A Framework for Uncertain Cloud Data Security and Recovery Based on Hybrid Multi-User Medical Decision Learning Patterns

Machine learning has been supporting real-time cloud based medical computing systems. However, most of the computing servers are independent of data security and recovery scheme in multiple virtual machines due to high computing cost and time. Also, this cloud based medical applications require static security parameters for cloud data security. Cloud based medical applications require multiple servers to store medical records or machine learning patterns for decision making. Due to high Uncertain computational memory and time, these cloud systems require an efficient data security framework to provide strong data access control among the multiple users. In this work, a hybrid cloud data security framework is developed to improve the data security on the large machine learning patterns in real-time cloud computing environment. This work is implemented in two phases’ i.e. data replication phase and multi-user data access security phase. Initially, machine decision patterns are replicated among the multiple servers for Uncertain data recovering phase. In the multi-access cloud data security framework, a hybrid multi-access key based data encryption and decryption model is implemented on the large machine learning medical patterns for data recovery and security process. Experimental results proved that the present two-phase data recovering, and security framework has better computational efficiency than the conventional approaches on large medical decision patterns

Confidential Machine Learning on Untrusted Platforms: a Survey

With the ever-growing data and the need for developing powerful machine learning models, data owners increasingly depend on various untrusted platforms (e.g., public clouds, edges, and machine learning service providers) for scalable processing or collaborative learning. Thus, sensitive data and models are in danger of unauthorized access, misuse, and privacy compromises. A relatively new body of research confidentially trains machine learning models on protected data to address these concerns. In this survey, we summarize notable studies in this emerging area of research. With a unified framework, we highlight the critical challenges and innovations in outsourcing machine learning confidentially. We focus on the cryptographic approaches for confidential machine learning (CML), primarily on model training, while also covering other directions such as perturbation-based approaches and CML in the hardware-assisted computing environment. The discussion will take a holistic way to consider a rich context of the related threat models, security assumptions, design principles, and associated trade-offs amongst data utility, cost, and confidentiality

From cloud computing security towards homomorphic encryption: A comprehensive review

“Cloud computing” is a new technology that revolutionized the world of communications and information technologies. It collects a large number of possibilities, facilities, and developments, and uses the combining of various earlier inventions into something new and compelling. Despite all features of cloud computing, it faces big challenges in preserving data confidentiality and privacy. It has been subjected to numerous attacks and security breaches that have prompted people to hesitate to adopt it. This article provided comprehensive literature on the cloud computing concepts with a primary focus on the cloud computing security field, its top threats, and the protection against each one of them. Data security/privacy in the cloud environment is also discussed and homomorphic encryption (HE) was highlighted as a popular technique used to preserve the privacy of sensitive data in many applications of cloud computing. The article aimed to provide an adequate overview of both researchers and practitioners already working in the field of cloud computing security, and for those new in the field who are not yet fully equipped to understand the detailed and complex technical aspects of cloud computing

Raziel: Private and Verifiable Smart Contracts on Blockchains

Raziel combines secure multi-party computation and proof-carrying code to provide privacy, correctness and verifiability guarantees for smart contracts on blockchains. Effectively solving DAO and Gyges attacks, this paper describes an implementation and presents examples to demonstrate its practical viability (e.g., private and verifiable crowdfundings and investment funds). Additionally, we show how to use Zero-Knowledge Proofs of Proofs (i.e., Proof-Carrying Code certificates) to prove the validity of smart contracts to third parties before their execution without revealing anything else. Finally, we show how miners could get rewarded for generating pre-processing data for secure multi-party computation.Comment: Support: cothority/ByzCoin/OmniLedge

Performance Evaluation of three Data Access Control Schemes for Cloud Computing

Cloud services are flourishing recently, both among computer users and business enterprises. They deliver remote, on-demand, convenient services for data storage, access and processing. While embracing the benefits brought by various cloud services, the consumers are faced with data disclosure, privacy leaks and malicious attacks. Therefore, it is important to use strong access control policies to maintain the security and confidentiality of the data stored in the cloud. This thesis studies the performance of three existing security schemes proposed for cloud data access control on the basis of trust and reputation. We implement the three schemes and conduct computation complexity analysis, security analysis and performance evaluation. This thesis introduces the implementation of a number of cryptographic algorithms applied in the above data access control schemes, including Proxy Re-encryption (PRE) and Ciphertext-Policy Attribute Based Encryption (CP-ABE), reputation generation and secure data transmission over Secure Socket Layer (SSL). We summarize the evaluation results and compare the performances in the aspects of computation and communication costs, flexibility, scalability and feasibility of practical usage. Pros and cons, as well as suitable application scenarios of the three schemes are further discussed

Cloud-based homomorphic encryption for privacy-preserving machine learning in clinical decision support

