Open Access. Powered by Scholars. Published by Universities.®
Physical Sciences and Mathematics Commons™
Open Access. Powered by Scholars. Published by Universities.®
Articles 1 - 19 of 19
Full-Text Articles in Physical Sciences and Mathematics
Efficient Certificateless Multi-Copy Integrity Auditing Scheme Supporting Data Dynamics, Lei Zhou, Anmin Fu, Guomin Yang, Huaqun Wang, Yuqing Zhang
Efficient Certificateless Multi-Copy Integrity Auditing Scheme Supporting Data Dynamics, Lei Zhou, Anmin Fu, Guomin Yang, Huaqun Wang, Yuqing Zhang
Research Collection School Of Computing and Information Systems
To improve data availability and durability, cloud users would like to store multiple copies of their original files at servers. The multi-copy auditing technique is proposed to provide users with the assurance that multiple copies are actually stored in the cloud. However, most multi-replica solutions rely on Public Key Infrastructure (PKI), which entails massive overhead of certificate computation and management. In this article, we propose an efficient multi-copy dynamic integrity auditing scheme by employing certificateless signatures (named MDSS), which gets rid of expensive certificate management overhead and avoids the key escrow problem in identity-based signatures. Specifically, we improve the classic …
Attribute-Based Cloud Data Integrity Auditing For Secure Outsourced Storage, Yong Yu, Yannan Li, Bo Yang, Willy Susilo, Guomin Yang, Jian Bai
Attribute-Based Cloud Data Integrity Auditing For Secure Outsourced Storage, Yong Yu, Yannan Li, Bo Yang, Willy Susilo, Guomin Yang, Jian Bai
Research Collection School Of Computing and Information Systems
Outsourced storage such as cloud storage can significantly reduce the burden of data management of data owners. Despite of a long list of merits of cloud storage, it triggers many security risks at the same time. Data integrity, one of the most burning challenges in secure cloud storage, is a fundamental and pivotal element in outsourcing services. Outsourced data auditing protocols enable a verifier to efficiently check the integrity of the outsourced files without downloading the entire file from the cloud, which can dramatically reduce the communication overhead between the cloud server and the verifier. Existing protocols are mostly based …
Traceable Dynamic Public Auditing With Identity Privacy Preserving For Cloud Storage, Yinghui Zhang, Tiantian Zhang, Rui Guo, Shengmin Xu, Dong Zheng
Traceable Dynamic Public Auditing With Identity Privacy Preserving For Cloud Storage, Yinghui Zhang, Tiantian Zhang, Rui Guo, Shengmin Xu, Dong Zheng
Research Collection School Of Computing and Information Systems
In cloud computing era, an increasing number of resource-constrained users outsource their data to cloud servers. Due to the untrustworthiness of cloud servers, it is important to ensure the integrity of outsourced data. However, most of existing solutions still have challenging issues needing to be addressed, such as the identity privacy protection of users, the traceability of users, the supporting of dynamic user operations, and the publicity of auditing. In order to tackle these issues simultaneously, in this paper, we propose a traceable dynamic public auditing scheme with identity privacy preserving for cloud storage. In the proposed scheme, a single …
An Efficient And Expressive Ciphertext-Policy Attribute-Based Encryption Scheme With Partially Hidden Access Structures, Revisited, Hui Cui, Robert H. Deng, Junzuo Lai, Xun Yi, Surya Nepal
An Efficient And Expressive Ciphertext-Policy Attribute-Based Encryption Scheme With Partially Hidden Access Structures, Revisited, Hui Cui, Robert H. Deng, Junzuo Lai, Xun Yi, Surya Nepal
Research Collection School Of Computing and Information Systems
Ciphertext-policy attribute-based encryption (CP-ABE) has been regarded as one of the promising solutions to protect data security and privacy in cloud storage services. In a CP-ABE scheme, an access structure is included in the ciphertext, which, however, may leak sensitive information about the underlying plaintext and the privileged recipients in that anyone who sees the ciphertext is able to learn the attributes of the privileged recipients from the associated access structure. In order to address this issue, CP-ABE with partially hidden access structures was introduced where each attribute is divided into an attribute name and an attribute value and the …
An Efficient And Expressive Ciphertext-Policy Attribute-Based Encryption Scheme With Partially Hidden Access Structures, Revisited, Hui Cui, Robert H. Deng, Junzuo Lai, Xun Yi, Surya Nepal
An Efficient And Expressive Ciphertext-Policy Attribute-Based Encryption Scheme With Partially Hidden Access Structures, Revisited, Hui Cui, Robert H. Deng, Junzuo Lai, Xun Yi, Surya Nepal
