Results 1 - 10
of
133
Privacy-Preserving Multi-Keyword Ranked Search over Encrypted Cloud Data,"
- Proc. IEEE INFOCOM,
, 2014
"... Abstract-With the advent of cloud computing, data owners are motivated to outsource their complex data management systems from local sites to commercial public cloud for great flexibility and economic savings. But for protecting data privacy, sensitive data has to be encrypted before outsourcing, w ..."
Abstract
-
Cited by 89 (10 self)
- Add to MetaCart
Abstract-With the advent of cloud computing, data owners are motivated to outsource their complex data management systems from local sites to commercial public cloud for great flexibility and economic savings. But for protecting data privacy, sensitive data has to be encrypted before outsourcing, which obsoletes traditional data utilization based on plaintext keyword search. Thus, enabling an encrypted cloud data search service is of paramount importance. Considering the large number of data users and documents in cloud, it is crucial for the search service to allow multi-keyword query and provide result similarity ranking to meet the effective data retrieval need. Related works on searchable encryption focus on single keyword search or Boolean keyword search, and rarely differentiate the search results. In this paper, for the first time, we define and solve the challenging problem of privacy-preserving multi-keyword ranked search over encrypted cloud data (MRSE), and establish a set of strict privacy requirements for such a secure cloud data utilization system to become a reality. Among various multi-keyword semantics, we choose the efficient principle of "coordinate matching", i.e., as many matches as possible, to capture the similarity between search query and data documents, and further use "inner product similarity" to quantitatively formalize such principle for similarity measurement. We first propose a basic MRSE scheme using secure inner product computation, and then significantly improve it to meet different privacy requirements in two levels of threat models. Thorough analysis investigating privacy and efficiency guarantees of proposed schemes is given, and experiments on the real-world dataset further show proposed schemes indeed introduce low overhead on computation and communication.
Authorized private keyword search over encrypted data in cloud computing
, 2011
"... Abstract—In cloud computing, clients usually outsource their data to the cloud storage servers to reduce the management costs. While those data may contain sensitive personal information, the cloud servers cannot be fully trusted in protecting them. Encryption is a promising way to protect the confi ..."
Abstract
-
Cited by 55 (5 self)
- Add to MetaCart
(Show Context)
Abstract—In cloud computing, clients usually outsource their data to the cloud storage servers to reduce the management costs. While those data may contain sensitive personal information, the cloud servers cannot be fully trusted in protecting them. Encryption is a promising way to protect the confidentiality of the outsourced data, but it also introduces much difficulty to performing effective searches over encrypted information. Most existing works do not support efficient searches with complex query conditions, and care needs to be taken when using them because of the potential privacy leakages about the data owners to the data users or the cloud server. In this paper, using online Personal Health Record (PHR) as a case study, we first show the necessity of search capability authorization that reduces the privacy exposure resulting from the search results, and establish a scalable framework for Authorized Private Keyword Search (APKS) over encrypted cloud data. We then propose two novel solutions for APKS based on a recent cryptographic primitive, Hierarchical Predicate Encryption (HPE). Our solutions enable efficient multi-dimensional keyword searches with range query, allow delegation and revocation of search capabilities. Moreover, we enhance the query privacy which hides users ’ query keywords against the server. We implement our scheme on a modern workstation, and experimental results demonstrate its suitability for practical usage. I.
Securing personal health records in cloud computing: Patient-centric and fine-grained data access control in multi-owner settings
- In Proc. of SecureComm
, 2010
"... Abstract. Online personal health record (PHR) enables patients to manage their own medical records in a centralized way, which greatly facilitates the storage, access and sharing of personal health data. With the emergence of cloud computing, it is attractive for the PHR service providers to shift t ..."
