Enabling Access Control for Encrypted Multi-Dimensional Data in Cloud Computing through Range Search

With the growing popularity of cloud computing, data owners are increasingly opting to outsource their data to cloud servers due to the numerous benefits it offers. However, this outsourcing raises concerns about data privacy since the data stored on remote cloud servers is not directly controlled by the owners. Encryption of the data is an effective approach to mitigate these privacy concerns. However, encrypted data lacks distinguishability, leading to limitations in supporting common operations such as range search and access control. In this research paper, we propose a method called RSAC (Range Search Supporting Access Control) for encrypted multi-dimensional data in cloud computing. Our method leverages policy design, bucket embedding, algorithm design, and Ciphertext Policy-Attribute Based Encryption (CPABE) to achieve its objectives. We present extensive experimental results that demonstrate the efficiency of our method and conduct a thorough security analysis to ensure its robustness. Our proposed RSAC method addresses the challenges of range search and access control over encrypted multi-dimensional data, thus contributing to enhancing privacy and security in cloud computing environments

An Efficient Top-k Query Scheme Based on Multilayer Grouping

The top-k query is to find the k data that has the highest scores from a candidate dataset. Sorting is a common method to find out top-k results. However, most of existing methods are not efficient enough. To remove this issue, we propose an efficient top-k query scheme based on multilayer grouping. First, we find the reference item by computing the average score of the candidate dataset. Second, we group the candidate dataset into three datasets: winner set, middle set and loser set based on the reference item. Third, we further group the winner set to the second-layer three datasets according to k value. And so on, until the data number of winner set is close to k value. Meanwhile, if k value is larger than the data number of winner set, we directly return the winner set to the user as a part of top-k results almost without sorting. In this case, we also return the top results with the highest scores from the middle set almost without sorting. Based on above innovations, we almost minimize the sorting. Experimental results show that our scheme significantly outperforms the current classical method on the performance of memory consumption and top-k query

Efficient Q-Value Zero-Leakage Protection Scheme in SRS Regularly Publishing Private Data

Spontaneous Reporting System (SRS) has been widely established to collect adverse drug events. Thus, SRS promotes the detection and analysis of ADR (adverse drug reactions), such as the FDA Adverse Event Reporting System (FAERS). The SRS data needs to be provided to researchers. Meanwhile, the SRS data is publicly available to facilitate the study of ADR detection and analysis. In general, SRS data contains private information of some individual characteristics. Before the information is published, it is necessary to anonymize private information in the SRS data to prevent disclosure of individual privacy. There are many privacy protection methods. The most classic method for protecting SRS data is called as PPMS. However, in the real world, SRS data is growing dynamically and needs to be published regularly. In this case, PPMS has some shortcomings in the memory consumption, anonymity efficiency, data update and data security. To remove these shortcomings, we propose an Efficient Q-value Zero-leakage protection Scheme in SRS regularly publishing private data, called EQZS. EQZS can deal with almost all of potential attacks. Meanwhile, EQZS removes the shortcomings of PPMS. The experimental results show that our scheme EQZS solves the problem of privacy leakage in SRS regularly publishing private data. Meanwhile, EQZS significantly outperforms PPMS on the efficiency of memory consumption, privacy anonymity and data update

Evolutionary privacy-preserving learning strategies for edge-based IoT data sharing schemes

The fast proliferation of edge devices for the Internet of Things (IoT) has led to massive volumes of data explosion. The generated data is collected and shared using edge-based IoT structures at a considerably high frequency. Thus, the data-sharing privacy exposure issue is increasingly intimidating when IoT devices make malicious requests for filching sensitive information from a cloud storage system through edge nodes. To address the identified issue, we present evolutionary privacy preservation learning strategies for an edge computing-based IoT data sharing scheme. In particular, we introduce evolutionary game theory and construct a payoff matrix to symbolize intercommunication between IoT devices and edge nodes, where IoT devices and edge nodes are two parties of the game. IoT devices may make malicious requests to achieve their goals of stealing privacy. Accordingly, edge nodes should deny malicious IoT device requests to prevent IoT data from being disclosed. They dynamically adjust their own strategies according to the opponent's strategy and finally maximize the payoffs. Built upon a developed application framework to illustrate the concrete data sharing architecture, a novel algorithm is proposed that can derive the optimal evolutionary learning strategy. Furthermore, we numerically simulate evolutionarily stable strategies, and the final results experimentally verify the correctness of the IoT data sharing privacy preservation scheme. Therefore, the proposed model can effectively defeat malicious invasion and protect sensitive information from leaking when IoT data is shared

Privacy-Guarding Optimal Route Finding with Support for Semantic Search on Encrypted Graph in Cloud Computing Scenario

The arrival of cloud computing age makes data outsourcing an important and convenient application. More and more individuals and organizations outsource large amounts of graph data to the cloud computing platform (CCP) for the sake of saving cost. As the server on CCP is not completely honest and trustworthy, the outsourcing graph data are usually encrypted before they are sent to CCP. The optimal route finding on graph data is a popular operation which is frequently used in many fields. The optimal route finding with support for semantic search has stronger query capabilities, and a consumer can use similar words of graph vertices as query terms to implement optimal route finding. Due to encrypting the outsourcing graph data before they are sent to CCP, it is not easy for data customers to manipulate and further use the encrypted graph data. In this paper, we present a solution to execute privacy-guarding optimal route finding with support for semantic search on the encrypted graph in the cloud computing scenario (PORF). We designed a scheme by building secure query index to implement optimal route finding with support for semantic search based on searchable encryption idea and stemmer mechanism. We give formal security analysis for our scheme. We also analyze the efficiency of our scheme through the experimental evaluation