Research Collection School Of Computing and Information Systems
Ciphertext-policy attribute-based encryption (CP-ABE) has been regarded as one of the promising solutions to protect data security and privacy in cloud storage services. In a CP-ABE scheme, an access structure is included in the ciphertext, which, however, may leak sensitive information about the underlying plaintext and the privileged recipients in that anyone who sees the ciphertext is able to learn the attributes of the privileged recipients from the associated access structure. In order to address this issue, CP-ABE with partially hidden access structures was introduced where each attribute is divided into an attribute name and an attribute value and the …
Vmkdo: Verifiable Multi-Keyword Search Over Encrypted Cloud Data For Dynamic Data-Owner, Yibin Miao, Jianfeng Ma, Ximeng Liu, Zhiquan Liu, Limin Shen, Fushan Wei
Vmkdo: Verifiable Multi-Keyword Search Over Encrypted Cloud Data For Dynamic Data-Owner, Yibin Miao, Jianfeng Ma, Ximeng Liu, Zhiquan Liu, Limin Shen, Fushan Wei
Research Collection School Of Computing and Information Systems
The advantages of cloud computing encourage individuals and enterprises to outsource their local data storage and computation to cloud server, however, data security and privacy concerns seriously hinder the practicability of cloud storage. Although searchable encryption (SE) technique enables cloud server to provide fundamental encrypted data retrieval services for data-owners, equipping with a result verification mechanism is still of prime importance in practice as semi-trusted cloud server may return incorrect search results. Besides, single keyword search inevitably incurs many irrelevant results which result in waste of bandwidth and computation resources. In this paper, we are among the first to tackle …
Secure Fine-Grained Access Control And Data Sharing For Dynamic Groups In The Cloud, Shengmin Xu, Guomin Yang, Yi Mu, Robert H. Deng
Secure Fine-Grained Access Control And Data Sharing For Dynamic Groups In The Cloud, Shengmin Xu, Guomin Yang, Yi Mu, Robert H. Deng
Research Collection School Of Computing and Information Systems
Cloud computing is an emerging computing paradigm that enables users to store their data in a cloud server to enjoy scalable and on-demand services. Nevertheless, it also brings many security issues, since cloud service providers (CSPs) are not in the same trusted domain as users. To protect data privacy against untrusted CSPs, existing solutions apply cryptographic methods (e.g., encryption mechanisms) and provide decryption keys only to authorized users. However, sharing cloud data among authorized users at a fine-grained level is still a challenging issue, especially when dealing with dynamic user groups. In this paper, we propose a secure and efficient …
Attribute-Based Cloud Storage With Secure Provenance Over Encrypted Data, Hui Cui, Robert H. Deng, Yingjiu Li
Attribute-Based Cloud Storage With Secure Provenance Over Encrypted Data, Hui Cui, Robert H. Deng, Yingjiu Li
Research Collection School Of Computing and Information Systems
To securely and conveniently enjoy the benefits of cloud storage, it is desirable to design a cloud data storage system which protects data privacy from storage servers through encryption, allows fine-grained access control such that data providers can expressively specify who are eligible to access the encrypted data, enables dynamic user management such that the total number of data users is unbounded and user revocation can be carried out conveniently, supports data provider anonymity and traceability such that a data provider’s identity is not disclosed to data users in normal circumstances but can be traced by a trusted authority if …
Eacsip: Extendable Access Control System With Integrity Protection For Enhancing Collaboration In The Cloud, Willy Susilo, Peng Jiang, Fuchun Guo, Guomin Yang, Yong Yu, Yi Mu
Eacsip: Extendable Access Control System With Integrity Protection For Enhancing Collaboration In The Cloud, Willy Susilo, Peng Jiang, Fuchun Guo, Guomin Yang, Yong Yu, Yi Mu
Research Collection School Of Computing and Information Systems
It is widely acknowledged that the collaborations with more users increase productivity. Secure cloud storage is a promising tool to enhance such a collaboration. Access control system can be enabled with attribute-based encryption. In this system, a user encrypts and uploads his/her data to the cloud with an access policy, such that only people who satisfy that access policy can decrypt the data. When a recipient would like to enable another person who is originally unauthorized by the original access policy, this recipient will need to extend the access policy by adding a new policy that includes the new person …
