10 research outputs found
FSPVDsse: A Forward Secure Publicly Verifiable Dynamic SSE scheme
A symmetric searchable encryption (SSE) scheme allows a client (data owner)
to search on encrypted data outsourced to an untrusted cloud server. The search
may either be a single keyword search or a complex query search like
conjunctive or Boolean keyword search. Information leakage is quite high for
dynamic SSE, where data might be updated. It has been proven that to avoid this
information leakage an SSE scheme with dynamic data must be forward private. A
dynamic SSE scheme is said to be forward private, if adding a keyword-document
pair does not reveal any information about the previous search result with that
keyword.
In SSE setting, the data owner has very low computation and storage power. In
this setting, though some schemes achieve forward privacy with
honest-but-curious cloud, it becomes difficult to achieve forward privacy when
the server is malicious, meaning that it can alter the data. Verifiable dynamic
SSE requires the server to give a proof of the result of the search query. The
data owner can verify this proof efficiently. In this paper, we have proposed a
generic publicly verifiable dynamic SSE (DSSE) scheme that makes any forward
private DSSE scheme verifiable without losing forward privacy. The proposed
scheme does not require any extra storage at owner-side and requires minimal
computational cost as well for the owner. Moreover, we have compared our scheme
with the existing results and show that our scheme is practical.Comment: 17 pages, Published in ProvSec 201
NECOS Project: Towards Lightweight Slicing of Cloud Federated Infrastructures
The Novel Enablers for Cloud Slicing (NECOS) project addresses the limitations of current cloud computing infrastructures to respond to the demand for new services, as presented in two use-cases, that will drive the whole execution of the project. The first use-case is focused on Telco service provider and is oriented towards the adoption of cloud computing in their large networks. The second use-case is targeting the use of edge clouds to support devices with low computation and storage capacity. The envisaged solution is based on a new concept, the Lightweight Slice Defined Cloud (LSDC), as an approach that extends the virtualization to all the resources in the involved networks and data centers and provides uniform management with a high-level of orchestration. In this position paper, we discuss the motivation, objectives, architecture, research challenges (and how to overcome them) and initial efforts for the NECOS project
Urdu AI: writeprints for Urdu authorship identification
This is an accepted manuscript of an article published by ACM in ACM Transactions on Asian and Low-Resource Language Information Processing on 31/10/2021, available online at: https://doi.org/10.1145/3476467
The accepted version of the publication may differ from the final published version.The authorship identification task aims at identifying the original author of an anonymous text sample from
a set of candidate authors. It has several application domains such as digital text forensics and information
retrieval. These application domains are not limited to a specific language. However, most of the authorship
identification studies are focused on English and limited attention has been paid to Urdu. On the other
hand, existing Urdu authorship identification solutions drop accuracy as the number of training samples per
candidate author reduces, and when the number of candidate author increases. Consequently, these solutions
are inapplicable to real-world cases. To overcome these limitations, we formulate a stylometric feature space.
Based on this feature space we use an authorship identification solution that transforms each text sample
into point set, retrieves candidate text samples, and relies the nearest neighbour classifier to predict the
original author of the anonymous text sample. To evaluate our method, we create a significantly larger corpus
than existing studies and conduct several experimental studies which show that our solution can overcome
the limitations of existing studies and report an accuracy level of 94.03%, which is higher than all previous
authorship identification works
Persistance du cache d’AntidoteDB : Conception et mise en œuvre d’un cache pour un datastore de CRDT
Many services, today, rely on Geo-replicated databases. Geo-replication improves performance by moving a copy of the data closer to its usage site. High availability is achieved by maintaining copies of this data in several locations. Performance is gained by distributing the data and allowing multiple requests to be served at once. But, replicating data can lead to an inconsistent global state of the database when updates compete with each other.In this work, we study how a cache is designed and implemented, for a database that prevents state inconsistencies by using CRDTs. Further, we study how this cache can be persisted into a checkpoint store and measure the performance of our design with several benchmarks. The implementation of the system is based on AntidoteDB. An additional library is implemented to realise the discussed design.De nombreux services reposent aujourd’hui sur des bases de données géo-répliquées. La géo-réplication améliore les performances en rapprochant une copie des données de leur site d’utilisation. La haute disponibilité est obtenue en maintenant des copies de ces données à plusieurs endroits. Les performances sont améliorées en distribuant les données et en permettant à plusieurs requêtes d’être servies en même temps. Cependant, la réplication des données peut conduire à un état global incohérent de la base de données lorsque les mises à jour sont en concurrence les unes avec les autres.Dans ce travail, nous étudions la conception et la mise en œuvre d'une cache, pour une base de données qui convergente utilisant les CRDTs. De plus, nous étudions comment persister le cache en en stockant des instantanés ; enfin, nous mesurons la performance du système ainsi conçu grâce à plusieurs bancs d'essai. La mise en œuvre est basée sur Antidote DB, comme une bibliothèque
Key-Value Storage for handling data in mobile devices
In the current era of technology, computers have shrinked to the point that more than
half of the world population always carries one with them - their mobile devices. These
are used in all sorts of different activities, constantly generating information that needs to
be stored or processed somewhere. To cope with the huge amounts of data generated by
all of these devices, applications have resorted to Cloud services to provide them with the
much needed computational and storage resources, but as these remote infrastructures
still represented a bottleneck communication wise, a new paradigm has been emerging,
Edge Computing. Instead of processing and storing all the data in more distant cloud
services, the data is spread among mobile devices and edge servers connected in a shared
network.
