Visible to the public Biblio

Filters: Keyword is cloud storage  [Clear All Filters]
2020-07-24
Dong, Qiuxiang, Huang, Dijiang, Luo, Jim, Kang, Myong.  2018.  Achieving Fine-Grained Access Control with Discretionary User Revocation over Cloud Data. 2018 IEEE Conference on Communications and Network Security (CNS). :1—9.
Cloud storage solutions have gained momentum in recent years. However, cloud servers can not be fully trusted. Data access control have becomes one of the main impediments for further adoption. One appealing approach is to incorporate the access control into encrypted data, thus removing the need to trust the cloud servers. Among existing cryptographic solutions, Ciphertext Policy Attribute-Based Encryption (CP-ABE) is well suited for fine-grained data access control in cloud storage. As promising as it is, user revocation is a cumbersome problem that impedes its wide application. To address this issue, we design an access control system called DUR-CP-ABE, which implements identity-based User Revocation in a data owner Discretionary way. In short, the proposed solution provides the following salient features. First, user revocation enforcement is based on the discretion of the data owner, thus providing more flexibility. Second, no private key updates are needed when user revocation occurs. Third, the proposed scheme allows for group revocation of affiliated users in a batch operation. To the best of our knowledge, DUR-CP-ABE is the first CP-ABE solution to provide affiliation- based batch revocation functionality, which fits naturally into organizations' Identity and Access Management (IAM) structure. The analysis shows that the proposed access control system is provably secure and efficient in terms of computation, communi- cation and storage.
Li, Chunhua, He, Jinbiao, Lei, Cheng, Guo, Chan, Zhou, Ke.  2018.  Achieving Privacy-Preserving CP-ABE Access Control with Multi-Cloud. 2018 IEEE Intl Conf on Parallel Distributed Processing with Applications, Ubiquitous Computing Communications, Big Data Cloud Computing, Social Computing Networking, Sustainable Computing Communications (ISPA/IUCC/BDCloud/SocialCom/SustainCom). :801—808.
Cloud storage service makes it very convenient for people to access and share data. At the same time, the confidentiality and privacy of user data is also facing great challenges. Ciphertext-Policy Attribute-Based Encryption (CP-ABE) scheme is widely considered to be the most suitable security access control technology for cloud storage environment. Aiming at the problem of privacy leakage caused by single-cloud CP-ABE which is commonly adopted in the current schemes, this paper proposes a privacy-preserving CP-ABE access control scheme using multi-cloud architecture. By improving the traditional CP-ABE algorithm and introducing a proxy to cut the user's private key, it can ensure that only a part of the user attribute set can be obtained by a single cloud, which effectively protects the privacy of user attributes. Meanwhile, the intermediate logical structure of the access policy tree is stored in proxy, and only the leaf node information is stored in the ciphertext, which effectively protects the privacy of the access policy. Security analysis shows that our scheme is effective against replay and man-in-the-middle attacks, as well as user collusion attack. Experimental results also demonstrates that the multi-cloud CP-ABE does not significantly increase the overhead of storage and encryption compared to the single cloud scheme, but the access control overhead decreases as the number of clouds increases. When the access policy is expressed with a AND gate structure, the decryption overhead is obviously less than that of a single cloud environment.
2020-07-20
Ning, Jianting, Cao, Zhenfu, Dong, Xiaolei, Wei, Lifei.  2018.  White-Box Traceable CP-ABE for Cloud Storage Service: How to Catch People Leaking Their Access Credentials Effectively. IEEE Transactions on Dependable and Secure Computing. 15:883–897.
Ciphertext-policy attribute-based encryption (CP-ABE) has been proposed to enable fine-grained access control on encrypted data for cloud storage service. In the context of CP-ABE, since the decryption privilege is shared by multiple users who have the same attributes, it is difficult to identify the original key owner when given an exposed key. This leaves the malicious cloud users a chance to leak their access credentials to outsourced data in clouds for profits without the risk of being caught, which severely damages data security. To address this problem, we add the property of traceability to the conventional CP-ABE. To catch people leaking their access credentials to outsourced data in clouds for profits effectively, in this paper, we first propose two kinds of non-interactive commitments for traitor tracing. Then we present a fully secure traceable CP-ABE system for cloud storage service from the proposed commitment. Our proposed commitments for traitor tracing may be of independent interest, as they are both pairing-friendly and homomorphic. We also provide extensive experimental results to confirm the feasibility and efficiency of the proposed solution.
2020-07-10
Zhang, Mengyu, Zhang, Hecan, Yang, Yahui, Shen, Qingni.  2019.  PTAD:Provable and Traceable Assured Deletion in Cloud Storage. 2019 IEEE Symposium on Computers and Communications (ISCC). :1—6.

