The Cloud is increasingly being used to store and process big data for its tenants and classical security mechanisms using encryption are neither sufficiently efficient nor suited to the task of protecting big data in...The Cloud is increasingly being used to store and process big data for its tenants and classical security mechanisms using encryption are neither sufficiently efficient nor suited to the task of protecting big data in the Cloud.In this paper,we present an alternative approach which divides big data into sequenced parts and stores them among multiple Cloud storage service providers.Instead of protecting the big data itself,the proposed scheme protects the mapping of the various data elements to each provider using a trapdoor function.Analysis,comparison and simulation prove that the proposed scheme is efficient and secure for the big data of Cloud tenants.展开更多
With the increasing popularity of cloud computing,privacy has become one of the key problem in cloud security.When data is outsourced to the cloud,for data owners,they need to ensure the security of their privacy;for ...With the increasing popularity of cloud computing,privacy has become one of the key problem in cloud security.When data is outsourced to the cloud,for data owners,they need to ensure the security of their privacy;for cloud service providers,they need some information of the data to provide high QoS services;and for authorized users,they need to access to the true value of data.The existing privacy-preserving methods can't meet all the needs of the three parties at the same time.To address this issue,we propose a retrievable data perturbation method and use it in the privacy-preserving in data outsourcing in cloud computing.Our scheme comes in four steps.Firstly,an improved random generator is proposed to generate an accurate "noise".Next,a perturbation algorithm is introduced to add noise to the original data.By doing this,the privacy information is hidden,but the mean and covariance of data which the service providers may need remain unchanged.Then,a retrieval algorithm is proposed to get the original data back from the perturbed data.Finally,we combine the retrievable perturbation with the access control process to ensure only the authorized users can retrieve the original data.The experiments show that our scheme perturbs date correctly,efficiently,and securely.展开更多
The rapid technological convergence between Internet of Things (loT), Wireless Body Area Networks (WBANs) and cloud computing has made e-healthcare emerge as a promising application domain, which has significant p...The rapid technological convergence between Internet of Things (loT), Wireless Body Area Networks (WBANs) and cloud computing has made e-healthcare emerge as a promising application domain, which has significant potential to improve the quality of medical care. In particular, patient-centric health monitoring plays a vital role in e-healthcare service, involving a set of important operations ranging from medical data collection and aggregation, data transmission and segregation, to data analytics. This survey paper firstly presents an architectural framework to describe the entire monitoring life cycle and highlight the essential service components. More detailed discussions are then devoted to {/em data collection} at patient side, which we argue that it serves as fundamental basis in achieving robust, efficient, and secure health monitoring. Subsequently, a profound discussion of the security threats targeting eHealth monitoring systems is presented, and the major limitations of the existing solutions are analyzed and extensively discussed. Finally, a set of design challenges is identified in order to achieve high quality and secure patient-centric monitoring schemes, along with some potential solutions.展开更多
Despite that existing data sharing systems in online social networks (OSNs) propose to encrypt data before sharing, the multiparty access control of encrypted data has become a challenging issue. In this paper, we p...Despite that existing data sharing systems in online social networks (OSNs) propose to encrypt data before sharing, the multiparty access control of encrypted data has become a challenging issue. In this paper, we propose a secure data sharing scheme in 0SNs based on ciphertext-policy attribute- based proxy re-encryption and secret sharing. In order to protect users' sensitive data, our scheme allows users to customize access policies of their data and then outsource encrypted data to the OSNs service provider. Our scheme presents a multiparty access control model, which enables the disseminator to update the access policy of ciphertext if their attributes satisfy the existing access policy. Further, we present a partial decryption construction in which the computation overhead of user is largely reduced by delegating most of the decryption operations to the OSNs service provider. We also provide checkability on the results returned from the OSNs service provider to guarantee the correctness of partial decrypted ciphertext. Moreover, our scheme presents an efficient attribute revocation method that achieves both forward and backward secrecy. The security and performance analysis results indicate that the proposed scheme is secure and efficient in OSNs.展开更多
Due to its characteristics distribution and virtualization, cloud storage also brings new security problems. User's data is stored in the cloud, which separated the ownership from management. How to ensure the securi...Due to its characteristics distribution and virtualization, cloud storage also brings new security problems. User's data is stored in the cloud, which separated the ownership from management. How to ensure the security of cloud data, how to increase data availability and how to improve user privacy perception are the key issues of cloud storage research, especially when the cloud service provider is not completely trusted. In this paper, a cloud storage ciphertext retrieval scheme based on AES and homomorphic encryption is presented. This ciphertext retrieval scheme will not only conceal the user retrieval information, but also prevent the cloud from obtaining user access pattern such as read-write mode, and access frequency, thereby ensuring the safety of the ciphertext retrieval and user privacy. The results of simulation analysis show that the performance of this ciphertext retrieval scheme requires less overhead than other schemes on the same security level.展开更多
基金supported in part by the National Nature Science Foundation of China under Grant No.61402413 and 61340058 the "Six Kinds Peak Talents Plan" project of Jiangsu Province under Grant No.ll-JY-009+2 种基金the Nature Science Foundation of Zhejiang Province under Grant No.LY14F020019, Z14F020006 and Y1101183the China Postdoctoral Science Foundation funded project under Grant No.2012M511732Jiangsu Province Postdoctoral Science Foundation funded project Grant No.1102014C
文摘The Cloud is increasingly being used to store and process big data for its tenants and classical security mechanisms using encryption are neither sufficiently efficient nor suited to the task of protecting big data in the Cloud.In this paper,we present an alternative approach which divides big data into sequenced parts and stores them among multiple Cloud storage service providers.Instead of protecting the big data itself,the proposed scheme protects the mapping of the various data elements to each provider using a trapdoor function.Analysis,comparison and simulation prove that the proposed scheme is efficient and secure for the big data of Cloud tenants.
