prevent the third party auditor (TPA) from revealing the primitive data blocks of cloud users. In particular, to achieve efficient data dynamics, by utilising index hash tables, our auditing scheme can efficiently perform dynamic operations. Efficient performance analysis demonstrates that our public auditing scheme is more efficient and more practical even in the post-quantum cryptographic era.

Qianqian Jia,Run-hua Shi,Huijie Li

DOI: https://doi.org/10.1088/1402-4896/ad69e0

2024-08-02

Physica Scripta

Abstract:Cloud computing, as a popular technology in recent years, has greatly facilitated the development of data outsourcing services. However, when users access sensitive data stored in the cloud, ensuring the security of data remains a pressing challenge. In this paper, we present a privacy-preserving keyword query scheme for outsourced data in cloud environment. Furthermore, to implement this scheme, we propose a series of quantum basic protocols with single qubits. The proposed basic protocols do not require the execution of quantum gate operations, and the necessary measurements are only Bell measurements based on measurement-device-independence. Therefore, it is practical and feasible under current technology. Moreover, compared with classical schemes, our scheme has higher security (i.e., quantum security). Finally, we conduct simulation experiments in IBM Qiskit to verify the correctness and feasibility of the critical parts of the scheme.

physics, multidisciplinary

D. Dhinakaran,D. Selvaraj,N. Dharini,S. Edwin Raja,C. Sakthi Lakshmi Priya

2024-07-09

Abstract:The intersection of cloud computing, blockchain technology, and the impending era of quantum computing presents a critical juncture for data security. This research addresses the escalating vulnerabilities by proposing a comprehensive framework that integrates Quantum Key Distribution (QKD), CRYSTALS Kyber, and Zero-Knowledge Proofs (ZKPs) for securing data in cloud-based blockchain systems. The primary objective is to fortify data against quantum threats through the implementation of QKD, a quantum-safe cryptographic protocol. We leverage the lattice-based cryptographic mechanism, CRYSTALS Kyber, known for its resilience against quantum attacks. Additionally, ZKPs are introduced to enhance data privacy and verification processes within the cloud and blockchain environment. A significant focus of this research is the performance evaluation of the proposed framework. Rigorous analyses encompass encryption and decryption processes, quantum key generation rates, and overall system efficiency. Practical implications are scrutinized, considering factors such as file size, response time, and computational overhead. The evaluation sheds light on the framework's viability in real-world cloud environments, emphasizing its efficiency in mitigating quantum threats. The findings contribute a robust quantum-safe and ZKP-integrated security framework tailored for cloud-based blockchain storage. By addressing critical gaps in theoretical advancements, this research offers practical insights for organizations seeking to secure their data against quantum threats. The framework's efficiency and scalability underscore its practical feasibility, serving as a guide for implementing enhanced data security in the evolving landscape of quantum computing and blockchain integration within cloud environments.

Cryptography and Security

Wenjie Liu,Peipei Gao,Zhihao Liu,Hanwu Chen,Maojun Zhang

DOI: https://doi.org/10.1155/2019/4923590

2020-02-01

Abstract:Cloud computing is a powerful and popular information technology paradigm that enables data service outsourcing and provides higher-level services with minimal management effort. However, it is still a key challenge to protect data privacy when a user accesses the sensitive cloud data. Privacy-preserving database query allows the user to retrieve a data item from the cloud database without revealing the information of the queried data item, meanwhile limiting user's ability to access other ones. In this study, in order to achieve the privacy preservation and reduce the communication complexity, a quantum-based database query scheme for privacy preservation in cloud environment is developed. Specifically, all the data items of the database are firstly encrypted by different keys for protecting server's privacy, and in order to guarantee the clients' privacy, the server is required to transmit all these encrypted data items to the client with the oblivious transfer strategy. Besides, two oracle operations, a modified Grover iteration, and a special offset encryption mechanism are combined together to ensure that the client can correctly query the desirable data item. Finally, performance evaluation is conducted to validate the correctness, privacy, and efficiency of our proposed scheme.

