Design and implementation of multi-user secure indices for encrypted cloud storage
10 Jul 2013-pp 177-184
TL;DR: The design and implementation of an encrypted cloud storage system that supports multi-user secure indices, allowing efficient search among encrypted documents of multiple users is reported, and experiment results show that keyword search can be performed in real time.
Abstract: Cloud storage is one of the most rapidly growing cloud services, which at the same time also faces serious security challenges. Recently, several cloud-storage service providers started to provide encryption protection to client data in the cloud. However, encryption imposes significant limits on data use. In this paper, we report our design and implementation of an encrypted cloud storage system that supports multi-user secure indices, allowing efficient search among encrypted documents of multiple users. Experiment results show that keyword search can be performed in real time. We believe that our system represent a first step toward providing secure and useful cloud-storage services in practice.
Citations
More filters
TL;DR: A sharable ID-based encryption with keyword search in cloud computing environment, which enables users to search in data owners’ shared storage while preserving privacy of data is proposed.
Abstract: Cloud storage is one of the most important applications in our daily lives. User can store their own data into cloud storage and remotely access the saved data. Owing to the social media develops, users can share the digital files to other users, leading to the amount of data growing rapidly and searching abilities necessarily. In the some cases, servers cannot avoid data leakage even if the server provides complete access control. The encrypted data is a best way to resolve this problem but it may eliminate original structure and searching may become impossible. Applying searchable encryption for each receiver may produce messy duplication and occupy the quota of cloud storage from each receiver. User requires keeping their shared documents belonging up to date which are compared with the latest version. To this aim, we thus propose a sharable ID-based encryption with keyword search in cloud computing environment, which enables users to search in data owners’ shared storage while preserving privacy of data. For the performance analysis, we demonstrate the compared resultant with others ID-based or ID-relative encryption. In addition to that, we show the formal proof to verify the security of our proposed.
25 citations
Patent•
27 Oct 2014
TL;DR: In this article, the authors describe a process for accessing a data storage device of a cloud computer system through a gateway computer system, which is connected with the cloud computer over a network and stores at least one cryptographic key.
Abstract: The invention relates to a process for accessing a data storage device ( 128 ) of a cloud computer system ( 102 ) through a gateway computer system ( 100 ) which is connected with the cloud computer system over a network ( 106 ) and which stores at least one cryptographic key ( 120 ), the cloud computer system being associated with a URL and the gateway computer system being associated with an IP address, the Internet Domain Name System being modified to resolve the domain contained in the URL of the cloud computer system into the IP address of the gateway computer system, this process comprising the following steps:
Setting up a protected connection ( 110 ) over the Internet between a first piece of terminal equipment ( 112 ) of the user and the gateway computer system by inputting the URL of the cloud computer system into a program of the piece of terminal equipment, and using the modified Domain Name System for name resolution of the URL, so that the protected connection is set up with the gateway computer system instead of with the cloud computer system; Transferring a file ( 101 ) over the protected connection from the terminal equipment to the gateway computer system; Setting up a session ( 154 ) over the network between the gateway computer system and the cloud computer system; Encrypting the file by the gateway computer system using the cryptographic key; Transferring the encrypted file ( 132 ) through the session from the gateway computer system to the cloud computer system; Storing the encrypted file in the data storage device of the cloud computer system.
5 citations
TL;DR: From the result analysis it is clearly seen that the proposed technique has better Avalanche Effect and execution time than existing technique and hence can be incorporated in the process of encryption/decryption of any plain text or on any key value.
Abstract: Cloud computing concept has been envisioned as architecture of the next generation for Information Technology (IT) enterprise. The Cloud computing idea offers with dynamic scalable resources provisioned as examine on the Internet. It allows access to remote computing services and users only have to pay for what they want to use, when they want to use it. But the security of the information which is stored in the cloud is the major issue for a cloud user. Cloud computing has been flourishing in past years because of its ability to provide users with on-demand, flexible, reliable, and low-cost services. With more and more cloud applications being available, data security becomes an important issue to the cloud. In order to make sure security of the information at cloud data storage end, a design and implementation of an algorithm to enhance cloud security is proposed. With a concept, where the proposed algorithm (PA) combines features of two other existing algorithms named Ceaser cipher and Attribute based cryptography (ABC). In this research work, text information are encrypting using “Caesar Cipher” then produced cipher text again encrypted by using proposed algorithm (PA) with the help of private key of 128 bits. And in the last step of encryption process, based on ABC, attribute related to cipher text is stored along with cipher text generated after encryption which provide two-step authentication during decryption process. A security approach is designed and developed for data security concept regarding higher confidentiality and authenticity for the cloud data at cloud storage end with experiment analysis to authenticate its efficiency. From the result analysis it is clearly seen that the proposed technique has better Avalanche Effect and execution time than existing technique and hence can be incorporated in the process of encryption/decryption of any plain text or on any key value.
