50 research outputs found
Query Processing on Encoded Data using Bitmap
As database has been highlighted, data encryption schemes are required to protect database from unauthorized access so, to efficiently manage the large amount of encrypted data distributed index is needed with query processing scheme over it. The schemes that are present or exist for processing the query over encrypted data can support limited types of queries. Also data which is in encrypted format need to be decrypted before performing queries as such schemes does not support operations between different columns due to the use of different type of encryption keys (Asymmetric Cryptography). To solve this problem, we propose the Encoded technique which uses bitmap to convert our dataset into encoded dataset and performs query processing on encoded data and also this proposed technique guarantees data privacy preservation and performance improvement for the various types of queries. In addition, it protects our private information from third party to whom we are outsourcing our data. In short we are going to process a query over the encoded data without data decoding. The proposed query processing scheme using bitmap provide both high query performance and accuracy while preserving the data privacy from unauthorized access and also from third party
PaaSword: A Data Privacy and Context-aware Security Framework for Developing Secure Cloud Applications - Technical and Scientific Contributions
Most industries worldwide have entered a period of reaping the benefits and opportunities cloud offers. At the same time, many efforts are made to address engineering challenges for the secure development of cloud systems and software.With the majority of software engineering projects today relying on the cloud, the task to structure end-to-end secure-by-design cloud systems becomes challenging but at the same time mandatory. The PaaSword project has been commissioned to address security and data privacy in a holistic way by proposing a context-aware security-by-design framework to support software developers in constructing secure applications for the cloud. This chapter presents an overview of the PaaSword project results, including the scientific achievements as well as the description of the technical solution. The benefits offered by the framework are validated through two pilot implementations and conclusions are drawn based on the future research challenges which are discussed in a research agenda
fVSS: A New Secure and Cost-Efficient Scheme for Cloud Data Warehouses
Cloud business intelligence is an increasingly popular choice to deliver
decision support capabilities via elastic, pay-per-use resources. However, data
security issues are one of the top concerns when dealing with sensitive data.
In this pa-per, we propose a novel approach for securing cloud data warehouses
by flexible verifiable secret sharing, fVSS. Secret sharing encrypts and
distributes data over several cloud ser-vice providers, thus enforcing data
privacy and availability. fVSS addresses four shortcomings in existing secret
sharing-based approaches. First, it allows refreshing the data ware-house when
some service providers fail. Second, it allows on-line analysis processing.
Third, it enforces data integrity with the help of both inner and outer
signatures. Fourth, it helps users control the cost of cloud warehousing by
balanc-ing the load among service providers with respect to their pricing
policies. To illustrate fVSS' efficiency, we thoroughly compare it with
existing secret sharing-based approaches with respect to security features,
querying power and data storage and computing costs
Secure Abstractions for Trusted Cloud Computation
Cloud computing is adopted by most organizations due to its characteristics, namely
offering on-demand resources and services that can quickly be provisioned with minimal
management effort and maintenance expenses for its users. However it still suffers from
security incidents which have lead to many data security concerns and reluctance in
further adherence. With the advent of these incidents, cryptographic technologies such
as homomorphic and searchable encryption schemes were leveraged to provide solutions
that mitigated data security concerns.
The goal of this thesis is to provide a set of secure abstractions to serve as a tool for
programmers to develop their own distributed applications. Furthermore, these abstractions
can also be used to support trusted cloud computations in the context of NoSQL
data stores. For this purpose we leveraged conflict-free replicated data types (CRDTs) as
they provide a mechanism to ensure data consistency when replicated that has no need
for synchronization, which aligns well with the distributed and replicated nature of the
cloud, and the aforementioned cryptographic technologies to comply with the security
requirements. The main challenge of this thesis consisted in combining the cryptographic
technologies with the CRDTs in such way that it was possible to support all of the data
structures functionalities over ciphertext while striving to attain the best security and
performance possible.
To evaluate our abstractions we conducted an experiment to compare each secure
abstraction with their non secure counterpart performance wise. Additionally, we also
analysed the security level provided by each of the structures in light of the cryptographic
scheme used to support it. The results of our experiment shows that our abstractions
provide the intended data security with an acceptable performance overhead, showing
that it has potential to be used to build solutions for trusted cloud computation
Efficient Strong Privacy-Preserving Conjunctive Keyword Search Over Encrypted Cloud Data
Searchable symmetric encryption (SSE) supports keyword search over outsourced
symmetrically encrypted data. Dynamic searchable symmetric encryption (DSSE), a
variant of SSE, further enables data updating. Most DSSE works with conjunctive
keyword search primarily consider forward and backward privacy. Ideally, the
server should only learn the result sets involving all keywords in the
conjunction. However, existing schemes suffer from keyword pair result pattern
(KPRP) leakage, revealing the partial result sets containing two of query
keywords. We propose the first DSSE scheme to address aforementioned concerns
that achieves strong privacy-preserving conjunctive keyword search.