Quantum Physics,Cryptography and Security

Xiong Li,Saru Kumari,Jian Shen,Fan Wu,Caisen Chen,SK Hafizul Islam

DOI: https://doi.org/10.1007/s11277-016-3742-6

IF: 2.017

2016-01-01

Wireless Personal Communications

Abstract:Cloud storage is a new storage mode emerged along with the development of cloud computing paradigm. By migrating the data to cloud storage, the consumers can be liberated from building and maintaining the private storage infrastructure, and they can enjoy the data storage service at anywhere and anytime with high reliability and a relatively low cost. However, the security and privacy risks, especially the confidentiality and integrity of data seem to be the biggest hurdle to the adoption of the cloud storage applications. In this paper, we consider the secure data access and sharing issues for cloud storage services. Based on the intractability of the discrete logarithm problem, we design a secure data access and data sharing scheme for cloud storage, where we utilize the user authentication scheme to deal with the data access problem. According to our analysis, through our scheme, only valid user with the correct password and biometric can access to the cloud storage provider. Besides, the authorized users can access the rightful resources and verify the validity of the shared data, but cannot transfer the permission to any other party. At the same time, the confidentiality and integrity of data can be guaranteed.

Vamshi Adouth,Eswari Rajagopal

DOI: https://doi.org/10.1002/cpe.8192

2024-06-13

Concurrency and Computation Practice and Experience

Abstract:In the era of digital proliferation, individuals opt for cloud servers to store their data due to the diverse advantages they offer. However, entrusting data to cloud servers relinquishes users' control, potentially compromising data confidentiality and integrity. Traditional auditing methods designed to ensure data integrity in cloud servers typically depend on Trusted Third Party Auditors. Yet, many of these existing auditing approaches grapple with intricate certificate management and key escrow issues. Furthermore, the imminent threat of powerful quantum computers poses a risk of swiftly compromising these methods in polynomial time. To overcome these challenges, this paper introduces a Quantum‐based Secure Key Communication and Key Generation Scheme QSKCG for Outsourced Data in the Cloud. Leveraging Elliptic Curve Cryptography, the BB84 secure communication protocol, certificateless signature, and blockchain network, the proposed scheme is demonstrated through security analysis, affirming its robustness and high efficiency. Additionally, performance analysis underscores the practicality of the proposed scheme in achieving post‐quantum security in cloud storage.

computer science, theory & methods, software engineering

Zhepeng Wang,Yi Sheng,Nirajan Koirala,Kanad Basu,Taeho Jung,Cheng-Chang Lu,Weiwen Jiang

2024-04-21

Abstract:Benefiting from cloud computing, today's early-stage quantum computers can be remotely accessed via the cloud services, known as Quantum-as-a-Service (QaaS). However, it poses a high risk of data leakage in quantum machine learning (QML). To run a QML model with QaaS, users need to locally compile their quantum circuits including the subcircuit of data encoding first and then send the compiled circuit to the QaaS provider for execution. If the QaaS provider is untrustworthy, the subcircuit to encode the raw data can be easily stolen. Therefore, we propose a co-design framework for preserving the data security of QML with the QaaS paradigm, namely PristiQ. By introducing an encryption subcircuit with extra secure qubits associated with a user-defined security key, the security of data can be greatly enhanced. And an automatic search algorithm is proposed to optimize the model to maintain its performance on the encrypted quantum data. Experimental results on simulation and the actual IBM quantum computer both prove the ability of PristiQ to provide high security for the quantum data while maintaining the model performance in QML.