While privacy and security concerns dominate public cloud services, Homomorphic Encryption (HE) is seen as an emerging solution that ensures secure processing of sensitive data via untrusted networks in the public cloud or by third-party cloud vendors. It relies on the fact that some encryption algorithms display the property of homomorphism, which allows them to manipulate data meaningfully while still in encrypted form; although there are major stumbling blocks to overcome before the technology is considered mature for production cloud environments. Such a framework would find particular relevance in Clinical Decision Support (CDS) applications deployed in the public cloud. CDS applications have an important computational and analytical role over confidential healthcare information with the aim of supporting decision-making in clinical practice. Machine Learning (ML) is employed in CDS applications that typically learn and can personalise actions based on individual behaviour. A relatively simple-to-implement, common and consistent framework is sought that can overcome most limitations of Fully Homomorphic Encryption (FHE) in order to offer an expanded and flexible set of HE capabilities. In the absence of a significant breakthrough in FHE efficiency and practical use, it would appear that a solution relying on client interactions is the best known entity for meeting the requirements of private CDS-based computation, so long as security is not significantly compromised. A hybrid solution is introduced, that intersperses limited two-party interactions amongst the main homomorphic computations, allowing exchange of both numerical and logical cryptographic contexts in addition to resolving other major FHE limitations. Interactions involve the use of client-based ciphertext decryptions blinded by data obfuscation techniques, to maintain privacy. This thesis explores the middle ground whereby HE schemes can provide improved and efficient arbitrary computational functionality over a significantly reduced two-party network interaction model involving data obfuscation techniques. This compromise allows for the powerful capabilities of HE to be leveraged, providing a more uniform, flexible and general approach to privacy-preserving system integration, which is suitable for cloud deployment. The proposed platform is uniquely designed to make HE more practical for mainstream clinical application use, equipped with a rich set of capabilities and potentially very complex depth of HE operations. Such a solution would be suitable for the long-term privacy preserving-processing requirements of a cloud-based CDS system, which would typically require complex combinatorial logic, workflow and ML capabilities

Proposed Model for Outsourcing PKI

PKI is often referred to as a pervasive substrate. This terminology is used to describe the technological layer that permeates the entirety of the organisation on which PKI services are established. From the mid 1970s when Whitfield Diffie and Martin Hellman published their paper New Directions in Cryptography the concept of Public Key Cryptography, for the first time, allowed two entities with no previous relationship to communicate secure information over unsecured channels. PKI provides the infrastructure that allows Public Key Cryptography to function within a hierarchical structure, providing between two entities, an acceptable level of trust. Outsourcing is the process of acquiring sources or services from an external source. With the modular structure of today's organisations it can also mean that goods and services can be procured from one segment of the organisation to another through inhouse service-supplier agreements. Outsourcing has evolved from the days of heavy industry and manufacturing in the 1960s to the total solution management of today. This dissertation brings together the concepts of both PKI and Outsourcing. It details our AB-5C Model for organisations to outsource a PKI system within the scope of the businesses strategic goals and objectives. Our proposed model takes into account the need to use existing models, procedures and practices in support of an outsourced PKI Model. These include a process or processes to ensure that any outsourced solution adds value to the organisation, and that there is a business strategy that allows the alignment of the outsourcing strategy to the organisations strategic plan

Hardware Obfuscation for Finite Field Algorithms

With the rise of computing devices, the security robustness of the devices has become of utmost importance. Companies invest huge sums of money, time and effort in security analysis and vulnerability testing of their software products. Bug bounty programs are held which incentivize security researchers for finding security holes in software. Once holes are found, software firms release security patches for their products. The semiconductor industry has flourished with accelerated innovation. Fabless manufacturing has reduced the time-to-market and lowered the cost of production of devices. Fabless paradigm has introduced trust issues among the hardware designers and manufacturers. Increasing dependence on computing devices in personal applications as well as in critical infrastructure has given a rise to hardware attacks on the devices in the last decade. Reverse engineering and IP theft are major challenges that have emerged for the electronics industry. Integrated circuit design companies experience a loss of billions of dollars because of malicious acts by untrustworthy parties involved in the design and fabrication process, and because of attacks by adversaries on the electronic devices in which the chips are embedded. To counter these attacks, researchers have been working extensively towards finding strong countermeasures. Hardware obfuscation techniques make the reverse engineering of device design and functionality difficult for the adversary. The goal is to conceal or lock the underlying intellectual property of the integrated circuit. Obfuscation in hardware circuits can be implemented to hide the gate-level design, layout and the IP cores. Our work presents a novel hardware obfuscation design through reconfigurable finite field arithmetic units, which can be employed in various error correction and cryptographic algorithms. The effectiveness and efficiency of the proposed methods are verified by an obfuscated Reformulated Inversion-less Berlekamp-Massey (RiBM) architecture based Reed-Solomon decoder. Our experimental results show the hardware implementation of RiBM based Reed-Solomon decoder built using reconfigurable field multiplier designs. The proposed design provides only very low overhead with improved security by obfuscating the functionality and the outputs. The design proposed in our work can also be implemented in hardware designs of other algorithms that are based on finite field arithmetic. However, our main motivation was to target encryption and decryption circuits which store and process sensitive data and are used in critical applications

Big Data Security (Volume 3)

After a short description of the key concepts of big data the book explores on the secrecy and security threats posed especially by cloud based data storage. It delivers conceptual frameworks and models along with case studies of recent technology