157 research outputs found
Privacy-Preserving and Outsourced Multi-User k-Means Clustering
Many techniques for privacy-preserving data mining (PPDM) have been
investigated over the past decade. Often, the entities involved in the data
mining process are end-users or organizations with limited computing and
storage resources. As a result, such entities may want to refrain from
participating in the PPDM process. To overcome this issue and to take many
other benefits of cloud computing, outsourcing PPDM tasks to the cloud
environment has recently gained special attention. We consider the scenario
where n entities outsource their databases (in encrypted format) to the cloud
and ask the cloud to perform the clustering task on their combined data in a
privacy-preserving manner. We term such a process as privacy-preserving and
outsourced distributed clustering (PPODC). In this paper, we propose a novel
and efficient solution to the PPODC problem based on k-means clustering
algorithm. The main novelty of our solution lies in avoiding the secure
division operations required in computing cluster centers altogether through an
efficient transformation technique. Our solution builds the clusters securely
in an iterative fashion and returns the final cluster centers to all entities
when a pre-determined termination condition holds. The proposed solution
protects data confidentiality of all the participating entities under the
standard semi-honest model. To the best of our knowledge, ours is the first
work to discuss and propose a comprehensive solution to the PPODC problem that
incurs negligible cost on the participating entities. We theoretically estimate
both the computation and communication costs of the proposed protocol and also
demonstrate its practical value through experiments on a real dataset.Comment: 16 pages, 2 figures, 5 table
Privacy-Enhanced Query Processing in a Cloud-Based Encrypted DBaaS (Database as a Service)
In this dissertation, we researched techniques to support trustable and privacy enhanced solutions for on-line applications accessing to “always encrypted” data in
remote DBaaS (data-base-as-a-service) or Cloud SQL-enabled backend solutions.
Although solutions for SQL-querying of encrypted databases have been proposed in
recent research, they fail in providing: (i) flexible multimodal query facilities includ ing online image searching and retrieval as extended queries to conventional SQL-based
searches, (ii) searchable cryptographic constructions for image-indexing, searching and
retrieving operations, (iii) reusable client-appliances for transparent integration of multi modal applications, and (iv) lack of performance and effectiveness validations for Cloud based DBaaS integrated deployments.
At the same time, the study of partial homomorphic encryption and multimodal
searchable encryption constructions is yet an ongoing research field. In this research
direction, the need for a study and practical evaluations of such cryptographic is essential,
to evaluate those cryptographic methods and techniques towards the materialization of
effective solutions for practical applications.
The objective of the dissertation is to design, implement and perform experimental
evaluation of a security middleware solution, implementing a client/client-proxy/server appliance software architecture, to support the execution of applications requiring on line multimodal queries on “always encrypted” data maintained in outsourced cloud
DBaaS backends. In this objective we include the support for SQL-based text-queries
enhanced with searchable encrypted image-retrieval capabilities. We implemented a
prototype of the proposed solution and we conducted an experimental benchmarking
evaluation, to observe the effectiveness, latency and performance conditions in support ing those queries. The dissertation addressed the envisaged security middleware solution,
as an experimental and usable solution that can be extended for future experimental
testbench evaluations using different real cloud DBaaS deployments, as offered by well known cloud-providers.Nesta dissertação foram investigadas técnicas para suportar soluções com garantias de
privacidade para aplicações que acedem on-line a dados que são mantidos sempre cifrados em nuvens que disponibilizam serviços de armazenamento de dados, nomeadamente
soluções do tipo bases de dados interrogáveis por SQL. Embora soluções para suportar interrogações SQL em bases de dados cifradas tenham sido propostas anteriormente, estas
falham em providenciar: (i) capacidade de efectuar pesquisas multimodais que possam
incluir pesquisa combinada de texto e imagem com obtenção de imagens online, (ii) suporte de privacidade com base em construções criptograficas que permitam operações
de indexacao, pesquisa e obtenção de imagens como dados cifrados pesquisáveis, (iii)
suporte de integração para aplicações de gestão de dados em contexto multimodal, e (iv)
ausência de validações experimentais com benchmarking dobre desempenho e eficiência
em soluções DBaaS em que os dados sejam armazenados e manipulados na sua forma
cifrada.
