A secure data outsourcing scheme based on Asmuth – Bloom secret sharing

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.Data outsourcing is an emerging paradigm for data management in which a database is provided as a service by third-party service providers. One of the major benefits of offering database as a service is to provide organisations, which are unable to purchase expensive hardware and software to host their databases, with efficient data storage accessible online at a cheap rate. Despite that, several issues of data confidentiality, integrity, availability and efficient indexing of users’ queries at the server side have to be addressed in the data outsourcing paradigm. Service providers have to guarantee that their clients’ data are secured against internal (insider) and external attacks. This paper briefly analyses the existing indexing schemes in data outsourcing and highlights their advantages and disadvantages. Then, this paper proposes a secure data outsourcing scheme based on Asmuth–Bloom secret sharing which tries to address the issues in data outsourcing such as data confidentiality, availability and order preservation for efficient indexing

Privacy-Preserving Secret Shared Computations using MapReduce

Data outsourcing allows data owners to keep their data at \emph{untrusted} clouds that do not ensure the privacy of data and/or computations. One useful framework for fault-tolerant data processing in a distributed fashion is MapReduce, which was developed for \emph{trusted} private clouds. This paper presents algorithms for data outsourcing based on Shamir's secret-sharing scheme and for executing privacy-preserving SQL queries such as count, selection including range selection, projection, and join while using MapReduce as an underlying programming model. Our proposed algorithms prevent an adversary from knowing the database or the query while also preventing output-size and access-pattern attacks. Interestingly, our algorithms do not involve the database owner, which only creates and distributes secret-shares once, in answering any query, and hence, the database owner also cannot learn the query. Logically and experimentally, we evaluate the efficiency of the algorithms on the following parameters: (\textit{i}) the number of communication rounds (between a user and a server), (\textit{ii}) the total amount of bit flow (between a user and a server), and (\textit{iii}) the computational load at the user and the server.\BComment: IEEE Transactions on Dependable and Secure Computing, Accepted 01 Aug. 201

Tunable Security for Deployable Data Outsourcing

Security mechanisms like encryption negatively affect other software quality characteristics like efficiency. To cope with such trade-offs, it is preferable to build approaches that allow to tune the trade-offs after the implementation and design phase. This book introduces a methodology that can be used to build such tunable approaches. The book shows how the proposed methodology can be applied in the domains of database outsourcing, identity management, and credential management

Secured Data Outsourcing in Cloud Computing

Cloud computing is a popular technology in the IT world. After internet, it is the biggest thing for IT world. Cloud computing uses the Internet for performing the task on the computer and it is the next- generation architecture of IT Industry. It is related to different technologies and the convergence of various technologies has emerged to be called as cloud computing. It places the application software and databases to the huge data centers, where the supervision of the data and services may not be fully trusted. This unique attribute poses many new security challenges which have not been well understood. In this paper, we develop system which allows customer to use cloud server with various profits and strong securities. So when customer stores his sensitive data on cloud server he should not worry about securities, we also protect customer’s account from malicious behaviors by verifying the result. This result verification mechanism is highly efficient for both cloud server and cloud customer. Covering security analysis and experiment results shows the immediate practicability of our mechanism design. DOI: 10.17762/ijritcc2321-8169.150314

ESPOONERBAC_{{ERBAC}}: Enforcing Security Policies In Outsourced Environments

Data outsourcing is a growing business model offering services to individuals and enterprises for processing and storing a huge amount of data. It is not only economical but also promises higher availability, scalability, and more effective quality of service than in-house solutions. Despite all its benefits, data outsourcing raises serious security concerns for preserving data confidentiality. There are solutions for preserving confidentiality of data while supporting search on the data stored in outsourced environments. However, such solutions do not support access policies to regulate access to a particular subset of the stored data. For complex user management, large enterprises employ Role-Based Access Controls (RBAC) models for making access decisions based on the role in which a user is active in. However, RBAC models cannot be deployed in outsourced environments as they rely on trusted infrastructure in order to regulate access to the data. The deployment of RBAC models may reveal private information about sensitive data they aim to protect. In this paper, we aim at filling this gap by proposing \textbf{$\mathit{ESPOON_{ERBAC}}$} for enforcing RBAC policies in outsourced environments. $\mathit{ESPOON_{ERBAC}}$ enforces RBAC policies in an encrypted manner where a curious service provider may learn a very limited information about RBAC policies. We have implemented $\mathit{ESPOON_{ERBAC}}$ and provided its performance evaluation showing a limited overhead, thus confirming viability of our approach.Comment: The final version of this paper has been accepted for publication in Elsevier Computers & Security 2013. arXiv admin note: text overlap with arXiv:1306.482

Cloud Data Auditing Using Proofs of Retrievability

Cloud servers offer data outsourcing facility to their clients. A client outsources her data without having any copy at her end. Therefore, she needs a guarantee that her data are not modified by the server which may be malicious. Data auditing is performed on the outsourced data to resolve this issue. Moreover, the client may want all her data to be stored untampered. In this chapter, we describe proofs of retrievability (POR) that convince the client about the integrity of all her data.Comment: A version has been published as a book chapter in Guide to Security Assurance for Cloud Computing (Springer International Publishing Switzerland 2015

Privacy issues and protection in secure data outsourcing

Utilizing database encryption to safeguard data in several conditions where access control is not sufficient is unavoidable. Database encryption offers an extra layer of security to traditional access control methods. It stops users that are unauthorized, such as hackers breaking into a system, and observing private data. Consequently, data is safe even when the database is stolen or attacked. Nevertheless, the process of data decryption and encryption causes degradation in the database performance. In conditions where the entire information is kept in an encrypted format, it is not possible to choose the database content any longer. The data must be first decrypted, and as such, the unwilling and forced tradeoff occurs between the function and the security. The suitable methods to improve the function are techniques that directly deal with the data that is encrypted without having to decrypt them first. In this study, we determined privacy protection and issues that each organization should consider when it decides to outsource own data

Parity-based Data Outsourcing: Extension, Implementation, and Evaluation

Our research has developed a Parity-based Data Outsourcing (PDO) model. This model outsources a set of raw data by associating it with a set of parity data and then distributing both sets of data among a number of cloud servers that are managed independently by different service providers. Users query the servers for the data of their interest and are allowed to perform both authentication and correction. The former refers to the capability of verifying if the query result they receive is correct (i.e., all data items that satisfy the query condition are received, and every data item received is original from the data owner), whereas the latter, the capability of correcting the corrupted data, if any. Existing techniques all rely on complex cryptographic techniques and require the cloud server to build verification objects. In particular, they support only query authentication, but not error correction. In contrast, our approach enables users to perform both query authentication and error correction, and does so without having to install any additional software on a cloud server, which makes it possible to take advantage of the many cloud data management services available on the market today. This thesis makes the following contributions. 1) We extend the PDO model, which was originally designed for one-dimensional data, to handle multi-dimensional data. 2) We implement the PDO model, including parity coding, data encoding, data retrieval, query authentication and correction. 3) We evaluate the performance of the PDO model. We compare it with Merkle Hash Tree (MH-tree) and Signature Chain, two existing techniques that support query authentication, in terms of storage, communication, and computation overhead