Security and Privacy of Outsourced Cloud Data Services

The emergence of cloud computing brings a paradigm shift to the way that big data is stored, accessed and utilized. Especially, outsourcing data to the public cloud enjoys unlimited resources with great economic savings for both data owners and users. However, as customers no longer have physical control over the remote cloud resources, security and privacy concerns have been major hurdles against the widespread adoption of the cloud technology.

Our research aims at protecting user privacy in the public cloud, by designing privacy-assured, usable and efficient data storage, auditing, and processing solutions for large amount of sensitive information stored in commercial cloud platforms, such as corporate financial documents, medical records and social network profiles. Currently, we focus on the following research issues.

  • Proving the Possession of Multi-Owner Data in the Cloud

Provable Data Possession (PDP) in the cloud is audit1an efficient way for users to ensure the correctness of their data stored in the cloud. However, existing PDP solutions mainly focus on single-owner data, which cannot achieve anonymity and efficiency during the proving of the possession of multi-owner data, where data are shared and managed among multiple owners with cloud services, such as Dropbox. In this project, we focus on preserving anonymity [3] and improving owner revocation efficiency [4] by utilizing cryptographic methods, such as ring signatures, group signatures, proxy re-signatures, etc. In the future, we will reduce the storage cost and verification time for multi-owner data, by leveraging aggregation methods, such as polynomial commitment scheme. In addition, we are exploring proving the possession of data provenance for multi-owner data.

  • Privacy-Preserving and Usable Search over Cloud Data

Supporting effective data search operationssearchmodel over outsourced cloud data in a privacy-preserving manner is another key challenge [1]. Existing techniques such as searchable encryption are either too computationally expensive, or lack the enough flexibility and usability to be adopted by cloud users in practice.  In this project, we focus on achieving ranked/similarity search [5], multi-keyword search [10], multi-dimensional range query [9], and graph-structured data, by combining lightweight cryptography primitives with information-retrieval techniques in novel ways. For example, our previous solution [5] is based on the MD algorithm and cosine similarity, and a scalar-product preserving encryption (SPE) scheme, which achieves better-than-linear search complexity while preserving data and query privacy simultaneously.

  • Collaborative Outsourced Computations Leveraging the Cloud

There is a growing trend of securely multikeymodeloutsourcing complex computations to the cloud, such like optimization problems, machine learning etc. However, previous work mostly focus on the single-key scenario, where outsourced data are generated and processed by a single user. In practice, collaborative computing applications are also very important, where data are contributed by multiple users and the results are learnt by different users too. For example, data classification and machine learning benefits from having multiple users’ private datasets. This calls for non-interactive schemes that can compute encrypted data effciently under multiple keys. In this project, we explore the new architecture of two or more non-colluding cloud servers to achieve this goal. In [9], our solutions exploit proxy re-encryption schemes with partially homomorphic properties, which minimizes the interaction between the cloud servers.


Related Publications

  1. Ming Li, Shucheng Yu, Kui Ren, Wenjing Lou and Y. Thomas Hou, “Toward Privacy-Assured Searchable Cloud Data Storage Services”, IEEE Network, July 2013.
  2. Wenhai Sun, Bin Wang, Ning Cao, Ming Li, Wenjing Lou, Y. Thomas Hou and Hui Li,”Verifiable Privacy-Preserving Multi-keyword Text Search in the Cloud Supporting Similarity-based Ranking”, IEEE Transactions on Parallel and Distributed Systems (TPDS), accepted.
  3. Ning Cao, Cong Wang, Ming Li, Kui Ren and Wenjing Lou, “Privacy-Preserving Multi-keyword Ranked Search over Encrypted Cloud Data,”
    IEEE Transactions on Parallel and Distributed Systems (TPDS), Jan. 2014.
  4. Ming Li, Shucheng Yu, Yao Zheng, Kui Ren and Wenjing Lou, “Scalable and Secure Sharing of Personal Health Records in Cloud Computing using Attribute-based Encryption,” IEEE Transactions on Parallel and Distributed Systems (TPDS), Jan. 2013.
  5. Boyang Wang, Yantian Hou, Ming Li, Haitao Wang and Hui Li, “Maple: Scalable Multi-Dimensional Range Search over Encrypted Cloud Data with Tree-based Index”,the 9th ACM Symposium on Information, Computer and Communications Security (ASIACCS’14), Kyoto, Japan, Jun 4-6, 2014
  6. Boyang Wang, Sherman S.M. Chow, Ming Li and Hui Li, “Storing Shared Data on the Cloud via Security-Mediator”, The 33rd International Conference on Distributed Computing Systems (ICDCS ’13), Philadelphia, PA, Jul. 8-11, 2013.
  7. Boyang Wang, Hui Li and Ming Li, “Privacy-Preserving Public Auditing for Shared Cloud Data Supporting Group Dynamics”, IEEE International Conference on Communications (ICC’13), Budapest, Hungary, Jun. 7-13, 2013.
  8. Wenhai Sun, Bin Wang, Ning Cao, Ming Li, Wenjing Lou, Y. Thomas Hou and Hui Li, “Privacy-Preserving Multi-keyword Text Search in the Cloud Supporting Similarity-based Ranking”, The 8th ACM Symposium on Information, Computer and Communications Security(ASIACCS’13), Hangzhou, China, May 7-10, 2013. (Best Paper Award)
  9. Boyang Wang, Ming Li, Sherman Chow, and Hui Li, “Computing Encrypted Cloud Data Efficiently under Multiple Keys”, IEEE CNS SPCC workshop, Washington, D.C, Oct. 14-16, 2013.
  10. Ning Zhang, Ming Li, Wenjing Lou and Y. Thomas Hou, “MUSHI: Toward Multiple Level Security Cloud with Strong Hardware Level Isolation”, IEEE Military Communications Conference (MILCOM’12), Orlando, FL, Dec. 2012.
  11. Yao Zheng, Ming Li, Wenjing Lou and Y. Thomas Hou, “SHARP: Private Proximity Test and Secure Handshake with Cheat-Proof Location Tags”, The 17th European Symposium on Research in Computer Security (ESORICS’12), Pisa, Italy, Sept. 10-14, 2012.
  12. Ming Li, Shucheng Yu, Ning Cao and Wenjing Lou, “Authorized Private Keyword Search over Encrypted Data in Cloud Computing,”the 31st International Conference on Distributed Computing Systems (ICDCS’11), Minneapolis, MN, Jun. 21-24, 2011.
  13. Ning Cao, Cong Wang, Ming Li, Kui Ren and Wenjing Lou, “Privacy-Preserving Multi-keyword Ranked Search over Encrypted Cloud Data,” The 30th IEEE International Conference on Computer Communications (INFOCOM’11), Shanghai, China, Apr. 2011.
  14. Ming Li, Ning Cao, Shucheng Yu and Wenjing Lou, “FindU: Privacy-Preserving Personal Profile Matching in Mobile Social Networks,” The 30th IEEE International Conference on Computer Communications (INFOCOM’11), Shanghai, China, Apr. 2011.
  15. Ming Li, Shucheng Yu, Kui Ren and Wenjing Lou, “Securing Personal Health Records in Cloud Computing: Patient-centric and Fine-grained Data Access Control in Multi-owner Settings”, The 6th International ICST Conference on Security and Privacy in Communication Networks (SecureComm’10), Singapore, Sept. 7-10, 2010.

Acknowledgement: We thank the generous support by NSF grant CNS-1218085 and an AWS in Education Research Grant Award.

Disclaimer: The papers here are made available for timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders.