Visible to the public User Privacy in the Cloud, 2014

SoS Newsletter- Advanced Book Block

SoS Logo

User Privacy in the Cloud, 2014

Privacy is a major problem for distributed file systems, that is, the Cloud.  Considerable research is being conducted in this area.  The works cited here are selected by the editors as work of interest to the Science of Security community.  The work was presented in 2014.

Bertino, E.; Samanthula, B.K., "Security With Privacy - A Research Agenda," Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom), 2014 International Conference on, 144, 153, 22-25 Oct. 2014.  Doi:  (not provided)
Abstract: Data is one of the most valuable assets for organization. It can facilitate users or organizations to meet their diverse goals, ranging from scientific advances to business intelligence. Due to the tremendous growth of data, the notion of big data has certainly gained momentum in recent years. Cloud computing is a key technology for storing, managing and analyzing big data. However, such large, complex, and growing data, typically collected from various data sources, such as sensors and social media, can often contain personally identifiable information (PII) and thus the organizations collecting the big data may want to protect their outsourced data from the cloud. In this paper, we survey our research towards development of efficient and effective privacy-enhancing (PE) techniques for management and analysis of big data in cloud computing. We propose our initial approaches to address two important PE applications: (i) privacy-preserving data management and (ii) privacy-preserving data analysis under the cloud environment. Additionally, we point out research issues that still need to be addressed to develop comprehensive solutions to the problem of effective and efficient privacy-preserving use of data.
Keywords: Big Data; cloud computing; data privacy; security of data; PE applications; PE techniques; PII; big data analysis; business intelligence; cloud computing; cloud environment; data sources; outsourced data; personally identifiable information; privacy-enhancing techniques; privacy-preserving data analysis; privacy-preserving data management; research agenda; security; social media; Big data; Cancer; Electronic mail; Encryption; Media; Privacy (ID#: 15-5677)


Henze, M.; Hermerschmidt, L.; Kerpen, D.; Haussling, R.; Rumpe, B.; Wehrle, K., "User-Driven Privacy Enforcement for Cloud-Based Services in the Internet of Things," Future Internet of Things and Cloud (FiCloud), 2014 International Conference on , vol., no., pp.191,196, 27-29 Aug. 2014. doi: 10.1109/FiCloud.2014.38
Abstract: Internet of Things devices are envisioned to penetrate essentially all aspects of life, including homes and urban spaces, in use cases such as health care, assisted living, and smart cities. One often proposed solution for dealing with the massive amount of data collected by these devices and offering services on top of them is the federation of the Internet of Things and cloud computing. However, user acceptance of such systems is a critical factor that hinders the adoption of this promising approach due to severe privacy concerns. We present UPECSI, an approach for user-driven privacy enforcement for cloud-based services in the Internet of Things to address this critical factor. UPECSI enables enforcement of all privacy requirements of the user once her sensitive data leaves the border of her network, provides a novel approach for the integration of privacy functionality into the development process of cloud-based services, and offers the user an adaptable and transparent configuration of her privacy requirements. Hence, UPECSI demonstrates an approach for realizing user-accepted cloud services in the Internet of Things.
Keywords: Internet of Things; cloud computing; data privacy; Internet of Things; UPECSI; cloud computing; cloud-based services; privacy functionality; user-driven privacy enforcement; Access control; Cloud computing; Data privacy; Medical services; Monitoring; Privacy; Cloud Computing; Development; Internet of Things; Model-driven; Privacy; Services; User-acceptance (ID#: 15-5678)


Zheming Dong; Lei Zhang; Jiangtao Li, "Security Enhanced Anonymous Remote User Authentication and Key Agreement for Cloud Computing," Computational Science and Engineering (CSE), 2014 IEEE 17th International Conference on, pp. 1746,1751, 19-21 Dec. 2014. doi: 10.1109/CSE.2014.320
Abstract: Cloud computing is a new pattern of computing paradigm which enables the users to transfer their work to the cloud. The tremendous storage and computing resources provided by the cloud liberate the users from the shortage of local resources. However, as the adoption of cloud computing is emerging rapidly, the security and privacy issues are still significant challenges. In a cloud environment, a user accesses to the cloud server through open networks. Thus a variety of attacks can be launched if a secure channel is not established. Furthermore, user's sensitive personal information may be revealed if user's identity is exposed to an attacker. Therefore, user anonymity is also an important concern in cloud environment. In this paper, we first show several weaknesses of a recent anonymous remote user authentication and key agreement protocol for cloud computing, then we propose a new one. Our new protocol enables a user and a cloud server to authenticate each other anonymously and establish a secure channel between them. Thus, only the user and the cloud server may learn the messages exchanged and no entity except themselves can learn the real identities of the message senders.
Keywords: cloud computing; cryptographic protocols; data privacy; message authentication; cloud computing; key agreement protocol; privacy issue; security enhanced anonymous remote user authentication; security issue; user anonymity; Authentication; Cloud computing; Generators; Protocols; Public key; Servers; Anonymity; Authentication; Certificateless Cryptography; Cloud Computing; Key Agreement (ID#: 15-5679)


Elmehdwi, Y.; Samanthula, B.K.; Wei Jiang, "Secure K-Nearest Neighbor Query Over Encrypted Data In Outsourced Environments," Data Engineering (ICDE), 2014 IEEE 30th International Conference on, pp.664,675, March 31 2014-April 4 2014. doi: 10.1109/ICDE.2014.6816690
Abstract: For the past decade, query processing on relational data has been studied extensively, and many theoretical and practical solutions to query processing have been proposed under various scenarios. With the recent popularity of cloud computing, users now have the opportunity to outsource their data as well as the data management tasks to the cloud. However, due to the rise of various privacy issues, sensitive data (e.g., medical records) need to be encrypted before outsourcing to the cloud. In addition, query processing tasks should be handled by the cloud; otherwise, there would be no point to outsource the data at the first place. To process queries over encrypted data without the cloud ever decrypting the data is a very challenging task. In this paper, we focus on solving the k-nearest neighbor (kNN) query problem over encrypted database outsourced to a cloud: a user issues an encrypted query record to the cloud, and the cloud returns the k closest records to the user. We first present a basic scheme and demonstrate that such a naive solution is not secure. To provide better security, we propose a secure kNN protocol that protects the confidentiality of the data, user's input query, and data access patterns. Also, we empirically analyze the efficiency of our protocols through various experiments. These results indicate that our secure protocol is very efficient on the user end, and this lightweight scheme allows a user to use any mobile device to perform the kNN query.
Keywords: cloud computing; cryptography; data privacy; query processing; relational databases; cloud computing; data access patterns; data confidentiality; data management tasks; encrypted data; kNN protocol; kNN query problem; mobile device; outsourced environments; privacy issues; query processing; relational data; secure k-nearest neighbor query; sensitive data; user input query; Distributed databases; Encryption; Protocols; Query processing (ID#: 15-5680)


Omar, M.N.; Salleh, M.; Bakhtiari, M., "Biometric Encryption To Enhance Confidentiality In Cloud Computing," Biometrics and Security Technologies (ISBAST), 2014 International Symposium on, pp. 45,  50, 26-27 Aug. 2014.  doi: 10.1109/ISBAST.2014.7013092
Abstract: Virtualization technology is the base technology used in Cloud computing. Therefore, virtualization enables Cloud computing to provide hardware and software services to the users on demand. Actually, many companies migrates to the Cloud computing for many reasons such as capabilities of processor, bus speed, size of storage, memory and managed to reduce the cost of dedicated servers. However, virtualization and Cloud computing contain many security weaknesses that affects the biometric data confidentiality in the Cloud computing. Those security issues are VM ware escape, hopping, mobility, diversity monitoring and etc. Furthermore, the privacy of a particular user is an issue in biometric data i.e. the face reorganization data for a famous and important people. Therefore, this paper proposed biometric encryption to improve the confidentiality in Cloud computing for biometric data. Also, this paper discussed virtualization for Cloud computing, as well as biometrics encryption. Indeed, this paper overviewed the security weaknesses of Cloud computing and how biometric encryption can improve the confidentiality in Cloud computing environment. Apart from this, confidentiality is enhanced in Cloud computing by using biometric encryption for biometric data. The novel approach of biometric encryption is to enhance the biometric data confidentiality in Cloud computing.
Keywords: biometrics (access control);cloud computing; cryptography; virtualisation; VM ware; biometric data confidentiality; biometric encryption; cloud computing; face reorganization data; hardware services; software services; virtualization technology; Bioinformatics; Biometrics (access control); Cloud computing; Encryption; Hardware; Virtualization; Biometric Encryption; Cloud computing; Virtualization (ID#: 15-5681)


Yanzhi Ren; Yingying Chen; Jie Yang; Bin Xie, "Privacy-Preserving Ranked Multi-Keyword Search Leveraging Polynomial Function In Cloud Computing," Global Communications Conference (GLOBECOM), 2014 IEEE, pp.594,600, 8-12 Dec. 2014. doi: 10.1109/GLOCOM.2014.7036872
Abstract: The rapid deployment of cloud computing provides users with the ability to outsource their data to public cloud for economic savings and flexibility. To protect data privacy, users have to encrypt the data before outsourcing to the cloud, which makes the data utilization, such as data retrieval, a challenging task. It is thus desirable to enable the search service over encrypted cloud data for supporting effective and efficient data retrieval over a large number of data users and documents in the cloud. Existing approaches on encrypted cloud data search either focus on single keyword search or become inefficient when a large amount of documents are present, and thus have little support for the efficient multi-keyword search. In this paper, we propose a light-weight search approach that supports efficient multi-keyword ranked search in cloud computing system. Specifically, we first propose a basic scheme using polynomial function to hide the encrypted keyword and search patterns for efficient multi-keyword ranked search. To enhance the search privacy, we propose a privacy-preserving scheme which utilizes the secure inner product method for protecting the privacy of the searched multi-keywords. We analyze the privacy guarantee of our proposed scheme and conduct extensive experiments based on the real-world dataset. The experiment results demonstrate that our scheme can enable the encrypted multi-keyword ranked search service with high efficiency in cloud computing.
Keywords: cloud computing; cryptography; data protection; information retrieval; outsourcing; cloud computing deployment; data outsourcing; data privacy protection; data retrieval; data utilization; encrypted cloud data; encrypted keyword hiding; encrypted multikeyword ranked search service; light-weight search approach; pattern search; privacy guarantee analysis; privacy-preserving ranked multikeyword search leveraging polynomial function; public cloud; real-world dataset; search privacy enhancement; search service; searched multikeyword privacy protection; secure inner product method; Cloud computing; Cryptography; Indexes; Keyword search; Polynomials; Privacy; Servers (ID#: 15-5682)


Shabalala, M.V.; Tarwireyi, P.; Adigun, M.O., "Privacy Monitoring Framework For Enhancing Transparency In Cloud Computing," Adaptive Science & Technology (ICAST), 2014 IEEE 6th International Conference on, pp. 1, 7, 29-31 Oct. 2014. doi: 10.1109/ICASTECH.2014.7068093
Abstract: The lack of proper privacy and security mechanisms to monitor the sensitive information entrusted to cloud service providers by consumers is a barrier to broader adoption of cloud computing. Despite the many benefits that cloud computing offer, many businesses are still skeptical about how privacy is handled in the cloud. This owes to the fact that with cloud computing, the storage and processing of private information are done on remote machines that are not owned or even managed by the customers. All that the customer can see is a virtual infrastructure built on top of possibly non-trusted physical hardware or operating environments. There is a need for technical mechanism to address users' privacy concerns in order to allow for broader adoption of the cloud. In this paper, we present a Privacy Monitoring Framework to help cloud customers comprehend with what happens to their data while stored in the cloud. The framework provides mechanism which enables cloud customers to trace in detail what happens to their data, where it is stored and who accesses it.
Keywords: cloud computing; data privacy; system monitoring; cloud computing; privacy monitoring framework; transparency enhancement; Business; Cloud computing; Data privacy; Monitoring; Privacy; Security; accountability; availability; cloud computing; confidentiality; integrity; privacy; security; trust (ID#: 15-5683)


Mercy, S.S.; Srikanth, G.U., "An Efficient Data Security System For Group Data Sharing In Cloud System Environment," Information Communication and Embedded Systems (ICICES), 2014 International Conference on, pp.1,4, 27-28 Feb. 2014. doi: 10.1109/ICICES.2014.7033956
Abstract: Cloud Computing delivers the service to the users by having reliable internet connection. In the secure cloud, services are stored and shared by multiple users because of less cost and data maintenance. Sharing the data is the vital intention of cloud data centres. On the other hand, storing the sensitive information is the privacy concern of the cloud. Cloud service provider has to protect the stored client's documents and applications in the cloud by encrypting the data to provide data integrity. Designing proficient document sharing among the group members in the cloud is the difficult task because of group user membership change and conserving document and group user identity confidentiality. To propose the fortified data sharing scheme in secret manner for providing efficient group revocation Advanced Encryption Standard scheme is used. Proposed System contributes efficient group authorization, authentication, confidentiality and access control and document security. To provide more data security Advanced Encryption Standard algorithm is used to encrypt the document. By asserting security and confidentiality in this proficient method securely share the document among the multiple cloud user.
Keywords: authorisation; cloud computing; cryptography; data privacy; document handling; software maintenance; software reliability; Internet connection reliability; access control; authentication; authorization; cloud computing; cloud data centres; cloud system environment; confidentiality; data encryption; data security advanced encryption standard algorithm; document conservation; document security; efficient data security system; group data sharing; group revocation advanced encryption standard scheme; group user identity confidentiality; group user membership change; privacy concern; proficient document sharing; sensitive information storage; Authorization; Cloud computing; Encryption; Servers; Cloud Computing; Document Sharing; Dynamic Group; Group Authorization (ID#: 15-5684)


Kuzhalvaimozhi, S.; Rao, G.R., "Privacy Protection In Cloud Using Identity Based Group Signature," Applications of Digital Information and Web Technologies (ICADIWT),  2014 Fifth International Conference on the, pp. 75, 80, 17-19 Feb. 2014.  doi: 10.1109/ICADIWT.2014.6814670
Abstract: Cloud computing is one of the emerging computing technology where costs are directly proportional to usage and demand. The advantages of this technology are the reasons of security and privacy problems. The data belongs to the users are stored in some cloud servers which is not under their own control. So the cloud services are required to authenticate the user. In general, most of the cloud authentication algorithms do not provide anonymity of the users. The cloud provider can track the users easily. The privacy and authenticity are two critical issues of cloud security. In this paper, we propose a secure anonymous authentication method for cloud services using identity based group signature which allows the cloud users to prove that they have privilege to access the data without revealing their identities.
Keywords: authorisation; cloud computing; cryptography; data privacy; digital signatures; cloud computing; cloud security; cloud services; identity based cryptosystem; identity based group signature; privacy problems; privacy protection; secure anonymous authentication method; security problems; user authentication; Authentication; Cloud computing; Elliptic curve cryptography; Privacy; Cloud; Group Signature; Identity based cryptosystem; Privacy Protection (ID#: 15-5685)


Balasaraswathi, V.R.; Manikandan, S., "Enhanced Security For Multi-Cloud Storage Using Cryptographic Data Splitting With Dynamic Approach," Advanced Communication Control and Computing Technologies (ICACCCT), 2014 International Conference on, pp. 1190, 1194, 8-10 May 2014. doi: 10.1109/ICACCCT.2014.7019286
Abstract: The use of cloud computing has increased rapidly in many organizations. Security is considered to be the most critical aspects in a cloud computing environment due to the sensitive information stored in the cloud for users. The goal of cloud security is mainly focused on the issues related to the data security and privacy aspects in cloud computing. This multi cloud model which is based on partitioning of application system into distinct clouds instead of using single cloud service such as in Amazon cloud service. It will discuss and present the cryptographic data splitting with dynamic approach for securing information. The metadata information is stored in private cloud. This approach prevents the unauthorized data retrieval by hackers and intruders. The results and implementation for the new proposed model is analyzed, in relation to addressing the security factors in cloud computing.
Keywords: cloud computing; cryptography; data privacy; storage management; Amazon cloud service; application system partitioning; cloud computing environment; cloud security; data privacy; data security; hackers; intruders; metadata information; multicloud storage model; private cloud; sensitive information; single cloud service; unauthorized data retrieval; Analytical models; Cloud computing; Computational modeling; Cryptography; Data models; Ecosystems; Cryptographic Data Splitting; Multi-cloud storage; private cloud; public cloud (ID#: 15-5686)


Jianwei Chen; Huadong Ma, "Privacy-Preserving Decentralized Access Control for Cloud Storage Systems," Cloud Computing (CLOUD), 2014 IEEE 7th International Conference on, pp. 506, 513, June 27 2014-July 2 2014. doi: 10.1109/CLOUD.2014.74
Abstract: Along with a large amount of data being outsourced to the cloud, it is imperative to enforce a secure, efficient and privacy-aware access control scheme on the cloud. Decentralized Attribute-based Encryption (ABE) is a variant of multi-authority ABE scheme which is regarded as being more suited to access control in a large-scale cloud. Constructing a decentralized ABE scheme should not need a central Attribute Authority (AA) and any cooperative computing, where most schemes are not efficient enough. Moreover, they introduced a Global Identifier (GID) to resist the collusion attack from users, but corrupt AAs can trace a user by his GID, resulting in the leakage of the user's identity privacy. In this paper, we design a privacy-preserving decentralized access control framework for cloud storage systems, and propose a decentralized CP-ABE access control scheme with the privacy preserving secret key extraction. Our scheme does not require any central AA and coordination among multi-authorities. We adopt Pedersen commitment scheme and oblivious commitment based envelope protocols as the main cryptographic primitives to address the privacy problem, thus the users receive secret keys only for valid identity attributes while the AAs learn nothing about the attributes. Our theoretical analysis and extensive experiment demonstrate the presented scheme's security strength and effectiveness in terms of scalability, computation and storage.
Keywords: authorisation; cloud computing; cryptography; data privacy; decentralised control; GID; Pedersen commitment scheme; central attribute authority; cloud storage systems; collusion attack; cooperative computing; corrupt AA; cryptographic primitives; decentralized ABE scheme; decentralized CP-ABE access control; decentralized attribute-based encryption; global identifier; large scale cloud; multi-authority ABE scheme; privacy preserving secret key extraction; privacy-aware access control scheme; privacy-preserving decentralized access control framework; user identity privacy; Access control; Cloud computing; Encryption; Privacy; Registers (ID#: 15-5687)


Patel, K.; Sendhil Kumar, K.S.; Singh, N.; Parikh, K.; Jaisankar, N., "Data Security And Privacy Using Data Partition And Centric Key Management In Cloud," Information Communication and Embedded Systems (ICICES), 2014 International Conference on, pp. 1, 5, 27-28 Feb. 2014. doi: 10.1109/ICICES.2014.7033769
Abstract: The Cloud Computing is a next generation platform, which provides virtualization with resource pool. There are three types of cloud service models, Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS) and Software-as-a-Service (SaaS). Most of the scientific research focus on IaaS model, which manage virtualization and storage. IaaS allows customer to scale based on user demand and user only pays for the resource usage. Data security plays a crucial role in cloud environment and user trust is most challenging problem of cloud services. This research paper proposed new methodology that secures data and provide privacy to the customer in cloud. Our technique providing security by using data partition approach and that partitioned data will be proceed further parallel for encryption mechanism. Here privacy is given by centric key management scheme.
Keywords: Web services; cloud computing; data privacy; private key cryptography; virtualisation; IaaS model; PaaS; SaaS model; centric key management scheme; cloud computing; cloud environment; cloud service models; data partition approach; data privacy; data security; encryption mechanism; infrastructure-as-a-service; next generation platform; platform-as-a-service; resource pool; resource usage; scientific research; software-as-a-service; storage management; user demand; user trust; virtualization management; Algorithm design and analysis; Cloud computing; Data privacy; Encryption; Partitioning algorithms; Algorithm; Cloud Computing; Encryption; Key Management; Service Models (ID#: 15-5688)


Shashidhara, M.S.; Jaini, C.P., "Privacy Preserving Third Party Auditing in Multi Cloud Storage Environment," Cloud Computing in Emerging Markets (CCEM), 2014 IEEE International Conference on, pp. 1, 6, 15-17 Oct. 2014. doi: 10.1109/CCEM.2014.7015495
Abstract: The on-demand, pay-per-use, and scalable services provided in cloud model guarantee to reduce capital as well as running expenditures for both hardware and software. In cloud environment, users can remotely store their data and access them from a shared pool of configurable computing resources, without local data storage burden. We discuss various methods related to the security and privacy capabilities in cloud paradigm especially data storage in multi cloud environment. We provide three models in form of multicloud architectures which allow categorizing the schemes and analyze them according to their security benefits. The different methods include, resource replication, split application system into tiers based on PIR methods, split both application logic and data into segments. In addition, since the integrity protection of data is a fearsome task in Cloud computing for users with limited computing resources, vulnerabilities in user data privacy are also possible in third party auditing. So we propose a safe cloud storage methodology which supports privacy-preserving third party auditing. And we study the outcomes to perform audits concurrently for multiple users in an efficient manner. Experimental results show that the third party auditing computation time is better than existing approach.
Keywords: cloud computing; data integrity; data privacy; resource allocation; security of data; storage management; PIR methods; application logic; cloud computing; cloud paradigm; computing resources; configurable computing resources; data integrity protection; data privacy; data storage; multicloud architectures; multicloud storage environment; on-demand scalable services; pay-per-use services; privacy capabilities; privacy preserving third party auditing; resource replication; scalable services; security capabilities; split application system; Cloud computing; Computer architecture; Databases; Flowcharts; Memory; Security; Web servers (ID#: 15-5689)