Attribute-Based Encryption With Expressive And Authorized Keyword Search, Hui Cui, Robert H. Deng, Joseph K. Liu, Yingjiu Li
Attribute-Based Encryption With Expressive And Authorized Keyword Search, Hui Cui, Robert H. Deng, Joseph K. Liu, Yingjiu Li
Research Collection School Of Computing and Information Systems
To protect data security and privacy in cloud storage systems, a common solution is to outsource data in encrypted forms so that the data will remain secure and private even if storage systems are compromised. The encrypted data, however, must be pliable to search and access control. In this paper, we introduce a notion of attribute-based encryption with expressive and authorized keyword search (ABE-EAKS) to support both expressive keyword search and fine-grained access control over encrypted data in the cloud. In ABE-EAKS, every data user is associated with a set of attributes and is issued a private attribute-key corresponding to …
Online/Offline Provable Data Possession, Yujue Wang, Qianhong Wu, Bo Qin, Shaohua Tang, Willy Susilo
Online/Offline Provable Data Possession, Yujue Wang, Qianhong Wu, Bo Qin, Shaohua Tang, Willy Susilo
Research Collection School Of Computing and Information Systems
Provable data possession (PDP) allows a user to outsource data with a guarantee that the integrity can be efficiently verified. Existing publicly verifiable PDP schemes require the user to perform expensive computations, such as modular exponentiations for processing data before outsourcing to the storage server, which is not desirable for weak users with limited computation resources. In this paper, we introduce and formalize an online/offline PDP (OOPDP) model, which divides the data processing procedure into offline and online phases. In OOPDP, most of the expensive computations for processing data are performed in the offline phase, and the online phase requires …
Identity-Based Data Outsourcing With Comprehensive Auditing In Clouds, Yujue Wang, Qianhong Wu, Bo Qin, Wenchang Shi, Robert H. Deng, Jiankun Hu
Identity-Based Data Outsourcing With Comprehensive Auditing In Clouds, Yujue Wang, Qianhong Wu, Bo Qin, Wenchang Shi, Robert H. Deng, Jiankun Hu
Research Collection School Of Computing and Information Systems
Cloud storage system provides facilitative file storage and sharing services for distributed clients. To address integrity, controllable outsourcing, and origin auditing concerns on outsourced files, we propose an identity-based data outsourcing (IBDO) scheme equipped with desirable features advantageous over existing proposals in securing outsourced data. First, our IBDO scheme allows a user to authorize dedicated proxies to upload data to the cloud storage server on her behalf, e.g., a company may authorize some employees to upload files to the company's cloud account in a controlled way. The proxies are identified and authorized with their recognizable identities, which eliminates complicated certificate …
Ownership-Hidden Group-Oriented Proofs Of Storage From Pre-Homomorphic Signatures, Yujue Wang, Qianhong Wu, Bo Qin, Xiaofeng Chen, Xinyi Huang, Jungang Lou
Ownership-Hidden Group-Oriented Proofs Of Storage From Pre-Homomorphic Signatures, Yujue Wang, Qianhong Wu, Bo Qin, Xiaofeng Chen, Xinyi Huang, Jungang Lou
Research Collection School Of Computing and Information Systems
In this paper, we study the problem of secure cloud storage in a multi-user setting such that the ownership of outsourced files can be hidden against the cloud server. There is a group manager for initiating the system, who is also responsible for issuing private keys for the involved group members. All authorized members are able to outsource files to the group’s storage account at some cloud server. Although the ownership of outsourced file is preserved against the cloud server, the group manager could trace the true identity of any suspicious file for liability investigation. To address this issue, we …
Dissecting Developer Policy Violating Apps: Characterization And Detection, Su Mon Kywe, Yingjiu Li, Jason Hong, Yao Cheng
Dissecting Developer Policy Violating Apps: Characterization And Detection, Su Mon Kywe, Yingjiu Li, Jason Hong, Yao Cheng
Research Collection School Of Computing and Information Systems
To ensure quality and trustworthiness of mobile apps, Google Play store imposes various developer policies. Once an app is reported for exhibiting policy-violating behaviors, it is removed from the store to protect users. Currently, Google Play store relies on mobile users’ feedbacks to identify policy violations. Our paper takes the first step towards understanding these policy-violating apps. First, we crawl 302 Android apps, which are reported in the Reddit forum by mobile users for policy violations and are later removed from the Google Play store. Second, we perform empirical analysis, which reveals that many violating behaviors have not been studied …
