Open Access. Powered by Scholars. Published by Universities.®
Articles 1 - 30 of 40
Full-Text Articles in Information Security
Privacy-Preserving Arbitrary Geometric Range Query In Mobile Internet Of Vehicles, Yinbin Miao, Lin Song, Xinghua Li, Hongwei Li, Kim-Kwang Raymond Choo, Robert H. Deng
Privacy-Preserving Arbitrary Geometric Range Query In Mobile Internet Of Vehicles, Yinbin Miao, Lin Song, Xinghua Li, Hongwei Li, Kim-Kwang Raymond Choo, Robert H. Deng
Research Collection School Of Computing and Information Systems
The mobile Internet of Vehicles (IoVs) has great potential for intelligent transportation, and creates spatial data query demands to realize the value of data. Outsourcing spatial data to a cloud server eliminates the need for local computation and storage, but it leads to data security and privacy threats caused by untrusted third-parties. Existing privacy-preserving spatial range query solutions based on Homomorphic Encryption (HE) have been developed to increase security. However, in the single server model, the private key is held by the query user, which incurs high computation and communication burdens on query users due to multiple rounds of interactions. …
How To Resuscitate A Sick Vm In The Cloud, Xuhua Ding
How To Resuscitate A Sick Vm In The Cloud, Xuhua Ding
Research Collection School Of Computing and Information Systems
A guest virtual machine in a cloud platform may fall “sick” when its kernel encounters a fatal low-level bug or is subverted by an adversary. The VM owner is hence likely to lose her control over it due to a kernel hang or being denied of remote accesses. While the VM can be rebooted with the assistance from the cloud server, the owner not only faces service disruption but also is left with no opportunity to make an in-depth diagnosis and forensics on the spot, not to mention a live rectification. Currently, the cloud service provider has neither incentive nor …
Reks: Role-Based Encrypted Keyword Search With Enhanced Access Control For Outsourced Cloud Data, Yibin Miao, Feng Li, Xiaohua Jia, Huaxiong Wang, Ximeng Liu, Kim-Kwang Raymond Choo, Robert H. Deng
Reks: Role-Based Encrypted Keyword Search With Enhanced Access Control For Outsourced Cloud Data, Yibin Miao, Feng Li, Xiaohua Jia, Huaxiong Wang, Ximeng Liu, Kim-Kwang Raymond Choo, Robert H. Deng
Research Collection School Of Computing and Information Systems
Keyword-based search over encrypted data is an important technique to achieve both data confidentiality and utilization in cloud outsourcing services. While commonly used access control mechanisms, such as identity-based encryption and attribute-based encryption, do not generally scale well for hierarchical access permissions. To solve this problem, we propose a Role-based Encrypted Keyword Search (REKS) scheme by using the role-based access control and broadcast encryption. Specifically, REKS allows owners to deploy hierarchical access control by allowing users with parent roles to have access permissions from child roles. Using REKS, we further facilitate token generation preprocessing and efficient user management, thereby significantly …
Vpsl: Verifiable Privacy-Preserving Data Search For Cloud-Assisted Internet Of Things, Qiuyun Tong, Yinbin Miao, Ximeng Liu, Kim-Kwang Raymond Choo, Robert H. Deng
Vpsl: Verifiable Privacy-Preserving Data Search For Cloud-Assisted Internet Of Things, Qiuyun Tong, Yinbin Miao, Ximeng Liu, Kim-Kwang Raymond Choo, Robert H. Deng
Research Collection School Of Computing and Information Systems
Cloud-assisted Internet of Things (IoT) is increasingly prevalent used in various fields, such as the healthcare system. While in such a scenario, sensitive data (e.g., personal electronic medical records) can be easily revealed, which incurs potential security challenges. Thus, Symmetric Searchable Encryption (SSE) has been extensively studied due to its capability of supporting efficient search on encrypted data. However, most SSE schemes require the data owner to share the complete key with query users and take malicious cloud servers out of consideration. Seeking to address these limitations, in this paper we propose a Verifiable Privacy-preserving data Search scheme with Limited …
Soci: A Toolkit For Secure Outsourced Computation On Integers, Bowen Zhao, Jiaming Yuan, Ximeng Liu, Yongdong Wu, Hwee Hwa Pang, Robert H. Deng
Soci: A Toolkit For Secure Outsourced Computation On Integers, Bowen Zhao, Jiaming Yuan, Ximeng Liu, Yongdong Wu, Hwee Hwa Pang, Robert H. Deng
