Secure Remote Storage of Logs with Search Capabilities

Dissertação de Mestrado em Engenharia InformáticaAlong side with the use of cloud-based services, infrastructure and storage, the use of application logs in business critical applications is a standard practice nowadays. Such application logs must be stored in an accessible manner in order to used whenever needed. The debugging of these applications is a common situation where such access is required. Frequently, part of the information contained in logs records is sensitive. This work proposes a new approach of storing critical logs in a cloud-based storage recurring to searchable encryption, inverted indexing and hash chaining techniques to achieve, in a unified way, the needed privacy, integrity and authenticity while maintaining server side searching capabilities by the logs owner. The designed search algorithm enables conjunctive keywords queries plus a fine-grained search supported by field searching and nested queries, which are essential in the referred use case. To the best of our knowledge, the proposed solution is also the first to introduce a query language that enables complex conjunctive keywords and a fine-grained search backed by field searching and sub queries.A gerac¸ ˜ao de logs em aplicac¸ ˜oes e a sua posterior consulta s˜ao fulcrais para o funcionamento de qualquer neg´ocio ou empresa. Estes logs podem ser usados para eventuais ac¸ ˜oes de auditoria, uma vez que estabelecem uma baseline das operac¸ ˜oes realizadas. Servem igualmente o prop´ osito de identificar erros, facilitar ac¸ ˜oes de debugging e diagnosticar bottlennecks de performance. Tipicamente, a maioria da informac¸ ˜ao contida nesses logs ´e considerada sens´ıvel. Quando estes logs s˜ao armazenados in-house, as considerac¸ ˜oes relacionadas com anonimizac¸ ˜ao, confidencialidade e integridade s˜ao geralmente descartadas. Contudo, com o advento das plataformas cloud e a transic¸ ˜ao quer das aplicac¸ ˜oes quer dos seus logs para estes ecossistemas, processos de logging remotos, seguros e confidenciais surgem como um novo desafio. Adicionalmente, regulac¸ ˜ao como a RGPD, imp˜oe que as instituic¸ ˜oes e empresas garantam o armazenamento seguro dos dados. A forma mais comum de garantir a confidencialidade consiste na utilizac¸ ˜ao de t ´ecnicas criptogr ´aficas para cifrar a totalidade dos dados anteriormente `a sua transfer ˆencia para o servidor remoto. Caso sejam necess´ arias capacidades de pesquisa, a abordagem mais simples ´e a transfer ˆencia de todos os dados cifrados para o lado do cliente, que proceder´a `a sua decifra e pesquisa sobre os dados decifrados. Embora esta abordagem garanta a confidencialidade e privacidade dos dados, rapidamente se torna impratic ´avel com o crescimento normal dos registos de log. Adicionalmente, esta abordagem n˜ao faz uso do potencial total que a cloud tem para oferecer. Com base nesta tem´ atica, esta tese prop˜oe o desenvolvimento de uma soluc¸ ˜ao de armazenamento de logs operacionais de forma confidencial, integra e autˆ entica, fazendo uso das capacidades de armazenamento e computac¸ ˜ao das plataformas cloud. Adicionalmente, a possibilidade de pesquisa sobre os dados ´e mantida. Essa pesquisa ´e realizada server-side diretamente sobre os dados cifrados e sem acesso em momento algum a dados n˜ao cifrados por parte do servidor..

SEPARATENESS-DESTRUCTIVE ENCRYPTION CHARACTERS MULTIPLE-INVOLVEMENT MECHANISM FOR LARGE INFORMATION STORAGE

Although data along with index privacy assurances are crucial instantly in connected literature, numerous search privacy needs associated with query procedure tend to be difficult to undertake. Exploring privacy preserving additionally to valuable search service above encrypted cloud facts are of supreme importance.  Multi-keyword rated search problem above encrypted cloud data was solved inside our work while safeguarding strict system wise privacy within cloud-computing concept. It's personalized from secluded k-nearest neighbour method and subsequently provide two considerably improved multi-keyword rated search schemes to attain numerous stringent privacy needs by 50 percent threat models with enhanced attack ability. For managing of multi-keyword semantic missing of privacy breaches, we advise an easy idea for multi-keyword rated search by means of protected inner product computation.  To achieve multi-keyword rated search, we advise utilizing inner product being similar to quantitatively assess ingenious similarity measure known as coordinate matching

AAQ-PEKS: An Attribute-based Anti-Quantum Public-Key Encryption Scheme with Keyword Search for E-healthcare Scenarios

Electronic Medical Records (EMRs) have been utilized in plentiful medical institutions due to their superior convenience and low storage overhead. Nevertheless, it is difficult for medical departments with disparate management regulations to share EMRs through secure communication channels since sensitive EMRs are prone to be tampered with. Therefore, the EMRs should be encrypted before being outsourced to the network servers. Public key Encryption with Keyword Search (PEKS) has the ability for doctors to search encrypted EMRs, but traditional PEKS algorithms are susceptible to quantum computing attacks and without considering access control. To address the aforementioned issues, we proposed AAQ-PEKS scheme, named an attribute-based anti-quantum public-key encryption scheme with keyword search. Initially, based on the LWE hardness, we first introduce the attribute-based PEKS that can resist quantum attacks in E-health scenarios. Secondly, we combine Attribute-Based Encryption (ABE) into AAQ-PEKS to realize access control for sensitive EMRs. Thirdly, the computational security analysis illustrates that our scheme achieves correctness, Indistinguishability against Chosen Plaintext Attack (IND-CPA) and Indistinguishability against Chosen Keyword Attack (IND-CKA). Lastly, comprehensive performance evaluation in practice elaborates that our AAQ-PEKS is more efficient compared with other existing top-tier schemes. To conclude, our scheme has the characteristics of resisting quantum attacks and fine-grained access control for E-health scenarios