Biblio

Cloud computing is a fast growing field that provides the user with resources like software, infrastructure and virtual hardware processing power. The steady rise of cloud computing in recent times allowed large companies and even individual users to move towards working with cloud storage systems. However, the risks of leakage of uploaded data in the cloud storage and the questions about the privacy of such systems are becoming a huge problem. Security incidents occur frequently everywhere around the world. Sometimes, data leak may occur at the server side by hackers for their own profit. Data being shared must be encrypted before outsourcing it to the cloud storage. Existing encryption/decryption systems utilize large computational power and have troubles managing the files. This paper introduces a file system that is a more efficient, virtual, with encryption/decryption scheme using parallel encryption. To make encryption and decryption of files easier, Parallel encryption is used in place of serial encryption which is integrated with Identity-Based Encryption in the file system. The proposed file system aims to secure files, reduce the chances of file stored in cloud storage getting leaked thus providing better security. The proposed file system, OutFS+, is more robust and secure than its predecessor, OutFS. Cloud outsourcing takes place faster and the files can be downloaded to the OutFS+ instance on the other side. Moreover, OutFS+ is secure since it is a virtual layer on the operating system and can be unmounted whenever the user wants to.

In this paper, we propose a novel watermarking-based copy deterrence scheme for identifying data leaks through authorized query users in secure image outsourcing systems. The scheme generates watermarks unique to each query user, which are embedded in the retrieved encrypted images. During unauthorized distribution, the watermark embedded in the image is extracted to determine the untrustworthy query user. Experimental results show that the proposed scheme achieves minimal information loss, faster embedding and better resistance to JPEG compression attacks compared with the state-of-the-art schemes.

With the rapid innovation of cloud computing technologies, which has enhanced the application of the Internet of Things (IoT), smart health (s-health) is expected to enhance the quality of the healthcare system. However, s-health records (SHRs) outsourcing, storage, and sharing via a cloud server must be protected and users attribute privacy issues from the public domain. Ciphertext policy attribute-based encryption (CP-ABE) is the cryptographic primitive which is promising to provide fine-grained access control in the cloud environment. However, the direct application of traditional CP-ABE has brought a lot of security issues like attributes' privacy violations and vulnerability in the future by potential powerful attackers like side-channel and cold-bot attacks. To solve these problems, a lot of CP-ABE schemes have been proposed but none of them concurrently support partially policy-hidden and leakage resilience. Hence, we propose a new Smart Health Records Sharing Scheme that will be based on Partially Policy-Hidden CP-ABE with Leakage Resilience which is resilient to bound leakage from each of many secret keys per user, as well as many master keys, and ensure attribute privacy. Our scheme hides attribute values of users in both secret key and ciphertext which contain sensitive information in the cloud environment and are fully secure in the standard model under the static assumptions.

SWIM (System Wide Information Management) has become the development direction of A TM (Air Traffic Management) system by providing interoperable services to promote the exchange and sharing of data among various stakeholders. The premise of data sharing is security, and the access control has become the key guarantee for the secure sharing and exchange. The CP-ABE scheme (Ciphertext Policy Attribute-Based Encryption) can realize one-to-many access control, which is suitable for the characteristics of SWIM environment. However, the combination of the existing CP-ABE access control and SWIM has following constraints. 1. The traditional single authority CP-ABE scheme requires unconditional trust in the authority center. Once the authority center is corrupted, the excessive authority of the center may lead to the complete destruction of system security. So, SWIM with a large user group and data volume requires multiple authorities CP-ABE when performing access control. 2. There is no unified management of users' data access records. Lack of supervision on user behavior make it impossible to effectively deter malicious users. 3. There are a certain proportion of lightweight data users in SWIM, such as aircraft, users with handheld devices, etc. And their computing capacity becomes the bottleneck of data sharing. Aiming at these issues above, this paper based on cloud-chain fusion basically proposes a multi-authority CP-ABE scheme, called the MOV ATM scheme, which has three advantages. 1. Based on a multi-cloud and multi-authority CP-ABE, this solution conforms to the distributed nature of SWIM; 2. This scheme provides outsourced computing and verification functions for lightweight users; 3. Based on blockchain technology, a blockchain that is maintained by all stakeholders of SWIM is designed. It takes user's access records as transactions to ensure that access records are well documented and cannot be tampered with. Compared with other schemes, this scheme adds the functions of multi-authority, outsourcing, verifiability and auditability, but do not increase the decryption cost of users.

