3,454 research outputs found
Privacy-preserving efficient searchable encryption
Data storage and computation outsourcing to third-party managed data centers,
in environments such as Cloud Computing, is increasingly being adopted
by individuals, organizations, and governments. However, as cloud-based outsourcing
models expand to society-critical data and services, the lack of effective
and independent control over security and privacy conditions in such settings
presents significant challenges.
An interesting solution to these issues is to perform computations on encrypted
data, directly in the outsourcing servers. Such an approach benefits
from not requiring major data transfers and decryptions, increasing performance
and scalability of operations. Searching operations, an important application
case when cloud-backed repositories increase in number and size, are good examples
where security, efficiency, and precision are relevant requisites. Yet existing
proposals for searching encrypted data are still limited from multiple perspectives,
including usability, query expressiveness, and client-side performance and
scalability.
This thesis focuses on the design and evaluation of mechanisms for searching
encrypted data with improved efficiency, scalability, and usability. There are
two particular concerns addressed in the thesis: on one hand, the thesis aims at
supporting multiple media formats, especially text, images, and multimodal data
(i.e. data with multiple media formats simultaneously); on the other hand the
thesis addresses client-side overhead, and how it can be minimized in order to
support client applications executing in both high-performance desktop devices
and resource-constrained mobile devices.
From the research performed to address these issues, three core contributions
were developed and are presented in the thesis: (i) CloudCryptoSearch, a middleware
system for storing and searching text documents with privacy guarantees,
while supporting multiple modes of deployment (user device, local proxy, or computational cloud) and exploring different tradeoffs between security, usability, and performance; (ii) a novel framework for efficiently searching encrypted images
based on IES-CBIR, an Image Encryption Scheme with Content-Based Image
Retrieval properties that we also propose and evaluate; (iii) MIE, a Multimodal
Indexable Encryption distributed middleware that allows storing, sharing, and
searching encrypted multimodal data while minimizing client-side overhead and
supporting both desktop and mobile devices
Split keyword fuzzy and synonym search over encrypted cloud data
A substitute solution for various organizations of data owners to store their data in the cloud using storage as a service(SaaS). The outsourced sensitive data is encrypted before uploading into the cloud to achieve data privacy. The encrypted data is search based on keywords and retrieve interested files by data user using a lot of traditional Search scheme. Existing search schemes supports exact keyword match or fuzzy keyword search, but synonym based multi-keyword search are not supported. In the real world scenario, cloud users may not know the exact keyword for searching and they might give synonym of the keyword as the input for search instead of exact or fuzzy keyword due to lack of appropriate knowledge of data. In this paper, we describe an efficient search approach for encrypted data called as Split Keyword Fuzzy and Synonym Search (SKFS). Multi-keyword ranked search with accurate keyword and Fuzzy search supports synonym queries are a major contribution of SKFS. The wildcard Technique is used to store the keywords securely within the index tree. Index tree helps to search faster, accurate and low storage cost. Extensive experimental results on real-time data sets shows, the proposed solution is effective and efficient for multi-keyword ranked search and synonym queries Fuzzy based search over encrypted cloud data. © 2017 Springer Science+Business Media, LL
Mobile Agent Based Cloud Computing
Cloud Computing is becoming a revolutionizing computing paradigm. It offers various types of services and applications that are being delivered in the internet cloud. The services aim at providing reliable, fault tolerant dynamic computing environment to the user and offers computing resources as per demand. Skype, Dropbox, and Yahoo mail are some of the cloud services that have major impact in our lives. Several measures are taken to maintain the quality of its service in the cloud and to make IT infrastructure available with low cost. This paper presents various aspects of Cloud Computing, its implementation features, challenges and also explores the potential scope for research. The major section of this paper includes surveys of studies related to the possibilities of integrating Mobile Agents in Cloud Computing, since these technologies appear to be promising and marketable. Thus, the paper focuses on resolving challenges and bolstering services of Cloud Computing by utilizing Mobile Agent technology in various aspects of Cloud Computing
Data storage security and privacy in cloud computing: A comprehensive survey
Cloud Computing is a form of distributed computing wherein
resources and application platforms are distributed over the
Internet through on demand and pay on utilization basis. Data
Storage is main feature that cloud data centres are provided to
the companies/organizations to preserve huge data. But still
few organizations are not ready to use cloud technology due
to lack of security. This paper describes the different
techniques along with few security challenges, advantages and