Research Collection School Of Computing and Information Systems
Secure outsourced computation is a key technique for protecting data security and privacy in the cloud. Although fully homomorphic encryption (FHE) enables computations over encrypted data, it suffers from high computation costs in order to support an unlimited number of arithmetic operations. Recently, secure computations based on interactions of multiple computation servers and partially homomorphic encryption (PHE) were proposed in the literature, which enable an unbound number of addition and multiplication operations on encrypted data more efficiently than FHE and do not add any noise to encrypted data; however, these existing solutions are either limited in functionalities (e.g., computation on …
Match In My Way: Fine-Grained Bilateral Access Control For Secure Cloud-Fog Computing, Shengmin Xu, Jianting Ning, Yingjiu Li, Yinghui Zhang, Guowen Xu, Xinyi Huang, Robert H. Deng
Match In My Way: Fine-Grained Bilateral Access Control For Secure Cloud-Fog Computing, Shengmin Xu, Jianting Ning, Yingjiu Li, Yinghui Zhang, Guowen Xu, Xinyi Huang, Robert H. Deng
Research Collection School Of Computing and Information Systems
Cloud-fog computing is a novel paradigm to extend the functionality of cloud computing to provide a variety of on demand data services via the edge network. Many cryptographic tools have been introduced to preserve data confidentiality against the untrustworthy network and cloud servers. However, how to efficiently identify and retrieve useful data from a large number of ciphertexts without a costly decryption mechanism remains a challenging problem. In this paper, we introduce a cloud fog-device data sharing system (CFDS) with data confidentiality and data source identification simultaneously based on a new cryptographic primitive named matchmaking attribute-based encryption (MABE) by extending …
Lightweight And Expressive Fine-Grained Access Control For Healthcare Internet-Of-Things, Shengmin Xu, Yingjiu Li, Robert H. Deng, Yinghui Zhang, Xiangyang Luo, Ximeng Liu
Lightweight And Expressive Fine-Grained Access Control For Healthcare Internet-Of-Things, Shengmin Xu, Yingjiu Li, Robert H. Deng, Yinghui Zhang, Xiangyang Luo, Ximeng Liu
Research Collection School Of Computing and Information Systems
Healthcare Internet-of-Things (IoT) is an emerging paradigm that enables embedded devices to monitor patients vital signals and allows these data to be aggregated and outsourced to the cloud. The cloud enables authorized users to store and share data to enjoy on-demand services. Nevertheless, it also causes many security concerns because of the untrusted network environment, dishonest cloud service providers and resource-limited devices. To preserve patients' privacy, existing solutions usually apply cryptographic tools to offer access controls. However, fine-grained access control among authorized users is still a challenge, especially for lightweight and resource-limited end-devices. In this paper, we propose a novel …
Outsourcing Service Fair Payment Based On Blockchain And Its Applications In Cloud Computing, Yinghui Zhang, Robert H. Deng, Ximeng Liu, Dong Zheng
Outsourcing Service Fair Payment Based On Blockchain And Its Applications In Cloud Computing, Yinghui Zhang, Robert H. Deng, Ximeng Liu, Dong Zheng
Research Collection School Of Computing and Information Systems
As a milestone in the development of outsourcing services, cloud computing enables an increasing number of individuals and enterprises to enjoy the most advanced services from outsourcing service providers. Because online payment and data security issues are involved in outsourcing services, the mutual distrust between users and service providers may severely impede the wide adoption of cloud computing. Nevertheless, most existing solutions only consider a specific type of services and rely on a trusted third-party to realize fair payment. In this paper, to realize secure and fair payment of outsourcing services in general without relying on any third-party, trusted or …
Efficient Attribute-Based Encryption With Repeated Attributes Optimization, Fawad Khan, Hui Li, Yinghui Zhang, Haider Abbas, Tahreem Yaqoob
Efficient Attribute-Based Encryption With Repeated Attributes Optimization, Fawad Khan, Hui Li, Yinghui Zhang, Haider Abbas, Tahreem Yaqoob
Research Collection School Of Computing and Information Systems