Abstract
-
Cited by 52 (3 self)
- Add to MetaCart
(Show Context)
Abstract. Online personal health record (PHR) enables patients to manage their own medical records in a centralized way, which greatly facilitates the storage, access and sharing of personal health data. With the emergence of cloud computing, it is attractive for the PHR service providers to shift their PHR applications and storage into the cloud, in order to enjoy the elastic resources and reduce the operational cost. However, by storing PHRs in the cloud, the patients lose physical con-trol to their personal health data, which makes it necessary for each patient to encrypt her PHR data before uploading to the cloud servers. Under encryption, it is challenging to achieve fine-grained access control to PHR data in a scalable and efficient way. For each patient, the PHR data should be encrypted so that it is scalable with the number of users having access. Also, since there are multiple owners (patients) in a PHR system and every owner would encrypt her PHR files using a different set of cryptographic keys, it is important to reduce the key distribution complexity in such multi-owner settings. Existing cryptographic enforced access control schemes are mostly designed for the single-owner scenarios. In this paper, we propose a novel framework for access control to PHRs within cloud computing environment. To enable fine-grained and scalable access control for PHRs, we leverage attribute based encryption (ABE) techniques to encrypt each patients ’ PHR data. To reduce the key distribution complexity, we divide the system into multiple security domains, where each domain manages only a subset of the users. In this way, each patient has full control over her own privacy, and the key management complexity is reduced dramatically. Our proposed scheme is also flexible, in that it supports efficient and on-demand revocation of user access rights, and break-glass access under emergency scenarios.
Data storage auditing service in cloud computing: challenges, methods and opportunities
, 2012
"... ..."
Efficient and secure data storage operations for mobile cloud computing. IACR Cryptology ePrint Archive
, 2011
"... Abstract—Cloud computing is a promising technology, which is transforming the traditional Internet computing paradigm and IT industry. With the development of wireless access technologies, cloud computing is expected to expand to mobile environments, where mobile devices and sensors are used as the ..."
Abstract
-
Cited by 19 (1 self)
- Add to MetaCart
(Show Context)
Abstract—Cloud computing is a promising technology, which is transforming the traditional Internet computing paradigm and IT industry. With the development of wireless access technologies, cloud computing is expected to expand to mobile environments, where mobile devices and sensors are used as the information collection nodes for the cloud. However, users ’ concerns about data security are the main obstacles that impede cloud computing from being widely adopted. These concerns are originated from the fact that sensitive data resides in public clouds, which are operated by commercial service providers that are not trusted by the data owner. Thus, new secure service architectures are needed to address the security concerns of users for using cloud computing techniques. In this paper, we present a holistic security framework to secure the data storage in public clouds with the special focus on lightweight wireless devices store and retrieve data without exposing the data content to the cloud service providers. To achieve this goal, our solution focuses on the following two
Privacy preserving cloud data access with multi-authorities
- In IEEE INFOCOM
, 2013
"... Abstract—Cloud computing is a revolutionary computing paradigm which enables flexible, on-demand and low-cost usage of computing resources. Those advantages, ironically, are the causes of security and privacy problems, which emerge because the data owned by different users are stored in some cloud s ..."
Abstract
-
Cited by 18 (10 self)
- Add to MetaCart
(Show Context)
Abstract—Cloud computing is a revolutionary computing paradigm which enables flexible, on-demand and low-cost usage of computing resources. Those advantages, ironically, are the causes of security and privacy problems, which emerge because the data owned by different users are stored in some cloud servers instead of under their own control. To deal with security prob-lems, various schemes based on the Attribute-Based Encryption have been proposed recently. However, the privacy problem of cloud computing is yet to be solved. This paper presents an anonymous privilege control scheme AnonyControl to address not only the data privacy problem in a cloud storage, but also the user identity privacy issues in existing access control schemes. By using multiple authorities in cloud computing system, our proposed scheme achieves anonymous cloud data access and fine-grained privilege control. Our security proof and performance analysis shows that AnonyControl is both secure and efficient for cloud computing environment. I.
Privacy-preserving multi-keyword text search in the cloud supporting similaritybased ranking
- IN ASIACCS 2013
, 2013
"... With the increasing popularity of cloud computing, huge amount of documents are outsourced to the cloud for re-duced management cost and ease of access. Although en-cryption helps protecting user data confidentiality, it leaves the well-functioning yet practically-efficient secure search functions o ..."
Abstract
-
Cited by 15 (4 self)
- Add to MetaCart
(Show Context)
With the increasing popularity of cloud computing, huge amount of documents are outsourced to the cloud for re-duced management cost and ease of access. Although en-cryption helps protecting user data confidentiality, it leaves the well-functioning yet practically-efficient secure search functions over encrypted data a challenging problem. In this paper, we present a privacy-preserving multi-keyword text search (MTS) scheme with similarity-based ranking to address this problem. To support multi-keyword search and search result ranking, we propose to build the search in-dex based on term frequency and the vector space model with cosine similarity measure to achieve higher search re-sult accuracy. To improve the search efficiency, we propose a tree-based index structure and various adaption methods for multi-dimensional (MD) algorithm so that the practical search efficiency is much better than that of linear search. To further enhance the search privacy, we propose two secure index schemes to meet the stringent privacy requirements under strong threat models, i.e., known ciphertext model and known background model. Finally, we demonstrate the effectiveness and efficiency of the proposed schemes through extensive experimental evaluation.