also disadvantages. It also provides the analysis of data
security issues and privacy protection affairs related to cloud
computing by preventing data access from unauthorized users,
managing sensitive data, providing accuracy and consistency
of data store
Efficient, Dependable Storage of Human Genome Sequencing Data
A compreensão do genoma humano impacta várias áreas da vida. Os dados oriundos do genoma humano são enormes pois existem milhões de amostras a espera de serem sequenciadas e cada genoma humano sequenciado pode ocupar centenas de gigabytes de espaço de armazenamento. Os genomas humanos são críticos porque são extremamente valiosos para a investigação e porque podem fornecer informações delicadas sobre o estado de saúde dos indivíduos, identificar os seus dadores ou até mesmo revelar informações sobre os parentes destes. O tamanho e a criticidade destes genomas, para além da quantidade de dados produzidos por instituições médicas e de ciências da vida, exigem que os sistemas informáticos sejam escaláveis, ao mesmo tempo que sejam seguros, confiáveis, auditáveis e com custos acessíveis. As infraestruturas de armazenamento existentes são tão caras que não nos permitem ignorar a eficiência de custos no armazenamento de genomas humanos, assim como em geral estas não possuem o conhecimento e os mecanismos adequados para proteger a privacidade dos dadores de amostras biológicas. Esta tese propõe um sistema de armazenamento de genomas humanos eficiente, seguro e auditável para instituições médicas e de ciências da vida. Ele aprimora os ecossistemas de armazenamento tradicionais com técnicas de privacidade, redução do tamanho dos dados e auditabilidade a fim de permitir o uso eficiente e confiável de infraestruturas públicas de computação em nuvem para armazenar genomas humanos. As contribuições desta tese incluem (1) um estudo sobre a sensibilidade à privacidade dos genomas humanos; (2) um método para detetar sistematicamente as porções dos genomas que são sensíveis à privacidade; (3) algoritmos de redução do tamanho de dados, especializados para dados de genomas sequenciados; (4) um esquema de auditoria independente para armazenamento disperso e seguro de dados; e (5) um fluxo de armazenamento completo que obtém garantias razoáveis de proteção, segurança e confiabilidade a custos modestos (por exemplo, menos de 1/Genome/Year) by integrating the proposed mechanisms with appropriate storage configurations
Privacy-Enhanced Query Processing in a Cloud-Based Encrypted DBaaS (Database as a Service)
In this dissertation, we researched techniques to support trustable and privacy enhanced solutions for on-line applications accessing to “always encrypted” data in
remote DBaaS (data-base-as-a-service) or Cloud SQL-enabled backend solutions.
Although solutions for SQL-querying of encrypted databases have been proposed in
recent research, they fail in providing: (i) flexible multimodal query facilities includ ing online image searching and retrieval as extended queries to conventional SQL-based
searches, (ii) searchable cryptographic constructions for image-indexing, searching and
retrieving operations, (iii) reusable client-appliances for transparent integration of multi modal applications, and (iv) lack of performance and effectiveness validations for Cloud based DBaaS integrated deployments.
At the same time, the study of partial homomorphic encryption and multimodal
searchable encryption constructions is yet an ongoing research field. In this research
direction, the need for a study and practical evaluations of such cryptographic is essential,
to evaluate those cryptographic methods and techniques towards the materialization of
effective solutions for practical applications.
The objective of the dissertation is to design, implement and perform experimental
evaluation of a security middleware solution, implementing a client/client-proxy/server appliance software architecture, to support the execution of applications requiring on line multimodal queries on “always encrypted” data maintained in outsourced cloud
DBaaS backends. In this objective we include the support for SQL-based text-queries
enhanced with searchable encrypted image-retrieval capabilities. We implemented a
prototype of the proposed solution and we conducted an experimental benchmarking
evaluation, to observe the effectiveness, latency and performance conditions in support ing those queries. The dissertation addressed the envisaged security middleware solution,
as an experimental and usable solution that can be extended for future experimental
testbench evaluations using different real cloud DBaaS deployments, as offered by well known cloud-providers.Nesta dissertação foram investigadas técnicas para suportar soluções com garantias de
privacidade para aplicações que acedem on-line a dados que são mantidos sempre cifrados em nuvens que disponibilizam serviços de armazenamento de dados, nomeadamente
soluções do tipo bases de dados interrogáveis por SQL. Embora soluções para suportar interrogações SQL em bases de dados cifradas tenham sido propostas anteriormente, estas
falham em providenciar: (i) capacidade de efectuar pesquisas multimodais que possam
incluir pesquisa combinada de texto e imagem com obtenção de imagens online, (ii) suporte de privacidade com base em construções criptograficas que permitam operações
de indexacao, pesquisa e obtenção de imagens como dados cifrados pesquisáveis, (iii)
suporte de integração para aplicações de gestão de dados em contexto multimodal, e (iv)
ausência de validações experimentais com benchmarking dobre desempenho e eficiência
em soluções DBaaS em que os dados sejam armazenados e manipulados na sua forma
cifrada.