Internet of Things (IoT) is an integration of various technologies to provide technological enhancements. To enforce access control on low power operated battery constrained devices is a challenging issue in IoT scenarios. Attribute-based encryption (ABE) has emerged as an access control mechanism to allow users to encrypt and decrypt data based on an attributes policy. However, to accommodate the expressiveness of policy for practical application scenarios, attributes may be repeated in a policy. For certain policies, the attributes repetition cannot be avoided even after applying the boolean optimization techniques to attain an equivalent smaller length boolean formula. For such policies, …
Investigating The Adoption Of Hybrid Encrypted Cloud Data Deduplication With Game Theory, Xueqin Liang, Zheng Yan, Robert H. Deng, Qinghu Zheng
Investigating The Adoption Of Hybrid Encrypted Cloud Data Deduplication With Game Theory, Xueqin Liang, Zheng Yan, Robert H. Deng, Qinghu Zheng
Research Collection School Of Computing and Information Systems
Encrypted data deduplication, along with different preferences in data access control, brings the birth of hybrid encrypted cloud data deduplication (H-DEDU for short). However, whether H-DEDU can be successfully deployed in practice has not been seriously investigated. Obviously, the adoption of H-DEDU depends on whether it can bring economic benefits to all stakeholders. But existing economic models of cloud storage fail to support H-DEDU due to complicated interactions among stakeholders. In this article, we establish a formal economic model of H-DEDU by formulating the utilities of all involved stakeholders, i.e., data holders, data owners, and Cloud Storage Providers (CSPs). Then, …
Attribute-Based Fine-Grained Access Control For Outscored Private Set Intersection Computation, Mohammad Ali, Mohajeri Javad, Mohammad-Reza Sadeghi, Ximeng Liu
Attribute-Based Fine-Grained Access Control For Outscored Private Set Intersection Computation, Mohammad Ali, Mohajeri Javad, Mohammad-Reza Sadeghi, Ximeng Liu
Research Collection School Of Computing and Information Systems
Private set intersection (PSI) is a fundamental cryptographic protocol which has a wide range of applications. It enables two clients to compute the intersection of their private datasets without revealing non-matching elements. The advent of cloud computing drives the ambition to reduce computation and data management overhead by outsourcing such computations. However, since the cloud is not trustworthy, some cryptographic methods should be applied to maintain the confidentiality of datasets. But, in doing so, data owners may be excluded from access control on their outsourced datasets. Therefore, to control access rights and to interact with authorized users, they have to …
Attribute-Based Encryption For Cloud Computing Access Control: A Survey, Yinghui Zhang, Robert H. Deng, Shengmin Xu, Jianfei Sun, Qi Li, Dong Zheng
Attribute-Based Encryption For Cloud Computing Access Control: A Survey, Yinghui Zhang, Robert H. Deng, Shengmin Xu, Jianfei Sun, Qi Li, Dong Zheng
Research Collection School Of Computing and Information Systems
Attribute-based encryption (ABE) for cloud computing access control is reviewed in this article. A taxonomy and comprehensive assessment criteria of ABE are first proposed. In the taxonomy, ABE schemes are assorted into key-policy ABE (KP-ABE) schemes, ciphertext-policy ABE (CP-ABE) schemes, anti-quantum ABE schemes, and generic constructions. In accordance with cryptographically functional features, CP-ABE is further divided into nine subcategories with regard to basic functionality, revocation, accountability, policy hiding, policy updating, multi-authority, hierarchy, offline computation, and outsourced computation. In addition, a systematical methodology for discussing and comparing existing ABE schemes is proposed. For KP-ABE and each type of CP-ABE, the corresponding …
Efficient Fine-Grained Data Sharing Mechanism For Electronic Medical Record Systems With Mobile Devices, Hui Ma, Rui Zhang, Guomin Yang, Zishuai Zong, Kai He, Yuting Xiao
Efficient Fine-Grained Data Sharing Mechanism For Electronic Medical Record Systems With Mobile Devices, Hui Ma, Rui Zhang, Guomin Yang, Zishuai Zong, Kai He, Yuting Xiao
Research Collection School Of Computing and Information Systems