The Network-on-Chip (NoC) is the communication heart in Multiprocessors System-on-Chip (MPSoC). It offers an efficient and scalable interconnection platform, which makes it a focal point of potential security threats. Due to outsourcing design, the NoC can be infected with a malicious circuit, known as Hardware Trojan (HT), to leak sensitive information or degrade the system’s performance and function. An HT can form a security threat by consciously dropping packets from the NoC, structuring a Black Hole Router (BHR) attack. This paper presents an end-to-end secure interconnection network against the BHR attack. The proposed scheme is energy-efficient to detect the BHR in runtime with 1% and 2% average throughput and energy consumption overheads, respectively.

Smart grids are envisioned as the next-generation electricity grids. The data measured from the smart grid is very sensitive. It is thus highly necessary to adopt data access control in smart grids to guarantee the security and privacy of the measured data. Due to its flexibility and scalability, attribute-based encryption (ABE) is widely utilized to realize data access control in smart grids. However, most existing ABE solutions impose a heavy decryption overhead on their users. To this end, we propose a lightweight attribute-based encryption scheme for data access control in smart grids by adopting the idea of computation outsourcing. Under our proposed scheme, users can outsource a large amount of computation to a server during the decryption phase while still guaranteeing the security and privacy of the data. Theoretical analysis and experimental evaluation demonstrate that our scheme outperforms the existing schemes by achieving a very low decryption cost.

There are problems in which the use of linear regression is not sufficiently justified. In these cases, fuzzy linear regression can be used as a modeling tool. The problem of constructing a fuzzy linear regression can usually be reduced to a linear programming problem. One of the features of the resulting linear programming problem is that it uses a relatively large number of constraints in the form of inequalities with a relatively small number of variables. It is known that the problem of constructing a fuzzy linear regression is reduced to the problem of linear programming. If the user does not have enough computing power the resulting problem can be transferred to the cloud server. Two approaches are used for the confidential transfer of the problem to the server: the approach based on cryptographic encryption, and the transformational approach. The paper describes a protocol based on the transformational approach that allows for secure outsourcing of fuzzy linear regression.

WebAssembly is an Increasingly popular lightweight binary instruction format, which can be efficiently embedded and sandboxed. Languages like C, C++, Rust, Go, and many others can be compiled into WebAssembly. This paper describes Twine, a WebAssembly trusted runtime designed to execute unmodified, language-independent applications. We leverage Intel SGX to build the runtime environment without dealing with language-specific, complex APIs. While SGX hardware provides secure execution within the processor, Twine provides a secure, sandboxed software runtime nested within an SGX enclave, featuring a WebAssembly system interface (WASI) for compatibility with unmodified WebAssembly applications. We evaluate Twine with a large set of general-purpose benchmarks and real-world applications. In particular, we used Twine to implement a secure, trusted version of SQLite, a well-known full-fledged embeddable database. We believe that such a trusted database would be a reasonable component to build many larger application services. Our evaluation shows that SQLite can be fully executed inside an SGX enclave via WebAssembly and existing system interface, with similar average performance overheads. We estimate that the performance penalties measured are largely compensated by the additional security guarantees and its full compatibility with standard WebAssembly. An indepth analysis of our results indicates that performance can be greatly improved by modifying some of the underlying libraries. We describe and implement one such modification in the paper, showing up to 4.1 × speedup. Twine is open-source, available at GitHub along with instructions to reproduce our experiments.

This paper presents an implementation of a novel approach, utilizing hybrid data partitioning, to secure sensitive data and improve query performance. In this novel approach, vertical and horizontal data partitioning are combined together in an approach that called hybrid partitioning and the new approach is implemented using Microsoft SQL server to generate divided/partitioned relations. A group of proposed rules is applied to the query request process using query binning (QB) and Metadata of partitioning. The proposed approach is validated using experiments involving a collection of data evaluated by outcomes of advanced stored procedures. The suggested approach results are satisfactory in achieving the properties of defining the data security: non-linkability and indistinguishability. The results of the proposed approach were satisfactory. The proposed novel approach outperforms a well-known approach called PANDA.

Data confidentiality is an important requirement for clients when outsourcing databases to the cloud. Trusted execution environments, such as Intel SGX, offer an efficient solution to this confidentiality problem. However, existing TEE-based solutions are not optimized for column-oriented, in-memory databases and pose impractical memory requirements on the enclave. We present EncDBDB, a novel approach for client-controlled encryption of a column-oriented, in-memory databases allowing range searches using an enclave. EncDBDB offers nine encrypted dictionaries, which provide different security, performance, and storage efficiency tradeoffs for the data. It is especially suited for complex, read-oriented, analytic queries as present, e.g., in data warehouses. The computational overhead compared to plaintext processing is within a millisecond even for databases with millions of entries and the leakage is limited. Compressed encrypted data requires less space than a corresponding plaintext column. Furthermore, EncDBDB's enclave is very small reducing the potential for security-relevant implementation errors and side-channel leakages.

