Offline privacy preserving proxy re-encryption in mobile cloud computing

This paper addresses the always online behavior of the data owner in proxy re- encryption schemes for re-encryption keys issuing. We extend and adapt multi-authority ciphertext policy attribute based encryption techniques to type-based proxy re-encryption to build our solution. As a result, user authentication and user authorization are moved to the cloud server which does not require further interaction with the data owner, data owner and data users identities are hidden from the cloud server, and re-encryption keys are only issued to legitimate users. An in depth analysis shows that our scheme is secure, flexible and efficient for mobile cloud computing

Attribute-based encryption for cloud computing access control: A survey

National Research Foundation (NRF) Singapore; AXA Research Fun

An efficient framework for privacy-preserving computations on encrypted IoT data

There are two fundamental expectations from Cloud-IoT applications using sensitive and personal data: data utility and user privacy. With the complex nature of cloud-IoT ecosystem, there is a growing concern about data utility at the cost of privacy. While the current state-of-the-art encryption schemes protect users’ privacy, they preclude meaningful computations on encrypted data. Thus, the question remains “how to help IoT device users benefit from cloud computing without compromising data confidentiality and user privacy”? Cloud service providers (CSP) can leverage Fully homomorphic encryption (FHE) schemes to deliver privacy-preserving services. However, there are limitations in directly adopting FHE-based solutions for real-world Cloud-IoT applications. Thus, to foster real-world adoption of FHE-based solutions, we propose a framework called Proxy re-ciphering as a service. It leverages existing schemes such as distributed proxy servers, threshold secret sharing, chameleon hash function and FHE to tailor a practical solution that enables long-term privacy-preserving cloud computations for IoT ecosystem. We also encourage CSPs to store minimal yet adequate information from processing the raw IoT device data. Furthermore, we explore a way for IoT devices to refresh their device keys after a key-compromise. To evaluate the framework, we first develop a testbed and measure the latencies with real-world ECG records from TELE ECG Database. We observe that i) although the distributed framework introduces computation and communication latencies, the security gains outweighs the latencies, ii) the throughput of the servers providing re-ciphering service can be greatly increased with pre-processing iii) with a key refresh scheme we can limit the upper bound on the attack window post a key-compromise. Finally, we analyze the security properties against major threats faced by Cloud-IoT ecosystem. We infer that Proxy re-ciphering as a service is a practical, secure, scalable and an easy-to-adopt framework for long-term privacy-preserving cloud computations for encrypted IoT data

Multi-authority attribute-based keyword search over encrypted cloud data

National Research Foundation (NRF) Singapore; AXA Research Fun

Integrated, reliable and cloud-based personal health record: a scoping review.

Personal Health Records (PHR) emerge as an alternative to integrate patient’s health information to give a global view of patients' status. However, integration is not a trivial feature when dealing with a variety electronic health systems from healthcare centers. Access to PHR sensitive information must comply with privacy policies defined by the patient. Architecture PHR design should be in accordance to these, and take advantage of nowadays technology. Cloud computing is a current technology that provides scalability, ubiquity, and elasticity features. This paper presents a scoping review related to PHR systems that achieve three characteristics: integrated, reliable and cloud-based. We found 101 articles that addressed thosecharacteristics. We identified four main research topics: proposal/developed systems, PHR recommendations for development, system integration and standards, and security and privacy. Integration is tackled with HL7 CDA standard. Information reliability is based in ABE security-privacy mechanism. Cloud-based technology access is achieved via SOA.CONACYT - Consejo Nacional de Ciencia y TecnologíaPROCIENCI

Framework to establish offline file sharing in Application as a service layer in cloud computing