Sharing digital medical records on public cloud storage via mobile devices facilitates patients (doctors) to get (offer) medical treatment of high quality and efficiency. However, challenges such as data privacy protection, flexible data sharing, efficient authority delegation, computation efficiency optimization, are remaining toward achieving practical fine-grained access control in the Electronic Medical Record (EMR) system. In this work, we propose an innovative access control model and a fine-grained data sharing mechanism for EMR, which simultaneously achieves the above-mentioned features and is suitable for resource-constrained mobile devices. In the model, complex computation is outsourced to public cloud servers, leaving almost no …
An Extended Framework Of Privacy-Preserving Computation With Flexible Access Control, Wenxiu Ding, Rui Hu, Zheng Yan, Xinren Qian, Robert H. Deng, Laurence T. Yang, Mianxiong Dong
An Extended Framework Of Privacy-Preserving Computation With Flexible Access Control, Wenxiu Ding, Rui Hu, Zheng Yan, Xinren Qian, Robert H. Deng, Laurence T. Yang, Mianxiong Dong
Research Collection School Of Computing and Information Systems
Cloud computing offers various services based on outsourced data by utilizing its huge volume of resources and great computation capability. However, it also makes users lose full control over their data. To avoid the leakage of user data privacy, encrypted data are preferred to be uploaded and stored in the cloud, which unfortunately complicates data analysis and access control. In particular, few existing works consider the fine-grained access control over the computational results from ciphertexts. Though our previous work proposed a framework to support several basic computations (such as addition, multiplication and comparison) with flexible access control, privacy-preserving division calculations …
Editing-Enabled Signatures: A New Tool For Editing Authenticated Data, Binanda Sengupta, Yingjiu Li, Yangguang Tian, Robert H. Deng
Editing-Enabled Signatures: A New Tool For Editing Authenticated Data, Binanda Sengupta, Yingjiu Li, Yangguang Tian, Robert H. Deng
Research Collection School Of Computing and Information Systems
Data authentication primarily serves as a tool to achieve data integrity and source authentication. However, traditional data authentication does not fit well where an intermediate entity (editor) is required to modify the authenticated data provided by the source/data owner before sending the data to other recipients. To ask the data owner for authenticating each modified data can lead to higher communication overhead. In this article, we introduce the notion of editing-enabled signatures where the data owner can choose any set of modification operations applicable on the data and still can restrict any possibly untrusted editor to authenticate the data modified …
A Fully Distributed Hierarchical Attribute-Based Encryption Scheme, Ali Mohammad, Javad Mohajeri, Ximeng Liu, Ximeng Liu
A Fully Distributed Hierarchical Attribute-Based Encryption Scheme, Ali Mohammad, Javad Mohajeri, Ximeng Liu, Ximeng Liu
Research Collection School Of Computing and Information Systems
With the development of cloud computing, many enterprises have been interested in outsourcing their data to cloud servers to decrease IT costs and rise capabilities of provided services. To afford confidentiality and fine-grained data access control, attribute-based encryption (ABE) was proposed and used in several cloud storage systems. However, scalability and flexibility in key delegation and user revocation mechanisms are primary issues in ABE systems. In this paper, we introduce the concept of a fully distributed revocable ciphertext-policy hierarchical ABE (FDR-CP-HABE) and design the first FDR-CP-HABE scheme. Our scheme offers a high level of flexibility and scalability in the key …
Identity-Based Encryption Transformation For Flexible Sharing Of Encrypted Data In Public Cloud, Robert H. Deng, Zheng Qin, Qianhong Wu, Zhenyu Guan, Robert H. Deng, Yujue Wang, Yunya Zhou
Identity-Based Encryption Transformation For Flexible Sharing Of Encrypted Data In Public Cloud, Robert H. Deng, Zheng Qin, Qianhong Wu, Zhenyu Guan, Robert H. Deng, Yujue Wang, Yunya Zhou
Research Collection School Of Computing and Information Systems
With the rapid development of cloud computing, an increasing number of individuals and organizations are sharing data in the public cloud. To protect the privacy of data stored in the cloud, a data owner usually encrypts his data in such a way that certain designated data users can decrypt the data. This raises a serious problem when the encrypted data needs to be shared to more people beyond those initially designated by the data owner. To address this problem, we introduce and formalize an identity-based encryption transformation (IBET) model by seamlessly integrating two well-established encryption mechanisms, namely identity-basedencryption (IBE) and …
