166 research outputs found
GraphSE: An Encrypted Graph Database for Privacy-Preserving Social Search
In this paper, we propose GraphSE, an encrypted graph database for online
social network services to address massive data breaches. GraphSE preserves
the functionality of social search, a key enabler for quality social network
services, where social search queries are conducted on a large-scale social
graph and meanwhile perform set and computational operations on user-generated
contents. To enable efficient privacy-preserving social search, GraphSE
provides an encrypted structural data model to facilitate parallel and
encrypted graph data access. It is also designed to decompose complex social
search queries into atomic operations and realise them via interchangeable
protocols in a fast and scalable manner. We build GraphSE with various
queries supported in the Facebook graph search engine and implement a
full-fledged prototype. Extensive evaluations on Azure Cloud demonstrate that
GraphSE is practical for querying a social graph with a million of users.Comment: This is the full version of our AsiaCCS paper "GraphSE: An
Encrypted Graph Database for Privacy-Preserving Social Search". It includes
the security proof of the proposed scheme. If you want to cite our work,
please cite the conference version of i
The E-Health Cloud Platform Now Supports A Keyword Search Related To Timer Use And Lab-Enabled Proxy Recoding
The delivery of healthcare may be vastly enhanced by the introduction of novel software, such as an electronic health record system. Users' fundamental concerns about the privacy and security of their personal information may be slowing the systems' widespread adoption. The searchable encryption (SE) method is a promising option for the electronic health record system due to its ability to provide strong security without sacrificing usability. Our research introduces a new cryptographic primitive, which we've termed "Re-dtPECK." It's a time-dependent SE approach that combines conjunctive keyword search with a designated tester and a proxy reencryption function that takes time into consideration. Patients may use this function to provide access to their data to carefully chosen researchers for a short period of time. Any allotted period for a delegatee to view and decode their delegator's encrypted papers may be extended if required. It's possible that the delegate's access and search capabilities will expire after a certain period of time has passed. It's also capable of conjunctive keyword searches and resisting assaults based on guessing. Only the authorized tester is allowed to look for the existence of certain keywords in the proposed method. We provide a system model and a security model for the proposed Re-dtPECK approach to prove that it is a safe and effective replacement for the existing standard. Simulations and comparisons with other methods show that it requires very little bandwidth and storage space for data
SoK: Cryptographically Protected Database Search
Protected database search systems cryptographically isolate the roles of
reading from, writing to, and administering the database. This separation
limits unnecessary administrator access and protects data in the case of system
breaches. Since protected search was introduced in 2000, the area has grown
rapidly; systems are offered by academia, start-ups, and established companies.
However, there is no best protected search system or set of techniques.
Design of such systems is a balancing act between security, functionality,
performance, and usability. This challenge is made more difficult by ongoing
database specialization, as some users will want the functionality of SQL,
NoSQL, or NewSQL databases. This database evolution will continue, and the
protected search community should be able to quickly provide functionality
consistent with newly invented databases.
At the same time, the community must accurately and clearly characterize the
tradeoffs between different approaches. To address these challenges, we provide
the following contributions:
1) An identification of the important primitive operations across database
paradigms. We find there are a small number of base operations that can be used
and combined to support a large number of database paradigms.
2) An evaluation of the current state of protected search systems in
implementing these base operations. This evaluation describes the main
approaches and tradeoffs for each base operation. Furthermore, it puts
protected search in the context of unprotected search, identifying key gaps in
functionality.
3) An analysis of attacks against protected search for different base
queries.