Cloud computing has changed the paradigm of using computing resources. It has shifted from traditional storage and computing to Internet based computing leveraging economy of scale, cost saving, elimination of data redundancy, scalability, availability and regulatory compliance. With these, cloud also brings plenty of security issues. As security is not a one-time solution, there have been efforts to investigate and provide countermeasures. In the wake of emerging quantum computers, the aim of post-quantum cryptography is to develop cryptography schemes that are secure against both classical computers and quantum computers. Since cloud is widely used across the globe for outsourcing data, it is essential to strive at providing betterment of security schemes from time to time. This paper reviews recent development, methods of cloud data security in post-quantum perspectives. It provides useful insights pertaining to the security schemes used to safeguard data dynamics associated with cloud computing. The findings of this paper gives directions for further research in pursuit of more secure cloud data storage and retrieval.

Multi-access edge computing (MEC) equipped with artificial intelligence is a promising technology in B5G wireless systems. Due to outsourcing and other transactions, some primitive security modules need to be introduced. In this paper, we design a primitive cipher based on double discrete exponentiation and double discrete logarithm. The machine learning methodology is incorporated in the development. Several interesting results are obtained. It reveals that the number of key-rounds is critically important.

Homomorphic Encryption is one of the most promising techniques to deal with privacy concerns, which is raised by remote deep learning paradigm, and maintain high classification accuracy. However, homomorphic encryption-based solutions are characterized by high overhead in terms of both computation and communication, which limits their adoption in pervasive health monitoring applications with constrained client-side devices. In this paper, we propose PReDIHERO, an improved privacy-preserving solution for remote deep learning inferences based on homomorphic encryption. The proposed solution applies a reversible obfuscation technique that successfully protects sensitive information, and enhances the client-side overhead compared to the conventional homomorphic encryption approach. The solution tackles three main heavyweight client-side tasks, namely, encryption and transmission of private data, refreshing encrypted data, and outsourcing computation of activation functions. The efficiency of the client-side is evaluated on a healthcare dataset and compared to a conventional homomorphic encryption approach. The evaluation results show that PReDIHERO requires increasingly less time and storage in comparison to conventional solutions when inferences are requested. At two hundreds inferences, the improvement ratio could reach more than 30 times in terms of computation overhead, and more than 8 times in terms of communication overhead. The same behavior is observed in sequential data and batch inferences, as we record an improvement ratio of more than 100 times in terms of computation overhead, and more than 20 times in terms of communication overhead.

Modern enterprises increasingly take advantage of cloud infrastructures. Yet, outsourcing code and data into the cloud requires enterprises to trust cloud providers not to meddle with their data. To reduce the level of trust towards cloud providers, AMD has introduced Secure Encrypted Virtualization (SEV). By encrypting Virtual Machines (VMs), SEV aims to ensure data confidentiality, despite a compromised or curious Hypervisor. The SEV Encrypted State (SEV-ES) extension additionally protects the VM’s register state from unauthorized access. Yet, both extensions do not provide integrity of the VM’s memory, which has already been abused to leak the protected data or to alter the VM’s control-flow. In this paper, we introduce the SEVerity attack; a missing puzzle piece in the series of attacks against the AMD SEV family. Specifically, we abuse the system’s lack of memory integrity protection to inject and execute arbitrary code within SEV-ES-protected VMs. Contrary to previous code execution attacks against the AMD SEV family, SEVerity neither relies on a specific CPU version nor on any code gadgets inside the VM. Instead, SEVerity abuses the fact that SEV-ES prohibits direct memory access into the encrypted memory. Specifically, SEVerity injects arbitrary code into the encrypted VM through I/O channels and uses the Hypervisor to locate and trigger the execution of the encrypted payload. This allows us to sidestep the protection mechanisms of SEV-ES. Overall, our results demonstrate a success rate of 100% and hence highlight that memory integrity protection is an obligation when encrypting VMs. Consequently, our work presents the final stroke in a series of attacks against AMD SEV and SEV-ES and renders the present implementation as incapable of protecting against a curious, vulnerable, or malicious Hypervisor.