As an efficient deletion method, unlinking is widely used in cloud storage. While unlinking is a kind of incomplete deletion, `deleted data' remains on cloud and can be recovered. To make `deleted data' unrecoverable, overwriting is an effective method on cloud. Users lose control over their data on cloud once deleted, so it is difficult for them to confirm overwriting. In face of such a crucial problem, we propose a Provable and Traceable Assured Deletion (PTAD) scheme in cloud storage based on blockchain. PTAD scheme relies on overwriting to achieve assured deletion. We reference the idea of data integrity checking and design algorithms to verify if cloud overwrites original blocks properly as specific patterns. We utilize technique of smart contract in blockchain to automatically execute verification and keep transaction in ledger for tracking. The whole scheme can be divided into three stages-unlinking, overwriting and verification-and we design one specific algorithm for each stage. For evaluation, we implement PTAD scheme on cloud and construct a consortium chain with Hyperledger Fabric. The performance shows that PTAD scheme is effective and feasible.

2020-07-06
Farhadi, Majid, Bypour, Hamideh, Mortazavi, Reza.  2019.  An efficient secret sharing-based storage system for cloud-based IoTs. 2019 16th International ISC (Iranian Society of Cryptology) Conference on Information Security and Cryptology (ISCISC). :122–127.
Internet of Things is the newfound information architecture based on the Internet that develops interactions between objects and services in a secure and reliable environment. As the availability of many smart devices rises, secure and scalable mass storage systems for aggregate data is required in IoTs applications. In this paper, we propose a new method for storing aggregate data in IoTs by use of ( t, n) -threshold secret sharing scheme in the cloud storage. In this method, original data is divided into t blocks that each block is considered as a share. This method is scalable and traceable, i.e., new data can be inserted or part of original data can be deleted, without changing shares, also cloud service providers' fault in sending invalid shares are detectable.
2020-06-08
Das, Bablu Kumar, Garg, Ritu.  2019.  Security of Cloud Storage based on Extended Hill Cipher and Homomorphic Encryption. 2019 International Conference on Communication and Electronics Systems (ICCES). :515–520.
Cloud computing is one of the emerging area in the business world that help to access resources at low expense with high privacy. Security is a standout amongst the most imperative difficulties in cloud network for cloud providers and their customers. In order to ensure security in cloud, we proposed a framework using different encryption algorithm namely Extended hill cipher and homomorphic encryption. Firstly user data/information is isolated into two parts which is static and dynamic data (critical data). Extended hill cipher encryption is applied over more important dynamic part where we are encrypting the string using matrix multiplication. While homomorphic encryption is applied over static data in which it accepts n number of strings as information, encode each string independently and lastly combine all the strings. The test results clearly manifests that the proposed model provides better information security.
2020-06-01
Tang, Yuzhe, Zou, Qiwu, Chen, Ju, Li, Kai, Kamhoua, Charles A., Kwiat, Kevin, Njilla, Laurent.  2018.  ChainFS: Blockchain-Secured Cloud Storage. 2018 IEEE 11th International Conference on Cloud Computing (CLOUD). :987–990.
This work presents ChainFS, a middleware system that secures cloud storage services using a minimally trusted Blockchain. ChainFS hardens the cloud-storage security against forking attacks. The ChainFS middleware exposes a file-system interface to end users. Internally, ChainFS stores data files in the cloud and exports minimal and necessary functionalities to the Blockchain for key distribution and file operation logging. We implement the ChainFS system on Ethereum and S3FS and closely integrate it with FUSE clients and Amazon S3 cloud storage. We measure the system performance and demonstrate low overhead.
2020-03-18
Banerjee, Rupam, Chattopadhyay, Arup Kumar, Nag, Amitava, Bose, Kaushik.  2019.  A Nobel Cryptosystem for Group Data Sharing in Cloud Storage. 2019 IEEE 9th Annual Computing and Communication Workshop and Conference (CCWC). :0728–0731.