4) A roadmap and tools for transforming a protected search system into a
protected database, including an open-source performance evaluation platform
and initial user opinions of protected search.Comment: 20 pages, to appear to IEEE Security and Privac
Secure and Reliable Data Outsourcing in Cloud Computing
The many advantages of cloud computing are increasingly attracting individuals and organizations to outsource their data from local to remote cloud servers. In addition to cloud infrastructure and platform providers, such as Amazon, Google, and Microsoft, more and more cloud application providers are emerging which are dedicated to offering more accessible and user friendly data storage services to cloud customers. It is a clear trend that cloud data outsourcing is becoming a pervasive service. Along with the widespread enthusiasm on cloud computing, however, concerns on data security with cloud data storage are arising in terms of reliability and privacy which raise as the primary obstacles to the adoption of the cloud. To address these challenging issues, this dissertation explores the problem of secure and reliable data outsourcing in cloud computing. We focus on deploying the most fundamental data services, e.g., data management and data utilization, while considering reliability and privacy assurance. The first part of this dissertation discusses secure and reliable cloud data management to guarantee the data correctness and availability, given the difficulty that data are no longer locally possessed by data owners. We design a secure cloud storage service which addresses the reliability issue with near-optimal overall performance. By allowing a third party to perform the public integrity verification, data owners are significantly released from the onerous work of periodically checking data integrity. To completely free the data owner from the burden of being online after data outsourcing, we propose an exact repair solution so that no metadata needs to be generated on the fly for the repaired data. The second part presents our privacy-preserving data utilization solutions supporting two categories of semantics - keyword search and graph query. For protecting data privacy, sensitive data has to be encrypted before outsourcing, which obsoletes traditional data utilization based on plaintext keyword search. We define and solve the challenging problem of privacy-preserving multi- keyword ranked search over encrypted data in cloud computing. We establish a set of strict privacy requirements for such a secure cloud data utilization system to become a reality. We first propose a basic idea for keyword search based on secure inner product computation, and then give two improved schemes to achieve various stringent privacy requirements in two different threat models. We also investigate some further enhancements of our ranked search mechanism, including supporting more search semantics, i.e., TF × IDF, and dynamic data operations. As a general data structure to describe the relation between entities, the graph has been increasingly used to model complicated structures and schemaless data, such as the personal social network, the relational database, XML documents and chemical compounds. In the case that these data contains sensitive information and need to be encrypted before outsourcing to the cloud, it is a very challenging task to effectively utilize such graph-structured data after encryption. We define and solve the problem of privacy-preserving query over encrypted graph-structured data in cloud computing. By utilizing the principle of filtering-and-verification, we pre-build a feature-based index to provide feature-related information about each encrypted data graph, and then choose the efficient inner product as the pruning tool to carry out the filtering procedure
Private search over big data leveraging distributed file system and parallel processing
In this work, we identify the security and privacy problems associated with a certain Big Data application, namely secure keyword-based search over encrypted cloud data and emphasize the actual challenges and technical difficulties in the Big Data setting. More specifically, we provide definitions from which privacy requirements can be derived. In addition, we adapt an existing work on privacy-preserving keyword-based search method to the Big Data setting, in which, not only data is huge but also changing and accumulating very fast. Our proposal is scalable in the sense that it can leverage distributed file systems and parallel programming techniques such as the Hadoop Distributed File System (HDFS) and the MapReduce programming model, to work with very large data sets. We also propose a lazy idf-updating method that can efficiently handle the relevancy scores of the documents in a dynamically changing, large data set. We empirically show the efficiency and accuracy of the method through extensive set of experiments on real data
Practical Volume-Based Attacks on Encrypted Databases
Recent years have seen an increased interest towards strong security
primitives for encrypted databases (such as oblivious protocols), that hide the
access patterns of query execution, and reveal only the volume of results.
However, recent work has shown that even volume leakage can enable the
reconstruction of entire columns in the database. Yet, existing attacks rely on
a set of assumptions that are unrealistic in practice: for example, they (i)
require a large number of queries to be issued by the user, or (ii) assume
certain distributions on the queries or underlying data (e.g., that the queries
are distributed uniformly at random, or that the database does not contain
missing values).
In this work, we present new attacks for recovering the content of individual
user queries, assuming no leakage from the system except the number of results
and avoiding the limiting assumptions above. Unlike prior attacks, our attacks
require only a single query to be issued by the user for recovering the
keyword. Furthermore, our attacks make no assumptions about the distribution of
issued queries or the underlying data. Instead, our key insight is to exploit
the behavior of real-world applications.