Cloud technology is advancing rapidly because of it’s capability to replace the traditional computing techniques. Cloud offers various kinds of services for the user that are being used. In this research paper, storage as a service provided by cloud is examined as the data of the owner is being shared to the cloud so we have to ensure that data integrity is being maintained. In order to have a robust mechanism that offers a secure pathway for sharing data different encryption algorithms have been utilized. We investigate all the suitable algorithms with various combinations because any single algorithm is prone to some kind of attack. Testing of these algorithms is done by analyzing the parameters such as time required for execution, use of computational resources, key management, etc. Finally the best one that stands and fulfill all the criteria in a reasonable manner is selected for the purpose of storage.

With the development of cloud computing, a growing number of users use the cloud to store their sensitive data. To protect privacy, users often encrypt their data before outsourcing. Searchable Symmetric Encryption (SSE) enables users to retrieve their encrypted data. Most prior SSE schemes did not focus on malicious servers, and users could not confirm the correctness of the search results. Blockchain-based SSE schemes show the potential to solve this problem. However, the expensive nature of storage overhead on the blockchain presents an obstacle to the implementation of these schemes. In this paper, we propose a lightweight blockchain-based searchable symmetric encryption scheme that reduces the space cost in the scheme by improving the data structure of the encrypted index and ensuring efficient data retrieval. Experiment results demonstrate the practicability of our scheme.

In IoT scenarios, computational and communication costs on the user side are important problems. In most expressive ABE schemes, there is a linear relationship between the access structure size and the number of heavy pairing operations that are used in the decryption process. This property limits the application of ABE. We propose an expressive CP-ABE with the constant number of pairings in the decryption process. The simulation shows that the proposed scheme is highly efficient in encryption and decryption processes. In addition, we use the outsourcing method in decryption to get better performance on the user side. The main burden of decryption computations is done by the cloud without revealing any information about the plaintext. We introduce a new revocation method. In this method, the users' communication channels aren't used during the revocation process. These features significantly reduce the computational and communication costs on the user side that makes the proposed scheme suitable for applications such as IoT. The proposed scheme is selectively CPA-secure in the standard model.

CP-ABE (ciphertext-policy attribute-based encryption) is a promising encryption scheme. In this paper, a highly expressive revocable scheme based on the key encryption keys (KEK) tree is proposed. In this method, the cloud server realizes the cancellation of attribute-level users and effectively reduces the computational burden of the data owner and attribute authority. This scheme embeds a unique random value associated with the user in the attribute group keys. The attribute group keys of each user are different, and it is impossible to initiate a collusion attack. Computing outsourcing makes most of the decryption work done by the cloud server, and the data user only need to perform an exponential operation; in terms of security, the security proof is completed under the standard model based on simple assumptions. Under the premise of ensuring security, the scheme in this paper has the functions of revocation and traceability, and the speed of decryption calculation is also improved.

Recently, with the development of the cloud environment, users can store their data or share it with other users. However, various security threats can occur in data sharing systems in the cloud environment. To solve this, data sharing systems and access control methods using the CP-ABE method are being studied, but the following problems may occur. First, in an outsourcing server that supports computation, it is not possible to prove that the computed result is a properly computed result when performing the partial decryption process of the ciphertext. Therefore, the user needs to verify the message obtained by performing the decryption process, and verify that the data is uploaded by the data owner through verification. As another problem, because the data owner encrypts data with attribute-based encryption, the number of attributes included in the access structure increases. This increases the size of the ciphertext, which can waste space in cloud storage. Therefore, a ciphertext of a constant size must be output regardless of the number of attributes when generating the ciphertext. In this paper, we proposes a CP-ABE based data sharing system that provides signature-based verifiable outsourcing. It aims at a system that allows multiple users to share data safely and efficiently in a cloud environment by satisfying verifiable outsourcing and constant-sized ciphertext output among various security requirements required by CP-ABE.

Cloud storage, in general, is a collection of Computer Technology resources provided to consumers over the internet on a leased basis. Cloud storage has several advantages, including simplicity, reliability, scalability, convergence, and cost savings. One of the most significant impediments to cloud computing's growth is security. This paper proposes a security approach based on cloud security. Cloud security now plays a critical part in everyone's life. Due to security concerns, data is shared between cloud service providers and other users. In order to protect the data from unwanted access, the Security Service Algorithm (SSA), which is called as MONcrypt is used to secure the information. This methodology is established on the obfuscation of data techniques. The MONcrypt SSA is a Security as a Service (SaaS) product. When compared to current obfuscation strategies, the proposed methodology offers a better efficiency and smart protection. In contrast to the current method, MONcrypt eliminates the different dimensions of information that are uploaded to cloud storage. The proposed approach not only preserves the data's secrecy but also decreases the size of the plaintext. The exi sting method does not reduce the size of data until it has been obfuscated. The findings show that the recommended MONcrypt offers optimal protection for the data stored in the cloud within the shortest amount of time. The proposed protocol ensures the confidentiality of the information while reducing the plaintext size. Current techniques should not reduce the size of evidence once it has been muddled. Based on the findings, it is clear that the proposed MONcrypt provides the highest level of protection in the shortest amount of time for rethought data.