The biggest challenge of sharing data stored in cloud-storage is privacy-preservation. In this paper, we propose a simple yet effective solution for enforcing the security of private data stored in some cloud storage for sharing. We consider an environment where even if the cloud service provider is not-reliable or is compromised, our data still remain secure. The data Owner encrypts the private files using a secret key, file identifier and hash function and then uploads the cipher text files to the cloud. When a Data user requests access to a file, the owner establishes a key with the user and creates a new key, which is sent to the user. The user can then extract the original key by using the mutually established secret key and use it to decrypt the encrypted file. Thus we propose a system which is computationally simple yet provides a secure mechanism for sharing private data even over an untrusted cloud service provider.
Yang, Xiaodong, Chen, Guilan, Wang, Meiding, Pei, Xizhen.  2019.  Lightweight Searchable Encryption Scheme Based on Certificateless Cryptosystem. 2019 4th International Conference on Mechanical, Control and Computer Engineering (ICMCCE). :669–6693.
Searchable encryption technology can guarantee the confidentiality of cloud data and the searchability of ciphertext data, which has a very broad application prospect in cloud storage environments. However, most existing searchable encryption schemes have problems, such as excessive computational overhead and low security. In order to solve these problems, a lightweight searchable encryption scheme based on certificateless cryptosystem is proposed. The user's final private key consists of partial private key and secret value, which effectively solves the certificate management problem of the traditional cryptosystem and the key escrow problem of identity-based cryptosystem. At the same time, the introduction of third-party manager has significantly reduced the burden in the cloud server and achieved lightweight multi-user ciphertext retrieval. In addition, the data owner stores the file index in the third-party manager, while the file ciphertext is stored in the cloud server. This ensures that the file index is not known by the cloud server. The analysis results show that the scheme satisfies trapdoor indistinguishability and can resist keyword guessing attacks. Compared with similar certificateless encryption schemes, it has higher computational performance in key generation, keyword encryption, trapdoor generation and keyword search.
2020-03-09
Babu, T. Kishore, Guruprakash, C. D..  2019.  A Systematic Review of the Third Party Auditing in Cloud Security: Security Analysis, Computation Overhead and Performance Evaluation. 2019 3rd International Conference on Computing Methodologies and Communication (ICCMC). :86–91.
Cloud storage offers a considerable efficiency and security to the user's data and provide high flexibility to the user. The hackers make attempt of several attacks to steal the data that increase the concern of data security in cloud. The Third Party Auditing (TPA) method is introduced to check the data integrity. There are several TPA methods developed to improve the privacy and efficiency of the data integrity checking method. Various methods involved in TPA, have been analyzed in this review in terms of function, security and overall performance. Merkel Hash Tree (MHT) method provides efficiency and security in checking the integrity of data. The computational overhead of the proof verify is also analyzed in this review. The communication cost of the most TPA methods observed as low and there is a need of improvement in security of the public auditing.
2020-01-21
Gao, Jiaqiong, Wang, Tao.  2019.  Research on the IPv6 Technical Defects and Countermeasures. 2019 International Conference on Computer Network, Electronic and Automation (ICCNEA). :165–170.
The current global Internet USES the TCP/IP protocol cluster, the current version is IPv4. The IPv4 is with 32-bit addresses, the maximum number of computers connected to the Internet in the world is 232. With the development of Internet of things, big data and cloud storage and other technologies, the limited address space defined by IPv4 has been exhausted. To expand the address space, the IETF designed the next generation IPv6 to replace IPv4. IPv6 using a 128-bit address length that provides almost unlimited addresses. However, with the development and application of the Internet of things, big data and cloud storage, IPv6 has some shortcomings in its addressing structure design; security and network compatibility, These technologies are gradually applied in recent years, the continuous development of new technologies application show that the IPv6 address structure design ideas have some fatal defects. This paper proposed a route to upgrade the original IPv4 by studying on the structure of IPv6 "spliced address", and point out the defects in the design of IPv6 interface ID and the potential problems such as security holes.
2019-12-05
Gu, Yonggen, Hou, Dingding, Wu, Xiaohong.  2018.  A Cloud Storage Resource Transaction Mechanism Based on Smart Contract. Proceedings of the 8th International Conference on Communication and Network Security. :134-138.

