Results 1 - 10
of
55
Privacy-Preserving Multi-Keyword Ranked Search over Encrypted Cloud Data,"
- Proc. IEEE INFOCOM,
, 2014
"... Abstract-With the advent of cloud computing, data owners are motivated to outsource their complex data management systems from local sites to commercial public cloud for great flexibility and economic savings. But for protecting data privacy, sensitive data has to be encrypted before outsourcing, w ..."
Abstract
-
Cited by 89 (10 self)
- Add to MetaCart
(Show Context)
Abstract-With the advent of cloud computing, data owners are motivated to outsource their complex data management systems from local sites to commercial public cloud for great flexibility and economic savings. But for protecting data privacy, sensitive data has to be encrypted before outsourcing, which obsoletes traditional data utilization based on plaintext keyword search. Thus, enabling an encrypted cloud data search service is of paramount importance. Considering the large number of data users and documents in cloud, it is crucial for the search service to allow multi-keyword query and provide result similarity ranking to meet the effective data retrieval need. Related works on searchable encryption focus on single keyword search or Boolean keyword search, and rarely differentiate the search results. In this paper, for the first time, we define and solve the challenging problem of privacy-preserving multi-keyword ranked search over encrypted cloud data (MRSE), and establish a set of strict privacy requirements for such a secure cloud data utilization system to become a reality. Among various multi-keyword semantics, we choose the efficient principle of "coordinate matching", i.e., as many matches as possible, to capture the similarity between search query and data documents, and further use "inner product similarity" to quantitatively formalize such principle for similarity measurement. We first propose a basic MRSE scheme using secure inner product computation, and then significantly improve it to meet different privacy requirements in two levels of threat models. Thorough analysis investigating privacy and efficiency guarantees of proposed schemes is given, and experiments on the real-world dataset further show proposed schemes indeed introduce low overhead on computation and communication.
Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption
- IEEE Transactions on Parallel and Distributed Systems
, 2012
"... Abstract—Personal health record (PHR) is an emerging patient-centric model of health information exchange, which is often outsourced to be stored at a third party, such as cloud providers. However, there have been wide privacy concerns as personal health information could be exposed to those third p ..."
Abstract
-
Cited by 59 (2 self)
- Add to MetaCart
(Show Context)
Abstract—Personal health record (PHR) is an emerging patient-centric model of health information exchange, which is often outsourced to be stored at a third party, such as cloud providers. However, there have been wide privacy concerns as personal health information could be exposed to those third party servers and to unauthorized parties. To assure the patients ’ control over access to their own PHRs, it is a promising method to encrypt the PHRs before outsourcing. Yet, issues such as risks of privacy exposure, scalability in key management, flexible access, and efficient user revocation, have remained the most important challenges toward achieving fine-grained, cryptographically enforced data access control. In this paper, we propose a novel patient-centric framework and a suite of mechanisms for data access control to PHRs stored in semitrusted servers. To achieve fine-grained and scalable data access control for PHRs, we leverage attribute-based encryption (ABE) techniques to encrypt each patient’s PHR file. Different from previous works in secure data outsourcing, we focus on the multiple data owner scenario, and divide the users in the PHR system into multiple security domains that greatly reduces the key management complexity for owners and users. A high degree of patient privacy is guaranteed simultaneously by exploiting multiauthority ABE. Our scheme also enables dynamic modification of access policies or file attributes, supports efficient on-demand user/attribute revocation and break-glass access under emergency scenarios. Extensive analytical and experimental results are presented which show the security, scalability, and efficiency of our proposed scheme. Index Terms—Personal health records, cloud computing, data privacy, fine-grained access control, attribute-based encryption Ç 1
A Privacy Leakage Upper Bound Constraint-Based Approach for Cost-Effective Privacy Preserving of Intermediate Data Sets in Cloud
"... Abstract—Cloud computing provides massive computation power and storage capacity which enable users to deploy computation and data-intensive applications without infrastructure investment. Along the processing of such applications, a large volume of intermediate data sets will be generated, and ofte ..."
Abstract
-
Cited by 11 (1 self)
- Add to MetaCart
(Show Context)
Abstract—Cloud computing provides massive computation power and storage capacity which enable users to deploy computation and data-intensive applications without infrastructure investment. Along the processing of such applications, a large volume of intermediate data sets will be generated, and often stored to save the cost of recomputing them. However, preserving the privacy of intermediate data sets becomes a challenging problem because adversaries may recover privacy-sensitive information by analyzing multiple intermediate data sets. Encrypting ALL data sets in cloud is widely adopted in existing approaches to address this challenge. But we argue that encrypting all intermediate data sets are neither efficient nor cost-effective because it is very time consuming and costly for data-intensive applications to en/decrypt data sets frequently while performing any operation on them. In this paper, we propose a novel upper bound privacy leakage constraint-based approach to identify which intermediate data sets need to be encrypted and which do not, so that privacy-preserving cost can be saved while the privacy requirements of data holders can still be satisfied. Evaluation results demonstrate that the privacy-preserving cost of intermediate data sets can be significantly reduced with our approach over existing ones where all data sets are encrypted. Index Terms—Cloud computing, data storage privacy, privacy preserving, intermediate data set, privacy upper bound Ç 1
Toward privacy-assured cloud data services with flexible search functionalities
- in ICDCSW. IEEE
, 2012
"... Abstract—User privacy has been a major concern against the widespread adoption of the cloud technology. A full-fledged cloud data service should effectively support data utilization tasks, especially flexible data search functionalities, while simul-taneously achieve user privacy assurance and meet ..."
