Privacy-Preserving k-Means Clustering under Multiowner Setting in Distributed Cloud Environments

With the advent of big data era, clients who lack computational and storage resources tend to outsource data mining tasks to cloud service providers in order to improve efficiency and reduce costs. It is also increasingly common for clients to perform collaborative mining to maximize profits. However, due to the rise of privacy leakage issues, the data contributed by clients should be encrypted using their own keys. This paper focuses on privacy-preserving k-means clustering over the joint datasets encrypted under multiple keys. Unfortunately, existing outsourcing k-means protocols are impractical because not only are they restricted to a single key setting, but also they are inefficient and nonscalable for distributed cloud computing. To address these issues, we propose a set of privacy-preserving building blocks and outsourced k-means clustering protocol under Spark framework. Theoretical analysis shows that our scheme protects the confidentiality of the joint database and mining results, as well as access patterns under the standard semihonest model with relatively small computational overhead. Experimental evaluations on real datasets also demonstrate its efficiency improvements compared with existing approaches.

Download Full-text

Privacy-Preserving Broker-ABE Scheme for Multiple Cloud-Assisted Cyber Physical Systems

Sensors ◽

10.3390/s19245463 ◽

2019 ◽

Vol 19 (24) ◽

pp. 5463 ◽

Cited By ~ 1

Author(s):

Po-Wen Chi ◽

Ming-Hung Wang

Keyword(s):

Data Privacy ◽

Service Providers ◽

Real Life ◽

Data Communication ◽

Physical Space ◽

Cloud Service ◽

Cyber Physical Systems ◽

Privacy Preserving ◽

Sensor Data ◽

Physical Systems

Cloud-assisted cyber–physical systems (CCPSs) integrate the physical space with cloud computing. To do so, sensors on the field collect real-life data and forward it to clouds for further data analysis and decision-making. Since multiple services may be accessed at the same time, sensor data should be forwarded to different cloud service providers (CSPs). In this scenario, attribute-based encryption (ABE) is an appropriate technique for securing data communication between sensors and clouds. Each cloud has its own attributes and a broker can determine which cloud is authorized to access data by the requirements set at the time of encryption. In this paper, we propose a privacy-preserving broker-ABE scheme for multiple CCPSs (MCCPS). The ABE separates the policy embedding job from the ABE task. To ease the computational burden of the sensors, this scheme leaves the policy embedding task to the broker, which is generally more powerful than the sensors. Moreover, the proposed scheme provides a way for CSPs to protect data privacy from outside coercion.

Download Full-text

The OLYMPUS Architecture—Oblivious Identity Management for Private User-Friendly Services

Sensors ◽

10.3390/s20030945 ◽

2020 ◽

Vol 20 (3) ◽

pp. 945 ◽

Cited By ~ 1

Author(s):

Rafael Torres Moreno ◽

Jorge Bernal Bernabe ◽

Jesús García Rodríguez ◽

Tore Kasper Frederiksen ◽

Michael Stausholm ◽

...

Keyword(s):

Identity Management ◽

Service Providers ◽

Single Point ◽

Building Blocks ◽

Privacy Preserving ◽

Privacy And Security ◽

Iot Devices ◽

Eu Project ◽

Cryptographic Techniques ◽

Identity Provider

Privacy enhancing technologies (PETs) allow to achieve user’s transactions unlinkability across different online Service Providers. However, current PETs fail to guarantee unlinkability against the Identity Provider (IdP), which becomes a single point of failure in terms of privacy and security, and therefore, might impersonate its users. To address this issue, OLYMPUS EU project establishes an interoperable framework of technologies for a distributed privacy-preserving identity management based on cryptographic techniques that can be applied both to online and offline scenarios. Namely, distributed cryptographic techniques based on threshold cryptography are used to split up the role of the Identity Provider (IdP) into several authorities so that a single entity is not able to impersonate or track its users. The architecture leverages PET technologies, such as distributed threshold-based signatures and privacy attribute-based credentials (p-ABC), so that the signed tokens and the ABC credentials are managed in a distributed way by several IdPs. This paper describes the Olympus architecture, including its associated requirements, the main building blocks and processes, as well as the associated use cases. In addition, the paper shows how the Olympus oblivious architecture can be used to achieve privacy-preserving M2M offline transactions between IoT devices.