Signaling game-based availability assessment for edge computing-assisted IoT systems with malware dissemination

IoT malware dissemination seriously exacerbates the decline of IoT system availability, which deteriorates the users experience. To address the issue, we first predict the optimal IoT malware dissemination strategy based on a signaling game for edge computing-assisted IoT systems. We then develop an algorithm to obtain the solution of the signaling IoT availability assessment game, which is to factually reflect IoT malware dissemination in practice and reasonably express the probability of IoT system nodes being successfully infected by malware. Thus, a state transition diagram of IoT system nodes can be further designed, illustrating intercommunication among all six states during IoT malware dissemination. Upon this state transition diagram, we represent the state transition probability of IoT system nodes in each state utilizing a Markov matrix, and attain the steady-state availability of an IoT system node from reliability theory. Consequently, we deduce metrics to access the steady-state availability of the entire IoT system under typical star-, tree-, and mesh topologies, respectively. We also design the corresponding IoT system availability assessment algorithm from the view of practice. In this manner, an availability assessment mechanism for edge computing-based IoT systems with malware dissemination is constructed. Experiments demonstrate the influence of IoT system features on predicting IoT malware dissemination probability and assessing the steady-state availability of three typical IoT system topologies. Our results can be utilized to lay a theoretical foundation for guiding the implementation of higher availability for edge computing-assisted IoT systems with malware dissemination

An Effective Model of Confidentiality Management of Digital Archives in a Cloud Environment

Aiming at the problem of confidentiality management of digital archives on the cloud, this paper presents an effective solution. The basic idea is to deploy a local server between the cloud and each client of an archive system to run a confidentiality management model of digital archives on the cloud, which includes an archive release model, and an archive search model. (1) The archive release model is used to strictly encrypt each archive file and archive data released by an administrator and generate feature data for the archive data, and then submit them to the cloud for storage to ensure the security of archive-sensitive data. (2) The archive search model is used to transform each query operation defined on the archive data submitted by a searcher, so that it can be correctly executed on feature data on the cloud, to ensure the accuracy and efficiency of archive search. Finally, both theoretical analysis and experimental evaluation demonstrate the good performance of the proposed solution. The result shows that compared with others, our solution has better overall performance in terms of confidentiality, accuracy, efficiency and availability, which can improve the security of archive-sensitive data on the untrusted cloud without compromising the performance of an existing archive management system

An Improved Contextual Advertising Matching Approach based on Wikipedia Knowledge

The current boom of the Web is associated with the revenues originated from Web advertising. As one prevalent type of Web advertising, contextual advertising refers to the placement of the most relevant commercial textual ads within the content of a Web page, so as to provide a better user experience and thereby increase the revenues of Web site owners and an advertising platform. Therefore, in contextual advertising, the relevance of selected ads with a Web page is essential. However, some problems, such as homonymy and polysemy, low intersection of keywords and context mismatch, can lead to the selection of irrelevant textual ads for a Web page, making that a simple keyword matching technique generally gives poor accuracy. To overcome these problems and thus to improve the relevance of contextual ads, in this paper we propose a novel Wikipedia-based matching technique which, using selective matching strategies, selects a certain amount of relevant articles from Wikipedia as an intermediate semantic reference model for matching Web pages and textual ads. We call this technique SIWI: Selective Wikipedia Matching, which, instead of using the whole Wikipedia articles, only matches the most relevant articles for a page (or a textual ad), resulting in the effective improvement of the overall matching performance. An experimental evaluation is conducted, which runs over a set of real textual ads, a set of Web pages from the Internet and a dataset of more than 260 000 articles from Wikipedia. The experimental results show that our method performs better than existing matching strategies, which can deal with the matching over the large dataset of Wikipedia articles efficiently, and achieve a satisfactory contextual advertising effect

Executing SQL queries over encrypted character strings in the Database-As-Service model

Rapid advances in the networking technologies have prompted the emergence of the “software as service” model for enterprise computing, moreover, which is becoming one of the key industries quickly. “Database as service” model provides users power to store, modify and retrieve data from anywhere in the world, as long as they have access to the Internet, thus, being increasingly popular in current enterprise data management systems. However, this model introduces several challenges, an essential issue being how to implement SQL queries over encrypted data efficiently. To ensure data security, this model generally encrypts sensitive data at the trusted client’s site, before storing them into the non-trusted database service provider’s site, which, unfortunately, results in that SQL queries cannot be executed over the encrypted data immediately at the database service provider. In this paper we only focus on how to query encrypted character strings efficiently. Our strategy is that when storing character strings to the database service provider, we not only store the encrypted character strings themselves, but also generate some characteristic index values for these character strings, and store them in an additional field; and when querying the encrypted character strings, we first execute a coarse query over the characteristic index fields at the database service provider, in order to filter out most of tuples not related to the querying conditions, and then, we decrypt the rest tuples and execute a refined query over them again at the client site. In our strategy, we define an n-phase reachability matrix for a character string and use it as the characteristic index values, and based on such a definition, we present some theorems to split a SQL query into its server-side representation and client-side representation for partitioning the computation of a query across the client and the server and thus improving query performance. Finally, experimental results validate the functionality and effectiveness of our strategy