The main aim of this report is to find how data security can be improved in a cloud environment using the remote data auditing technique. The research analysis of the existing journal articles that are peer-reviewed Q1 level of articles is selected to perform the analysis.The main taxonomy that is proposed in this project is being data, auditing, monitoring, and output i.e., DAMO taxonomy that is used and includes these components. The data component would include the type of data; the auditing would ensure the algorithm that would be used at the backend and the storage would include the type of database as single or the distributed server in which the data would be stored.As a result of this research, it would help understand how the data can be ensured to have the required level of privacy and security when the third-party database vendors would be used by the organizations to maintain their data. Since most of the organizations are looking to reduce their burden of the local level of data storage and to reduce the maintenance by the outsourcing of the cloud there are still many issues that occur when there comes the time to check if the data is accurate or not and to see if the data is stored with resilience. In such a case, there is a need to use the Remote Data Auditing techniques that are quite helpful to ensure that the data which is outsourced is reliable and maintained with integrity when the information is stored in the single or the distributed servers.

Cost-effective and efficient sequencing technologies have resulted in massive genomic data availability. To compute on a large-scale genomic dataset, it is often required to outsource the dataset to the cloud. To protect data confidentiality, data owners encrypt sensitive data before outsourcing. Outsourcing enhances data owners to eliminate the storage management problem. Since genome data is large in volume, secure execution of researchers query is challenging. In this paper, we propose a method to securely perform count query on datasets containing genotype, phenotype, and numeric data. Our method modifies the prefix-tree proposed by Hasan et al. [1] to incorporate numerical data. The proposed method guarantees data privacy, output privacy, and query privacy. We preserve the security through encryption and garbled circuits. For a query of 100 single-nucleotide polymorphism (SNPs) sequence, we achieve query execution time approximately 3.5 minutes in a database of 1500 records. To the best of our knowledge, this is the first proposed secure framework that addresses heterogeneous biomedical data including numeric attributes.

In light of the progress achieved by the technology sector in the areas of internet speed and cloud services development, and in addition to other advantages provided by the cloud such as reliability and easy access from anywhere and anytime, most data owners find an opportunity to take advantage of the cloud to store data. However, data owners find a challenge that was and is still facing them in the field of outsourcing, which is protecting sensitive data from leakage. Researchers found that partitioning data into partitions, based on data sensitivity, can be used to protect data from leakage and to increase performance by storing the partition, which contains sensitive data in an encrypted form. In this paper, we review the methods used in designing partitions and dividing data approaches. A hybrid data partitioning approach is proposed to improve these techniques. We consider the frequency attack types used to guess the sensitive data and the most important properties that must be available in order for the encryption to be strong against frequency attacks.

The insurance business plays a quite significant role in people's lives, but in the process of claim settlement, there are still various frauds such that the insurance companies' refusal to compensate or customers' malicious fraud to obtain compensation. Therefore, it is very important to ensure fair and just claims. In this paper, by combining the blockchain technology and the ciphertext-policy attribute-based encryption system, we build a scheme for secure storage and update for insurance records under the InterPlanetary File System (IPFS) storage environment in the insurance system. In this scheme, we use the fog node to outsource encryption of insurance records to improve the efficiency of the staff; In addition, we store encrypted insurance records on IPFS to ensure the security of the storage platform and avoid the single point failure of the centralized mechanism. In addition, we use the immutability of the blockchain to achieve the non-repudiation of both insurance companies and the client. The security proof shows that the proposed scheme can achieve selective security against selected keyword attacks. Our scheme is efficient and feasible under performance analysis and real data set experiments.

There exists a need for sharing user health data, especially with institutes for research purposes, in a secure fashion. This is especially true in the case of a system that includes a third party storage service, such as cloud computing, which limits the control of the data owner. The use of encryption for secure data storage continues to evolve to meet the need for flexible and fine-grained access control. This evolution has led to the development of Attribute Based Encryption (ABE). The use of ABE to ensure the security and privacy of health data has been explored. This paper presents an ABE based framework which allows for the secure outsourcing of the more computationally intensive processes for data decryption to the cloud servers. This reduces the time needed for decryption to occur at the user end and reduces the amount of computational power needed by users to access data.