Specifically, our scheme can maintain forward and backward privacy and
eliminate KPRP leakage, offering a higher level of security. The search
complexity scales with the number of documents stored in the database in
several existing schemes. However, the complexity of our scheme scales with the
update frequency of the least frequent keyword in the conjunction, which is
much smaller than the size of the entire database. Besides, we devise a least
frequent keyword acquisition protocol to reduce frequent interactions between
clients. Finally, we analyze the security of our scheme and evaluate its
performance theoretically and experimentally. The results show that our scheme
has strong privacy preservation and efficiency
Protecting applications using trusted execution environments
While cloud computing has been broadly adopted, companies that deal with sensitive data are still reluctant to do so due to privacy concerns or legal restrictions. Vulnerabilities in complex cloud infrastructures, resource sharing among tenants, and malicious insiders pose a real threat to the confidentiality and integrity of sensitive customer data. In recent years trusted execution environments (TEEs), hardware-enforced isolated regions that can protect code and data from the rest of the system, have become available as part of commodity CPUs. However, designing applications for the execution within TEEs requires careful consideration of the elevated threats that come with running in a fully untrusted environment. Interaction with the environment should be minimised, but some cooperation with the untrusted host is required, e.g. for disk and network I/O, via a host interface. Implementing this interface while maintaining the security of sensitive application code and data is a fundamental challenge.
This thesis addresses this challenge and discusses how TEEs can be leveraged to secure existing applications efficiently and effectively in untrusted environments. We explore this in the context of three systems that deal with the protection of TEE applications and their host interfaces:
SGX-LKL is a library operating system that can run full unmodified applications within TEEs with a minimal general-purpose host interface. By providing broad system support inside the TEE, the reliance on the untrusted host can be reduced to a minimal set of low-level operations that cannot be performed inside the enclave. SGX-LKL provides transparent protection of the host interface and for both disk and network I/O.
Glamdring is a framework for the semi-automated partitioning of TEE applications into an untrusted and a trusted compartment. Based on source-level annotations, it uses either dynamic or static code analysis to identify sensitive parts of an application. Taking into account the objectives of a small TCB size and low host interface complexity, it defines an application-specific host interface and generates partitioned application code.
EnclaveDB is a secure database using Intel SGX based on a partitioned in-memory database engine. The core of EnclaveDB is its logging and recovery protocol for transaction durability. For this, it relies on the database log managed and persisted by the untrusted database server. EnclaveDB protects against advanced host interface attacks and ensures the confidentiality, integrity, and freshness of sensitive data.Open Acces
Secure and efficient storage of multimedia: content in public cloud environments using joint compression and encryption
The Cloud Computing is a paradigm still with many unexplored areas ranging from the
technological component to the de nition of new business models, but that is revolutionizing the way we design, implement and manage the entire infrastructure of information technology.
The Infrastructure as a Service is the delivery of computing infrastructure, typically a virtual data center, along with a set of APIs that allow applications, in an automatic way, can control the resources they wish to use. The choice of the service provider and how it applies to their business model may lead to higher or lower cost in the operation and maintenance of applications near the suppliers.
In this sense, this work proposed to carry out a literature review on the topic of Cloud
Computing, secure storage and transmission of multimedia content, using lossless compression, in public cloud environments, and implement this system by building an application that manages data in public cloud environments (dropbox and meocloud).
An application was built during this dissertation that meets the objectives set. This system provides the user a wide range of functions of data management in public cloud environments, for that the user only have to login to the system with his/her credentials, after performing the login, through the Oauth 1.0 protocol (authorization protocol) is generated an access token, this token is generated only with the consent of the user and allows the application to get access to data/user les without having to use credentials. With this token the framework can now operate and unlock the full potential of its functions. With this application
is also available to the user functions of compression and encryption so that user can make the most of his/her cloud storage system securely. The compression function works using the compression algorithm LZMA being only necessary for the user to choose the les to be compressed.
Relatively to encryption it will be used the encryption algorithm AES (Advanced Encryption Standard) that works with a 128 bit symmetric key de ned by user.
We build the research into two distinct and complementary parts: The rst part consists
of the theoretical foundation and the second part is the development of computer application where the data is managed, compressed, stored, transmitted in various environments of cloud computing. The theoretical framework is organized into two chapters, chapter 2 - Background
on Cloud Storage and chapter 3 - Data compression.