Quantum Physics,Artificial Intelligence,Cryptography and Security,Emerging Technologies,Machine Learning

Ali A. Yassin,Hai Jin,Ayad Ibrahim,Weizhong Qiang,Deqing Zou

DOI: https://doi.org/10.1109/IPDPSW.2012.148

2012-01-01

Abstract:An era of cloud computing allows users to profit from many privileges. However, there are several new security challenges. In fact, anonymous password authentication in the traditional setting has been suffered from many inherent drawbacks such as ease of exposure to malicious attacks and users registered their passwords in the server. Our scheme proposes the phenomenal context according to three main components: data owner, users, and service provider in cloud where users do not need to register their passwords in the service provider. Moreover, the data owner is contributed to make secure decisions, so that he manages the significant keys to other components distributedly. The proposal enjoys several advantages such as preserving privacy of password, unlink ability, and secrecy of session key. We have given a mechanism to prove the identity of the users authenticated without a need to reveal their passwords. Our approach has been achieved good results of reliability, and validity for cloud password authentication. The experimental results show an effective level of performance.

Md. Jakir Hossain,Chunxiang Xu

DOI: https://doi.org/10.1109/ICCCS52626.2021.9449136

2021-01-01

Abstract:With the rapid development of the computing paradigm, cloud computing becomes the most notable one that offers convenient and on-demand services from a shared pool of configurable computing resources. However, the application of quantum computers in clouds would be realized from the recent breakthrough results of quantum computers. In the near future, existing conventional hardness-based authentication schemes will be confronted with quantum attackers. Lattice-based authentication scheme resolves this tension. Albeit, existing lattice-based schemes, users and cloud servers are always worried about the communication privacy against misbehaved private key generator referred to as mPKG since PKG potentially has the power to generate the secret key for any given identity. In this paper, we proposed a secure authentication scheme for cloud storage that thwarts the misbehaved PKG. We integrate the identity-based encryption (IBE) scheme with the lattice-based signature, which is the variant of existing IBE-based authentication schemes and post-quantum secure. Additionally, we integrate identity certifying authority (ICA) with PKG to ensure security against misbehaved PKG. Our comprehensive security proof demonstrates that the proposed scheme provides stronger security guarantees against misbehaved PKG and ICA.

Jinqiu Hou,Changgen Peng,Weijie Tan,Hongfa Ding

DOI: https://doi.org/10.32604/cmes.2023.027276

2024-01-01

Computer Modeling in Engineering & Sciences

Abstract:Cloud-based services have powerful storage functions and can provide accurate computation. However, the question of how to guarantee cloud-based services access control and achieve data sharing security has always been a research highlight. Although the attribute-based proxy re-encryption (ABPRE) schemes based on number theory can solve this problem, it is still difficult to resist quantum attacks and have limited expression capabilities. To address these issues, we present a novel linear secret sharing schemes (LSSS) matrix-based ABPRE scheme with the fine-grained policy on the lattice in the research. Additionally, to detect the activities of illegal proxies, homomorphic signature (HS) technology is introduced to realize the verifiability of re-encryption. Moreover, the non-interactivity, unidirectionality, proxy transparency, multi-use, and anti-quantum attack characteristics of our system are all advantageous. Besides, it can efficiently prevent the loss of processing power brought on by repetitive authorisation and can enable precise and safe data sharing in the cloud. Furthermore, under the standard model, the proposed learning with errors (LWE)-based scheme was proven to be IND-sCPA secure.

engineering, multidisciplinary,mathematics, interdisciplinary applications

Lu Shen,Shifang Feng,Jinjin Sun,Zhongwei Li,Gang Wang,Xiaoguang Liu

DOI: https://doi.org/10.1007/978-3-319-27137-8_51

2016-01-01

IEICE Transactions on Information and Systems

Abstract:With the increase of data quantity, people have begun to attach importance to cloud storage, however, traditional single cloud can’t ensure the privacy of users’ data to a certain extent. To solve the security issue, we present a multi-cloud storage system called CloudS which spreads data over multiple cloud storage servers by using a new kind of XOR-based non-systematic erasure codes - Privacy Protecting Codes (PPC). For better user experiences and tradeoffs between security and performance, CloudS provides multiple levels of security by a variety of combinations of compression, encryption and coding schemes. In addition, we also put forward a novel Parallel Cyclic Encryption (PCE) scheme to achieve random secret key protection which attains high security and performance. We implement CloudS as a web application which doesn’t require users to perform complicated operations on local.