Y.T.: Lt codes-based secure and reliable cloud storage service
- In: INFOCOM. IEEE (2012
"... Abstract—With the increasing adoption of cloud computing for data storage, assuring data service reliability, in terms of data correctness and availability, has been outstanding. While redundancy can be added into the data for reliability, the problem becomes challenging in the “pay-as-you-use ” clo ..."
Abstract
-
Cited by 8 (1 self)
- Add to MetaCart
(Show Context)
Abstract—With the increasing adoption of cloud computing for data storage, assuring data service reliability, in terms of data correctness and availability, has been outstanding. While redundancy can be added into the data for reliability, the problem becomes challenging in the “pay-as-you-use ” cloud paradigm where we always want to efficiently resolve it for both corruption detection and data repair. Prior distributed storage systems based on erasure codes or network coding techniques have either high decoding computational cost for data users, or too much burden of data repair and being online for data owners. In this paper, we design a secure cloud storage service which addresses the reliability issue with near-optimal overall performance. By allowing a third party to perform the public integrity verification, data owners are significantly released from the onerous work of periodically checking data integrity. To completely free the data owner from the burden of being online after data outsourcing, this paper proposes an exact repair solution so that no metadata needs to be generated on the fly for repaired data. The perfor-mance analysis and experimental results show that our designed service has comparable storage and communication cost, but much less computational cost during data retrieval than erasure codes-based storage solutions. It introduces less storage cost, much faster data retrieval, and comparable communication cost comparing to network coding-based distributed storage systems. I.
Protecting Your Right: Attribute-based Keyword Search with Fine-grained Owner-enforced Search Authorization in the Cloud
, 2014
"... Search over encrypted data is a critically important enabling technique in cloud computing, where encryption-before-outsourcing is a fundamental solution to protecting user data privacy in the untrusted cloud server environment. Many secure search schemes have been focusing on the single-contributo ..."
Abstract
-
Cited by 7 (1 self)
- Add to MetaCart
Search over encrypted data is a critically important enabling technique in cloud computing, where encryption-before-outsourcing is a fundamental solution to protecting user data privacy in the untrusted cloud server environment. Many secure search schemes have been focusing on the single-contributor scenario, where the outsourced dataset or the secure searchable index of the dataset are encrypted and managed by a single owner, typically based on symmetric cryptography. In this paper, we focus on a different yet more challenging scenario where the outsourced dataset can be contributed from multiple owners and are searchable by multiple users, i.e. multi-user multi-contributor case. Inspired by attribute-based encryption (ABE), we present the first attribute-based keyword search scheme with efficient user revocation (ABKS-UR) that enables scalable fine-grained (i.e. file-level) search authorization. Our scheme allows multiple owners to encrypt and outsource their data to the cloud server independently. Users can generate their own search capabilities without relying on an always online trusted authority. Fine-grained search authorization is also implemented by the owner-enforced access policy on the index of each file. Further, by incorporating proxy re-encryption and lazy re-encryption techniques, we are able to delegate heavy system update workload during user revocation to the resourceful semi-trusted cloud server. We formalize the security definition and prove the proposed ABKS-UR scheme selectively secure against chosen-keyword attack. Finally, performance evaluation shows the efficiency of our scheme.
Access control enforcement on query-aware encrypted cloud databases
- In IEEE International Conference on Cloud Computing Technology and Science
, 2013
"... Abstract—The diffusion of cloud database services requires a lot of efforts to improve confidentiality of data stored in external infrastructures. We propose a novel scheme that integrates data encryption with users access control mechanisms. It can be used to guarantee confidentiality of data with ..."
Abstract
-
Cited by 5 (2 self)
- Add to MetaCart
(Show Context)
Abstract—The diffusion of cloud database services requires a lot of efforts to improve confidentiality of data stored in external infrastructures. We propose a novel scheme that integrates data encryption with users access control mechanisms. It can be used to guarantee confidentiality of data with respect to a public cloud infrastructure, and to minimize the risks of internal data leakage even in the worst case of a legitimate user colluding with some cloud provider personnel. The correctness and feasibility of the proposal is demonstrated through formal models, while the integration in a cloud-based architecture is left to future work. I.