Secure Personal Content Networking over Untrusted Devices

Securely sharing and managing personal content is a challenging task in multi-device environments. In this paper, we design and implement a new platform called Personal Content Networking (PCN). Our work is inspired by Content-Centric Networking (CCN) because we aim to enable access to personal content using its name instead of its location. The unique challenge of PCN is to support secure file operations such as replication, updates, and access control over distributed untrusted devices. The primary contribution of this work is the design and implementation of a secure content management platform that supports secure updates, replications, and fine-grained content-centric access control of files. Furthermore, we demonstrate its feasibility through a prototype implementation on the CCNx skeleton

ESAS: An Efficient Semantic and Authorized Search Scheme over Encrypted Outsourced Data

Nowadays, a large amount of user privacy-sensitive data is outsourced to the cloud server in ciphertext, which is provided by the data owners and can be accessed by authorized data users. When accessing data, the user should be assigned with the access permission according to his identities or attributes. In addition, the search capabilities in encrypted outsourced data is expected to be enhanced, i.e., the search results can better pre-sent user's intentions. To address the above issues, ESAS, an Efficient Semantic and Authorized Search scheme over encrypt-ed outsourced data, is proposed. In ESAS, by integrating PRSCG (the privacy-preserving ranked search based on con-ceptual graph) and CP-ABE (ciphertext policy attribute-based encryption), semantic search with file-level fine-grained access authorization can be realized. In addition, search authorization can be done in an offline manner, which can improve search efficiency and reduce the response time. The security analysis indicate that the proposed ESAS meets security requirement

T-DB: Toward Fully Functional Transparent Encrypted Databases in DBaaS Framework

Individuals and organizations tend to migrate their data to clouds, especially in a DataBase as a Service (DBaaS) pattern. The major obstacle is the conflict between secrecy and utilization of the relational database to be outsourced. We address this obstacle with a Transparent DataBase (T-DB) system strictly following the unmodified DBaaS framework. A database owner outsources an encrypted database to a cloud platform, needing only to store the secret keys for encryption and an empty table header for the database; the database users can make almost all types of queries on the encrypted database as usual; and the cloud can process ciphertext queries as if the database were not encrypted. Experimentations in realistic cloud environments demonstrate that T-DB has perfect query answer precision and outstanding performance.Comment: 37 pages. 12 figures. 6 tables. Source codes and syntax rules are available at http://www.nipc.org.cn/tdbsources.asp

Internet of Cloud: Security and Privacy issues

The synergy between the cloud and the IoT has emerged largely due to the cloud having attributes which directly benefit the IoT and enable its continued growth. IoT adopting Cloud services has brought new security challenges. In this book chapter, we pursue two main goals: 1) to analyse the different components of Cloud computing and the IoT and 2) to present security and privacy problems that these systems face. We thoroughly investigate current security and privacy preservation solutions that exist in this area, with an eye on the Industrial Internet of Things, discuss open issues and propose future directionsComment: 27 pages, 4 figure

The Utilization of Mobile Technology for Crime Scene Investigation in the San Francisco Bay Area

The research presented aims to explore factors affecting the decision to adopt a mobile crime scene investigation application in police departments throughout the San Francisco Bay Area. To accomplish this goal, the mobile technology acceptance model was used in designing a survey for data collection. This model utilizes four categories to interpret the factors that influence a police officer’s decision to accept or reject mobile technologies: performance, security and reliability, management style, and cognitive acceptance. Nine police departments were sampled through a series of in-person and over-the-phone interviews to obtain data regarding factors affecting the adoption of a mobile crime scene investigation application. Results suggest that if a mobile crime scene investigation application were made available, a vast majority of the police departments in the Bay Area would implement this new technology

The Design and Implementation of a Rekeying-aware Encrypted Deduplication Storage System

Rekeying refers to an operation of replacing an existing key with a new key for encryption. It renews security protection, so as to protect against key compromise and enable dynamic access control in cryptographic storage. However, it is non-trivial to realize efficient rekeying in encrypted deduplication storage systems, which use deterministic content-derived encryption keys to allow deduplication on ciphertexts. We design and implement REED, a rekeying-aware encrypted deduplication storage system. REED builds on a deterministic version of all-or-nothing transform (AONT), such that it enables secure and lightweight rekeying, while preserving the deduplication capability. We propose two REED encryption schemes that trade between performance and security, and extend REED for dynamic access control. We implement a REED prototype with various performance optimization techniques and demonstrate how we can exploit similarity to mitigate key generation overhead. Our trace-driven testbed evaluation shows that our REED prototype maintains high performance and storage efficiency