Download Full-text

Limiting Privacy Breaches in Average-Distance Query

Security and Communication Networks ◽

10.1155/2020/8895281 ◽

2020 ◽

Vol 2020 ◽

pp. 1-24

Author(s):

Huihua Xia ◽

Yan Xiong ◽

Wenchao Huang ◽

Zhaoyi Meng ◽

Fuyou Miao

Keyword(s):

Service Providers ◽

Average Distance ◽

Real Life ◽

Privacy Preserving ◽

Business Decision ◽

Privacy Leakage ◽

Private Data ◽

New Type ◽

Different Dimensions ◽

Privacy Breaches

Querying average distances is useful for real-world applications such as business decision and medical diagnosis, as it can help a decision maker to better understand the users’ data in a database. However, privacy has been an increasing concern. People are now suffering serious privacy leakage from various kinds of sources, especially service providers who provide insufficient protection on user’s private data. In this paper, we discover a new type of attack in an average-distance query (AVGD query) with noisy results. The attack is general that it can be used to reveal private data of different dimensions. We theoretically analyze how different factors affect the accuracy of the attack and propose the privacy-preserving mechanism based on the analysis. We experiment on two real-life datasets to show the feasibility and severity of the attack. The results show that the severity of the attack is mainly influenced by the factors including the noise magnitude, the number of queries, and the number of users in each query. Also, we validate the correctness of our theoretical analysis by comparing with the experimental results and confirm the effectiveness of the privacy-preserving mechanism.

Download Full-text

A Cloud-User Protocol Based on Ciphertext Watermarking Technology

Security and Communication Networks ◽

10.1155/2017/4376282 ◽

2017 ◽

Vol 2017 ◽

pp. 1-14 ◽

Cited By ~ 1

Author(s):

Keyang Liu ◽

Weiming Zhang ◽

Xiaojuan Dong

Keyword(s):

Cloud Computing ◽

Service Providers ◽

Hamming Distance ◽

Cloud Service ◽

Third Party ◽

Plain Text ◽

Privacy Leakage ◽

Cloud Computing Service ◽

The Right ◽

Cloud User

With the growth of cloud computing technology, more and more Cloud Service Providers (CSPs) begin to provide cloud computing service to users and ask for users’ permission of using their data to improve the quality of service (QoS). Since these data are stored in the form of plain text, they bring about users’ worry for the risk of privacy leakage. However, the existing watermark embedding and encryption technology is not suitable for protecting the Right to Be Forgotten. Hence, we propose a new Cloud-User protocol as a solution for plain text outsourcing problem. We only allow users and CSPs to embed the ciphertext watermark, which is generated and embedded by Trusted Third Party (TTP), into the ciphertext data for transferring. Then, the receiver decrypts it and obtains the watermarked data in plain text. In the arbitration stage, feature extraction and the identity of user will be used to identify the data. The fixed Hamming distance code can help raise the system’s capability for watermarks as much as possible. Extracted watermark can locate the unauthorized distributor and protect the right of honest CSP. The results of experiments demonstrate the security and validity of our protocol.

Download Full-text

A Privacy-Preserving Outsourcing Data Storage Scheme with Fragile Digital Watermarking-Based Data Auditing

Journal of Electrical and Computer Engineering ◽

10.1155/2016/3219042 ◽

2016 ◽

Vol 2016 ◽

pp. 1-7 ◽

Cited By ~ 3

Author(s):

Xinyue Cao ◽

Zhangjie Fu ◽

Xingming Sun

Keyword(s):

Data Storage ◽

Digital Watermarking ◽

Service Providers ◽

Logistic Map ◽

Cloud Service ◽

Privacy Preserving ◽

Good Effect ◽

Operation Speed ◽

Storage Scheme ◽

Data Auditing

Cloud storage has been recognized as the popular solution to solve the problems of the rising storage costs of IT enterprises for users. However, outsourcing data to the cloud service providers (CSPs) may leak some sensitive privacy information, as the data is out of user’s control. So how to ensure the integrity and privacy of outsourced data has become a big challenge. Encryption and data auditing provide a solution toward the challenge. In this paper, we propose a privacy-preserving and auditing-supporting outsourcing data storage scheme by using encryption and digital watermarking. Logistic map-based chaotic cryptography algorithm is used to preserve the privacy of outsourcing data, which has a fast operation speed and a good effect of encryption. Local histogram shifting digital watermark algorithm is used to protect the data integrity which has high payload and makes the original image restored losslessly if the data is verified to be integrated. Experiments show that our scheme is secure and feasible.