Since the security and fault tolerance is the two important metrics of the data storage, it brings both opportunities and challenges for distributed data storage and transaction. The traditional transaction system of storage resources, which generally runs in a centralized mode, results in high cost, vendor lock-in, single point failure risk, DDoS attack and information security. Therefore, this paper proposes a distributed transaction method for cloud storage based on smart contract. First, to guarantee the fault tolerance and decrease the storing cost for erasure coding, a VCG-based auction mechanism is proposed for storage transaction, and we deploy and implement the proposed mechanism by designing a corresponding smart contract. Especially, we address the problem - how to implement a VCG-like mechanism in a blockchain environment. Based on private chain of Ethereum, we make the simulations for proposed storage transaction method. The results showed that proposed transaction model can realize competitive trading of storage resources, and ensure the safe and economic operation of resource trading.

2019-11-25
Rady, Mai, Abdelkader, Tamer, Ismail, Rasha.  2018.  SCIQ-CD: A Secure Scheme to Provide Confidentiality and Integrity of Query results for Cloud Databases. 2018 14th International Computer Engineering Conference (ICENCO). :225–230.
Database outsourcing introduces a new paradigm, called Database as a Service (DBaaS). Database Service Providers (DSPs) have the ability to host outsourced databases and provide efficient facilities for their users. However, the data and the execution of database queries are under the control of the DSP, which is not always a trusted authority. Therefore, our problem is to ensure the outsourced database security. To address this problem, we propose a Secure scheme to provide Confidentiality and Integrity of Query results for Cloud Databases (SCIQ-CD). The performance analysis shows that our proposed scheme is secure and efficient for practical deployment.
2019-10-22
Li, Ling, An, Xiaoguang.  2018.  Research on Storage Mechanism of Cloud Security Policy. 2018 International Conference on Virtual Reality and Intelligent Systems (ICVRIS). :130–133.
Cloud computing, cloud security and cloud storage have been gradually introduced into people's life and become hot topicsof research, for which relevant technologies have permeated through the computer industry and relevant industries. With the coming of the modern information society, secure storage of data has been becoming increasingly important. Proceeding from traditional policy storage, this paper includes comparison and improvement of policy storage for the purpose of meeting requirements of storage of cloud security policy. Policy storage technology refers to a technology used to realize storage of policies created by users and relevant policy information. Policy repository can conduct centralized management and processing of multiple policies and their relevant information. At present, popular policy repositories generally include policy storage for relational database or policy storage for directory server or a file in a fixed format, such as XML file format.
2019-09-26
Liu, Y., Zhang, J., Gao, Q..  2018.  A Blockchain-Based Secure Cloud Files Sharing Scheme with Fine-Grained Access Control. 2018 International Conference on Networking and Network Applications (NaNA). :277-283.

As cloud services greatly facilitate file sharing online, there's been a growing awareness of the security challenges brought by outsourcing data to a third party. Traditionally, the centralized management of cloud service provider brings about safety issues because the third party is only semi-trusted by clients. Besides, it causes trouble for sharing online data conveniently. In this paper, the blockchain technology is utilized for decentralized safety administration and provide more user-friendly service. Apart from that, Ciphertext-Policy Attribute Based Encryption is introduced as an effective tool to realize fine-grained data access control of the stored files. Meanwhile, the security analysis proves the confidentiality and integrity of the data stored in the cloud server. Finally, we evaluate the performance of computation overhead of our system.

