A Secure and Dynamic Multi-keyword Ranked Search Scheme over Encrypted Cloud Data

Transcription

1 An Efficient Privacy-Preserving Ranked Keyword Search Method Cloud data owners prefer to outsource documents in an encrypted form for the purpose of privacy preserving. Therefore it is essential to develop efficient and reliable ciphertext search techniques. One challenge is that the relationship between documents will be normally concealed in the process of encryption, which will lead to significant search accuracy performance degradation. Also the volume of data in data centers has experienced a dramatic growth. This will make it even more challenging to design ciphertext search schemes that can provide efficient and reliable online information retrieval on large volume of encrypted data. In this paper, a hierarchical clustering method is proposed to support more search semantics and also to meet the demand for fast ciphertext search within a big data environment. The proposed hierarchical approach clusters the documents based on the minimum relevance threshold, and then partitions the resulting clusters into sub-clusters until the constraint on the maximum size of cluster is reached. In the search phase, this approach can reach a linear computational complexity against an exponential size increase of document collection. In order to verify the authenticity of search results, a structure called minimum hash sub-tree is designed in this paper. Experiments have been conducted using the collection set built from the IEEE Xplore. The results show that with a sharp increase of documents in the dataset the search time of the proposed method increases linearly whereas the search time of the traditional method increases exponentially. Furthermore, the proposed method has an advantage over the traditional method in the rank privacy and relevance of retrieved documents. A Secure and Dynamic Multi-keyword Ranked Search Scheme over Encrypted Cloud Data ue to the increasing popularity of cloud computing, more and more data owners are motivated to outsource their data to cloud servers for great convenience and reduced cost in data management. However, sensitive data should be encrypted before outsourcing for privacy requirements, which obsoletes data utilization like keyword-based document retrieval. In this paper, we present a secure multi-keyword ranked search scheme over encrypted cloud data, which simultaneously supports dynamic update operations like deletion and insertion of documents. Specifically, the vector space model and the widely-used TFIDF model are combined in the index construction and query generation. We construct a special tree-based index structure and propose a Greedy Depth-first Search algorithm to provide efficient multi-keyword ranked search. The secure knn algorithm is utilized to encrypt the index and query vectors, and meanwhile ensure accurate relevance score calculation between encrypted index and query vectors. In order to resist statistical attacks, phantom terms are added to the index vector for blinding search results. Due to the use of our special tree-based index structure, the proposed scheme can achieve sub-linear search time and deal with the deletion and insertion of documents flexibly. Extensive experiments are conducted to demonstrate the efficiency of the proposed scheme.

2 Shared Authority Based Privacy-Preserving Authentication Protocol in Cloud Computing Cloud computing is an emerging data interactive paradigm to realize users' data remotely stored in an online cloud server. Cloud services provide great conveniences for the users to enjoy the on-demand cloud applications without considering the local infrastructure limitations. During the data accessing, different users may be in a collaborative relationship, and thus data sharing becomes significant to achieve productive benefits. The existing security solutions mainly focus on the authentication to realize that a user's privative data cannot be illegally accessed, but neglect a subtle privacy issue during a user challenging the cloud server to request other users for data sharing. The challenged access request itself may reveal the user's privacy no matter whether or not it can obtain the data access permissions. In this paper, we propose a shared authority based privacy-preserving authentication protocol (SAPA) to address above privacy issue for cloud storage. In the SAPA, 1) shared access authority is achieved by anonymous access request matching mechanism with security and privacy considerations (e.g., authentication, data anonymity, user privacy, and forward security); 2) attribute based access control is adopted to realize that the user can only access its own data fields; 3) proxy re-encryption is applied to provide data sharing among the multiple users. Meanwhile, universal composability (UC) model is established to prove that the SAPA theoretically has the design correctness. It indicates that the proposed protocol is attractive for multi-user collaborative cloud applications. Online Resource Scheduling under Concave Pricing for Cloud Computing With the booming cloud computing industry, computational resources are readily and elastically available to the customers. In order to attract customers with various demands, most Infrastructure-asa-service (IaaS) cloud service providers offer several pricing strategies such as pay as you go, pay less per unit when you use more (so called volume discount), and pay even less when you reserve. The diverse pricing schemes among different IaaS service providers or even in the same provider form a complex economic landscape that nurtures the market of cloud brokers. By strategically scheduling multiple customers resource requests, a cloud broker can fully take advantage of the discounts offered by cloud service providers. In this paper, we focus on how a broker can help a group of customers to fully utilize the volume discount pricing strategy offered by cloud service providers through cost-efficient online resource scheduling. We present a randomized online stack-centric scheduling algorithm (ROSA) and theoretically prove the lower bound of its competitive ratio. Three special cases of the offline concave cost scheduling problem and the corresponding optimal algorithms are introduced. Our simulation shows that ROSA achieves a competitive ratio close to the theoretical lower bound under the special cases. Trace-driven simulation using Google cluster data demonstrates that ROSA is superior to the conventional online scheduling algorithms in terms of cost saving.

