Hong Rong

Privacy-Preserving Public Auditing for Regenerating-Code-Based Cloud Storage

To protect outsourced data in cloud storage against corruptions, adding fault tolerance to cloud storage together with data integrity checking and failure reparation becomes critical. Recently, regenerating codes have gained popularity due to their lower repair bandwidth while providing fault tolerance. Existing remote checking methods for regenerating-coded data only provide private auditing, requiring data owners to always stay online and handle auditing, as well as repairing, which is sometimes impractical. In this paper, we propose a public auditing scheme for the regenerating-code-based cloud storage. To solve the regeneration problem of failed authenticators in the absence of data owners, we introduce a proxy, which is privileged to regenerate the authenticators, into the traditional public auditing system model. Moreover, we design a novel public verifiable authenticator, which is generated by a couple of keys and can be regenerated using partial keys. Thus, our scheme can completely release data owners from online burden. In addition, we randomize the encode coefficients with a pseudorandom function to preserve data privacy. Extensive security analysis shows that our scheme is provable secure under random oracle model and experimental evaluation indicates that our scheme is highly efficient and can be feasibly integrated into the regenerating-code-based cloud storage.

Privacy-Preserving Scalar Product Computation in Cloud Environments Under Multiple Keys

With the advent of big data era, clients lack of computational resources tend to outsource their data and mining tasks to resourceful cloud service providers. Generally, the outsourced data contributed by multiple clients should be encrypted under multiple keys for privacy and security concerns. Unfortunately, existing secure outsourcing protocols are either restricted to a single key or quite inefficient due to frequent client interactions, making the deployment far from practical. In this paper, we focus on addressing these outsourced problems over encrypted data under multiple keys, and propose an efficient Outsourced Privacy-Preserving Scalar Product (OPPSP) protocol. Theoretical analysis shows that the proposed solution preserves data confidentiality of all participating users in the semi-honest model with negligible computation and communication costs. Experimental evaluation also demonstrates its practicability and efficiency.

Reliable and confidential cloud storage with efficient data forwarding functionality

Cloud computing is a promising computing paradigm which has drawn extensive attention. Serious concerns over the reliability and confidentiality of the outsourced data are arising. Traditional encryption methods can, guarantee data confidentiality, however, it also limits the clouds functionality as few operations are supported over encrypted data. In this study, the authors construct an enhanced cloud that not only provides secure and robust data storage, but also supports the functionality that the cipher data can be forwarded without being retrieved back. Specifically, they design an all-or-nothing-transform-based encryption and a variant of ElGamal-based proxy re-encryption algorithms, blending them with Reed–Solomon code, the authors’ scheme is quite more efficient compared with previous studies because it only needs to update partial data blocks instead of the whole file for data forwarding. Besides, the authors’ scheme also satisfies another practical property that the original data owner can no longer decrypt or forward the re-encrypted data to others after a complete forwarding instance, which is termed to be ‘original inaccessibility’ in this study. Analysis shows that the authors’ scheme is secure and satisfactory. Finally, the authors theoretically and experimentally evaluate its performance and the results indicate that their scheme is efficient during file dispersal, forward and retrieval.

Privacy-Preserving k-Nearest Neighbor Computation in Multiple Cloud Environments

With the advent of big data era, clients lack of computational and storage resources tends to outsource data mining tasks to cloud computing providers in order to improve efficiency and save costs. Generally, different clients choose different cloud companies for the sake of security, business cooperation, location, and so on. However, due to the rise of privacy leakage issues, the data contributed by clients should be encrypted under their own keys. This paper focuses on privacy-preserving k-nearest neighbor (kNN) computation over the databases distributed among multiple cloud environments. Unfortunately, existing secure outsourcing protocols are either restricted to a single key setting or quite inefficient because of frequent client-to-server interactions, making it impractical for wide application. To address these issues, we propose a set of secure building blocks and outsourced collaborative kNN protocol. Theoretical analysis shows that our scheme not only preserves the privacy of distributed databases and kNN query but also hides access patterns in the semi-honest model. Experimental evaluation demonstrates its significant efficiency improvements compared with existing methods.

Privacy-Preserving -Means Clustering under Multiowner Setting in Distributed Cloud Environments

With the advent of big data era, clients who lack computational and storage resources tend to outsource data mining tasks to cloud service providers in order to improve efficiency and reduce costs. It is also increasingly common for clients to perform collaborative mining to maximize profits. However, due to the rise of privacy leakage issues, the data contributed by clients should be encrypted using their own keys. This paper focuses on privacy-preserving -means clustering over the joint datasets encrypted under multiple keys. Unfortunately, existing outsourcing -means protocols are impractical because not only are they restricted to a single key setting, but also they are inefficient and nonscalable for distributed cloud computing. To address these issues, we propose a set of privacy-preserving building blocks and outsourced -means clustering protocol under Spark framework. Theoretical analysis shows that our scheme protects the confidentiality of the joint database and mining results, as well as access patterns under the standard semihonest model with relatively small computational overhead. Experimental evaluations on real datasets also demonstrate its efficiency improvements compared with existing approaches.