Wenyi Liu; Uluagac, A.S.; Beyah, R., "MACA: A Privacy-Preserving Multi-Factor Cloud Authentication System Utilizing Big Data," Computer Communications Workshops (INFOCOM WKSHPS), 2014 IEEE Conference on, pp. 518, 523, April 27 2014-May 2 2014. doi: 10.1109/INFCOMW.2014.6849285
Abstract: Multi-factor authentication (MFA) is an approach to user validation that requires the presentation of two or more authentication factors. Given the popularity of cloud systems, MFA systems become vital in authenticating users. However, MFA approaches are highly intrusive and expose users' sensitive information to untrusted cloud servers that can keep physically identifying elements of users, long after the user ends the relationship with the cloud. To address these concerns in this work, we present a privacy-preserving multi-factor authentication system utilizing the features of big data called MACA. In MACA, the first factor is a password while the second factor is a hybrid profile of user behavior. The hybrid profile is based on users' integrated behavior, which includes both host-based characteristics and network flow-based features. MACA is the first MFA that considers both user privacy and usability combining big data features (26 total configurable features). Furthermore, we adopt fuzzy hashing and fully homomorphic encryption (FHE) to protect users' sensitive profiles and to handle the varying nature of the user profiles. We evaluate the performance of our proposed approach through experiments with several public datasets. Our results show that our proposed system can successfully validate legitimate users while detecting impostors.
Keywords: Big Data; cloud computing; cryptography; data privacy; file servers; message authentication; Big Data; FHE; MACA; MFA; fully homomorphic encryption; fuzzy hashing; host-based characteristics; network flow-based features; password; privacy-preserving multifactor cloud authentication system; untrusted cloud servers; usability; user behavior hybrid profile; user integrated behavior; user privacy; user sensitive profile protection; Authentication; Big data; Conferences; Cryptography; Mice; Servers; Authentication in Cloud; Fully Homomorphic Encryption; Fuzzy Hashing; Privacy-Preserving Authentication (ID#: 15-5690)


Ruihui Zhao; Hongwei Li; Yi Yang; Yu Liang, "Privacy-Preserving Personalized Search Over Encrypted Cloud Data Supporting Multi-Keyword Ranking," Wireless Communications and Signal Processing (WCSP), 2014 Sixth International Conference on, pp. 1, 6, 23-25 Oct. 2014. doi: 10.1109/WCSP.2014.6992161
Abstract: Cloud computing is emerging as a revolutionary computing paradigm which provides a flexible and economic strategy for data management and resource sharing. Security and privacy become major concerns in the cloud scenario, for which Searchable Encryption (SE) technology is proposed to support efficient keyword based queries and retrieval of encrypted data. However, the absence of personalized search is still a typical shortage in existing SE schemes. In this paper, we focus on addressing personalized search over encrypted cloud data and propose a Privacy-preserving Personalized Search over Encrypted Cloud Data Supporting Multi-keyword Ranking(PPSE) scheme that supports Top-k retrieval in stringent privacy requirements. For the first time, we formulate the privacy issue and design goals for personalized search in SE. We introduce the Open Directory Project to construct a formal model for integrating preferential ranking with keyword search reasonably and automatically, which can help eliminate the ambiguity of any two search requests. In PPSE, we employ the vector space model and the secure kNN scheme to guarantee sufficient search accuracy and privacy protection. The tf-idf weight and the preference weight help to ensure that the search result will faithfully respect the user's interest. As a result, thorough security analysis and performance evaluation on experiments performed on the real-world dataset demonstrate that the PPSE scheme indeed accords with our proposed design goals.
Keywords: cloud computing; cryptography; data privacy; query processing; Open Directory Project; PPSE scheme; SE technology; encrypted cloud data supporting multikeyword ranking; flexible-economic data management strategy; flexible-economic resource sharing strategy; formal model; keyword search; keyword-based encrypted data query; keyword-based encrypted data retrieval; performance evaluation; preference weight; preferential ranking integration; privacy protection; privacy-preserving personalized search; real-world dataset; search accuracy; search request ambiguity elimination; secure kNN scheme; security analysis; tf-idf weight; top-k retrieval; user interest; vector space model; Cryptography; Data privacy; Dictionaries; Indexes; Servers; Vectors; Multi-keyword ranking; Personalized search; Searchable encryption (ID#: 15-5691)


