VMKDO: Verifiable multi-keyword search over encrypted cloud data for dynamic data-owner

The advantages of cloud computing encourage individuals and enterprises to outsource their local data storage and computation to cloud server, however, data security and privacy concerns seriously hinder the practicability of cloud storage. Although searchable encryption (SE) technique enables cloud server to provide fundamental encrypted data retrieval services for data-owners, equipping with a result verification mechanism is still of prime importance in practice as semi-trusted cloud server may return incorrect search results. Besides, single keyword search inevitably incurs many irrelevant results which result in waste of bandwidth and computation resources. In this paper, we are among the first to tackle the problems of data-owner updating and result verification simultaneously. To this end, we devise an efficient cryptographic primitive called as verifiable multi-keyword search over encrypted cloud data for dynamic data-owner scheme to protect both data confidentiality and integrity. Rigorous security analysis proves that our scheme is secure against keyword guessing attack (KGA) in standard model. As a further contribution, the empirical experiments over real-world dataset show that our scheme is efficient and feasible in practical applications.     

Efficient multi-keyword ranked query over encrypted data in cloud computing

Cloud computing infrastructure is a promising new technology and greatly accelerates the development of large scale data storage, processing and distribution. However, security and privacy become major concerns when data owners outsource their private data onto public cloud servers that are not within their trusted management domains. To avoid information leakage, sensitive data have to be encrypted before uploading onto the cloud servers, which makes it a big challenge to support efficient keyword-based queries and rank the matching results on the encrypted data. Most current works only consider single keyword queries without appropriate ranking schemes. In the current multi-keyword ranked search approach, the keyword dictionary is static and cannot be extended easily when the number of keywords increases. Furthermore, it does not take the user behavior and keyword access frequency into account. For the query matching result which contains a large number of documents, the out-of-order ranking problem may occur. This makes it hard for the data consumer to find the subset that is most likely satisfying its requirements. In this paper, we propose a flexible multi-keyword query scheme, called MKQE to address the aforementioned drawbacks. MKQE greatly reduces the maintenance overhead during the keyword dictionary expansion. It takes keyword weights and user access history into consideration when generating the query result. Therefore, the documents that have higher access frequencies and that match closer to the users’ access history get higher rankings in the matching result set. Our experiments show that MKQE presents superior performance over the current solutions.     

Split keyword fuzzy and synonym search over encrypted cloud data

Multimedia Tools and Applications - A substitute solution for various organizations of data owners to store their data in the cloud using storage as a service(SaaS). The outsourced sensitive data...     

Resolving privacy-preserving relationships over outsourced encrypted data storages

Due to the numerous advantages in terms of cost reduction, usability, and flexibility, today we are witnessing the adoption of solutions where individuals and enterprises prefer to outsource (part of) their private information or assets for processing to third parties. Yet, such adoption will not become a complete success unless outsourced data storages reliably guarantee the privacy of sensitive information. With this aim in mind, some data storage providers offer the possibility of encrypting assets, achieving a remarkable degree of privacy, but at the expense of usability. At best, advanced cryptographic primitives can be directly implemented over the encrypted data to allow its owners to perform certain operations, such as keyword-based searches, on the side of the data storages. The paper at hand proposes a novel approach based on fully homomorphic encryption to correlate encrypted pieces of data in outsourced data storages. The goal was to enrich searchable encryption solutions by transparently adding related keywords to a given query, yet preventing the data storages to know the outsourced information, the received query, the resulting response, or the relationship between queries and responses. The conducted experiments show that nowadays, the main bottleneck resides in the inefficiency of the existing fully homomorphic encryption algorithms. Nevertheless, our proposal is not tied to any particular algorithm, thereby allowing users to select the most efficient in terms of computing time.     

Efficient privacy-preserving frequent itemset query over semantically secure encrypted cloud database

World Wide Web - In recent years, more users tend to use data mining as a service (DMaaS) provided by cloud service providers. However, while enjoying the convenient pay-per-use mode and powerful...     

Efficient wildcard search over encrypted data

Searchable encryption is an important technique that allows the data owners to store their encrypted data in the cloud. It also maintains the ability to search a keyword over encrypted data. In practice, searchable encryption scheme supporting wildcard search is very important and widely used. In this paper, we propose a new wildcard search technique to use one wildcard to represent any number of characters. Based on Bloom filter with a novel specified characters position technique, we construct a new searchable symmetric scheme to support wildcard search over encrypted data. This scheme is more efficient than prior schemes, and it can be strengthened to be secure against an adaptive attacker (CKA-2 security). Moreover, this scheme can be dynamic to support file addition and deletion. Our wildcard search technique is of independent interest.     