We start by surveying 11 applications to identify two key characteristics
that can be exploited by attackers: (i) file injection, and (ii) automatic
query replay. We present attacks that leverage these two properties in concert
with volume leakage, independent of the details of any encrypted database
system. Subsequently, we perform an attack on the real Gmail web client by
simulating a server-side adversary. Our attack on Gmail completes within a
matter of minutes, demonstrating the feasibility of our techniques. We also
present three ancillary attacks for situations when certain mitigation
strategies are employed.Comment: IEEE EuroS&P 202
A Scheduling Genetic Algorithm For Real-Time Data Freshness And Cloud Data Security Over Keywords Searching
Cloud storage services allow customers to ingress data stored from any device at any time. The growth of the Internet helps the number of users who need to access online databases without a deep understanding of the schema or query. The languages have risen dramatically, allowing users to search secured data and retrieve desired data from cloud storage using keywords. On the other hand, there are fundamental difficulties such as security, which must be provided to secure user'spersonal information. A hybrid scheduling genetic algorithm (SGA) is proposed in this research. SGA technique enhances the security level and provides data freshness. For evaluation and comparison, parameters such as execution time throughputs are used. According to experimental results, the proposed technique ensures the security of user data from unauthorized parties. Furthermore, SGA is strong and more effective when compared to a set of parameters to the existing algorithm like Data Encryption Standard (DES), Blowfish, and AdvancedEncryption Standard (AES)
Chameleon: A Secure Cloud-Enabled and Queryable System with Elastic Properties
There are two dominant themes that have become increasingly more important in our
technological society. First, the recurrent use of cloud-based solutions which provide
infrastructures, computation platforms and storage as services. Secondly, the use of applicational
large logs for analytics and operational monitoring in critical systems. Moreover,
auditing activities, debugging of applications and inspection of events generated by errors
or potential unexpected operations - including those generated as alerts by intrusion
detection systems - are common situations where extensive logs must be analyzed, and
easy access is required. More often than not, a part of the generated logs can be deemed
as sensitive, requiring a privacy-enhancing and queryable solution.
In this dissertation, our main goal is to propose a novel approach of storing encrypted
critical data in an elastic and scalable cloud-based storage, focusing on handling JSONbased
ciphered documents. To this end, we make use of Searchable and Homomorphic
Encryption methods to allow operations on the ciphered documents. Additionally, our
solution allows for the user to be near oblivious to our system’s internals, providing
transparency while in use. The achieved end goal is a unified middleware system capable
of providing improved system usability, privacy, and rich querying over the data. This
previously mentioned objective is addressed while maintaining server-side auditable logs,
allowing for searchable capabilities by the log owner or authorized users, with integrity
and authenticity proofs.
Our proposed solution, named Chameleon, provides rich querying facilities on ciphered
data - including conjunctive keyword, ordering correlation and boolean queries
- while supporting field searching and nested aggregations. The aforementioned operations
allow our solution to provide data analytics upon ciphered JSON documents, using
Elasticsearch as our storage and search engine.O uso recorrente de soluções baseadas em nuvem tornaram-se cada vez mais importantes
na nossa sociedade. Tais soluções fornecem infraestruturas, computação e armazenamento
como serviços, para alem do uso de logs volumosos de sistemas e aplicações para
análise e monitoramento operacional em sistemas críticos. Atividades de auditoria, debugging
de aplicações ou inspeção de eventos gerados por erros ou possíveis operações
inesperadas - incluindo alertas por sistemas de detecção de intrusão - são situações comuns
onde logs extensos devem ser analisados com facilidade. Frequentemente, parte dos
logs gerados podem ser considerados confidenciais, exigindo uma solução que permite
manter a confidencialidades dos dados durante procuras.
Nesta dissertação, o principal objetivo é propor uma nova abordagem de armazenar
logs críticos num armazenamento elástico e escalável baseado na cloud. A solução proposta
suporta documentos JSON encriptados, fazendo uso de Searchable Encryption e
métodos de criptografia homomórfica com provas de integridade e autenticação. O objetivo
alcançado é um sistema de middleware unificado capaz de fornecer privacidade,
integridade e autenticidade, mantendo registos auditáveis do lado do servidor e permitindo
pesquisas pelo proprietário dos logs ou usuários autorizados. A solução proposta,
Chameleon, visa fornecer recursos de consulta atuando em cima de dados cifrados - incluindo
queries conjuntivas, de ordenação e booleanas - suportando pesquisas de campo
e agregações aninhadas. As operações suportadas permitem à nossa solução suportar data
analytics sobre documentos JSON cifrados, utilizando o Elasticsearch como armazenamento
e motor de busca
- …