A Practical Framework for Storing and Searching Encrypted Data on Cloud Storage

Security has become a significant concern with the increased popularity of cloud storage services. It comes with the vulnerability of being accessed by third parties. Security is one of the major hurdles in the cloud server for the user when the user data that reside in local storage is outsourced to the cloud. It has given rise to security concerns involved in data confidentiality even after the deletion of data from cloud storage. Though, it raises a serious problem when the encrypted data needs to be shared with more people than the data owner initially designated. However, searching on encrypted data is a fundamental issue in cloud storage. The method of searching over encrypted data represents a significant challenge in the cloud. Searchable encryption allows a cloud server to conduct a search over encrypted data on behalf of the data users without learning the underlying plaintexts. While many academic SE schemes show provable security, they usually expose some query information, making them less practical, weak in usability, and challenging to deploy. Also, sharing encrypted data with other authorized users must provide each document's secret key. However, this way has many limitations due to the difficulty of key management and distribution. We have designed the system using the existing cryptographic approaches, ensuring the search on encrypted data over the cloud. The primary focus of our proposed model is to ensure user privacy and security through a less computationally intensive, user-friendly system with a trusted third party entity. To demonstrate our proposed model, we have implemented a web application called CryptoSearch as an overlay system on top of a well-known cloud storage domain. It exhibits secure search on encrypted data with no compromise to the user-friendliness and the scheme's functional performance in real-world applications.Comment: 146 Pages, Master's Thesis, 6 Chapters, 96 Figures, 11 Table

Data protection by means of fragmentation in various different distributed storage systems - a survey

This paper analyzes various distributed storage systems that use data fragmentation and dispersal as a way of protection.Existing solutions have been organized into two categories: bitwise and structurewise. Systems from the bitwise category are operating on unstructured data and in a uniform environment. Those having structured input data with predefined confidentiality level and disposing of a heterogeneous environment in terms of machine trustworthiness were classified as structurewise. Furthermore, we outline high-level requirements and desirable architecture traits of an eficient data fragmentation system, which will address performance (including latency), availability, resilience and scalability.Comment: arXiv admin note: text overlap with arXiv:1512.0295

Secure Phrase Search for Intelligent Processing of Encrypted Data in Cloud-Based IoT

Phrase search allows retrieval of documents containing an exact phrase, which plays an important role in many machine learning applications for cloud-based IoT, such as intelligent medical data analytics. In order to protect sensitive information from being leaked by service providers, documents (e.g., clinic records) are usually encrypted by data owners before being outsourced to the cloud. This, however, makes the search operation an extremely challenging task. Existing searchable encryption schemes for multi-keyword search operations fail to perform phrase search, as they are unable to determine the location relationship of multiple keywords in a queried phrase over encrypted data on the cloud server side. In this paper, we propose P3, an efficient privacy-preserving phrase search scheme for intelligent encrypted data processing in cloud-based IoT. Our scheme exploits the homomorphic encryption and bilinear map to determine the location relationship of multiple queried keywords over encrypted data. It also utilizes a probabilistic trapdoor generation algorithm to protect users search patterns. Thorough security analysis demonstrates the security guarantees achieved by P3. We implement a prototype and conduct extensive experiments on real-world datasets. The evaluation results show that compared with existing multikeyword search schemes, P3 can greatly improve the search accuracy with moderate overheads

Answering queries using pairings

Outsourcing data in the cloud has become nowadays very common. Since -- generally speaking -- cloud data storage and management providers cannot be fully trusted, mechanisms providing the confidentiality of the stored data are necessary. A possible solution is to encrypt all the data, but -- of course -- this poses serious problems about the effective usefulness of the stored data. In this work, we propose to apply a well-known attribute-based cryptographic scheme to cope with the problem of querying encrypted data. We have implemented the proposed scheme with a real-world, off-the-shelf RDBMS and we provide several experimental results showing the feasibility of our approach.Comment: 18 pages, 5 figure