Multi-Keyword search over encrypted data with scoring and search pattern obfuscation

Search over encrypted data recently became a critical operation that raised a considerable amount of interest in both academia and industry. Especially, as outsourcing, sensitive data to cloud prove to be a strong trend to benefit from the unmatched storage and computing capacities thereof. Indeed, privacy-preserving search over encrypted data, an apt term to address privacy-related issues concomitant in outsourcing sensitive data, have been widely investigated in the literature under different models and assumptions. In this work, we propose an efficient scheme that allows privacy-preserving search over encrypted data using queries with multiple keywords. Most important contributions of this work are as follows. Firstly, using a property referred as \(\delta \)-mean query obfuscation, the proposed scheme hides the search patterns, which are allowed to leak in many works in the literature including our preliminary work on the subject Orencik et al. (2013) [1]. Secondly, a two-server setting is employed to eliminate the correlation between the queries and matching documents sent to the user under the assumption that the two servers are not colluding. Thirdly, we propose a novel compression scheme that reduces both the communication cost between the two servers and the computation cost of the search operation more than 55 times compared to the standard approach. And finally, the proposed scheme also provides an effective scoring and ranking capability that is based on term frequency–inverse document frequency (tf-idf) weights of keyword–document pairs. Our analyses demonstrate that the proposed scheme is privacy-preserving, efficient and effective.     

Achieving fully privacy-preserving private range queries over outsourced cloud data

With the prevalence of cloud computing, data owners are motivated to outsource their databases to the cloud server. However, to preserve data privacy, sensitive private data have to be encrypted before outsourcing, which makes data utilization a very challenging task. Existing work either focus on keyword searches and single-dimensional range query, or suffer from inadequate security guarantees and inefficiency. In this paper, we consider the problem of multidimensional private range queries over encrypted cloud data. To solve the problem, we systematically establish a set of privacy requirements for multidimensional private range queries, and propose a multidimensional private range query (MPRQ) framework based on private block retrieval (PBR), in which data owners keep the query private from the cloud server. To achieve both efficiency and privacy goals, we present an efficient and fully privacy-preserving private range query (PPRQ) protocol by using batch codes and multiplication avoiding technique. To our best knowledge, PPRQ is the first to protect the query, access pattern and single-dimensional privacy simultaneously while achieving efficient range queries. Moreover, PPRQ is secure in the sense of cryptography against semi-honest adversaries. Experiments on real-world datasets show that the computation and communication overhead of PPRQ is modest.     

Information retrieval of mass encrypted data over multimedia networking with N-level vector model-based relevancy ranking

Multimedia Tools and Applications - With an explosive growth in the deployment of networked applications over the Internet, searching the encrypted information that the user needs becomes...     

VKSE-MO: verifiable keyword search over encrypted data in multi-owner settings

Searchable encryption (SE) techniques allow cloud clients to easily store data and search encrypted data in a privacy-preserving manner, where most of SE schemes treat the cloud server as honest-but-curious. However, in practice, the cloud server is a semi-honest-but-curious third-party, which only executes a fraction of search operations and returns a fraction of false search results to save its computational and bandwidth resources. Thus, it is important to provide a results verification method to guarantee the correctness of the search results. Existing SE schemes allow multiple data owners to upload different records to the cloud server, but these schemes have very high computational and storage overheads when applied in a different but more practical setting where each record is co-owned by multiple data owners. To address this problem, we develop a verifiable keyword search over encrypted data in multi-owner settings (VKSE-MO) scheme by exploiting the multisignatures technique. Thus, our scheme only requires a single index for each record and data users are assured of the correctness of the search results in challenging settings. Our formal security analysis proved that the VKSE-MO scheme is secure against a chosen-keyword attack under a random oracle model. In addition, our empirical study using a real-world dataset demonstrated the efficiency and feasibility of the proposed scheme in practice.     

