20 research outputs found
Privacy-preserving efficient searchable encryption
Data storage and computation outsourcing to third-party managed data centers,
in environments such as Cloud Computing, is increasingly being adopted
by individuals, organizations, and governments. However, as cloud-based outsourcing
models expand to society-critical data and services, the lack of effective
and independent control over security and privacy conditions in such settings
presents significant challenges.
An interesting solution to these issues is to perform computations on encrypted
data, directly in the outsourcing servers. Such an approach benefits
from not requiring major data transfers and decryptions, increasing performance
and scalability of operations. Searching operations, an important application
case when cloud-backed repositories increase in number and size, are good examples
where security, efficiency, and precision are relevant requisites. Yet existing
proposals for searching encrypted data are still limited from multiple perspectives,
including usability, query expressiveness, and client-side performance and
scalability.
This thesis focuses on the design and evaluation of mechanisms for searching
encrypted data with improved efficiency, scalability, and usability. There are
two particular concerns addressed in the thesis: on one hand, the thesis aims at
supporting multiple media formats, especially text, images, and multimodal data
(i.e. data with multiple media formats simultaneously); on the other hand the
thesis addresses client-side overhead, and how it can be minimized in order to
support client applications executing in both high-performance desktop devices
and resource-constrained mobile devices.
From the research performed to address these issues, three core contributions
were developed and are presented in the thesis: (i) CloudCryptoSearch, a middleware
system for storing and searching text documents with privacy guarantees,
while supporting multiple modes of deployment (user device, local proxy, or computational cloud) and exploring different tradeoffs between security, usability, and performance; (ii) a novel framework for efficiently searching encrypted images
based on IES-CBIR, an Image Encryption Scheme with Content-Based Image
Retrieval properties that we also propose and evaluate; (iii) MIE, a Multimodal
Indexable Encryption distributed middleware that allows storing, sharing, and
searching encrypted multimodal data while minimizing client-side overhead and
supporting both desktop and mobile devices
Privacy-Enhanced Dependable and Searchable Storage in a Cloud-of-Clouds
In this dissertation we will propose a solution for a trustable and privacy-enhanced storage architecture based on a multi-cloud approach. The solution provides the necessary support for multi modal on-line searching operation on data that is always maintained encrypted on used cloud-services. We implemented a system prototype, conducting an experimental evaluation. Our results show that the proposal offers security and privacy guarantees, and provides efficient information retrieval capabilities without sacrificing precision and recall properties on the supported search operations.
There is a constant increase in the demand of cloud services, particularly cloud-based
storage services. These services are currently used by different applications as outsourced storage services, with some interesting advantages. Most personal and mobile applications also offer the user the choice to use the cloud to store their data, transparently and sometimes without entire user awareness and privacy-conditions, to overcome local storage limitations. Companies might also find that it is cheaper to outsource databases and keyvalue stores, instead of relying on storage solutions in private data-centers. This raises the concern about data privacy guarantees and data leakage danger. A cloud system administrator can easily access unprotected data and she/he could also forge, modify or delete data, violating privacy, integrity, availability and authenticity conditions.
A possible solution to solve those problems would be to encrypt and add authenticity
and integrity proofs in all data, before being sent to the cloud, and decrypting and verifying authenticity or integrity on data downloads. However this solution can be used only for backup purposes or when big data is not involved, and might not be very practical for online searching requirements over large amounts of cloud stored data that must be searched, accessed and retrieved in a dynamic way. Those solutions also impose high-latency and high amount of cloud inbound/outbound traffic, increasing the operational costs. Moreover, in the case of mobile or embedded devices, the power, computation and communication constraints cannot be ignored, since indexing, encrypting/decrypting and signing/verifying all data will be computationally expensive.
To overcome the previous drawbacks, in this dissertation we propose a solution for a
trustable and privacy-enhanced storage architecture based on a multi-cloud approach, providing privacy-enhanced, dependable and searchable support. Our solution provides the necessary support for dependable cloud storage and multi modal on-line searching operations over always-encrypted data in a cloud-of-clouds. We implemented a system prototype, conducting an experimental evaluation of the proposed solution, involving the use of conventional storage clouds, as well as, a high-speed in-memory cloud-storage backend. Our results show that the proposal offers the required dependability properties and privacy guarantees, providing efficient information retrieval capabilities without sacrificing precision and recall properties in the supported indexing and search operations
Practical Isolated Searchable Encryption in a Trusted Computing Environment
Cloud computing has become a standard computational paradigm due its numerous
advantages, including high availability, elasticity, and ubiquity. Both individual users and
companies are adopting more of its services, but not without loss of privacy and control.