3 Cloud Armor: Supporting Reputation-based Trust Management for Cloud Services Trust management is one of the most challenging issues for the adoption and growth of cloud computing. The highly dynamic, distributed, and non-transparent nature of cloud services introduces several challenging issues such as privacy, security, and availability. Preserving consumers privacy is not an easy task due to the sensitive information involved in the interactions between consumers and the trust management service. Protecting cloud services against their malicious users (e.g., such users might give misleading feedback to disadvantage a particular cloud service) is a difficult problem. Guaranteeing the availability of the trust management service is another significant challenge because of the dynamic nature of cloud environments. In this article, we describe the design and implementation of CloudArmor, a reputation-based trust management framework that provides a set of functionalities to deliver Trust as a Service (TaaS), which includes i) a novel protocol to prove the credibility of trust feedbacks and preserve users privacy, ii) an adaptive and robust credibility model for measuring the credibility of trust feedbacks to protect cloud services from malicious users and to compare the trustworthiness of cloud services, and iii) an availability model to manage the availability of the decentralized implementation of the trust management service. The feasibility and benefits of our approach have been validated by a prototype and experimental studies using a collection of real-world trust feedbacks on cloud services. The Value of Cooperation: Minimizing User Costs in Multi-broker Mobile Cloud Computing Networks We study the problem of user cost minimization in mobile cloud computing (MCC) networks. We consider a MCC model where multiple brokers assign cloud resources to mobile users. The model is characterized by an heterogeneous cloud architecture (which includes a public cloud and a cloudlet) and by the heterogeneous pricing strategies of cloud service providers. In this setting, we investigate two classes of cloud reservation strategies, i.e., a competitive strategy, and a compete-then-cooperate strategy as a performance bound. We first study a purely competitive scenario where brokers compete to reserve computing resources from remote public clouds (which are affected by long delays) and from local cloudlets (which have limited computational resources but short delays). We provide theoretical results demonstrating the existence of disagreement points (i.e., the equilibrium reservation strategy that no broker has incentive to deviate unilaterally from) and convergence of the bestresponse strategies of the brokers to disagreement points. We then consider the scenario in which brokers agree to cooperate in exchange for a lower average cost of resources. We formulate a cooperative problem where the objective is to minimize the total average price of all brokers, under the constraint that no broker should pay a price higher than the disagreement price (i.e., the competitive price).we design new globally optimal solution algorithm to solve the resulting non-convex cooperative problem, based on a combination of the branch and bound framework and of advanced convex relaxation techniques. The resulting optimal solution provides a lower bound on the achievable user cost without complete collusion among brokers. Compared with pure competition, we found that i) noticeable cooperative

4 gains can be achieved over pure competition in markets with a few brokers only, and ii) the cooperative gain is only marginal in crowded markets, i.e., with a high number of brokers, hence there is n- clear incentive for brokers to cooperate. Attribute-based Access Control with Constant-size Cipher text in Cloud Computing With the popularity of cloud computing, there have been increasing concerns about its security and privacy. Since the cloud computing environment is distributed and untrusted, data owners have to encrypt outsourced data to enforce confidentiality. Therefore, how to achieve practicable access control of encrypted data in an untrusted environment is an urgent issue that needs to be solved. Attribute- Based Encryption (ABE) is a promising scheme suitable for access control in cloud storage systems. This paper proposes a hierarchical attribute-based access control scheme with constant-size ciphertext. The scheme is efficient because the length of ciphertext and the number of bilinear pairing evaluations to a constant are fixed. Its computation cost in encryption and decryption algorithms is low. Moreover, the hierarchical authorization structure of our scheme reduces the burden and risk of a single authority scenario. We prove the scheme is of CCA2 security under the decisional q-bilinear Diffie-Hellman Exponent assumption. In addition, we implement our scheme and analyse its performance. The analysis results show the proposed scheme is efficient, scalable, and fine-grained in dealing with access control for outsourced data in cloud computing. Distributed denial of service attacks in software-defined networking with cloud computing Although software-defined networking (SDN) brings numerous benefits by decoupling the control plane from the data plane, there is a contradictory relationship between SDN and distributed denial-of-service (DDoS) attacks. On one hand, the capabilities of SDN make it easy to detect and to react to DDoS attacks. On the other hand, the separation of the control plane from the data plane of SDN introduces new attacks. Consequently, SDN itself may be a target of DDoS attacks. In this paper, we first discuss the new trends and characteristics of DDoS attacks in cloud computing environments. We show that SDN brings us a new chance to defeat DDoS attacks in cloud computing environments, and we summarize good features of SDN in defeating DDoS attacks. Then we review the studies about launching DDoS attacks on SDN and the methods against DDoS attacks in SDN. In addition, we discuss a number of challenges that need to be addressed to mitigate DDoS attached in SDN with cloud computing. This work can help understand how to make full use of SDN's advantages to defeat DDoS attacks in cloud computing environments and how to prevent SDN itself from becoming a victim of DDoS attacks. Distributed denial of service attacks in software-defined networking with cloud computing

