Cloud technology options towards Free Flow of Data

This whitepaper collects the technology solutions that the projects in the Data Protection, Security and Privacy Cluster propose to address the challenges raised by the working areas of the Free Flow of Data initiative. The document describes the technologies, methodologies, models, and tools researched and developed by the clustered projects mapped to the ten areas of work of the Free Flow of Data initiative. The aim is to facilitate the identification of the state-of-the-art of technology options towards solving the data security and privacy challenges posed by the Free Flow of Data initiative in Europe. The document gives reference to the Cluster, the individual projects and the technologies produced by them

Privacy-preserving query processing over encrypted data in cloud

The query processing of relational data has been studied extensively throughout the past decade. A number of theoretical and practical solutions to query processing have been proposed under various scenarios. With the recent popularity of cloud computing, data owners now have the opportunity to outsource not only their data but also data processing functionalities to the cloud. Because of data security and personal privacy concerns, sensitive data (e.g., medical records) should be encrypted before being outsourced to a cloud, and the cloud should perform query processing tasks on the encrypted data only. These tasks are termed as Privacy-Preserving Query Processing (PPQP) over encrypted data. Based on the concept of Secure Multiparty Computation (SMC), SMC-based distributed protocols were developed to allow the cloud to perform queries directly over encrypted data. These protocols protect the confidentiality of the stored data, user queries, and data access patterns from cloud service providers and other unauthorized users. Several queries were considered in an attempt to create a well-defined scope. These queries included the k-Nearest Neighbor (kNN) query, advanced analytical query, and correlated range query. The proposed protocols utilize an additive homomorphic cryptosystem and/or a garbled circuit technique at different stages of query processing to achieve the best performance. In addition, by adopting a multi-cloud computing paradigm, all computations can be done on the encrypted data without using very expensive fully homomorphic encryptions. The proposed protocols\u27 security was analyzed theoretically, and its practicality was evaluated through extensive empirical results --Abstract, page iii

Privacy-Preserving Face Recognition with Outsourced Computation

Face recognition is one of the most important biometrics pattern recognitions, which has been widely applied in a variety of enterprise, civilian and law enforcement. The privacy of biometrics data raises important concerns, in particular if computations over biometric data is performed at untrusted servers. In previous work of privacy-preserving face recognition, in order to protect individuals\u27 privacy, face recognition is performed over encrypted face images. However, these results increase the computation cost of the client and the face database owners, which may enable face recognition cannot be efficiently executed. Consequently, it would be desirable to reduce computation over sensitive biometric data in such environments. Currently, no secure techniques for outsourcing face biometric recognition is readily available. In this paper, we propose a privacy-preserving face recognition protocol with outsourced computation for the first time, which efficiently protects individuals\u27 privacy. Our protocol substantially improves the previous works in terms of the online computation cost by outsourcing large computation task to a cloud server who has large computing power. In particular, the overall online computation cost of the client and the database owner in our protocol is at most 1/2 of the corresponding protocol in the state of the art algorithms. In addition, the client requires the decryption operations with only $O(1)$ independent of $M$, where $M$ is the size of the face database. Furthermore, the client can verify the correction of the recognition result

Securing identity information with image watermarks

In this paper, we describe the requirements for embedding watermarks in images used for identity verification and demonstrate a proof of concept in security sciences. The watermarking application is designed for verifying the rightful ownership of a driving license or similar identity object. The tool we built and tested embeds and extracts watermarks that contain verification information of the rightful owner. We used the human finger print of the rightful owner as the watermark. Such information protection mechanisms add an extra layer of security to the information system and improve verification of identification attributes by providing strong security. The issues of usability and cost are also discussed in the context of the social acceptability of access controls

Efficient and Verifiable Algorithms for Secure Outsourcing of Cryptographic Computations

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.Reducing computational cost of cryptographic computations for resource-constrained devices is an active research area. One of the practical solutions is to securely outsource the computations to an external and more powerful cloud server. Modular exponentiations are the most expensive computation from the cryptographic point of view. Therefore, outsourcing modular exponentiations to a single, external and potentially untrusted cloud server while ensuring the security and privacy provide an efficient solution. In this paper, we propose new efficient outsourcing algorithms for modular exponentiations using only one untrusted cloud server. These algorithms cover public-base & private-exponent, private-base & public-exponent, private-base & privateexponent, and more generally private-base & private-exponents simultaneous modular exponentiations. Our algorithms are the most efficient solutions utilizing only one single untrusted server with best checkability probabilities. Furthermore, unlike existing schemes, which have fixed checkability probability, our algorithms provide adjustable predetermined checkability parameters. Finally, we apply our algorithms to outsource Oblivious Transfer Protocols and Blind Signatures which are expensive primitives in modern cryptography

Cryptography for Big Data Security

As big data collection and analysis becomes prevalent in today’s computing environments there is a growing need for techniques to ensure security of the collected data. To make matters worse, due to its large volume and velocity, big data is commonly stored on distributed or shared computing resources not fully controlled by the data owner. Thus, tools are needed to ensure both the confidentiality of the stored data and the integrity of the analytics results even in untrusted environments. In this chapter, we present several cryptographic approaches for securing big data and discuss the appropriate use scenarios for each. We begin with the problem of securing big data storage. We first address the problem of secure block storage for big data allowing data owners to store and retrieve their data from an untrusted server. We present techniques that allow a data owner to both control access to their data and ensure that none of their data is modified or lost while in storage. However, in most big data applications, it is not sufficient to simply store and retrieve one’s data and a search functionality is necessary to allow one to select only the relevant data. Thus, we present several techniques for searchable encryption allowing database- style queries over encrypted data. We review the performance, functionality, and security provided by each of these schemes and describe appropriate use-cases. However, the volume of big data often makes it infeasible for an analyst to retrieve all relevant data. Instead, it is desirable to be able to perform analytics directly on the stored data without compromising the confidentiality of the data or the integrity of the computation results. We describe several recent cryptographic breakthroughs that make such processing possible for varying classes of analytics. We review the performance and security characteristics of each of these schemes and summarize how they can be used to protect big data analytics especially when deployed in a cloud setting. We hope that the exposition in this chapter will raise awareness of the latest types of tools and protections available for securing big data. We believe better understanding and closer collaboration between the data science and cryptography communities will be critical to enabling the future of big data processing

An improved Framework for Biometric Database’s privacy

Security and privacy are huge challenges in biometric systems. Biometrics are sensitive data that should be protected from any attacker and especially attackers targeting the confidentiality and integrity of biometric data. In this paper an extensive review of different physiological biometric techniques is provided. A comparative analysis of the various sus mentioned biometrics, including characteristics and properties is conducted. Qualitative and quantitative evaluation of the most relevant physiological biometrics is achieved. Furthermore, we propose a new framework for biometric database privacy. Our approach is based on the use of the promising fully homomorphic encryption technology. As a proof of concept, we establish an initial implementation of our security module using JAVA programming language