Download Full-text

Reliable and Secure Distributed Cloud Data Storage Using Reed-Solomon Codes

International Journal of Software Engineering and Knowledge Engineering ◽

10.1142/s0218194015400355 ◽

2015 ◽

Vol 25 (09n10) ◽

pp. 1611-1632 ◽

Cited By ~ 2

Author(s):

Haiping Xu ◽

Deepti Bhalerao

Keyword(s):

Data Storage ◽

Service Providers ◽

Cloud Service ◽

Cloud Data ◽

Server Side ◽

Reed Solomon Codes ◽

Redundant Data ◽

Cloud Data Storage ◽

Client Side ◽

Distributed Cloud

Despite the popularity and many advantages of using cloud data storage, there are still major concerns about the data stored in the cloud, such as security, reliability and confidentiality. In this paper, we propose a reliable and secure distributed cloud data storage schema using Reed-Solomon codes. Different from existing approaches to achieving data reliability with redundancy at the server side, our proposed mechanism relies on multiple cloud service providers (CSP), and protects users’ cloud data from the client side. In our approach, we view multiple cloud-based storage services as virtual independent disks for storing redundant data encoded with erasure codes. Since each CSP has no access to a user’s complete data, the data stored in the cloud would not be easily compromised. Furthermore, the failure or disconnection of a CSP will not result in the loss of a user’s data as the missing data pieces can be readily recovered. To demonstrate the feasibility of our approach, we developed a prototype distributed cloud data storage application using three major CSPs. The experimental results show that, besides the reliability and security related benefits of our approach, the application outperforms each individual CSP for uploading and downloading files.

Download Full-text

Privacy preservation Models for Third-Party Auditor over Cloud Computing: a Survey

10.20944/preprints202109.0413.v1 ◽

2021 ◽

Author(s):

Abdul Razaque ◽

Mohamed Frej ◽

Bandar Alotaibi ◽

Munif Alotaibi

Keyword(s):

Cloud Computing ◽

Privacy Preservation ◽

Service Providers ◽

Personal Information ◽

Cloud Service ◽

Privacy Preserving ◽

Third Party ◽

Security Requirements ◽

Security Threats ◽

State Of Art

Cloud computing has become a prominent technology due to its important utility service; this service concentrates on outsourcing data to organizations and individual consumers. Cloud computing has considerably changed the manner in which individuals or organizations store, retrieve, and organize their personal information. Despite the manifest development in cloud computing, there are still some concerns regarding the level of security and issues related to adopting cloud computing that prevent users from fully trusting this useful technology. Hence, for the sake of reinforcing the trust between Cloud Clients (CC) and Cloud Service Providers (CSP), as well as safeguarding the CC’s data in the cloud, several security paradigms of cloud computing based on a Third-Party Auditor (TPA) have been introduced. The TPA, as a trusted party, is responsible for checking the integrity of the CC’s data and all the critical information associated with it. However, the TPA could become an adversary and could aim to deteriorate the privacy of the CC’s data by playing a malicious role. In this paper, we present the state-of-art of cloud computing’s privacy-preserving models (PPM) based on a TPA. Three TPA factors of paramount significance have been discussed: TPA involvement, security requirements, and security threats caused by vulnerabilities. Moreover, TPA’s privacy preserving models have been comprehensively analyzed and categorized into different classes with an emphasis on their dynamicity. Finally, we discuss the limitations of the models and present our recommendations for their improvement.

Download Full-text

A Privacy-Preserving Personalized Service Framework through Bayesian Game in Social IoT

Wireless Communications and Mobile Computing ◽

10.1155/2020/8891889 ◽

2020 ◽

Vol 2020 ◽

pp. 1-13

Author(s):

Renwan Bi ◽

Qianxin Chen ◽

Lei Chen ◽

Jinbo Xiong ◽

Dapeng Wu

Keyword(s):

Privacy Protection ◽

Service Providers ◽

Cloud Service ◽

Privacy Preserving ◽

Security Requirements ◽

User Privacy ◽

Personalized Service ◽

Bayesian Game ◽

Uncertainty Reasoning ◽

Service Framework

It is enormously challenging to achieve a satisfactory balance between quality of service (QoS) and users’ privacy protection along with measuring privacy disclosure in social Internet of Things (IoT). We propose a privacy-preserving personalized service framework (Persian) based on static Bayesian game to provide privacy protection according to users’ individual security requirements in social IoT. Our approach quantifies users’ individual privacy preferences and uses fuzzy uncertainty reasoning to classify users. These classification results facilitate trustworthy cloud service providers (CSPs) in providing users with corresponding levels of services. Furthermore, the CSP makes a strategic choice with the goal of maximizing reputation through playing a decision-making game with potential adversaries. Our approach uses Shannon information entropy to measure the degree of privacy disclosure according to the probability of game mixed strategy equilibrium. Experimental results show that Persian guarantees QoS and effectively protects user privacy despite the existence of adversaries.