Abstract
-
Cited by 7 (1 self)
- Add to MetaCart
(Show Context)
Abstract—User privacy has been a major concern against the widespread adoption of the cloud technology. A full-fledged cloud data service should effectively support data utilization tasks, especially flexible data search functionalities, while simul-taneously achieve user privacy assurance and meet practical system-level performance requirements. In this position paper, we identify the importance and challenges of designing privacy-assured, flexible and practically efficient search mechanisms for outsourced cloud data services. In particular, we focus on two representative types of flexible search functionalities: ranked keyword search, and search over structured data. Although these functionalities are already prevalent in information retrieval in the plaintext domain, realizing them in the encrypted domain requires non-trivial effort and is relatively new. In light of this, we first describe several existing technical approaches proposed by us and other researchers, and identify their advantages and limitations. We also discuss the open research directions and provide some possible ideas for further investigation. We believe the presented results will inspire more research towards making privacy-assured search in the cloud practical and useful. I.
Protecting Your Right: Attribute-based Keyword Search with Fine-grained Owner-enforced Search Authorization in the Cloud
, 2014
"... Search over encrypted data is a critically important enabling technique in cloud computing, where encryption-before-outsourcing is a fundamental solution to protecting user data privacy in the untrusted cloud server environment. Many secure search schemes have been focusing on the single-contributo ..."
Abstract
-
Cited by 7 (1 self)
- Add to MetaCart
Search over encrypted data is a critically important enabling technique in cloud computing, where encryption-before-outsourcing is a fundamental solution to protecting user data privacy in the untrusted cloud server environment. Many secure search schemes have been focusing on the single-contributor scenario, where the outsourced dataset or the secure searchable index of the dataset are encrypted and managed by a single owner, typically based on symmetric cryptography. In this paper, we focus on a different yet more challenging scenario where the outsourced dataset can be contributed from multiple owners and are searchable by multiple users, i.e. multi-user multi-contributor case. Inspired by attribute-based encryption (ABE), we present the first attribute-based keyword search scheme with efficient user revocation (ABKS-UR) that enables scalable fine-grained (i.e. file-level) search authorization. Our scheme allows multiple owners to encrypt and outsource their data to the cloud server independently. Users can generate their own search capabilities without relying on an always online trusted authority. Fine-grained search authorization is also implemented by the owner-enforced access policy on the index of each file. Further, by incorporating proxy re-encryption and lazy re-encryption techniques, we are able to delegate heavy system update workload during user revocation to the resourceful semi-trusted cloud server. We formalize the security definition and prove the proposed ABKS-UR scheme selectively secure against chosen-keyword attack. Finally, performance evaluation shows the efficiency of our scheme.
VABKS: Verifiable Attribute-based Keyword Search over Outsourced Encrypted Data
"... Abstract—It is quite common nowadays for data owners to outsource their data to the cloud. Since the cloud is not fully trusted, the outsourced data should be encrypted, which however brings a range of problems, such as: How can the authorized data users search over a data owner’s outsourced encrypt ..."
Abstract
-
Cited by 6 (2 self)
- Add to MetaCart
(Show Context)
Abstract—It is quite common nowadays for data owners to outsource their data to the cloud. Since the cloud is not fully trusted, the outsourced data should be encrypted, which however brings a range of problems, such as: How can the authorized data users search over a data owner’s outsourced encrypted data? How should a data owner grant search capabilities to data users? How can data users be assured that the cloud faithfully executed the search operations on their behalf? Towards ultimately addressing these problems, in this paper we propose a novel cryptographic solution, called verifiable attribute-based keyword search (VABKS). This solution allows a data user, whose credentials satisfy a data owner’s access control policy, to (i) search over the data owner’s outsourced encrypted data, (ii) outsource the tedious search operations to the cloud, and (iii) verify whether the cloud has faithfully executed the user’s the search operations. We define VABKS’s security properties and introduce concrete constructions that are proven to satisfy them. Performance evaluation shows that the proposed schemes are practical and deployable. I.
Enforcing Secure and Privacy-Preserving Information Brokering in Distributed Information Sharing
, 2013
"... Today’s organizations raise an increasing need for information sharing via on-demand access. Information Brokering Systems (IBSs) have been proposed to connect large-scale loosely-federated data sources via a brokering overlay, in which the brokers make routing decisions to direct client queries to ..."