Khan, Mohammad Taha, Hyun, Maria, Kanich, Chris, Ur, Blase.  2018.  Forgotten But Not Gone: Identifying the Need for Longitudinal Data Management in Cloud Storage. Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems. :543:1-543:12.

Users have accumulated years of personal data in cloud storage, creating potential privacy and security risks. This agglomeration includes files retained or shared with others simply out of momentum, rather than intention. We presented 100 online-survey participants with a stratified sample of 10 files currently stored in their own Dropbox or Google Drive accounts. We asked about the origin of each file, whether the participant remembered that file was stored there, and, when applicable, about that file's sharing status. We also recorded participants' preferences moving forward for keeping, deleting, or encrypting those files, as well as adjusting sharing settings. Participants had forgotten that half of the files they saw were in the cloud. Overall, 83% of participants wanted to delete at least one file they saw, while 13% wanted to unshare at least one file. Our combined results suggest directions for retrospective cloud data management.

Xu, J., Ying, C., Tan, S., Sun, Z., Wang, P., Sun, Z..  2018.  An Attribute-Based Searchable Encryption Scheme Supporting Trapdoor Updating. 2018 IEEE 16th Intl Conf on Dependable, Autonomic and Secure Computing, 16th Intl Conf on Pervasive Intelligence and Computing, 4th Intl Conf on Big Data Intelligence and Computing and Cyber Science and Technology Congress(DASC/PiCom/DataCom/CyberSciTech). :7-14.
In the cloud computing environment, a growing number of users share their own data files through cloud storage. However, there will be some security and privacy problems due to the reason that the cloud is not completely trusted, so it needs to be resolved by access control. Attribute-based encryption (ABE) and searchable encryption (SE) can solve fine-grained access control. At present, researchers combine the two to propose an attribute-based searchable encryption scheme and achieved remarkable results. Nevertheless, most of existing attribute-based searchable encryption schemes cannot resist online/offline keyword guessing attack. To solve the problem, we present an attribute-based (CP-ABE) searchable encryption scheme that supports trapdoor updating (CSES-TU). In this scheme, the data owner can formulate an access strategy for the encrypted data. Only the attributes of the data user are matched with the strategy can the effective trapdoor be generated and the ciphertext be searched, and that this scheme will update trapdoors at the same time. Even if the keywords are the same, new trapdoors will be generated every time when the keyword is searched, thus minimizing the damage caused by online/offline keyword guessing attack. Finally, the performance of the scheme is analyzed, and the proof of correctness and security are given at the same time.
Li, S., Wang, F., Shi, T., Kuang, J..  2019.  Probably Secure Multi-User Multi-Keyword Searchable Encryption Scheme in Cloud Storage. 2019 IEEE 3rd Information Technology, Networking, Electronic and Automation Control Conference (ITNEC). :1368-1372.

Searchable encryption server protects privacal data of data owner from leaks. This paper analyzes the security of a multi-user searchable encryption scheme and points out that this scheme does not satisfy the invisibility of trapdoors. In order to improve the security of the original scheme, this paper proposes a probably secure multi-user multi-keyword searchable encryption scheme. New secheme not only ensures the confidentiality of the cipher text keyword, but also does not increase the encryption workload of the data owner when the new data user joins. In the random oracle model, based on the hard problem of decisional Diffie-Hellman, it is proved that the scheme has trapdoor indistinguishability. In the end, obtained by the simulation program to achieve a new computationally efficient communication at low cost.

Chung, S., Shieh, M., Chiueh, T..  2018.  A Security Proxy to Cloud Storage Backends Based on an Efficient Wildcard Searchable Encryption. 2018 IEEE 8th International Symposium on Cloud and Service Computing (SC2). :127-130.