OE-CP-ABE: Over-Encryption Based CP-ABE Scheme for Efficient Policy Updating

Ciphertext-Policy Attribute Based Encryption (CP-ABE) is a promising technique to enable fine-grained access control for data storage and sharing. In CP-ABE, data are encrypted with an access policy on attributes, so the frequent policy updating has always been a challenging issue for data owners. A trivial method is to let data owners retrieve the data and re-encrypt it under the new access policy, and then send it back to the server. However, this method incurs high communication and computation overhead on data owners. In this paper, we propose OE-CP-ABE scheme to implement fine-grained access control with efficient policy updating in data sharing. By combining the large universe CP-ABE with techniques of over-encryption and multi-linear secret sharing, our method can avoid the transmission of ciphertext and reduce the computation cost of data owners. The analysis shows that the proposed scheme can not only protect the confidentiality of the outsourced data, but also implement policy updating easily and efficiently.

Outsourced k -Means Clustering over Encrypted Data Under Multiple Keys in Spark Framework

As the quantity of data produced is rapidly rising in recent years, clients lack of computational and storage resources tend to outsource data mining tasks to cloud service providers in order to improve efficiency and save costs. It’s also increasing common for clients to perform collaborative mining to maximize profits. However, due to the rise of privacy leakage issues, the data contributed by clients should be encrypted under their own keys. This paper focuses on privacy-preserving k-means clustering over the joint datasets from multiple sources. Unfortunately, existing secure outsourcing protocols are either restricted to a single key setting or quite inefficient because of frequent client-to-server interactions, making it impractical for wide application. To address these issues, we propose a set of secure building blocks and outsourced clustering protocol under Spark framework. Theoretical analysis shows that our scheme protects the confidentiality of the joint database and mining results in the standard threat model with small computation and communication overhead. Experimental results also demonstrate its significant efficiency improvements compared with existing methods.

Efficient Integrity Verification of Secure Outsourced kNN Computation in Cloud Environments

With the ever increasing demand on computational and storage resources to deal with tremendous growth of big data, clients tend to outsource their data mining tasks to cloud service providers. Nevertheless, concerns of data integrity, security and privacy are also on the rise: how can the clients with weak computational power verify the integrity of mining results returned by the server while preserving their privacy. In this paper, we focus on the specific task of outsourced k-Nearest Neighbor (kNN) computation. The cloud server is considered to be potentially semi-honest and unscrupulous by offering incorrect answers due to economic incentive or execution failure. We propose an efficient probabilistic verification method called Verifiable Secure kNN (VSkNN), an integrity verification delegate framework which utilizes the algebraic properties of scalar products in encryption schemes and a small quantity of artificial tuples for correctness checking. Both theoretical analysis and experimental results demonstrate that our approach can provide high probabilistic guarantees on the accuracy of kNN query results efficiently in a privacy-preserving manner.

Secure Collaborative Outsourced k-Nearest Neighbor Classification with Multiple Owners in Cloud Environment

With the advent of big data era, it’s becoming an increasing trend for different clients lack of computational resources to cooperate in outsourcing data mining tasks to cloud service providers in order to produce maximum value of the joint database. Generally, the outsourced data contributed by clients should be encrypted under different keys owing to security concerns. Unfortunately, existing privacy-preserving outsourcing protocols are either restricted to a single key setting or quite inefficient due to frequent server-client interactions, making the deployment far from practical. In this paper, we focus on outsourced k-Nearest Neighbor (kNN) classification over encrypted data under multiple keys, and propose a set of secure building blocks and the Secure Collaborative Outsourced kNN (SCOkNN) protocol. Theoretical analysis shows that the proposed protocol protects the confidentiality of data from data owners, privacy of query, and access patterns in the semi-honest model with negligible computation and communication costs. Experimental evaluation also demonstrates its practicability and efficiency.

Efficient and secure data forwarding for erasure-code-based cloud storage

Cloud computing is a promising computing paradigm which has drawn extensive attention from both academia and industry. Since that the cloud is very likely to be outside of the trust domain of the users, serious concerns over the confidentiality of the outsourced data are arising. Traditional encryption methods guarantee data confidentiality, but also limit the functionality of the cloud storage as few operations are supported over encrypted data. The main technique contribution of this paper is that we present an efficient data forwarding scheme for the erasure-coded and encrypted cloud, which enforces the cloud not only provide data reliability and confidentiality, but also support the functionality that the encrypted data can be forwarded to another user without being retrieved back. Specifically, we design an all-or-nothing transform based encryption and a variant of ElGamal-based proxy re-encryption algorithms, blending them with the Reed-Solomon erasure code, our scheme is quite more efficient compared with previous studies and only needs to update partial data blocks instead of the whole file for data forwarding. In addition, our scheme also satisfies another practical property that the original data owner can no longer decrypt or forward the re-encrypted data again to other users after a complete data forwarding, which is termed to be “original inaccessibility” in our study. Analysis shows that our scheme is secure and satisfactory. Finally we theoretically and experimentally evaluate the performance of our scheme and the results indicate that our scheme is efficient in the procedure of file dispersal, forward and retrieval.