Abstract
-
Cited by 4 (0 self)
- Add to MetaCart
(Show Context)
Today’s organizations raise an increasing need for information sharing via on-demand access. Information Brokering Systems (IBSs) have been proposed to connect large-scale loosely-federated data sources via a brokering overlay, in which the brokers make routing decisions to direct client queries to the requested data servers. Many existing IBSs assume that brokers are trusted and thus only adopt server-side access control for data confidentiality. However, privacy of data location and data consumer can still be inferred from metadata (such as query and access control rules) exchanged within the IBS, but little attention has been put on its protection. In this article, we propose a novel approach to preserve privacy of multiple stakeholders involved in the information brokering process. We are among the first to formally define two privacy attacks, namely attribute-correlation attack and inference attack, and propose two countermeasure schemes automaton segmentation and query segment encryption to securely share the routing decision making responsibility among a selected set brokering servers. With comprehensive security analysis and experimental results, we show that our approach seamlessly integrates security enforcement with query routing to provide system-wide security with insignificant overhead.
Inverted index based multi-keyword public-key searchable encryption with strong privacy guarantee
- in INFOCOM’15, Hong Kong
, 2015
"... Abstract—With the growing awareness of data privacy, more and more cloud users choose to encrypt their sensitive data before outsourcing them to the cloud. Search over encrypted data is therefore a critical function facilitating efficient cloud data access given the high data volume that each user h ..."
Abstract
-
Cited by 2 (0 self)
- Add to MetaCart
(Show Context)
Abstract—With the growing awareness of data privacy, more and more cloud users choose to encrypt their sensitive data before outsourcing them to the cloud. Search over encrypted data is therefore a critical function facilitating efficient cloud data access given the high data volume that each user has to handle nowadays. Inverted index is one of the most efficient searchable index structures and has been widely adopted in plaintext search. However, securing an inverted index and its associated search schemes is not a trivial task. A major challenge exposed from the existing efforts is the difficulty to protect user’s query privacy. The challenge roots on two facts: 1) the existing solutions use a deterministic trapdoor generation function for queries; and 2) once a keyword is searched, the encrypted inverted list for this keyword is revealed to the cloud server. We denote this second property in the existing solutions as one-time-only search limitation. Additionally, conjunctive multi-keyword search, which is the most common form of query nowadays, is not supported in those works. In this paper, we propose a public-key searchable encryption scheme based on the inverted index. Our scheme preserves the high search efficiency inherited from the inverted index while lifting the one-time-only search limitation of the previous solutions. Our scheme features a probabilistic trapdoor generation algorithm and protects the search pattern. In addition, our scheme supports conjunctive multi-keyword search. Compared with the existing public key based schemes that heavily rely on expensive pairing operations, our scheme is more efficient by using only multiplications and exponentiations. To meet stronger security requirements, we strengthen our scheme with an efficient oblivious transfer protocol that hides the access pattern from the cloud. The simulation results demonstrate that our scheme is suitable for practical usage with moderate overhead. I.
Ravishankar, “Secure and Efficient Range Queries on Outsourced Databases Using R-trees
- in Proc. of IEEE ICDE’13
, 2013
"... Abstract—We show how to execute range queries securely and efficiently on encrypted databases in the cloud. Current methods provide either security or efficiency, but not both. Many schemes even reveal the ordering of encrypted tuples, which, as we show, allows adversaries to estimate plaintext valu ..."
Abstract
-
Cited by 2 (0 self)
- Add to MetaCart
(Show Context)
Abstract—We show how to execute range queries securely and efficiently on encrypted databases in the cloud. Current methods provide either security or efficiency, but not both. Many schemes even reveal the ordering of encrypted tuples, which, as we show, allows adversaries to estimate plaintext values accurately. We present the pR-tree, a hierarchical encrypted index that may be securely placed in the cloud, and searched efficiently. It is based on a mechanism we design for encrypted halfspace range queries in Rd, using Asymmetric Scalar-product Preserving Encryption. Data owners can tune the pR-tree parameters to achieve desired security-efficiency tradeoffs. We also present extensive experiments to evaluate pR-tree performance. Our results show that pR-tree queries are efficient on encrypted databases, and reveal far less information than competing methods. I.
SECURE RETRIEVAL OF FILES USING HOMOMORPHIC ENCRYPTION FOR CLOUD COMPUTING
"... Clouds allow users to store data and access can be made anywhere, any time by using any device. Highly sensitive information such as business documents, medical records and personal information may be stored in a cloud. Security and privacy are thus very important issues in cloud computing. To keep ..."
Abstract
-
Cited by 1 (0 self)
- Add to MetaCart
Clouds allow users to store data and access can be made anywhere, any time by using any device. Highly sensitive information such as business documents, medical records and personal information may be stored in a cloud. Security and privacy are thus very important issues in cloud computing. To keep user data confidential from an untrusted Cloud Service Provider and third parties, a natural way is encryption. The data decryption key should be disclosed only to users who have been authorized. Users can search their files using keywords in the cloud. In existing literature many schemes have been proposed. In this paper, a new technique is described: Multi-keyword searching using homomorphic encryption. It is an algorithm which performs operations on encrypted data which will provide results without decrypting that data. It provides privacy for user querying patterns and user data. It allows Cloud Service Providers to perform operations on the encrypted data. The Cloud Service Provider is unaware of the files and keywords stored in the cloud. Ranking is used for efficient and fast retrieval of the desired files. Ranks will be assigned to files based on the frequency of access of the files.