Cloud storage backends such as Amazon S3 are a potential storage solution to enterprises. However, to couple enterprises with these backends, at least two problems must be solved: first, how to make these semi-trusted backends as secure as on-premises storage; and second, how to selectively retrieve files as easy as on-premises storage. A security proxy can address both the problems by building a local index from keywords in files before encrypting and uploading files to these backends. But, if the local index is built in plaintext, file content is still vulnerable to local malicious staff. Searchable Encryption (SE) can get rid of this vulnerability by making index into ciphertext; however, its known constructions often require modifications to index database, and, to support wildcard queries, they are not efficient at all. In this paper, we present a security proxy that, based on our wildcard SE construction, can securely and efficiently couple enterprises with these backends. In particular, since our SE construction can work directly with existing database systems, it incurs only a little overhead, and when needed, permits the security proxy to run with constantly small storage footprint by readily out-sourcing all built indices to existing cloud databases.

2019-02-13
Joshi, M., Joshi, K., Finin, T..  2018.  Attribute Based Encryption for Secure Access to Cloud Based EHR Systems. 2018 IEEE 11th International Conference on Cloud Computing (CLOUD). :932–935.
Medical organizations find it challenging to adopt cloud-based electronic medical records services, due to the risk of data breaches and the resulting compromise of patient data. Existing authorization models follow a patient centric approach for EHR management where the responsibility of authorizing data access is handled at the patients' end. This however creates a significant overhead for the patient who has to authorize every access of their health record. This is not practical given the multiple personnel involved in providing care and that at times the patient may not be in a state to provide this authorization. Hence there is a need of developing a proper authorization delegation mechanism for safe, secure and easy cloud-based EHR management. We have developed a novel, centralized, attribute based authorization mechanism that uses Attribute Based Encryption (ABE) and allows for delegated secure access of patient records. This mechanism transfers the service management overhead from the patient to the medical organization and allows easy delegation of cloud-based EHR's access authority to the medical providers. In this paper, we describe this novel ABE approach as well as the prototype system that we have created to illustrate it.
Yasumura, Y., Imabayashi, H., Yamana, H..  2018.  Attribute-based proxy re-encryption method for revocation in cloud storage: Reduction of communication cost at re-encryption. 2018 IEEE 3rd International Conference on Big Data Analysis (ICBDA). :312–318.
In recent years, many users have uploaded data to the cloud for easy storage and sharing with other users. At the same time, security and privacy concerns for the data are growing. Attribute-based encryption (ABE) enables both data security and access control by defining users with attributes so that only those users who have matching attributes can decrypt them. For real-world applications of ABE, revocation of users or their attributes is necessary so that revoked users can no longer decrypt the data. In actual implementations, ABE is used in hybrid with a symmetric encryption scheme such as the advanced encryption standard (AES) where data is encrypted with AES and the AES key is encrypted with ABE. The hybrid encryption scheme requires re-encryption of the data upon revocation to ensure that the revoked users can no longer decrypt that data. To re-encrypt the data, the data owner (DO) must download the data from the cloud, then decrypt, encrypt, and upload the data back to the cloud, resulting in both huge communication costs and computational burden on the DO depending on the size of the data to be re-encrypted. In this paper, we propose an attribute-based proxy re-encryption method in which data can be re-encrypted in the cloud without downloading any data by adopting both ABE and Syalim's encryption scheme. Our proposed scheme reduces the communication cost between the DO and cloud storage. Experimental results show that the proposed method reduces the communication cost by as much as one quarter compared to that of the trivial solution.
2018-12-03
Gorke, Christian A., Janson, Christian, Armknecht, Frederik, Cid, Carlos.  2017.  Cloud Storage File Recoverability. Proceedings of the Fifth ACM International Workshop on Security in Cloud Computing. :19–26.