5 citations
Cites background from "Design and implementation of multi-..."
...Cloud secure architecture [10, 11] by using encryption/searchable encryption technologies allows the search process in the form of encrypted data and the retrieval of data in a safe manner....
[...]
01 Jan 2015
TL;DR: The proposed model provides a way to protect the data, check the integrity and authentication by best possible industry mechanisms, which makes the proposed model more consistent, scalable, secure and effective to use it in real time applications.
Abstract: Cloud comes with lots of benefits but still users hesitate to adopt it. Still there are certain issues which are complications in the development of cloud computing. Most protuberant issue prevailing now days is data security at cloud. Main reason or fear in user mind is regarding security whether their data is in insecure hands or is it safe to upload their sensitive data over cloud. To solve this problem of data security a models has been proposed. Our cloud security model plans to keep the most critical data security in cloud computing at different levels like user level, cloud service provider level, third party level and network intruder level. The proposed model provides a way to protect the data, check the integrity and authentication by best possible industry mechanisms. We proposed a model which is extremely secure and is based on data owner model i.e. data is under control of data owner. To maintain data privacy re-encryption is performed with the help of third party and for data integrity Hash Based Message authentication code is generated on encrypted data. Encryption, Clouding, HMAC and Dual substantiation and access management technique has been used which make the proposed model more consistent, scalable, secure and effective to use it in real time applications.
2 citations
Cites background from "Design and implementation of multi-..."
...al[2] report a design and implementation of an encrypted cloud storage system that supports multi-user secure indices, allowing efficient search among encrypted documents of multiple users....
[...]
Patent•
23 Oct 2017
TL;DR: In this paper, the authors present a system for identifying related tokens in data content using structured signature data implemented in a cloud-based system receiving data sets and customer configuration from a customer, wherein the data sets include customer specific sensitive data from a structured data source with each token represented by a hash value.
Abstract: Systems and methods of Exact Data Matching (EDM) for identifying related tokens in data content using structured signature data implemented in a cloud-based system receiving data sets and customer configuration from a customer, wherein the data sets include customer specific sensitive data from a structured data source with each token represented by a hash value and the customer configuration includes one or more primary keys for a plurality of records in the data sets; distributing the data sets and the customer configuration to a plurality of nodes in the cloud-based system; performing monitoring of content between a client of the customer and an external network; detecting a presence of a plurality of tokens associated with a record in the customer specific sensitive data based on the monitoring; and performing a policy-based action in the cloud-based system based on the detecting.
1 citations
References
More filters
14 May 2000
TL;DR: This work describes the cryptographic schemes for the problem of searching on encrypted data and provides proofs of security for the resulting crypto systems, and presents simple, fast, and practical algorithms that are practical to use today.
Abstract: It is desirable to store data on data storage servers such as mail servers and file servers in encrypted form to reduce security and privacy risks. But this usually implies that one has to sacrifice functionality for security. For example, if a client wishes to retrieve only documents containing certain words, it was not previously known how to let the data storage server perform the search and answer the query, without loss of data confidentiality. We describe our cryptographic schemes for the problem of searching on encrypted data and provide proofs of security for the resulting crypto systems. Our techniques have a number of crucial advantages. They are provably secure: they provide provable secrecy for encryption, in the sense that the untrusted server cannot learn anything about the plaintext when only given the ciphertext; they provide query isolation for searches, meaning that the untrusted server cannot learn anything more about the plaintext than the search result; they provide controlled searching, so that the untrusted server cannot search for an arbitrary word without the user's authorization; they also support hidden queries, so that the user may ask the untrusted server to search for a secret word without revealing the word to the server. The algorithms presented are simple, fast (for a document of length n, the encryption and search algorithms only need O(n) stream cipher and block cipher operations), and introduce almost no space and communication overhead, and hence are practical to use today.
3,300 citations
"Design and implementation of multi-..." refers background in this paper
...supports both controlled and hidden search, as well as query isolation [9]....
[...]
