A secure data outsourcing scheme based on Asmuth – Bloom secret sharing

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.Data outsourcing is an emerging paradigm for data management in which a database is provided as a service by third-party service providers. One of the major benefits of offering database as a service is to provide organisations, which are unable to purchase expensive hardware and software to host their databases, with efficient data storage accessible online at a cheap rate. Despite that, several issues of data confidentiality, integrity, availability and efficient indexing of users’ queries at the server side have to be addressed in the data outsourcing paradigm. Service providers have to guarantee that their clients’ data are secured against internal (insider) and external attacks. This paper briefly analyses the existing indexing schemes in data outsourcing and highlights their advantages and disadvantages. Then, this paper proposes a secure data outsourcing scheme based on Asmuth–Bloom secret sharing which tries to address the issues in data outsourcing such as data confidentiality, availability and order preservation for efficient indexing

Survey on securing data storage in the cloud

Cloud Computing has become a well-known primitive nowadays; many researchers and companies are embracing this fascinating technology with feverish haste. In the meantime, security and privacy challenges are brought forward while the number of cloud storage user increases expeditiously. In this work, we conduct an in-depth survey on recent research activities of cloud storage security in association with cloud computing. After an overview of the cloud storage system and its security problem, we focus on the key security requirement triad, i.e., data integrity, data confidentiality, and availability. For each of the three security objectives, we discuss the new unique challenges faced by the cloud storage services, summarize key issues discussed in the current literature, examine, and compare the existing and emerging approaches proposed to meet those new challenges, and point out possible extensions and futuristic research opportunities. The goal of our paper is to provide a state-of-the-art knowledge to new researchers who would like to join this exciting new field

Privacy-preserving key-value store

Cloud computing is arguably the foremost delivery platform for data storage and data processing. It turned computing into a utility based service that provides consumers and enterprises with on-demand access to computing resources. Although advantageous, there is an inherent lack of control over the hardware in the cloud computing model, this may constitute an increased privacy and security risk. Multiple encrypted database systems have emerged in recent years, they provide the functionality of regular databases but without compromising data confidentiality. These systems leverage novel encryption schemes such as homomorphic and searchable encryp tion. However, many of these proposals focus on extending existing centralized systems that are very difficult to scale, and offer poor performance in geo-replicated scenarios. We propose a scalable, highly available, and geo-replicated privacy-preserving key value store. A system that provides its users with secure data types meant to be replicated, along with a rich query interface with configurable privacy that enables one to issue secure and somewhat complex queries. We accompany our proposal with an implementation of a privacy-preserving client library for AntidoteDB, a geo-replicated key-value store. We also extend the AntidoteDB’s query language interface by adding support for secure SQL-like queries with configurable privacy. Experimental evaluations show that our proposals offer a feasible solution to practical applications that wish to improve their privacy and confidentiality

Securing IoT with Trusted Authority Validation in Homomorphic Encryption Technique with ABE

Existing security system includes levels of encryption. IoT access is very important aspect. Failure of IoT security can cause more risks of physical and logical damage. IoT contain both functionalities including physical or computational process. In proposed approach, levels of encryption are enhanced by increasing levels of security. User can access IoT through central trusted authority only. Instead of actual data like user credentials or I/O functionality of Internet of things, encrypted data is delivered. Trusted authorities are been involved in secured IoT access structure by considering their credentials. Trusted authority is selected randomly, based on randomized selection algorithm. Based on secured logic, decryption key will be delivered to the IoT through separate channel by trusted authority. Session management has been added by considering initial and waiting time after which all encryption or decryption data will be expired. Homomorphism is applied in encryption process where proposed logic is applied on considered data after which again RSA algorithm is applied. Overall, proposed logical approach, homomorphism, session management, secured access structure and trusted authority involvement improves the security level in IoT access process

Securing cloud-based data analytics: A practical approach

The ubiquitous nature of computers is driving a massive increase in the amount of data generated by humans and machines. The shift to cloud technologies is a paradigm change that offers considerable financial and administrative gains in the effort to analyze these data. However, governmental and business institutions wanting to tap into these gains are concerned with security issues. The cloud presents new vulnerabilities and is dominated by new kinds of applications, which calls for new security solutions. In the direction of analyzing massive amounts of data, tools like MapReduce, Apache Storm, Dryad and higher-level scripting languages like Pig Latin and DryadLINQ have significantly improved corresponding tasks for software developers. The equally important aspect of securing computations performed by these tools and ensuring confidentiality of data has seen very little support emerge for programmers. In this dissertation, we present solutions to a. secure computations being run in the cloud by leveraging BFT replication coupled with fault isolation and b. secure data from being leaked by computing directly on encrypted data. For securing computations (a.), we leverage a combination of variable-degree clustering, approximated and offline output comparison, smart deployment, and separation of duty to achieve a parameterized tradeoff between fault tolerance and overhead in practice. We demonstrate the low overhead achieved with our solution when securing data-flow computations expressed in Apache Pig, and Hadoop. Our solution allows assured computation with less than 10 percent latency overhead as shown by our evaluation. For securing data (b.), we present novel data flow analyses and program transformations for Pig Latin and Apache Storm, that automatically enable the execution of corresponding scripts on encrypted data. We avoid fully homomorphic encryption because of its prohibitively high cost; instead, in some cases, we rely on a minimal set of operations performed by the client. We present the algorithms used for this translation, and empirically demonstrate the practical performance of our approach as well as improvements for programmers in terms of the effort required to preserve data confidentiality