5 Although software-defined networking (SDN) brings numerous benefits by decoupling the control plane from the data plane, there is a contradictory relationship between SDN and distributed denial-of-service (DDoS) attacks. On one hand, the capabilities of SDN make it easy to detect and to react to DDoS attacks. On the other hand, the separation of the control plane from the data plane of SDN introduces new attacks. Consequently, SDN itself may be a target of DDoS attacks. In this paper, we first discuss the new trends and characteristics of DDoS attacks in cloud computing environments. We show that SDN brings us a new chance to defeat DDoS attacks in cloud computing environments, and we summarize good features of SDN in defeating DDoS attacks. Then we review the studies about launching DDoS attacks on SDN and the methods against DDoS attacks in SDN. In addition, we discuss a number of challenges that need to be addressed to mitigate DDoS attached in SDN with cloud computing. This work can help understand how to make full use of SDN's advantages to defeat DDoS attacks in cloud computing environments and how to prevent SDN itself from becoming a victim of DDoS attacks. The Value of Cooperation: Minimizing User Costs in Multi-broker Mobile Cloud Computing Networks We study the problem of user cost minimization in mobile cloud computing (MCC) networks. We consider a MCC model where multiple brokers assign cloud resources to mobile users. The model is characterized by an heterogeneous cloud architecture (which includes a public cloud and a cloudlet) and by the heterogeneous pricing strategies of cloud service providers. In this setting, we investigate two classes of cloud reservation strategies, i.e., a competitive strategy, and a compete-then-cooperate strategy as a performance bound. We first study a purely competitive scenario where brokers compete to reserve computing resources from remote public clouds (which are affected by long delays) and from local cloudlets (which have limited computational resources but short delays). We provide theoretical results demonstrating the existence of disagreement points (i.e., the equilibrium reservation strategy that no broker has incentive to deviate unilaterally from) and convergence of the best response strategies of the brokers to disagreement points. We then consider the scenario in which brokers agree to cooperate in exchange for a lower average cost of resources. We formulate a cooperative problem where the objective is to minimize the total average price of all brokers, under the constraint that no broker should pay a price higher than the disagreement price (i.e., the competitive price).we design new globally optimal solution algorithm to solve the resulting non-convex cooperative problem, based on a combination of the branch and bound framework and of advanced convex relaxation techniques. The resulting optimal solution provides a lower bound on the achievable user cost without complete collusion among brokers. Compared with pure competition, we found that i) noticeable cooperative gains can be achieved over pure competition in markets with a few brokers only, and ii) the cooperative gain is only marginal in crowded markets, i.e., with a high number of brokers, hence there is n- clear incentive for brokers to cooperate.

6 CHARM: A Cost-efficient Multi-cloud Data Hosting Scheme with High Availability Nowadays, more and more enterprises and organizations are hosting their data into the cloud, in order to reduce the IT maintenance cost and enhance the data reliability. However, facing the numerous cloud vendors as well as their heterogenous pricing policies, customers may well be perplexed with which cloud(s) are suitable for storing their data and what hosting strategy is cheaper. The general status quo is that customers usually put their data into a single cloud (which is subject to the vendor lock-in risk) and then simply trust to luck. Based on comprehensive analysis of various state-of-the-art cloud vendors, this paper proposes a novel data hosting scheme (named CHARM) which integrates two key functions desired. The first is selecting several suitable clouds and an appropriate redundancy strategy to store data with minimized monetary cost and guaranteed availability. The second is triggering a transition process to re-distribute data according to the variations of data access pattern and pricing of clouds. We evaluate the performance of CHARM using both trace-driven simulations and prototype experiments. The results show that compared with the major existing schemes, CHARM not only saves around 20% of monetary cost but also exhibits sound adaptability to data and price adjustments.