Sought through theoretical foundation demonstrate the relevance of the research, convey some of the pertinent theories and input whenever possible, research in the area. The second part of the work was devoted to the development of the application in cloud environment.
We showed how we generated the application, presented the features, advantages, and
safety standards for the data. Finally, we re ect on the results, according to the theoretical
framework made in the rst part and platform development.
We think that the work obtained is positive and that ts the goals we set ourselves
to achieve. This research has some limitations, we believe that the time for completion was scarce and the implementation of the platform could bene t from the implementation of other features.In future research it would be appropriate to continue the project expanding the capabilities
of the application, test the operation with other users and make comparative tests.A Computação em nuvem é um paradigma ainda com muitas áreas por explorar que
vão desde a componente tecnológica à definição de novos modelos de negócio, mas que está
a revolucionar a forma como projetamos, implementamos e gerimos toda a infraestrutura da
tecnologia da informação.
A Infraestrutura como Serviço representa a disponibilização da infraestrutura computacional,
tipicamente um datacenter virtual, juntamente com um conjunto de APls que permitirá
que aplicações, de forma automática, possam controlar os recursos que pretendem utilizar_ A
escolha do fornecedor de serviços e a forma como este aplica o seu modelo de negócio poderão
determinar um maior ou menor custo na operacionalização e manutenção das aplicações junto
dos fornecedores.
Neste sentido, esta dissertação propôs· se efetuar uma revisão bibliográfica sobre a
temática da Computação em nuvem, a transmissão e o armazenamento seguro de conteúdos
multimédia, utilizando a compressão sem perdas, em ambientes em nuvem públicos, e implementar
um sistema deste tipo através da construção de uma aplicação que faz a gestão dos
dados em ambientes de nuvem pública (dropbox e meocloud).
Foi construída uma aplicação no decorrer desta dissertação que vai de encontro aos objectivos
definidos. Este sistema fornece ao utilizador uma variada gama de funções de gestão
de dados em ambientes de nuvem pública, para isso o utilizador tem apenas que realizar o login
no sistema com as suas credenciais, após a realização de login, através do protocolo Oauth 1.0
(protocolo de autorização) é gerado um token de acesso, este token só é gerado com o consentimento
do utilizador e permite que a aplicação tenha acesso aos dados / ficheiros do utilizador
~em que seja necessário utilizar as credenciais. Com este token a aplicação pode agora operar e
disponibilizar todo o potencial das suas funções. Com esta aplicação é também disponibilizado
ao utilizador funções de compressão e encriptação de modo a que possa usufruir ao máximo
do seu sistema de armazenamento cloud com segurança. A função de compressão funciona
utilizando o algoritmo de compressão LZMA sendo apenas necessário que o utilizador escolha os
ficheiros a comprimir. Relativamente à cifragem utilizamos o algoritmo AES (Advanced Encryption
Standard) que funciona com uma chave simétrica de 128bits definida pelo utilizador.
Alicerçámos a investigação em duas partes distintas e complementares: a primeira parte
é composta pela fundamentação teórica e a segunda parte consiste no desenvolvimento da aplicação
informática em que os dados são geridos, comprimidos, armazenados, transmitidos em
vários ambientes de computação em nuvem. A fundamentação teórica encontra-se organizada
em dois capítulos, o capítulo 2 - "Background on Cloud Storage" e o capítulo 3 "Data Compression",
Procurámos, através da fundamentação teórica, demonstrar a pertinência da investigação. transmitir algumas das teorias pertinentes e introduzir, sempre que possível, investigações
existentes na área. A segunda parte do trabalho foi dedicada ao desenvolvimento da
aplicação em ambiente "cloud". Evidenciámos o modo como gerámos a aplicação, apresentámos
as funcionalidades, as vantagens. Por fim, refletimos sobre os resultados , de acordo com o
enquadramento teórico efetuado na primeira parte e o desenvolvimento da plataforma.
Pensamos que o trabalho obtido é positivo e que se enquadra nos objetivos que nos propusemos
atingir. Este trabalho de investigação apresenta algumas limitações, consideramos que
o tempo para a sua execução foi escasso e a implementação da plataforma poderia beneficiar
com a implementação de outras funcionalidades. Em investigações futuras seria pertinente dar continuidade ao projeto ampliando as potencialidades da aplicação, testar o funcionamento
com outros utilizadores e efetuar testes comparativos.Fundação para a Ciência e a Tecnologia (FCT