Privacy-Preserving Data Processing With Flexible Access Control, Wenxiu Ding, Zheng Yan, Robert H. Deng
Privacy-Preserving Data Processing With Flexible Access Control, Wenxiu Ding, Zheng Yan, Robert H. Deng
Research Collection School Of Computing and Information Systems
Cloud computing provides an efficient and convenient platform for cloud users to store, process and control their data. Cloud overcomes the bottlenecks of resource-constrained user devices and greatly releases their storage and computing burdens. However, due to the lack of full trust in cloud service providers, the cloud users generally prefer to outsource their sensitive data in an encrypted form, which, however, seriously complicates data processing, analysis, as well as access control. Homomorphic encryption (HE) as a single key system cannot flexibly control data sharing and access after encrypted data processing. How to realize various computations over encrypted data in …
Pgas: Privacy-Preserving Graph Encryption For Accurate Constrained Shortest Distance Queries, Can Zhang, Liehuang Zhu, Kashif Sharif, Chuan Zhang, Ximeng Liu
Pgas: Privacy-Preserving Graph Encryption For Accurate Constrained Shortest Distance Queries, Can Zhang, Liehuang Zhu, Kashif Sharif, Chuan Zhang, Ximeng Liu
Research Collection School Of Computing and Information Systems
The constrained shortest distance (CSD) query is used to determine the shortest distance between two vertices of a graph while ensuring that the total cost remains lower than a given threshold. The virtually unlimited storage and processing capabilities of cloud computing have enabled the graph owners to outsource their graph data to cloud servers. However, it may introduce privacy challenges that are difficult to address. In recent years, some relevant schemes that support the shortest distance query on the encrypted graph have been proposed. Unfortunately, some of them have unacceptable query accuracy, and some of them leak sensitive information that …
Server-Aided Revocable Attribute-Based Encryption For Cloud Computing Services, Hui Cui, Tsz Hon Yuen, Robert H. Deng, Guilin Wang
Server-Aided Revocable Attribute-Based Encryption For Cloud Computing Services, Hui Cui, Tsz Hon Yuen, Robert H. Deng, Guilin Wang
Research Collection School Of Computing and Information Systems
Attribute-based encryption (ABE) has been regarded as a promising solution in cloud computing services to enable scalable access control without compromising the security. Despite of the advantages, efficient user revocation has been a challenge in ABE. One suggestion for user revocation is using the binary tree in the key generation phase of an ABE scheme, which enables a trusted key generation center to periodically distribute the key update information to all nonrevoked users over a public channel. This revocation approach reduces the size of key updates from linear to logarithmic in the number of users. But it requires each user …
Lightweight Fine-Grained Search Over Encrypted Data In Fog Computing, Yinbin Miao, Jianfeng Ma, Ximeng Liu, Jian Weng, Hongwei Li, Hui Li
Lightweight Fine-Grained Search Over Encrypted Data In Fog Computing, Yinbin Miao, Jianfeng Ma, Ximeng Liu, Jian Weng, Hongwei Li, Hui Li
Research Collection School Of Computing and Information Systems
Fog computing, as an extension of cloud computing, outsources the encrypted sensitive data to multiple fog nodes on the edge of Internet of Things (IoT) to decrease latency and network congestion. However, the existing ciphertext retrieval schemes rarely focus on the fog computing environment and most of them still impose high computational and storage overhead on resource-limited end users. In this paper, we first present a Lightweight Fine-Grained ciphertexts Search (LFGS) system in fog computing by extending Ciphertext-Policy Attribute-Based Encryption (CP-ABE) and Searchable Encryption (SE) technologies, which can achieve fine-grained access control and keyword search simultaneously. The LFGS can shift …
A Scalable Approach To Joint Cyber Insurance And Security-As-A-Service Provisioning In Cloud Computing, Jonathan David Chase, Dusit Niyato, Ping Wang, Sivadon Chaisiri, Ryan K. L. Ko