A pesquisa de soluções de privacidade baseada em primitivas de cifras homomórficas
parciais, tem sido vista como uma possível solução prática para interrogação de dados e
bases de dados cifradas. No entanto, este é ainda um campo de investigação em desenvolvimento. Nesta direção de investigação, a necessidade de estudar e efectuar avaliações
experimentais destas primitivas em bibliotecas de cifras homomórficas, reutilizáveis em
diferentes contextos de aplicação e como solução efetiva para uso prático mais generalizado, é um aspeto essencial.
O objectivo da dissertação e desenhar, implementar e efectuar avalições experimentais
de uma proposta de solução middleware para suportar pesquisas multimodais em bases
de dados mantidas cifradas em soluções de nuvens de armazenamento. Esta proposta visa
a concepção e implementação de uma arquitectura de software client/client-proxy/server appliance para suportar execução eficiente de interrogações online sobre dados cifrados,
suportando operações multimodais sobre dados mantidos protegidos em serviços de
nuvens de armazenamento. Neste objectivo incluímos o suporte para interrogações estendidas de SQL, com capacidade para pesquisa e obtenção de dados cifrados que podem
incluir texto e pesquisa de imagens por similaridade. Foi implementado um prototipo da
solução proposta e foi efectuada uma avaliação experimental do mesmo, para observar as condições de eficiencia, latencia e desempenho do suporte dessas interrogações. Nesta
avaliação incluímos a análise experimental da eficiência e impacto de diferentes construções criptográficas para pesquisas cifradas (searchable encryption) e cifras parcialmente
homomórficas e que são usadas como componentes da solução proposta.
A dissertaçao aborda a soluçao de seguranca projectada, como uma solução experimental que pode ser estendida e utilizavel para futuras aplcações e respetivas avaliações
experimentais. Estas podem vir a adoptar soluções do tipo DBaaS, oferecidos como serviços na nuvem, por parte de diversos provedores ou fornecedores
Survey on securing data storage in the cloud
Cloud Computing has become a well-known primitive nowadays; many researchers and companies are embracing this fascinating technology with feverish haste. In the meantime, security and privacy challenges are brought forward while the number of cloud storage user increases expeditiously. In this work, we conduct an in-depth survey on recent research activities of cloud storage security in association with cloud computing. After an overview of the cloud storage system and its security problem, we focus on the key security requirement triad, i.e., data integrity, data confidentiality, and availability. For each of the three security objectives, we discuss the new unique challenges faced by the cloud storage services, summarize key issues discussed in the current literature, examine, and compare the existing and emerging approaches proposed to meet those new challenges, and point out possible extensions and futuristic research opportunities. The goal of our paper is to provide a state-of-the-art knowledge to new researchers who would like to join this exciting new field
Faster Secure Arithmetic Computation Using Switchable Homomorphic Encryption
Secure computation on encrypted data stored on untrusted clouds is an important goal. Existing secure arithmetic computation techniques, such as fully homomorphic encryption (FHE) and somewhat homomorphic encryption (SWH), have prohibitive performance and/or storage costs for the majority of practical applications. In this work, we investigate a new secure arithmetic computation primitive called switchable homomorphic encryption (SHE) that securely switches between existing inexpensive partially homomorphic encryption techniques to evaluate arbitrary arithmetic circuits over integers. SHE is suited for use in a two-cloud model that is practical, but which makes stronger assumptions than the standard single-cloud server model. The security of our SHE solution relies on two non-colluding parties, in which security holds as long as one of them is honest. We benchmark SHE directly against existing secure arithmetic computation techniques---FHE and SWH---on real clouds (Amazon and Rackspace)
using microbenchmarks involving fundamental operations utilized in many privacy-preserving computation applications. Experimentally, we find that SHE offers a new design point for computing on large data---it has reasonable ciphertext and key sizes, and is consistently faster by several (2--3) orders of magnitude compared to FHE and SWH on circuits involving long chain of multiplications. SHE exhibits slower performance only in certain cases, when batch (or parallel) homomorphic evaluation is possible, only against SWH schemes (which have limited expressiveness and potentially high ciphertext and key storage costs)
- …