Ming Xian

Privacy-Preserving Public Auditing for Regenerating-Code-Based Cloud Storage

To protect outsourced data in cloud storage against corruptions, adding fault tolerance to cloud storage together with data integrity checking and failure reparation becomes critical. Recently, regenerating codes have gained popularity due to their lower repair bandwidth while providing fault tolerance. Existing remote checking methods for regenerating-coded data only provide private auditing, requiring data owners to always stay online and handle auditing, as well as repairing, which is sometimes impractical. In this paper, we propose a public auditing scheme for the regenerating-code-based cloud storage. To solve the regeneration problem of failed authenticators in the absence of data owners, we introduce a proxy, which is privileged to regenerate the authenticators, into the traditional public auditing system model. Moreover, we design a novel public verifiable authenticator, which is generated by a couple of keys and can be regenerated using partial keys. Thus, our scheme can completely release data owners from online burden. In addition, we randomize the encode coefficients with a pseudorandom function to preserve data privacy. Extensive security analysis shows that our scheme is provable secure under random oracle model and experimental evaluation indicates that our scheme is highly efficient and can be feasibly integrated into the regenerating-code-based cloud storage.

Securing the cloud storage audit service: defending against frame and collude attacks of third party auditor

Cloud computing has been envisioned as the next generation architecture of the IT enterprise, but there exist many security problems. A significant problem encountered in the context of cloud storage is whether there exists some potential vulnerabilities towards cloud storage system after introducing third parties. Public verification enables a third party auditor (TPA), on behalf of users who lack the resources and expertise, to verify the integrity of the stored data. Many existing auditing schemes always assume TPA is reliable and independent. This work studies the problem what if certain TPAs are semi-trusted or even potentially malicious in some situations. Actually, the authors consider the task of allowing such a TPA to involve in the audit scheme. They propose a feedback-based audit scheme via which users are relaxed from interacting with cloud service provider (CSP) and can check the integrity of stored data by themselves instead of TPA yet. Specifically, TPA generates the feedback through processing the proof from CSP and returns it to user which is yet unforgeable to TPA and checked exclusively by user. Through detailed security and performance analysis, the authors scheme is shown to be more secure and lightweight.

Security Concerns in Minimum Storage Cooperative Regenerating Codes

Here, we revisit the problem of exploring the secrecy capacity of minimum storage cooperative regenerating (MSCR) codes under the (l2 l2)-eavesdropper model, where the eavesdropper can observe the data stored on l1 nodes and the repair downloads of an additional l2 nodes. Compared to minimum storage regenerating (MSR) codes which support only single node repairs, MSCR codes allow efficient simultaneous repairs of multiple failed nodes, referred to as a repair group. However, the repair data sent from a helper node to another failed node may vary with different repair groups or the sets of helper nodes, which would inevitably leak more data information to the eavesdropper and even render the storage system unable to maintain any data secrecy. In this paper, we introduce and study a special category of MSCR codes, termed “stable” MSCR codes, where the repair data from any one helper node to any one failed node is required to be independent of the repair group or the set of helper nodes. Our main contributions include: 1) Demonstrating that two existing MSCR codes inherently are not stable and thus have poor secrecy capacity; 2) Converting one existing MSCR code to a stable one, which offers better secrecy capacity when compared to the original one; and 3) Employing information theoretic analysis to characterize the secrecy capacity of stable MSCR codes in certain situations.

Enabling dynamic proof of retrievability in regenerating-coding-based cloud storage

To protect outsourced data in practical cloud storage against corruptions, enabling the integration of dynamic proof of retrievability (DPoR) and efficient recovery for cloud storage becomes significant and critical. However, in general PoR cloud storage, as all or part of data files are encoded, frequent or small updates require the updates of all related (encoded) file. Thus, this work studies the problem of constructing a novel regenerating code to be compatible with dynamic provable data possession (DPDP) into a DPoR system. Specifically, a class of exact-regenerating systematic code is presented to efficiently combine DPDP using the product matrix framework. In addition, a practical DPDP scheme is proposed and implemented for the specific regenerating code, while preserving the combined properties of default data integrity protection, efficient dynamic data updating, fault tolerance and repair traffic saving. Our DPDP scheme is based on the new Memory Adversary model specifically brought by dynamic operations. It allows different parameters to be fine-tuned for the performance-security tradeoff. We implement and evaluate the overhead of our DPDP scheme in cloud storage under different parameter choices. We demonstrate that DPDP can be feasibly integrated into our specific regenerating code.

Privacy-Preserving Scalar Product Computation in Cloud Environments Under Multiple Keys

With the advent of big data era, clients lack of computational resources tend to outsource their data and mining tasks to resourceful cloud service providers. Generally, the outsourced data contributed by multiple clients should be encrypted under multiple keys for privacy and security concerns. Unfortunately, existing secure outsourcing protocols are either restricted to a single key or quite inefficient due to frequent client interactions, making the deployment far from practical. In this paper, we focus on addressing these outsourced problems over encrypted data under multiple keys, and propose an efficient Outsourced Privacy-Preserving Scalar Product (OPPSP) protocol. Theoretical analysis shows that the proposed solution preserves data confidentiality of all participating users in the semi-honest model with negligible computation and communication costs. Experimental evaluation also demonstrates its practicability and efficiency.