Outsourcing data and computations to a remote server implies trusting its owners, a
problem many end-users are aware. Recent news have proven data stored on Cloud
servers is susceptible to leaks from the provider, third-party attackers, or even from
government surveillance programs, exposing users’ private data.
Different approaches to tackle these problems have surfaced throughout the years.
Naïve solutions involve storing data encrypted on the server, decrypting it only on the
client-side. Yet, this imposes a high overhead on the client, rendering such schemes
impractical. Searchable Symmetric Encryption (SSE) has emerged as a novel research
topic in recent years, allowing efficient querying and updating over encrypted datastores
in Cloud servers, while retaining privacy guarantees. Still, despite relevant recent advances,
existing SSE schemes still make a critical trade-off between efficiency, security,
and query expressiveness, thus limiting their adoption as a viable technology, particularly
in large-scale scenarios.
New technologies providing Isolated Execution Environments (IEEs) may help improve
SSE literature. These technologies allow applications to be run remotely with
privacy guarantees, in isolation from other, possibly privileged, processes inside the CPU,
such as the operating system kernel. Prominent example technologies are Intel SGX and
ARM TrustZone, which are being made available in today’s commodity CPUs.
In this thesis we study these new trusted hardware technologies in depth, while exploring
their application to the problem of searching over encrypted data, primarily focusing
in SGX. In more detail, we study the application of IEEs in SSE schemes, improving their
efficiency, security, and query expressiveness.
We design, implement, and evaluate three new SSE schemes for different query types,
namely Boolean queries over text, similarity queries over image datastores, and multimodal
queries over text and images. These schemes can support queries combining different
media formats simultaneously, envisaging applications such as privacy-enhanced medical diagnosis and management of electronic-healthcare records, or confidential photograph
catalogues, running without the danger of privacy breaks in Cloud-based provisioned
services
MuSE: Multimodal Searchable Encryption for Cloud Applications
In this paper we tackle the practical challenges of searching encrypted multimodal data (i.e., data containing multiple media formats simultaneously), stored in public cloud servers, with reduced information leakage. To this end we propose MuSE, a Multimodal Searchable Encryption scheme that, by combining only standard cryptographic primitives and symmetric-key block ciphers, allows cloud-backed applications to dynamically store, update, and search multimodal datasets with privacy and efficiency guarantees. As searching encrypted data requires a tradeoff between privacy and efficiency, we also propose a variant of MuSE that resorts to partially homomorphic encryption to further reduce information leakage, but at the cost of additional computational overhead. Both schemes are formally proven secure and experimentally evaluated regarding performance and search precision. Experiments with realistic datasets show that our contributions achieve interesting levels of efficiency and privacy, making MuSE particularly suitable for practical application scenarios
GPT Semantic Networking: A Dream of the Semantic Web – The Time is Now
The book presents research and practical implementations related to natural
language processing (NLP) technologies based on the concept of artificial
intelligence, generative AI, and the concept of Complex Networks aimed at creating
Semantic Networks.
The main principles of NLP, training models on large volumes of text data, new
universal and multi-purpose language processing systems are presented. It is shown
how the combination of NLP and Semantic Networks technologies opens up new
horizons for text analysis, context understanding, the formation of domain models,
causal networks, etc. This book presents methods for creating Semantic Networks
based on prompt engineering. Practices are presented that will help build semantic
networks capable of solving complex problems and making revolutionary changes in
the analytical activity.
The publication is intended for those who are going to use large language
models for the construction and analysis of semantic networks in order to solve
applied problems, in particular, in the field of decision making.У книзі представлені дослідження та практичні реалізації технологій обробки природної мови (НЛП), заснованих на концепції штучного
інтелект, генеративний ШІ та концепція складних мереж, спрямована на створення семантичних мереж. Представлено основні принципи НЛП, моделі навчання на великих обсягах текстових даних, нові універсальні та багатоцільові системи обробки мови. Показано, як поєднання технологій NLP і семантичних мереж відкриває нові горизонти для аналізу тексту, розуміння контексту, формування моделей домену, причинно-наслідкових мереж тощо. У цій книзі представлені методи створення семантичних мереж
на основі оперативного проектування. Представлені практики, які допоможуть побудувати семантичні мережі, здатні вирішувати складні проблеми та вносити революційні зміни в аналітичну діяльність. Видання розраховане на тих, хто збирається використовувати велику мову
моделі побудови та аналізу семантичних мереж з метою вирішення прикладних задач, зокрема, у сфері прийняття рішень