Data loss is perceived as one of the major threats for cloud storage. Consequently, the security community developed several challenge-response protocols that allow a user to remotely verify whether an outsourced file is still intact. However, two important practical problems have not yet been considered. First, clients commonly outsource multiple files of different sizes, raising the question how to formalize such a scheme and in particular ensuring that all files can be simultaneously audited. Second, in case auditing of the files fails, existing schemes do not provide a client with any method to prove if the original files are still recoverable. We address both problems and describe appropriate solutions. The first problem is tackled by providing a new type of "Proofs of Retrievability" scheme, enabling a client to check all files simultaneously in a compact way. The second problem is solved by defining a novel procedure called "Proofs of Recoverability", enabling a client to obtain an assurance whether a file is recoverable or irreparably damaged. Finally, we present a combination of both schemes allowing the client to check the recoverability of all her original files, thus ensuring cloud storage file recoverability.

Ennajjar, Ibtissam, Tabii, Youness, Benkaddour, Abdelhamid.  2017.  Securing Data in Cloud Computing by Classification. Proceedings of the 2Nd International Conference on Big Data, Cloud and Applications. :49:1–49:5.

Cloud computing is a wide architecture based on diverse models for providing different services of software and hardware. Cloud computing paradigm attracts different users because of its several benefits such as high resource elasticity, expense reduction, scalability and simplicity which provide significant preserving in terms of investment and work force. However, the new approaches introduced by the cloud, related to computation outsourcing, distributed resources, multi-tenancy concept, high dynamism of the model, data warehousing and the nontransparent style of cloud increase the security and privacy concerns and makes building and handling trust among cloud service providers and consumers a critical security challenge. This paper proposes a new approach to improve security of data in cloud computing. It suggests a classification model to categorize data before being introduced into a suitable encryption system according to the category. Since data in cloud has not the same sensitivity level, encrypting it with the same algorithms can lead to a lack of security or of resources. By this method we try to optimize the resources consumption and the computation cost while ensuring data confidentiality.

2018-11-14
Zhao, W., Qiang, L., Zou, H., Zhang, A., Li, J..  2018.  Privacy-Preserving and Unforgeable Searchable Encrypted Audit Logs for Cloud Storage. 2018 5th IEEE International Conference on Cyber Security and Cloud Computing (CSCloud)/2018 4th IEEE International Conference on Edge Computing and Scalable Cloud (EdgeCom). :29–34.

Audit logs are widely used in information systems nowadays. In cloud computing and cloud storage environment, audit logs are required to be encrypted and outsourced on remote servers to protect the confidentiality of data and the privacy of users. The searchable encrypted audit logs support a search on the encrypted audit logs. In this paper, we propose a privacy-preserving and unforgeable searchable encrypted audit log scheme based on PEKS. Only the trusted data owner can generate encrypted audit logs containing access permissions for users. The semi-honest server verifies the audit logs in a searchable encryption way before granting the operation rights to users and storing the audit logs. The data owner can perform a fine-grained conjunctive query on the stored audit logs, and accept only the valid audit logs. The scheme is immune to the collusion tamper or fabrication conducted by server and user. Concrete implementations of the scheme is put forward in detail. The correct of the scheme is proved, and the security properties, such as privacy-preserving, searchability, verifiability and unforgeability are analyzed. Further evaluation of computation load shows that the design is of considerable efficiency.

2018-09-12
Armknecht, Frederik, Boyd, Colin, Davies, Gareth T., Gjøsteen, Kristian, Toorani, Mohsen.  2017.  Side Channels in Deduplication: Trade-offs Between Leakage and Efficiency. Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security. :266–274.
Deduplication removes redundant copies of files or data blocks stored on the cloud. Client-side deduplication, where the client only uploads the file upon the request of the server, provides major storage and bandwidth savings, but introduces a number of security concerns. Harnik et al. (2010) showed how cross-user client-side deduplication inherently gives the adversary access to a (noisy) side-channel that may divulge whether or not a particular file is stored on the server, leading to leakage of user information. We provide formal definitions for deduplication strategies and their security in terms of adversarial advantage. Using these definitions, we provide a criterion for designing good strategies and then prove a bound characterizing the necessary trade-off between security and efficiency.