Jingyu Wang,Ruichun Gu

DOI: https://doi.org/10.1109/icsess.2014.6933560

2014-01-01

Abstract:Cloud computing is a revolutionary computing paradigm which enables flexible, on-demand and low-cost usage of computing resources. Those advantages are the causes of security and privacy problems, which emerge because the data owned by different users are stored in some cloud servers instead of under their own control. How to protect the data privacy is the most important in cloud computing. In this paper, based on virtual adversary structure, a data security access scheme is proposed to protect sensitive data. The virtual adversary structure is realized by an efficient secret sharing scheme. The scheme has been shown to have reconstruction and perfect properties of the secret sharing. It only performs modular additions and subtractions and every share is replicated in multiple share sets. Based on virtual adversary structure and secret sharing, the scheme also has some advantages: low computational complexity and high recoverability.

Kai Fan,Tingting Liu,Kuan Zhang,Hui Li,Yintang Yang

DOI: https://doi.org/10.1016/j.jpdc.2019.09.008

IF: 4.542

2020-01-01

Journal of Parallel and Distributed Computing

Abstract:<p>With the development of computer technology, it makes malicious users more easily get data stored in cloud. However, these data are always related to users' privacy, and it is harmful when the data are acquired by attackers. Ciphertext-policy attribute-based encryption (CP-ABE) is suitable to achieve privacy and security in cloud. In this paper, we put forward a secure and efficient outsourced computation algorithm on data sharing scheme for privacy computing. Existing schemes only outsource decryption computation to the cloud, users still have heavy burden in encryption. In order to reduce the computing burden of users, most encryption and decryption computations are outsourced to the cloud service provider in our construction. At the same time, to apply in practice, we propose efficient user and attribute revocation. Finally, the security analysis and simulation results show that our scheme is secure and efficient compared with existing schemes.</p>

computer science, theory & methods

Xiaojun Wen,Yongzhi Chen,Wei Zhang,L. Jiang Zoe,Junbin Fang

DOI: https://doi.org/10.1016/j.optlastec.2023.110130

2024-01-01

Abstract:At present, the protection of data privacy has become one of the research hotspots. However, the classic data privacy protection scheme is based on the classic cryptosystem. The classical cryptosystem is based on the computational complexity of mathematical intractable problems. With the improvement of computer computing power, the security of the classical cryptosystem is seriously threatened. Based on the physical properties of quantum mechanics, using quantum key distribution and quantum teleportation technology, a quantum protection scheme for private data based on trusted center is designed. In theory, this scheme has the unconditional security of quantum cryptography and is independent of the computing power of the attacker.

Tao Jiang,Xiaofeng Chen,Jin Li,Duncan S. Wong,Jianfeng Ma,Joseph K. Liu

DOI: https://doi.org/10.1016/j.future.2014.11.002

2014-01-01

Abstract:To increase the profit, a semi-trusted cloud service provider may outsource the files of its client to some low expensive cloud service providers, which may violate the wishes of cloud users and impair their legitimate rights and interests. In this paper, a probabilistic challenge–response scheme is proposed to prove that users’ files are available and stored in a specified cloud server. In our scheme, common cloud infrastructure with some reasonable limits, such as rational economic security model, semi-collusion security model and response time bound, are exploited to resist the collusion of cloud servers. These limits guarantee that a malicious cloud service provider could not conduct a t-round communication in a limited time. The security and performance analysis demonstrate that our scheme provides strong incentives against an economically rational cloud service provider from re-outsourcing its clients’ data to some other cloud providers.