In order to fully take advantage of the low latency times experienced in the Edge,
applications still needed a distributed storage edge-oriented system, capable of handling
the contents generated by all of these mobile devices. The current state-of-the-art storage
systems are able to provide these applications with a storing platform that uses mobile
devices or edge servers as data storing points, but neither uses both.
In this thesis we propose a Key-Value Edge Storage System named Basil, that uses
both mobile devices and edge infrastructures as nodes of the system, capable of providing
users from different locations with a cohesive and consistent distributed storage system.
Furthermore, we will test our KV store against existing NoSQL storage models deployed
in the edge, as well as its own performance while varying the number of nodes it relies
on
Verifiable and forward private conjunctive keyword search from DIA tree
In a dynamic searchable encryption (DSE) scheme, a cloud server can search on encrypted data that the client stores and updates from time to time. Due to information leakage during the search and update phase, DSE schemes are prone to file injection attacks. If during document addition, a DSE scheme does not leak any information about the previous search results, the scheme is said to be forward private. A DSE scheme that supports conjunctive keyword search should be forward private. There has been a fair deal of work on designing forward private DSE schemes in the presence of an honest-but-curious cloud server. However, a malicious cloud server might not run the protocol correctly and still want to be undetected. In a verifiable DSE, the cloud server not only returns the result of a search query but also provides proof that the result is computed correctly.
We design a forward private DSE scheme that supports conjunctive keyword search. At the heart of the construction is our proposed data structure called the dynamic interval accumulation tree (DIA tree). It is an accumulator-based authentication tree that efficiently returns both membership and non-membership proofs. Using the DIA tree, we can convert any single keyword forward private DSE scheme to a verifiable forward private DSE scheme that can support conjunctive queries as well. Our proposed scheme has the same storage as the base DSE scheme and low computational overhead on the client-side. We have shown the efficiency of our design by comparing it with existing conjunctive DSE schemes. The comparison also shows that our scheme is suitable for practical use
Managing Population and Workload Imbalance in Structured Overlays
Every day the number of data produced by networked devices increases. The current
paradigm is to offload the data produced to data centers to be processed. However as
more and more devices are offloading their data do cloud centers, accessing data becomes
increasingly more challenging. To combat this problem, systems are bringing data closer
to the consumer and distributing network responsibilities among the end devices. We are
witnessing a change in networking paradigm, where data storage and computation that
was once only handled in the cloud, is being processed by Internet of Things (IoT) and
mobile devices, thanks to the ever increasing technological capabilities of these devices.
One approach, leverages devices into a structured overlay network.
Structured Overlays are a common approach to address the organization and distri-
bution of data in peer-to-peer distributed systems. Due to their nature, indexing and
searching for elements of the system becomes trivial, thus structured overlays become
ideal building blocks of resource location based applications.
Such overlays assume that the data is distributed evenly over the peers, and that the
popularity of those data items is also evenly balanced. However in many systems, due to
many factors outside of the system domain, popularity may behave rather randomly, al-
lowing for some nodes to spare more resources looking for the popular items than others.