A pesquisa de soluções de privacidade baseada em primitivas de cifras homomórficas
parciais, tem sido vista como uma possível solução prática para interrogação de dados e
bases de dados cifradas. No entanto, este é ainda um campo de investigação em desenvolvimento. Nesta direção de investigação, a necessidade de estudar e efectuar avaliações
experimentais destas primitivas em bibliotecas de cifras homomórficas, reutilizáveis em
diferentes contextos de aplicação e como solução efetiva para uso prático mais generalizado, é um aspeto essencial.
O objectivo da dissertação e desenhar, implementar e efectuar avalições experimentais
de uma proposta de solução middleware para suportar pesquisas multimodais em bases
de dados mantidas cifradas em soluções de nuvens de armazenamento. Esta proposta visa
a concepção e implementação de uma arquitectura de software client/client-proxy/server appliance para suportar execução eficiente de interrogações online sobre dados cifrados,
suportando operações multimodais sobre dados mantidos protegidos em serviços de
nuvens de armazenamento. Neste objectivo incluímos o suporte para interrogações estendidas de SQL, com capacidade para pesquisa e obtenção de dados cifrados que podem
incluir texto e pesquisa de imagens por similaridade. Foi implementado um prototipo da
solução proposta e foi efectuada uma avaliação experimental do mesmo, para observar as condições de eficiencia, latencia e desempenho do suporte dessas interrogações. Nesta
avaliação incluímos a análise experimental da eficiência e impacto de diferentes construções criptográficas para pesquisas cifradas (searchable encryption) e cifras parcialmente
homomórficas e que são usadas como componentes da solução proposta.
A dissertaçao aborda a soluçao de seguranca projectada, como uma solução experimental que pode ser estendida e utilizavel para futuras aplcações e respetivas avaliações
experimentais. Estas podem vir a adoptar soluções do tipo DBaaS, oferecidos como serviços na nuvem, por parte de diversos provedores ou fornecedores
Multi-keyword Ranked Search over Encrypted Cloud Data Using RSA Algorithm
Ever since Cloud computing introduced, data owners are motivated to outsource their complex data management systems from local sites to the commercial public cloud for great flexibility and economic savings. But for protecting data privacy, sensitive data have to be encrypted before outsourcing, which obsoletes traditional data utilization based on plaintext keyword search. Thus, enabling an encrypted cloud data search service is of paramount importance. Considering the large number of data users and documents in the cloud, it is necessary to allow multiple keywords in the search request and return documents in the order of their relevance to these keywords. Related works on searchable encryption focus on single keyword search or Boolean keyword search, and rarely sort the search results. In this paper, for the first time, we define and solve the challenging problem of privacy-preserving multi-keyword ranked search over encrypted data in cloud computing (MRSE). We establish a set of strict privacy requirements for such a secure cloud data utilization system. Among various multi-keyword semantics, we choose the efficient similarity measure of “coordinate matching,” i.e., as many matches as possible, to capture the relevance of data documents to the search query. We further use “inner product similarity” to quantitatively evaluate such similarity measure. We first propose a basic idea for the MRSE based on secure inner product computation, and then give two significantly improved MRSE schemes to achieve various stringent privacy requirements in two different threat models. To improve search experience of the data search service, we further extend these two schemes to support more search semantics. Thorough analysis investigating privacy and efficiency guarantees of proposed schemes is given. Experiments on the real-world data set further show proposed schemes indeed introduce low overhead on computation and communication
Authorized keyword search over outsourced encrypted data in cloud environment
For better data availability and accessibility while ensuring data secrecy, end-users often tend to outsource their data to the cloud servers in an encrypted form. However, this brings a major challenge to perform the search for some keywords over encrypted content without disclosing any information to unintended entities. This paper proposes a novel expressive authorized keyword search scheme relying on the concept of ciphertext-policy attribute-based encryption. The originality of the proposed scheme is multifold. First, it supports the generic and convenient multi-owner and multi-user scenario, where the encrypted data are outsourced by several data owners and searchable by multiple users. Second, the formal security analysis proves that the proposed scheme is semantically secure against chosen keyword and outsider's keyword guessing attacks. Third, an interactive protocol is introduced which avoids the need of any secure channels between users and service provider. Fourth, due to the concept of bilinear-map accumulator, the system can efficiently revoke users and/or their attributes, and authenticate them prior to launching any expensive search operations. Fifth, conjunctive keyword search is provided thus enabling to search for multiple keywords simultaneously, with minimal cost. Sixth, the performance analysis shows that the proposed scheme outperforms closely-related works
- …