Khanezaei, N.; Hanapi, Z.M., "A Framework Based On RSA And AES Encryption Algorithms For Cloud Computing Services," Systems, Process and Control (ICSPC), 2014 IEEE Conference on, pp. 58, 62, 12-14 Dec. 2014. doi: 10.1109/SPC.2014.7086230
Abstract: Cloud computing is an emerging computing model in which resources of the computing communications are provided as services over the Internet. Privacy and security of cloud storage services are very important and become a challenge in cloud computing due to loss of control over data and its dependence on the cloud computing provider. While there is a huge amount of transferring data in cloud system, the risk of accessing data by attackers raises. Considering the problem of building a secure cloud storage service, current scheme is proposed which is based on combination of RSA and AES encryption methods to share the data among users in a secure cloud system. The proposed method allows providing difficulty for attackers as well as reducing the time of information transmission between user and cloud data storage.
Keywords: cloud computing; data privacy; public key cryptography; AES encryption algorithm; Internet; RSA encryption algorithm; cloud computing services; cloud storage service; data privacy; data security; Cloud computing; Computational modeling; Encryption; Secure storage; Servers; AES; Cloud Computing; Cryptography; Data Security; RSA (ID#: 15-5692)


Sen, S.; Guha, S.; Datta, A.; Rajamani, S.K.; Tsai, J.; Wing, J.M., "Bootstrapping Privacy Compliance in Big Data Systems," Security and Privacy (SP), 2014 IEEE Symposium on, pp. 327, 342, 18-21 May 2014. doi: 10.1109/SP.2014.28
Abstract: With the rapid increase in cloud services collecting and using user data to offer personalized experiences, ensuring that these services comply with their privacy policies has become a business imperative for building user trust. However, most compliance efforts in industry today rely on manual review processes and audits designed to safeguard user data, and therefore are resource intensive and lack coverage. In this paper, we present our experience building and operating a system to automate privacy policy compliance checking in Bing. Central to the design of the system are (a) Legal ease-a language that allows specification of privacy policies that impose restrictions on how user data is handled, and (b) Grok-a data inventory for Map-Reduce-like big data systems that tracks how user data flows among programs. Grok maps code-level schema elements to data types in Legal ease, in essence, annotating existing programs with information flow types with minimal human input. Compliance checking is thus reduced to information flow analysis of Big Data systems. The system, bootstrapped by a small team, checks compliance daily of millions of lines of ever-changing source code written by several thousand developers.
Keywords: Big Data; Web services; cloud computing; computer bootstrapping; conformance testing; data privacy; parallel programming; search engines; source code (software); Bing; Grok data inventory; Legal ease language; Map-Reduce-like Big Data systems; automatic privacy policy compliance checking; business imperative privacy policies; cloud services; code-level schema element mapping; datatypes; information flow types; minimal human input; personalized user experiences; privacy compliance bootstrapping; privacy policy specification; program annotation; source code; user data handling; user trust; Advertising; Big data; Data privacy; IP networks; Lattices; Privacy; Semantics; big data; bing; compliance; information flow; policy; privacy; program analysis (ID#: 15-5693)


Ragini; Mehrotra, P.; Venkatesan, S., "An Efficient Model For Privacy And Security In Mobile Cloud Computing," Recent Trends in Information Technology (ICRTIT), 2014 International Conference on,  pp. 1, 6, 10-12 April 2014. doi: 10.1109/ICRTIT.2014.6996177
Abstract: Mobile Cloud Computing has emerged as a promising technology and its application is expected to expand its features in storing personal health information, e-governance and others. Although data security and privacy have been the major concern to the users. These issues originated from the fact that the cloud is a semi-trusted environment and the sensitive information stored in the cloud can be accessed by any unauthorized person. Thus, new methods and models are needed to solve the problem of privacy and security of data owner. In this paper, we attempt to address the concern of privacy and security of data owner. We first present a Mobility Node Model (MNM) where mobile client is coming from the external environment to the organization. Here data owner provides access of cloud data to mobile client via proxy server without revealing its identity. Second we propose a Centralized Owner Model (COM) as a centralized control mechanism which generates, key, group member details and mobile client accessibility for external and internal environment. Here request of mobile client is propagated via Trusted Leader to achieve optimality in terms of minimizing computation and communication overheads. The analysis of our proposed models demonstrate the efficiency to achieve the privacy and security in mobile cloud computing.
Keywords: authorisation; cloud computing; cryptography; data privacy; mobile computing; trusted computing; COM; IBE; MNM; centralized control mechanism; centralized owner model; cloud data access; communication overhead; computation overhead; data owner privacy; data security; external environment; group member details; identity based proxy encryption; internal environment; key generation; mobile client accessibility; mobile cloud computing; mobility node model; proxy server; semitrusted environment; sensitive information; trusted leader; unauthorized person; Ciphers; Cloud computing; Computational modeling; Encryption; Mobile communication; Servers; Identity Based Encryption (IBE); Mobile Cloud Computing; Privacy&  Security (ID#: 15-5694)