Reliable and confidential cloud storage with efficient data forwarding functionality

Cloud computing is a promising computing paradigm which has drawn extensive attention. Serious concerns over the reliability and confidentiality of the outsourced data are arising. Traditional encryption methods can, guarantee data confidentiality, however, it also limits the clouds functionality as few operations are supported over encrypted data. In this study, the authors construct an enhanced cloud that not only provides secure and robust data storage, but also supports the functionality that the cipher data can be forwarded without being retrieved back. Specifically, they design an all-or-nothing-transform-based encryption and a variant of ElGamal-based proxy re-encryption algorithms, blending them with Reed–Solomon code, the authors’ scheme is quite more efficient compared with previous studies because it only needs to update partial data blocks instead of the whole file for data forwarding. Besides, the authors’ scheme also satisfies another practical property that the original data owner can no longer decrypt or forward the re-encrypted data to others after a complete forwarding instance, which is termed to be ‘original inaccessibility’ in this study. Analysis shows that the authors’ scheme is secure and satisfactory. Finally, the authors theoretically and experimentally evaluate its performance and the results indicate that their scheme is efficient during file dispersal, forward and retrieval.

Privacy-Preserving k-Nearest Neighbor Computation in Multiple Cloud Environments

With the advent of big data era, clients lack of computational and storage resources tends to outsource data mining tasks to cloud computing providers in order to improve efficiency and save costs. Generally, different clients choose different cloud companies for the sake of security, business cooperation, location, and so on. However, due to the rise of privacy leakage issues, the data contributed by clients should be encrypted under their own keys. This paper focuses on privacy-preserving k-nearest neighbor (kNN) computation over the databases distributed among multiple cloud environments. Unfortunately, existing secure outsourcing protocols are either restricted to a single key setting or quite inefficient because of frequent client-to-server interactions, making it impractical for wide application. To address these issues, we propose a set of secure building blocks and outsourced collaborative kNN protocol. Theoretical analysis shows that our scheme not only preserves the privacy of distributed databases and kNN query but also hides access patterns in the semi-honest model. Experimental evaluation demonstrates its significant efficiency improvements compared with existing methods.

Privacy-Preserving -Means Clustering under Multiowner Setting in Distributed Cloud Environments

With the advent of big data era, clients who lack computational and storage resources tend to outsource data mining tasks to cloud service providers in order to improve efficiency and reduce costs. It is also increasingly common for clients to perform collaborative mining to maximize profits. However, due to the rise of privacy leakage issues, the data contributed by clients should be encrypted using their own keys. This paper focuses on privacy-preserving -means clustering over the joint datasets encrypted under multiple keys. Unfortunately, existing outsourcing -means protocols are impractical because not only are they restricted to a single key setting, but also they are inefficient and nonscalable for distributed cloud computing. To address these issues, we propose a set of privacy-preserving building blocks and outsourced -means clustering protocol under Spark framework. Theoretical analysis shows that our scheme protects the confidentiality of the joint database and mining results, as well as access patterns under the standard semihonest model with relatively small computational overhead. Experimental evaluations on real datasets also demonstrate its efficiency improvements compared with existing approaches.

Privacy preserving k-nearest neighbor classification over encrypted database in outsourced cloud environments

To utilize the cost-saving advantages of the cloud computing paradigm, individuals and enterprises increasingly resort to outsource their databases and data operations to cloud servers. However such solutions come with the risk of violating the privacy of users. To protect privacy, the outsourced databases are usually encrypted, making it difficult to run queries and other data mining tasks without decrypting the data first. Conventional encryption methods are either incapable of supporting such operations or computationally expensive to do so. In this paper, we aim to efficiently support computations over encrypted cloud databases, particularly focusing on privacy preserving k-nearest neighbor classification. The proposed scheme efficiently protects database security, key confidentiality of the data owner, query privacy and data access patterns. We analyze the cost of our proposed scheme and evaluate the performance through extensive experiments using both synthetic and real databases.

OE-CP-ABE: Over-Encryption Based CP-ABE Scheme for Efficient Policy Updating

Ciphertext-Policy Attribute Based Encryption (CP-ABE) is a promising technique to enable fine-grained access control for data storage and sharing. In CP-ABE, data are encrypted with an access policy on attributes, so the frequent policy updating has always been a challenging issue for data owners. A trivial method is to let data owners retrieve the data and re-encrypt it under the new access policy, and then send it back to the server. However, this method incurs high communication and computation overhead on data owners. In this paper, we propose OE-CP-ABE scheme to implement fine-grained access control with efficient policy updating in data sharing. By combining the large universe CP-ABE with techniques of over-encryption and multi-linear secret sharing, our method can avoid the transmission of ciphertext and reduce the computation cost of data owners. The analysis shows that the proposed scheme can not only protect the confidentiality of the outsourced data, but also implement policy updating easily and efficiently.