A Scalable Approach To Joint Cyber Insurance And Security-As-A-Service Provisioning In Cloud Computing, Jonathan David Chase, Dusit Niyato, Ping Wang, Sivadon Chaisiri, Ryan K. L. Ko
Research Collection School Of Computing and Information Systems
As computing services are increasingly cloud-based, corporations are investing in cloud-based security measures. The Security-as-a-Service (SECaaS) paradigm allows customers to outsource security to the cloud, through the payment of a subscription fee. However, no security system is bulletproof, and even one successful attack can result in the loss of data and revenue worth millions of dollars. To guard against this eventuality, customers may also purchase cyber insurance to receive recompense in the case of loss. To achieve cost effectiveness, it is necessary to balance provisioning of security and insurance, even when future costs and risks are uncertain. To this end, …
Authorized Function Homomorphic Signature, Qingwen Guo, Qiong Huang, Guomin Yang
Authorized Function Homomorphic Signature, Qingwen Guo, Qiong Huang, Guomin Yang
Research Collection School Of Computing and Information Systems
Homomorphic signature (HS) is a novel primitive that allows an agency to carry out arbitrary (polynomial time) computation f on the signed data (m) over right arrow and accordingly gain a signature sigma(h) for the computation result f ((m) over right arrow) with respect to f on behalf of the data owner (DO). However, since DO lacks control of the agency's behavior, receivers would believe that DO did authenticate the computation result even if the agency misbehaves and applies a function that the DO does not want. To address the problem above, in this paper we introduce a new primitive …
Vpsearch: Achieving Verifiability For Privacy-Preserving Multi-Keyword Search Over Encrypted Cloud Data, Zhiguo Wan, Robert H. Deng
Vpsearch: Achieving Verifiability For Privacy-Preserving Multi-Keyword Search Over Encrypted Cloud Data, Zhiguo Wan, Robert H. Deng
Research Collection School Of Computing and Information Systems
Although cloud computing offers elastic computation and storage resources, it poses challenges on verifiability of computations and data privacy. In this work we investigate verifiability for privacy-preserving multi-keyword search over outsourced documents. As the cloud server may return incorrect results due to system faults or incentive to reduce computation cost, it is critical to offer verifiability of search results and privacy protection for outsourced data at the same time. To fulfill these requirements, we design aVerifiablePrivacy-preserving keywordSearch scheme, called VPSearch, by integrating an adapted homomorphic MAC technique with a privacy-preserving multi-keyword search scheme. The proposed scheme enables the client to …
A Lightweight Cloud Sharing Phr System With Access Policy Updating, Zuobin Ying, Wenjie Jang, Shuanlong Cao, Ximeng Liu, Jie Cui
A Lightweight Cloud Sharing Phr System With Access Policy Updating, Zuobin Ying, Wenjie Jang, Shuanlong Cao, Ximeng Liu, Jie Cui
Research Collection School Of Computing and Information Systems
The rapid development of smart wearable devices makes personal health management feasible, which also stimulates the evolution of personal health records (PHRs). However, PHRs face many security challenges ever since it has been created. Besides, the complicated policy adjusting operation makes the PHRs stored in the cloud not so easy to use. In this paper, we propose a lightweight PHRs system on the basis of attribute-based encryption with policy updating. To update an outsourced ciphertext PHRs in the cloud, PHRs owners only need to generate an updating key, then upload it to the cloud server instead of retrieving the entire …
Privacy-Preserving Mining Of Association Rule On Outsourced Cloud Data From Multiple Parties, Lin Liu, Jinshu Su, Rongmao Chen, Ximeng Liu, Xiaofeng Wang, Shuhui Chen, Ho-Fung Fung Leung
Privacy-Preserving Mining Of Association Rule On Outsourced Cloud Data From Multiple Parties, Lin Liu, Jinshu Su, Rongmao Chen, Ximeng Liu, Xiaofeng Wang, Shuhui Chen, Ho-Fung Fung Leung
Research Collection School Of Computing and Information Systems
