1,203 research outputs found
Secure Personal Content Networking over Untrusted Devices
Securely sharing and managing personal content is a challenging task in
multi-device environments. In this paper, we design and implement a new
platform called Personal Content Networking (PCN). Our work is inspired by
Content-Centric Networking (CCN) because we aim to enable access to personal
content using its name instead of its location. The unique challenge of PCN is
to support secure file operations such as replication, updates, and access
control over distributed untrusted devices. The primary contribution of this
work is the design and implementation of a secure content management platform
that supports secure updates, replications, and fine-grained content-centric
access control of files. Furthermore, we demonstrate its feasibility through a
prototype implementation on the CCNx skeleton
ESAS: An Efficient Semantic and Authorized Search Scheme over Encrypted Outsourced Data
Nowadays, a large amount of user privacy-sensitive data is outsourced to the
cloud server in ciphertext, which is provided by the data owners and can be
accessed by authorized data users. When accessing data, the user should be
assigned with the access permission according to his identities or attributes.
In addition, the search capabilities in encrypted outsourced data is expected
to be enhanced, i.e., the search results can better pre-sent user's intentions.
To address the above issues, ESAS, an Efficient Semantic and Authorized Search
scheme over encrypt-ed outsourced data, is proposed. In ESAS, by integrating
PRSCG (the privacy-preserving ranked search based on con-ceptual graph) and
CP-ABE (ciphertext policy attribute-based encryption), semantic search with
file-level fine-grained access authorization can be realized. In addition,
search authorization can be done in an offline manner, which can improve search
efficiency and reduce the response time. The security analysis indicate that
the proposed ESAS meets security requirement
T-DB: Toward Fully Functional Transparent Encrypted Databases in DBaaS Framework
Individuals and organizations tend to migrate their data to clouds,
especially in a DataBase as a Service (DBaaS) pattern. The major obstacle is
the conflict between secrecy and utilization of the relational database to be
outsourced. We address this obstacle with a Transparent DataBase (T-DB) system
strictly following the unmodified DBaaS framework. A database owner outsources
an encrypted database to a cloud platform, needing only to store the secret
keys for encryption and an empty table header for the database; the database
users can make almost all types of queries on the encrypted database as usual;
and the cloud can process ciphertext queries as if the database were not
encrypted. Experimentations in realistic cloud environments demonstrate that
T-DB has perfect query answer precision and outstanding performance.Comment: 37 pages. 12 figures. 6 tables. Source codes and syntax rules are
available at http://www.nipc.org.cn/tdbsources.asp
Internet of Cloud: Security and Privacy issues
The synergy between the cloud and the IoT has emerged largely due to the
cloud having attributes which directly benefit the IoT and enable its continued
growth. IoT adopting Cloud services has brought new security challenges. In
this book chapter, we pursue two main goals: 1) to analyse the different
components of Cloud computing and the IoT and 2) to present security and
privacy problems that these systems face. We thoroughly investigate current
security and privacy preservation solutions that exist in this area, with an
eye on the Industrial Internet of Things, discuss open issues and propose
future directionsComment: 27 pages, 4 figure
The Utilization of Mobile Technology for Crime Scene Investigation in the San Francisco Bay Area
The research presented aims to explore factors affecting the decision to adopt a mobile crime scene investigation application in police departments throughout the San Francisco Bay Area. To accomplish this goal, the mobile technology acceptance model was used in designing a survey for data collection. This model utilizes four categories to interpret the factors that influence a police officer’s decision to accept or reject mobile technologies: performance, security and reliability, management style, and cognitive acceptance. Nine police departments were sampled through a series of in-person and over-the-phone interviews to obtain data regarding factors affecting the adoption of a mobile crime scene investigation application. Results suggest that if a mobile crime scene investigation application were made available, a vast majority of the police departments in the Bay Area would implement this new technology
The Design and Implementation of a Rekeying-aware Encrypted Deduplication Storage System
Rekeying refers to an operation of replacing an existing key with a new key
for encryption. It renews security protection, so as to protect against key
compromise and enable dynamic access control in cryptographic storage. However,
it is non-trivial to realize efficient rekeying in encrypted deduplication
storage systems, which use deterministic content-derived encryption keys to
allow deduplication on ciphertexts. We design and implement REED, a
rekeying-aware encrypted deduplication storage system. REED builds on a
deterministic version of all-or-nothing transform (AONT), such that it enables
secure and lightweight rekeying, while preserving the deduplication capability.