基金supported in part by NSFC under Grant No.61172090National Science and Technology Major Project under Grant 2012ZX03002001+3 种基金Research Fund for the Doctoral Program of Higher Education of China under Grant No.20120201110013Scientific and Technological Project in Shaanxi Province under Grant(No.2012K06-30, No.2014JQ8322)Basic Science Research Fund in Xi'an Jiaotong University(No. XJJ2014049,No.XKJC2014008)Shaanxi Science and Technology Innovation Project (2013SZS16-Z01/P01/K01)
文摘With the increasing popularity of cloud computing,privacy has become one of the key problem in cloud security.When data is outsourced to the cloud,for data owners,they need to ensure the security of their privacy;for cloud service providers,they need some information of the data to provide high QoS services;and for authorized users,they need to access to the true value of data.The existing privacy-preserving methods can't meet all the needs of the three parties at the same time.To address this issue,we propose a retrievable data perturbation method and use it in the privacy-preserving in data outsourcing in cloud computing.Our scheme comes in four steps.Firstly,an improved random generator is proposed to generate an accurate "noise".Next,a perturbation algorithm is introduced to add noise to the original data.By doing this,the privacy information is hidden,but the mean and covariance of data which the service providers may need remain unchanged.Then,a retrieval algorithm is proposed to get the original data back from the perturbed data.Finally,we combine the retrievable perturbation with the access control process to ensure only the authorized users can retrieve the original data.The experiments show that our scheme perturbs date correctly,efficiently,and securely.
基金supported,in part,by Science Foundation Ireland grant 10/CE/I1855 to Lero -the Irish Software Engineering Research Centre(www.lero.ie)
文摘The rapid technological convergence between Internet of Things (loT), Wireless Body Area Networks (WBANs) and cloud computing has made e-healthcare emerge as a promising application domain, which has significant potential to improve the quality of medical care. In particular, patient-centric health monitoring plays a vital role in e-healthcare service, involving a set of important operations ranging from medical data collection and aggregation, data transmission and segregation, to data analytics. This survey paper firstly presents an architectural framework to describe the entire monitoring life cycle and highlight the essential service components. More detailed discussions are then devoted to {/em data collection} at patient side, which we argue that it serves as fundamental basis in achieving robust, efficient, and secure health monitoring. Subsequently, a profound discussion of the security threats targeting eHealth monitoring systems is presented, and the major limitations of the existing solutions are analyzed and extensively discussed. Finally, a set of design challenges is identified in order to achieve high quality and secure patient-centric monitoring schemes, along with some potential solutions.
基金This work has been supported by the National Natural Science Foundation of China under Grant No.61272519,the Specialized Research Fund for the Doctoral Program of Higher Education under Grant No.20120005110017,and the National Key Technology R&D Program under Grant No.2012BAH06B02
文摘Despite that existing data sharing systems in online social networks (OSNs) propose to encrypt data before sharing, the multiparty access control of encrypted data has become a challenging issue. In this paper, we propose a secure data sharing scheme in 0SNs based on ciphertext-policy attribute- based proxy re-encryption and secret sharing. In order to protect users' sensitive data, our scheme allows users to customize access policies of their data and then outsource encrypted data to the OSNs service provider. Our scheme presents a multiparty access control model, which enables the disseminator to update the access policy of ciphertext if their attributes satisfy the existing access policy. Further, we present a partial decryption construction in which the computation overhead of user is largely reduced by delegating most of the decryption operations to the OSNs service provider. We also provide checkability on the results returned from the OSNs service provider to guarantee the correctness of partial decrypted ciphertext. Moreover, our scheme presents an efficient attribute revocation method that achieves both forward and backward secrecy. The security and performance analysis results indicate that the proposed scheme is secure and efficient in OSNs.
基金the National Natural Science Foundation of China under Grant,the Fundamental Research Funds for the Central Universities under Grant No.FRF-TP-14-046A2
文摘Due to its characteristics distribution and virtualization, cloud storage also brings new security problems. User's data is stored in the cloud, which separated the ownership from management. How to ensure the security of cloud data, how to increase data availability and how to improve user privacy perception are the key issues of cloud storage research, especially when the cloud service provider is not completely trusted. In this paper, a cloud storage ciphertext retrieval scheme based on AES and homomorphic encryption is presented. This ciphertext retrieval scheme will not only conceal the user retrieval information, but also prevent the cloud from obtaining user access pattern such as read-write mode, and access frequency, thereby ensuring the safety of the ciphertext retrieval and user privacy. The results of simulation analysis show that the performance of this ciphertext retrieval scheme requires less overhead than other schemes on the same security level.