It has been widely recognized as a challenge to carry out data analysis and meanwhile preserve its privacy in the cloud. In this work, we mainly focus on a well-known data analysis approach namely association rule mining. We found that the data privacy in this mining approach have not been well considered so far. To address this problem, we propose a scheme for privacy-preserving association rule mining on outsourced cloud data which are uploaded from multiple parties in a twin-cloud architecture. In particular, we mainly consider the scenario where the data owners and miners have different encryption keys that are …
Tkse: Trustworthy Keyword Search Over Encrypted Data With Two-Side Verifiability Via Blockchain, Yinghui Zhang, Robert H. Deng, Jiangang Shu, Kan Yang, Dong Zheng
Tkse: Trustworthy Keyword Search Over Encrypted Data With Two-Side Verifiability Via Blockchain, Yinghui Zhang, Robert H. Deng, Jiangang Shu, Kan Yang, Dong Zheng
Research Collection School Of Computing and Information Systems
As a very attractive computing paradigm, cloud computing makes it possible for resource-constrained users to enjoy cost-effective and flexible resources of diversity. Considering the untrustworthiness of cloud servers and the data privacy of users, it is necessary to encrypt the data before outsourcing it to the cloud. However, the form of encrypted storage also poses a series of problems, such as: How can users search over the outsourced data? How to realize user-side verifiability of search results to resist malicious cloud servers? How to enable server-side verifiability of outsourced data to check malicious data owners? How to achieve payment fairness …
Security And Privacy In Smart Health: Efficient Policy-Hiding Attribute-Based Access Control, Yinghui Zhang, Dong Zheng, Robert H. Deng
Security And Privacy In Smart Health: Efficient Policy-Hiding Attribute-Based Access Control, Yinghui Zhang, Dong Zheng, Robert H. Deng
Research Collection School Of Computing and Information Systems
With the rapid development of the Internet of Things (IoT) and cloud computing technologies, smart health (s-health) is expected to significantly improve the quality of health care. However, data security and user privacy concerns in s-health have not been adequately addressed. As a well-received solution to realize fine-grained access control, ciphertext-policy attribute-based encryption (CP-ABE) has the potential to ensure data security in s-health. Nevertheless, direct adoption of the traditional CP-ABE in s-health suffers two flaws. For one thing, access policies are in cleartext form and reveal sensitive health-related information in the encrypted s-health records (SHRs). For another, it usually supports …
Survey Of Randomization Defenses On Cloud Computing, Jianming Fu, Yan Lin, Xiuwen Liu, Xu Zhang
Survey Of Randomization Defenses On Cloud Computing, Jianming Fu, Yan Lin, Xiuwen Liu, Xu Zhang
Research Collection School Of Computing and Information Systems
Cloud computing has changed the processing mode on resources of individuals and industries by providing computing and storage services to users. However, existing defenses on cloud, such as virtual machine monitoring and integrity detection, cannot counter against attacks result from the homogeneity and vulnerability of services effectively. In this paper, we have investigated the threats on cloud computing platform from the perspective of cloud service, service interface and network interface, such as code reuse attack, side channel attack and SQL injection. Code reuse attack chains code snippets (gadgets) located in binaries to bypass Data Execution Prevention (DEP). Side channel attack …
Doas: Efficient Data Owner Authorized Search Over Encrypted Cloud Data, Yibin Miao, Jianfeng Ma, Ximeng Liu, Zhiquan Liu, Junwei Zhang, Fushan Wei
Doas: Efficient Data Owner Authorized Search Over Encrypted Cloud Data, Yibin Miao, Jianfeng Ma, Ximeng Liu, Zhiquan Liu, Junwei Zhang, Fushan Wei
Research Collection School Of Computing and Information Systems
Data outsourcing service can shift the local data storage and maintenance to cloud service provider (CSP) to ease the burden from data owner, but it brings the data security threats as CSP is always considered to honest-but-curious. Therefore, searchable encryption (SE) technique which allows cloud clients (including data owner and data user) to securely search over ciphertext through keywords and selectively retrieve files of interest is of prime importance. However, in practice, data user’s access permission always dynamically varies with data owner’s preferences. Moreover, existing SE schemes which are based on attribute-based encryption (ABE) incur heavy computational burden through attribution …