Wenhai Sun; Shucheng Yu; Wenjing Lou; Hou, Y.T.; Hui Li, "Protecting Your Right: Attribute-Based Keyword Search With Fine-Grained Owner-Enforced Search Authorization In The Cloud," INFOCOM, 2014 Proceedings IEEE, pp. 226, 234, April 27 2014-May 2 2014. doi: 10.1109/INFOCOM.2014.6847943
Abstract: Search over encrypted data is a critically important enabling technique in cloud computing, where encryption-before-outsourcing is a fundamental solution to protecting user data privacy in the untrusted cloud server environment. Many secure search schemes have been focusing on the single-contributor scenario, where the outsourced dataset or the secure searchable index of the dataset are encrypted and managed by a single owner, typically based on symmetric cryptography. In this paper, we focus on a different yet more challenging scenario where the outsourced dataset can be contributed from multiple owners and are searchable by multiple users, i.e. multi-user multi-contributor case. Inspired by attribute-based encryption (ABE), we present the first attribute-based keyword search scheme with efficient user revocation (ABKS-UR) that enables scalable fine-grained (i.e. file-level) search authorization. Our scheme allows multiple owners to encrypt and outsource their data to the cloud server independently. Users can generate their own search capabilities without relying on an always online trusted authority. Fine-grained search authorization is also implemented by the owner-enforced access policy on the index of each file. Further, by incorporating proxy re-encryption and lazy re-encryption techniques, we are able to delegate heavy system update workload during user revocation to the resourceful semi-trusted cloud server. We formalize the security definition and prove the proposed ABKS-UR scheme selectively secure against chosen-keyword attack. Finally, performance evaluation shows the efficiency of our scheme.
Keywords: authorisation; cloud computing; cryptography; data privacy; information retrieval ;trusted computing; ABE; ABKS-UR scheme; always online trusted authority; attribute-based encryption; attribute-based keyword search; chosen-keyword attack; cloud computing; cloud server environment; data privacy; encryption; encryption-before-outsourcing; fine-grained owner-enforced search authorization; lazy re-encryption technique; owner-enforced access policy; proxy re-encryption technique; resourceful semi-trusted cloud server; searchable index; security definition; single-contributor search scenario; symmetric cryptography; user revocation; Authorization; Data privacy; Encryption; Indexes; Keyword search; Servers (ID#: 15-5695)


Xue, Li; Wuling, Ren; Guoxin, Jiang; Jie, Yang, "A Solution Which Can Support Privacy Protection And Fuzzy Search Quickly Under Cloud Computing Environment," Information Technology and Electronic Commerce (ICITEC), 2014 2nd International Conference on, pp. 43 , 46, 20-21 Dec. 2014. doi: 10.1109/ICITEC.2014.7105568
Abstract: With the rapid development and widely-use of cloud computing, nowadays more and more users store data in the cloud storages. Some users, especially enterprise users, who have more privacy requirements, urgently need a solution where the cloud storage can be encrypted and retrieved rapidly and also open to internal staff only. However, to protect the privacy of data, the data must be encrypted when it is uploaded. This will greatly reduce the efficiency of retrieval. On the basis of the above, the author proposes a solution which can provide privacy protection and rapid fuzzy search under cloud computing environment. This solution can provide a more reasonable and efficient data storage and retrieval services to the user's data.
Keywords: Approximation methods; Cloud computing; Encryption; Privacy; Servers; Cloud; computing; fuzzy; privacy; search (ID#: 15-5696)


Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.