VCSE: Verifiable conjunctive keywords search over encrypted data without secure-channel

Data outsourcing service has gained remarkable popularity with considerable amount of enterprises and individuals, as it can relief heavy computation and management burden locally. While in most existing models, honest-but-curious cloud service provider (CSP) may return incorrect results and inevitably give rise to serious security breaches, thus the results verification mechanism should be raised to guarantee data accuracy. Furthermore, the construction of secure-channel incurs heavy cryptographic operations and single keyword search returns many irrelevant results. Along these directions, we further design a significantly more effective and secure cryptographic primitive called as verifiable conjunctive keywords search over encrypted data without secure-channel scheme to assure data integrity and availability. Formal security analysis proves that it can effectively stand against outside keyword-guessing attack. As a further contribution, our actual experiments show that it can admit wide applicability in practice.     

An efficient method for privacy-preserving trajectory data publishing based on data partitioning

The Journal of Supercomputing - Since Osman Abul et al. first proposed the k-anonymity-based privacy protection for trajectory data, researchers have proposed a variety of trajectory...     

Secure and efficient privacy-preserving public auditing scheme for cloud storage

Cloud computing poses many challenges on integrity and privacy of users’ data though it brings an easy, cost-effective and reliable way of data management. Hence, secure and efficient methods are needed to ensure integrity and privacy of data stored at the cloud. Wang et al. proposed a privacy-preserving public auditing protocol in 2010 but it is seriously insecure. Their scheme is vulnerable to attacks from malicious cloud server and outside attackers regarding to storage correctness. So they proposed a scheme in 2011 with an improved security guarantee but it is not efficient. Thus, in this paper, we proposed a scheme which is secure and with better efficiency. It is a public auditing scheme with third party auditor (TPA), who performs data auditing on behalf of user(s). With detail security analysis, our scheme is proved secure in the random oracle model and our performance analysis shows the scheme is efficient.     

Support vector machine classification over encrypted data

Applied Intelligence - Support vector machine is one of the most extensively used machine learning algorithms. A typical application scenario of support vector machine classification is the...     

CP2EH: a comprehensive privacy-preserving e-health scheme over cloud

The Journal of Supercomputing - In the Attribute-Based Encryption (ABE) scheme, patients encrypt their electronic health record (EHR), attach the appropriate attributes with it, and outsource them...     

Efficient outsourced extraction of histogram features over encrypted images in cloud

Dear editor, JPEG steganalysis mainly includes feature extraction and classification [1, 2], and thus the quality of the extracted features has an important inf...     

Privacy-preserving conjunctive keyword search on encrypted data with enhanced fine-grained access control

Cloud storage over the internet gives opportunities for easy data sharing. To preserve the privacy of sharing data, the outsourced data is usually encrypted. The searchable encryption technique provides a solution to find the target data in the encrypted form. And the public-key encryption with keyword search is regarded as a major approach for the searchable encryption technique. However, there are still several privacy leakage challenges for the further adoption of these major schemes. One is how to resist the keyword guessing attack which still leaks data user’s keywords privacy. Another is how to construct the access control policy to prevent illegal access of outsourced data sharing since illegal access always leak the privacy of user’s attribute. In our paper, we firstly try to design a novel secure keyword index to resist the keyword guessing attack from access pattern and search pattern. Second, we propose an attribute-based encryption scheme which supports an enhanced fine-grained access control search. This allows the authenticated users to access different data although their searching request contains the same queried keywords, and meanwhile unauthenticated users cannot get any attribute privacy information. Third, we give security proofs to show that the construction of keyword index is against keyword guessing attack from the access pattern and search pattern, and our scheme is proved to be IND-CPA secure (the indistinguishability under chosen plaintext attack) under the standard model. Finally, theoretical analyses and a series of experiments are conducted to demonstrate the efficiency of our scheme.

     

面向容器的云平台数据重分布策略研究

随着Docker等的问世,基于容器的操作系统级虚拟化技术受到云计算厂商的广泛关注。针对云平台上不同应用领域的数据库容器(面向事务型任务的数据库容器与面向分析型任务的数据库容器)在运行时对宿主机资源需求的差异,提出一种面向容器的数据重分布策略,用于优化容器中数据库服务的性能。实验结果表明,该策略达到了预期效果,可以有效提升容器中数据库服务的性能。     

An efficient scheme for secure domain medical image fusion over cloud

Multimedia Tools and Applications - The exponential growth in the medical images is making the healthcare industry move towards cloud-based paradigm, which has vast storage and high end processing...