Download Full-text

Privacy Preservation Models for Third-Party Auditor over Cloud Computing: A Survey

Electronics ◽

10.3390/electronics10212721 ◽

2021 ◽

Vol 10 (21) ◽

pp. 2721

Author(s):

Abdul Razaque ◽

Mohamed Ben Haj Frej ◽

Bandar Alotaibi ◽

Munif Alotaibi

Keyword(s):

Cloud Computing ◽

Privacy Preservation ◽

Service Providers ◽

State Of The Art ◽

Personal Information ◽

Cloud Service ◽

Privacy Preserving ◽

Third Party ◽

Security Requirements ◽

Security Threats

Cloud computing has become a prominent technology due to its important utility service; this service concentrates on outsourcing data to organizations and individual consumers. Cloud computing has considerably changed the manner in which individuals or organizations store, retrieve, and organize their personal information. Despite the manifest development in cloud computing, there are still some concerns regarding the level of security and issues related to adopting cloud computing that prevent users from fully trusting this useful technology. Hence, for the sake of reinforcing the trust between cloud clients (CC) and cloud service providers (CSP), as well as safeguarding the CC’s data in the cloud, several security paradigms of cloud computing based on a third-party auditor (TPA) have been introduced. The TPA, as a trusted party, is responsible for checking the integrity of the CC’s data and all the critical information associated with it. However, the TPA could become an adversary and could aim to deteriorate the privacy of the CC’s data by playing a malicious role. In this paper, we present the state of the art of cloud computing’s privacy-preserving models (PPM) based on a TPA. Three TPA factors of paramount significance are discussed: TPA involvement, security requirements, and security threats caused by vulnerabilities. Moreover, TPA’s privacy preserving models are comprehensively analyzed and categorized into different classes with an emphasis on their dynamicity. Finally, we discuss the limitations of the models and present our recommendations for their improvement.

Download Full-text

A Practical Conflicting Role-based Cloud Security Risk Evaluation Method

Recent Advances in Computer Science and Communications ◽

10.2174/2666255813666191204145140 ◽

2019 ◽

Vol 13 ◽

Author(s):

Jin Han ◽

Jing Zhan ◽

Xiaoqing Xia ◽

Xue Fan

Keyword(s):

Risk Evaluation ◽

Evaluation Method ◽

Service Providers ◽

Risk Preferences ◽

Cloud Service ◽

Cloud Security ◽

Third Party ◽

Security Evaluation ◽

Security Risk ◽

Cloud Users

Background: Currently, Cloud Service Provider (CSP) or third party usually proposes principles and methods for cloud security risk evaluation, while cloud users have no choice but accept them. However, since cloud users and cloud service providers have conflicts of interests, cloud users may not trust the results of security evaluation performed by the CSP. Also, different cloud users may have different security risk preferences, which makes it difficult for third party to consider all users' needs during evaluation. In addition, current security evaluation indexes for cloud are too impractical to test (e.g., indexes like interoperability, transparency, portability are not easy to be evaluated). Methods: To solve the above problems, this paper proposes a practical cloud security risk evaluation method of decision-making based on conflicting roles by using the Analytic Hierarchy Process (AHP) with Aggregation of Individual priorities (AIP). Results: Not only can our method bring forward a new index system based on risk source for cloud security and corresponding practical testing methods, but also can obtain the evaluation result with the risk preferences of conflicting roles, namely CSP and cloud users, which can lay a foundation for improving mutual trusts between the CSP and cloud users. The experiments show that the method can effectively assess the security risk of cloud platforms and in the case where the number of clouds increased by 100% and 200%, the evaluation time using our methodology increased by only by 12% and 30%. Conclusion: Our method can achieve consistent decision based on conflicting roles, high scalability and practicability for cloud security risk evaluation.

Download Full-text