13,808 research outputs found
Privacy-preserving efficient searchable encryption
Data storage and computation outsourcing to third-party managed data centers,
in environments such as Cloud Computing, is increasingly being adopted
by individuals, organizations, and governments. However, as cloud-based outsourcing
models expand to society-critical data and services, the lack of effective
and independent control over security and privacy conditions in such settings
presents significant challenges.
An interesting solution to these issues is to perform computations on encrypted
data, directly in the outsourcing servers. Such an approach benefits
from not requiring major data transfers and decryptions, increasing performance
and scalability of operations. Searching operations, an important application
case when cloud-backed repositories increase in number and size, are good examples
where security, efficiency, and precision are relevant requisites. Yet existing
proposals for searching encrypted data are still limited from multiple perspectives,
including usability, query expressiveness, and client-side performance and
scalability.
This thesis focuses on the design and evaluation of mechanisms for searching
encrypted data with improved efficiency, scalability, and usability. There are
two particular concerns addressed in the thesis: on one hand, the thesis aims at
supporting multiple media formats, especially text, images, and multimodal data
(i.e. data with multiple media formats simultaneously); on the other hand the
thesis addresses client-side overhead, and how it can be minimized in order to
support client applications executing in both high-performance desktop devices
and resource-constrained mobile devices.
From the research performed to address these issues, three core contributions
were developed and are presented in the thesis: (i) CloudCryptoSearch, a middleware
system for storing and searching text documents with privacy guarantees,
while supporting multiple modes of deployment (user device, local proxy, or computational cloud) and exploring different tradeoffs between security, usability, and performance; (ii) a novel framework for efficiently searching encrypted images
based on IES-CBIR, an Image Encryption Scheme with Content-Based Image
Retrieval properties that we also propose and evaluate; (iii) MIE, a Multimodal
Indexable Encryption distributed middleware that allows storing, sharing, and
searching encrypted multimodal data while minimizing client-side overhead and
supporting both desktop and mobile devices
Reuse It Or Lose It: More Efficient Secure Computation Through Reuse of Encrypted Values
Two-party secure function evaluation (SFE) has become significantly more
feasible, even on resource-constrained devices, because of advances in
server-aided computation systems. However, there are still bottlenecks,
particularly in the input validation stage of a computation. Moreover, SFE
research has not yet devoted sufficient attention to the important problem of
retaining state after a computation has been performed so that expensive
processing does not have to be repeated if a similar computation is done again.
This paper presents PartialGC, an SFE system that allows the reuse of encrypted
values generated during a garbled-circuit computation. We show that using
PartialGC can reduce computation time by as much as 96% and bandwidth by as
much as 98% in comparison with previous outsourcing schemes for secure
computation. We demonstrate the feasibility of our approach with two sets of
experiments, one in which the garbled circuit is evaluated on a mobile device
and one in which it is evaluated on a server. We also use PartialGC to build a
privacy-preserving "friend finder" application for Android. The reuse of
previous inputs to allow stateful evaluation represents a new way of looking at
SFE and further reduces computational barriers.Comment: 20 pages, shorter conference version published in Proceedings of the
2014 ACM SIGSAC Conference on Computer and Communications Security, Pages
582-596, ACM New York, NY, US
Secure k-Nearest Neighbor Query over Encrypted Data in Outsourced Environments
For the past decade, query processing on relational data has been studied
extensively, and many theoretical and practical solutions to query processing
have been proposed under various scenarios. With the recent popularity of cloud
computing, users now have the opportunity to outsource their data as well as
the data management tasks to the cloud. However, due to the rise of various
privacy issues, sensitive data (e.g., medical records) need to be encrypted
before outsourcing to the cloud. In addition, query processing tasks should be
handled by the cloud; otherwise, there would be no point to outsource the data
at the first place. To process queries over encrypted data without the cloud
ever decrypting the data is a very challenging task. In this paper, we focus on
solving the k-nearest neighbor (kNN) query problem over encrypted database
outsourced to a cloud: a user issues an encrypted query record to the cloud,
and the cloud returns the k closest records to the user. We first present a
basic scheme and demonstrate that such a naive solution is not secure. To
provide better security, we propose a secure kNN protocol that protects the
confidentiality of the data, user's input query, and data access patterns.
Also, we empirically analyze the efficiency of our protocols through various
experiments. These results indicate that our secure protocol is very efficient
on the user end, and this lightweight scheme allows a user to use any mobile
device to perform the kNN query.Comment: 23 pages, 8 figures, and 4 table
- …