Term cloud computing has opened entire new domain of computability, reliability and efficiency. Organizations can now focus on providing targeted services to consumers rather than considering infrastructure and resource issues. Cloud consumers can enjoy ease of computing and power of reliability but cloud service providers have to ensure many measures to let cloud services be reality and reliable. Consumers can store their valuable data on cloud and can use them as and when required. This leads to some key points like security of cloud data should be considered, sharing of cloud data as per requirement should be done. Allocation of required resources to the consumers should be done efficiently and above all, cloud service providers should have opportunity to gain some economical values. This research paper is based on providing some mechanism to allow file sharing among various cloud users. This paper proposed a framework that can be followed to easily share file residing on cloud with another cloud user. In this framework, concept of cryptography has been used to generate secure key that can be shared among users. Cryptography allows encryption and decryption of different normal text to some cipher text that cannot be interpreted easily. This paper has proposed secure mechanism of generating key, sharing a key and validating use of key for given file. Most important aspect considered in this research paper is, the user who owns a file and wants to provide access to other user don’t have internet access at hand. Framework uses mobile technology to contact service providers and generate a key as and when needed. Keywords— Cloud computing, cryptography, AES, RSA, Security, Authentication, Validation, Application as a servic

Privacy-preserving data search with fine-grained dynamic search right management in fog-assisted Internet of Things

This is the author accepted manuscript. The final version is available from Elsevier via the DOI in this record.Fog computing, as an assisted method for cloud computing, collects Internet of Things (IoT) data to multiple fog nodes on the edge of IoT and outsources them to the cloud for data search, and it reduces the computation cost on IoT nodes and provides fine-grained search right management. However, to provide privacy-preserving IoT data search, the existing searchable encryptions are very inefficient as the computation cost is too high for the resource-constrained IoT ends. Moreover, to provide dynamic search right management, the users need to be online all the time in the existing schemes, which is impractical. In this paper, we first present a new fog-assisted privacy-preserving IoT data search framework, where the data from each IoT device is collected by a fog node, stored in a determined document and outsourced to the cloud, the users search the data through the fog nodes, and the fine-grained search right management is maintained at document level. Under this framework, two searchable encryption schemes are proposed, i.e., Credible Fog Nodes assisted Searchable Encryption (CFN-SE) and Semi-trusted Fog Nodes assisted Searchable Encryption (STFN-SE). In CFN-SE scheme, the indexes and trapdoors are generated by the fog nodes, which greatly reduce the computation costs at the IoT devices and user ends, and fog nodes are used to support offline users’ key update. In STFN-SE scheme, the semi-trusted fog nodes are used to provide storage of encrypted key update information to assist offline users’ search right update. In both schemes, no re-encryption of the keywords is needed in search right updates. The performance evaluations of our schemes demonstrate the feasibility and high efficiency of our system.National Key Research and Development ProgramNational Natural Science Foundation of ChinaSichuan Provincial Major Frontier IssuesState Key Laboratory of Integrated Services Networks, Xidian Universit

Privacy-Preserving Secret Shared Computations using MapReduce

Data outsourcing allows data owners to keep their data at \emph{untrusted} clouds that do not ensure the privacy of data and/or computations. One useful framework for fault-tolerant data processing in a distributed fashion is MapReduce, which was developed for \emph{trusted} private clouds. This paper presents algorithms for data outsourcing based on Shamir's secret-sharing scheme and for executing privacy-preserving SQL queries such as count, selection including range selection, projection, and join while using MapReduce as an underlying programming model. Our proposed algorithms prevent an adversary from knowing the database or the query while also preventing output-size and access-pattern attacks. Interestingly, our algorithms do not involve the database owner, which only creates and distributes secret-shares once, in answering any query, and hence, the database owner also cannot learn the query. Logically and experimentally, we evaluate the efficiency of the algorithms on the following parameters: (\textit{i}) the number of communication rounds (between a user and a server), (\textit{ii}) the total amount of bit flow (between a user and a server), and (\textit{iii}) the computational load at the user and the server.\BComment: IEEE Transactions on Dependable and Secure Computing, Accepted 01 Aug. 201