213 research outputs found
Chameleon: A Hybrid Secure Computation Framework for Machine Learning Applications
We present Chameleon, a novel hybrid (mixed-protocol) framework for secure
function evaluation (SFE) which enables two parties to jointly compute a
function without disclosing their private inputs. Chameleon combines the best
aspects of generic SFE protocols with the ones that are based upon additive
secret sharing. In particular, the framework performs linear operations in the
ring using additively secret shared values and nonlinear
operations using Yao's Garbled Circuits or the Goldreich-Micali-Wigderson
protocol. Chameleon departs from the common assumption of additive or linear
secret sharing models where three or more parties need to communicate in the
online phase: the framework allows two parties with private inputs to
communicate in the online phase under the assumption of a third node generating
correlated randomness in an offline phase. Almost all of the heavy
cryptographic operations are precomputed in an offline phase which
substantially reduces the communication overhead. Chameleon is both scalable
and significantly more efficient than the ABY framework (NDSS'15) it is based
on. Our framework supports signed fixed-point numbers. In particular,
Chameleon's vector dot product of signed fixed-point numbers improves the
efficiency of mining and classification of encrypted data for algorithms based
upon heavy matrix multiplications. Our evaluation of Chameleon on a 5 layer
convolutional deep neural network shows 133x and 4.2x faster executions than
Microsoft CryptoNets (ICML'16) and MiniONN (CCS'17), respectively
Integrating Homomorphic Encryption and Trusted Execution Technology for Autonomous and Confidential Model Refining in Cloud
With the popularity of cloud computing and machine learning, it has been a
trend to outsource machine learning processes (including model training and
model-based inference) to cloud. By the outsourcing, other than utilizing the
extensive and scalable resource offered by the cloud service provider, it will
also be attractive to users if the cloud servers can manage the machine
learning processes autonomously on behalf of the users. Such a feature will be
especially salient when the machine learning is expected to be a long-term
continuous process and the users are not always available to participate. Due
to security and privacy concerns, it is also desired that the autonomous
learning preserves the confidentiality of users' data and models involved.
Hence, in this paper, we aim to design a scheme that enables autonomous and
confidential model refining in cloud. Homomorphic encryption and trusted
execution environment technology can protect confidentiality for autonomous
computation, but each of them has their limitations respectively and they are
complementary to each other. Therefore, we further propose to integrate these
two techniques in the design of the model refining scheme. Through
implementation and experiments, we evaluate the feasibility of our proposed
scheme. The results indicate that, with our proposed scheme the cloud server
can autonomously refine an encrypted model with newly provided encrypted
training data to continuously improve its accuracy. Though the efficiency is
still significantly lower than the baseline scheme that refines plaintext-model
with plaintext-data, we expect that it can be improved by fully utilizing the
higher level of parallelism and the computational power of GPU at the cloud
server.Comment: IEEE INTERNATIONAL CONFERENCE ON CLOUD COMPUTING (CLOUD) 202
Survey on securing data storage in the cloud
Cloud Computing has become a well-known primitive nowadays; many researchers and companies are embracing this fascinating technology with feverish haste. In the meantime, security and privacy challenges are brought forward while the number of cloud storage user increases expeditiously. In this work, we conduct an in-depth survey on recent research activities of cloud storage security in association with cloud computing. After an overview of the cloud storage system and its security problem, we focus on the key security requirement triad, i.e., data integrity, data confidentiality, and availability. For each of the three security objectives, we discuss the new unique challenges faced by the cloud storage services, summarize key issues discussed in the current literature, examine, and compare the existing and emerging approaches proposed to meet those new challenges, and point out possible extensions and futuristic research opportunities. The goal of our paper is to provide a state-of-the-art knowledge to new researchers who would like to join this exciting new field
Hybrid Cloud-Based Privacy Preserving Clustering as Service for Enterprise Big Data
Clustering as service is being offered by many cloud service providers. It helps enterprises to learn hidden patterns and learn knowledge from large, big data generated by enterprises. Though it brings lot of value to enterprises, it also exposes the data to various security and privacy threats. Privacy preserving clustering is being proposed a solution to address this problem. But the privacy preserving clustering as outsourced service model involves too much overhead on querying user, lacks adaptivity to incremental data and involves frequent interaction between service provider and the querying user. There is also a lack of personalization to clustering by the querying user. This work “Locality Sensitive Hashing for Transformed Dataset (LSHTD)” proposes a hybrid cloud-based clustering as service model for streaming data that address the problems in the existing model such as privacy preserving k-means clustering outsourcing under multiple keys (PPCOM) and secure nearest neighbor clustering (SNNC) models, The solution combines hybrid cloud, LSHTD clustering algorithm as outsourced service model. Through experiments, the proposed solution is able is found to reduce the computation cost by 23% and communication cost by 6% and able to provide better clustering accuracy with ARI greater than 4.59% compared to existing works
Exploring Privacy Preservation in Outsourced K-Nearest Neighbors with Multiple Data Owners
The k-nearest neighbors (k-NN) algorithm is a popular and effective
classification algorithm. Due to its large storage and computational
requirements, it is suitable for cloud outsourcing. However, k-NN is often run
on sensitive data such as medical records, user images, or personal
information. It is important to protect the privacy of data in an outsourced
k-NN system.
Prior works have all assumed the data owners (who submit data to the
outsourced k-NN system) are a single trusted party. However, we observe that in
many practical scenarios, there may be multiple mutually distrusting data
owners. In this work, we present the first framing and exploration of privacy
preservation in an outsourced k-NN system with multiple data owners. We
consider the various threat models introduced by this modification. We discover
that under a particularly practical threat model that covers numerous
scenarios, there exists a set of adaptive attacks that breach the data privacy
of any exact k-NN system. The vulnerability is a result of the mathematical
properties of k-NN and its output. Thus, we propose a privacy-preserving
alternative system supporting kernel density estimation using a Gaussian
kernel, a classification algorithm from the same family as k-NN. In many
applications, this similar algorithm serves as a good substitute for k-NN. We
additionally investigate solutions for other threat models, often through
extensions on prior single data owner systems
Iris Recognition Approach for Preserving Privacy in Cloud Computing
Biometric identification systems involve securing biometric traits by encrypting them using an encryption algorithm and storing them in the cloud. In recent decades, iris recognition schemes have been considered one of the most effective biometric models for identifying humans based on iris texture, due to their relevance and distinctiveness. The proposed system focuses on encrypting biometric traits. The user’s iris feature vector is encrypted and stored in the cloud. During the matching process, the user’s iris feature vector is compared with the one stored in the cloud. If it meets the threshold conditions, the user is authenticated. Iris identification in cloud computing involves several steps. First, the iris image is pre-processed to remove noise using the Hough transform. Then, the pixel values are normalized, Gabor filters are applied to extract iris features. The features are then encrypted using the AES 128-bit algorithm. Finally, the features of the test image are matched with the stored features on the cloud to verify authenticity. The process ensures the privacy and security of the iris data in cloud storage by utilizing encryption and efficient image processing techniques. The matching is performed by setting an appropriate threshold for comparison. Overall, the approach offers a significant level of safety, effectiveness, and accuracy
- …