Attribute-Based Encryption With Granular Revocation, Hui Cui, Deng, Robert H., Xuhua Ding, Yingjiu Li
Attribute-Based Encryption With Granular Revocation, Hui Cui, Deng, Robert H., Xuhua Ding, Yingjiu Li
Research Collection School Of Computing and Information Systems
Attribute-based encryption (ABE) enables an access control mechanism over encrypted data by specifying access policies over attributes associated with private keys or ciphertexts, which is a promising solution to protect data privacy in cloud storage services. As an encryption system that involves many data users whose attributes might change over time, it is essential to provide a mechanism to selectively revoke data users’ attributes in an ABE system. However, most of the previous revokable ABE schemes consider how to disable revoked data users to access (newly) encrypted data in the system, and there are few of them that can be …
On Indistinguishability In Remote Data Integrity Checking, Xinyu Fan, Guomin Yang, Yi Mu, Yong Yu
On Indistinguishability In Remote Data Integrity Checking, Xinyu Fan, Guomin Yang, Yi Mu, Yong Yu
Research Collection School Of Computing and Information Systems
With a rapid growth of data storage in the cloud, data integrity checking in a remote data storage system has become an important issue. A number of protocols, which allow remote integrity checking by a third party, have been proposed. Although those protocols are provably secure, the data privacy issues in those protocols have not been considered. We believe that these issues are equally important since the communication flows of integrity proofs from the cloud server should not reveal any useful information of the stored data. In this paper, we introduce a new definition of data privacy called ‘INDPrivacy’ by …
A New Public Remote Integrity Checking Scheme With User Privacy, Yiteng Feng, Yi Mu, Guomin Yang, Joseph Liu
A New Public Remote Integrity Checking Scheme With User Privacy, Yiteng Feng, Yi Mu, Guomin Yang, Joseph Liu
Research Collection School Of Computing and Information Systems
With a cloud storage, users can store their data files on a remote cloud server with a high quality on-demand cloud service and are able to share their data with other users. Since cloud servers are not usually regarded as fully trusted and the cloud data can be shared amongst users, the integrity checking of the remote files has become an important issue. A number of remote data integrity checking protocols have been proposed in the literature to allow public auditing of cloud data by a third party auditor (TPA). However, user privacy is not taken into account in most …
On The Security Of Auditing Mechanisms For Secure Cloud Storage, Yong Yu, Lei Niu, Guomin Yang, Yi Mu, Willy Susilo
On The Security Of Auditing Mechanisms For Secure Cloud Storage, Yong Yu, Lei Niu, Guomin Yang, Yi Mu, Willy Susilo
Research Collection School Of Computing and Information Systems
Cloud computing is a novel computing model that enables convenient and on-demand access to a shared pool of configurable computing resources. Auditing services are highly essential to make sure that the data is correctly hosted in the cloud. In this paper, we investigate the active adversary attacks in three auditing mechanisms for shared data in the cloud, including two identity privacy-preserving auditing mechanisms called Oruta and Knox, and a distributed storage integrity auditing mechanism.We show that these schemes become insecure when active adversaries are involved in the cloud storage. Specifically, an active adversary can arbitrarily alter the cloud data without …
Dynamic Secure Cloud Storage With Provenance, Sherman S. M. Chow, Cheng-Kang Chu, Xinyi Huang, Jianying Zhou, Robert H. Deng
Dynamic Secure Cloud Storage With Provenance, Sherman S. M. Chow, Cheng-Kang Chu, Xinyi Huang, Jianying Zhou, Robert H. Deng
Research Collection School Of Computing and Information Systems
One concern in using cloud storage is that the sensitive data should be confidential to the servers which are outside the trust domain of data owners. Another issue is that the user may want to preserve his/her anonymity in the sharing or accessing of the data (such as in Web 2.0 applications). To fully enjoy the benefits of cloud storage, we need a confidential data sharing mechanism which is fine-grained (one can specify who can access which classes of his/her encrypted files), dynamic (the total number of users is not fixed in the setup, and any new user can decrypt …