We propose two REED encryption schemes that trade between performance and
security, and extend REED for dynamic access control. We implement a REED
prototype with various performance optimization techniques and demonstrate how
we can exploit similarity to mitigate key generation overhead. Our trace-driven
testbed evaluation shows that our REED prototype maintains high performance and
storage efficiency
A Practical Framework for Storing and Searching Encrypted Data on Cloud Storage
Security has become a significant concern with the increased popularity of
cloud storage services. It comes with the vulnerability of being accessed by
third parties. Security is one of the major hurdles in the cloud server for the
user when the user data that reside in local storage is outsourced to the
cloud. It has given rise to security concerns involved in data confidentiality
even after the deletion of data from cloud storage. Though, it raises a serious
problem when the encrypted data needs to be shared with more people than the
data owner initially designated. However, searching on encrypted data is a
fundamental issue in cloud storage. The method of searching over encrypted data
represents a significant challenge in the cloud.
Searchable encryption allows a cloud server to conduct a search over
encrypted data on behalf of the data users without learning the underlying
plaintexts. While many academic SE schemes show provable security, they usually
expose some query information, making them less practical, weak in usability,
and challenging to deploy. Also, sharing encrypted data with other authorized
users must provide each document's secret key. However, this way has many
limitations due to the difficulty of key management and distribution.
We have designed the system using the existing cryptographic approaches,
ensuring the search on encrypted data over the cloud. The primary focus of our
proposed model is to ensure user privacy and security through a less
computationally intensive, user-friendly system with a trusted third party
entity. To demonstrate our proposed model, we have implemented a web
application called CryptoSearch as an overlay system on top of a well-known
cloud storage domain. It exhibits secure search on encrypted data with no
compromise to the user-friendliness and the scheme's functional performance in
real-world applications.Comment: 146 Pages, Master's Thesis, 6 Chapters, 96 Figures, 11 Table
Data protection by means of fragmentation in various different distributed storage systems - a survey
This paper analyzes various distributed storage systems that use data
fragmentation and dispersal as a way of protection.Existing solutions have been
organized into two categories: bitwise and structurewise. Systems from the
bitwise category are operating on unstructured data and in a uniform
environment. Those having structured input data with predefined confidentiality
level and disposing of a heterogeneous environment in terms of machine
trustworthiness were classified as structurewise. Furthermore, we outline
high-level requirements and desirable architecture traits of an eficient data
fragmentation system, which will address performance (including latency),
availability, resilience and scalability.Comment: arXiv admin note: text overlap with arXiv:1512.0295
Secure Phrase Search for Intelligent Processing of Encrypted Data in Cloud-Based IoT
Phrase search allows retrieval of documents containing an exact phrase, which
plays an important role in many machine learning applications for cloud-based
IoT, such as intelligent medical data analytics. In order to protect sensitive
information from being leaked by service providers, documents (e.g., clinic
records) are usually encrypted by data owners before being outsourced to the
cloud. This, however, makes the search operation an extremely challenging task.
Existing searchable encryption schemes for multi-keyword search operations fail
to perform phrase search, as they are unable to determine the location
relationship of multiple keywords in a queried phrase over encrypted data on
the cloud server side. In this paper, we propose P3, an efficient
privacy-preserving phrase search scheme for intelligent encrypted data
processing in cloud-based IoT. Our scheme exploits the homomorphic encryption
and bilinear map to determine the location relationship of multiple queried
keywords over encrypted data. It also utilizes a probabilistic trapdoor
generation algorithm to protect users search patterns. Thorough security
analysis demonstrates the security guarantees achieved by P3. We implement a
prototype and conduct extensive experiments on real-world datasets. The
evaluation results show that compared with existing multikeyword search
schemes, P3 can greatly improve the search accuracy with moderate overheads
Answering queries using pairings
Outsourcing data in the cloud has become nowadays very common. Since --
generally speaking -- cloud data storage and management providers cannot be
fully trusted, mechanisms providing the confidentiality of the stored data are
necessary. A possible solution is to encrypt all the data, but -- of course --
this poses serious problems about the effective usefulness of the stored data.
In this work, we propose to apply a well-known attribute-based cryptographic
scheme to cope with the problem of querying encrypted data. We have implemented
the proposed scheme with a real-world, off-the-shelf RDBMS and we provide
several experimental results showing the feasibility of our approach.Comment: 18 pages, 5 figure
- …