In this work we intend to exploit the properties of cluster-based structured overlays
propose to address this problem by improving a structure overlay with the mechanisms
to manage the population and workload imbalance and achieve more uniform use of
resources.
Our approach focus on implementing a Group-Based Distributed Hash Table (DHT)
capable of dynamically changing its groups to accommodate the changes in churn in the
network.
With the conclusion of our work we believe that we have indeed created a network
capable of withstanding high levels of churn, while ensuring fairness to all members of
the network.Todos os dias aumenta o número de dados produzidos por dispositivos em rede. O pa-
radigma atual é descarregar os dados produzidos para centros de dados para serem pro-
cessados. No entanto com o aumento do número de dispositivos a descarregar dados
para estes centros, o acesso aos dados torna-se cada vez mais desafiante. Para combater
este problema, os sistemas estão a aproximar os dados dos consumidores e a distribuir
responsabilidades de rede entre os dispositivos. Estamos a assistir a uma mudança no
paradigma de redes, onde o armazenamento de dados e a computação que antes eram da
responsabilidade dos centros de dados, está a ser processado por dispositivos móveis IoT,
graças às crescentes capacidades tecnológicas destes dispositivos. Uma abordagem, junta
os dispositivos em redes estruturadas.
As redes estruturadas são o meio mais comum de organizar e distribuir dados em
redes peer-to-peer. Gradas às suas propriedades, indexar e procurar por elementos torna-
se trivial, assim, as redes estruturadas tornam-se o bloco de construção ideal para sistemas
de procura de ficheiros.
Estas redes assumem que os dados estão distribuídos equitativamente por todos os
participantes e que todos esses dados são igualmente procurados. no entanto em muitos
sistemas, por factores externos a popularidade tem um comportamento volátil e imprevi-
sível sobrecarregando os participantes que guardam os dados mais populares.
Este trabalho tenta explorar as propriedades das redes estruturadas em grupo para
confrontar o problema, vamos equipar uma destas redes com os mecanismos necessários
para coordenar os participantes e a sua carga.
A nossa abordagem focasse na implementação de uma DHT baseado em grupos capaz
de alterar dinamicamente os grupos para acomodar as mudanças de membros da rede.
Com a conclusão de nosso trabalho, acreditamos que criamos uma rede capaz de
suportar altos níveis de instabilidade, enquanto garante justiça a todos os membros da
rede
A Persistent Publish/Subscribe System for Mobile Edge Computing
In recent times, we have seen an incredible growth of users adopting mobile devices
andwearables, and while the hardware capabilities of these devices have greatly increased
year after year, mobile communications still remain a bottleneck for most applications.
This is partially caused by the companies’ cloud infrastructure, which effectively represents
a large scale communication hub where all kinds of platforms compete with each
other for the servers’ processing power and channel throughput. Additionally, wireless
technologies used in mobile environments are unreliable, slow and congestion-prone by
nature when compared to the wired medium counterpart.
To fix the back-and-forth mobile communication overhead, the “Edge” paradigm has
been recently introduced with the aim to bring cloud services closer to the customers,
by providing an intermediate layer between the end devices and the actual cloud infrastructure,
resulting in faster response times. Publish/Subscribe systems, such as Thyme,
have also been proposed and proven effective for data dissemination at edge networks,
due to the interactions’ loosely coupled nature and scalability. Nonetheless, solely relying
on P2P interactions is not feasible in every scenario due to wireless protocols’ range
limitations.
In this thesis we propose and develop Thyme- Infrastructure, an extension to
the Thyme framework, that utilizes available stationary nodes within the edge infrastructure
to not only improve the performance of mobile clients within a BSS, by offloading a
portion of the requests to be processed by the infrastructure, but also to connect multiple
clusters of users within the same venue, with the goal of creating a persistent and global
end-to-end storage network. Our experimental results, both in simulated and real-world
scenarios, show adequate response times for interactive usage, and low energy consumption,
allowing the application to be used in a variety of events without excessive battery
drainage. In fact, when compared to the previous version of Thyme, our framework
was generally able to improve on all of these metrics. On top of that, we evaluated our
system’s latencies against a full-fledged cloud solution and verified that our proposal
yielded a considerable speedup across the board