02 May 2004
TL;DR: This work defines and construct a mechanism that enables Alice to provide a key to the gateway that enables the gateway to test whether the word “urgent” is a keyword in the email without learning anything else about the email.
Abstract: We study the problem of searching on data that is encrypted using a public key system. Consider user Bob who sends email to user Alice encrypted under Alice’s public key. An email gateway wants to test whether the email contains the keyword “urgent” so that it could route the email accordingly. Alice, on the other hand does not wish to give the gateway the ability to decrypt all her messages. We define and construct a mechanism that enables Alice to provide a key to the gateway that enables the gateway to test whether the word “urgent” is a keyword in the email without learning anything else about the email. We refer to this mechanism as Public Key Encryption with keyword Search. As another example, consider a mail server that stores various messages publicly encrypted for Alice by others. Using our mechanism Alice can send the mail server a key that will enable the server to identify all messages containing some specific keyword, but learn nothing else. We define the concept of public key encryption with keyword search and give several constructions.
3,024 citations
"Design and implementation of multi-..." refers background in this paper
...Keyword search over encrypted data can also be achieved in a public-key setting [13], [14]....
[...]
TL;DR: This work describes schemes that enable a user to access k replicated copies of a database and privately retrieve information stored in the database, so that each individual server gets no information on the identity of the item retrieved by the user.
Abstract: Publicly accessible databases are an indispensable resource for retrieving up-to-date information. But they also pose a significant risk to the privacy of the user, since a curious database operator can follow the user's queries and infer what the user is after. Indeed, in cases where the users' intentions are to be kept secret, users are often cautious about accessing the database. It can be shown that when accessing a single database, to completely guarantee the privacy of the user, the whole database should be down-loaded; namely n bits should be communicated (where n is the number of bits in the database).In this work, we investigate whether by replicating the database, more efficient solutions to the private retrieval problem can be obtained. We describe schemes that enable a user to access k replicated copies of a database (k≥2) and privately retrieve information stored in the database. This means that each individual server (holding a replicated copy of the database) gets no information on the identity of the item retrieved by the user. Our schemes use the replication to gain substantial saving. In particular, we present a two-server scheme with communication complexity O(n1/3).
1,918 citations
23 Oct 1995
TL;DR: Schemes that enable a user to access k replicated copies of a database and privately retrieve information stored in the database and get no information on the identity of the item retrieved by the user are described.
Abstract: We describe schemes that enable a user to access k replicated copies of a database (k/spl ges/2) and privately retrieve information stored in the database. This means that each individual database gets no information on the identity of the item retrieved by the user. For a single database, achieving this type of privacy requires communicating the whole database, or n bits (where n is the number of bits in the database). Our schemes use the replication to gain substantial saving. In particular, we have: A two database scheme with communication complexity of O(n/sup 1/3/). A scheme for a constant number, k, of databases with communication complexity O(n/sup 1/k/). A scheme for 1/3 log/sub 2/ n databases with polylogarithmic (in n) communication complexity.
1,630 citations
"Design and implementation of multi-..." refers methods in this paper
...To remedy this problem, we devise a new way to avoid it by incorporating more than one index servers in our architecture [18], [19], [20], [21]....
[...]
03 Jun 2002
TL;DR: The paper explores an algebraic framework to split the query to minimize the computation at the client site, and explores techniques to execute SQL queries over encrypted data.
Abstract: Rapid advances in networking and Internet technologies have fueled the emergence of the "software as a service" model for enterprise computing. Successful examples of commercially viable software services include rent-a-spreadsheet, electronic mail services, general storage services, disaster protection services. "Database as a Service" model provides users power to create, store, modify, and retrieve data from anywhere in the world, as long as they have access to the Internet. It introduces several challenges, an important issue being data privacy. It is in this context that we specifically address the issue of data privacy.There are two main privacy issues. First, the owner of the data needs to be assured that the data stored on the service-provider site is protected against data thefts from outsiders. Second, data needs to be protected even from the service providers, if the providers themselves cannot be trusted. In this paper, we focus on the second challenge. Specifically, we explore techniques to execute SQL queries over encrypted data. Our strategy is to process as much of the query as possible at the service providers' site, without having to decrypt the data. Decryption and the remainder of the query processing are performed at the client site. The paper explores an algebraic framework to split the query to minimize the computation at the client site. Results of experiments validating our approach are also presented.
1,351 citations
"Design and implementation of multi-..." refers methods in this paper
...proposed incorporating additional indexing information using non-injective maps to support SQL queries [15]....
[...]