The Experts below are selected from a list of 48354 Experts worldwide ranked by ideXlab platform
Kyungtae Kang - One of the best experts on this subject based on the ideXlab platform.
-
secure data deduplication with dynamic ownership management in Cloud Storage
International Conference on Data Engineering, 2017Co-Authors: Junbeom Hur, Youngjoo Shin, Dongyoung Koo, Kyungtae KangAbstract:In Cloud services, deduplication technology is commonly used to reduce the space and bandwidth requirements of services by eliminating redundant data and storing only a single copy. Deduplication is most effective when multiple users outsource the same data to the Cloud Storage, but it raises issues relating to security and ownership. Proof-ofownership schemes allow any owner of the same data to prove to the Cloud Storage server that he owns the data in a robust way. However, if encrypted data is outsourced into the Cloud Storage and the ownership changes dynamically, deduplication would be hampered. Thus, we propose a secure deduplication scheme that supports dynamic ownership management based on randomized convergent encryption [3] in this study.
-
Secure Data Deduplication with Dynamic Ownership Management in Cloud Storage
IEEE Transactions on Knowledge and Data Engineering, 2016Co-Authors: Junbeom Hur, Youngjoo Shin, Dongyoung Koo, Kyungtae KangAbstract:In Cloud Storage services, deduplication technology is commonly used to reduce the space and bandwidth requirements of services by eliminating redundant data and storing only a single copy of them. Deduplication is most effective when multiple users outsource the same data to the Cloud Storage, but it raises issues relating to security and ownership. Proof-of-ownership schemes allow any owner of the same data to prove to the Cloud Storage server that he owns the data in a robust way. However, many users are likely to encrypt their data before outsourcing them to the Cloud Storage to preserve privacy, but this hampers deduplication because of the randomization property of encryption. Recently, several deduplication schemes have been proposed to solve this problem by allowing each owner to share the same encryption key for the same data. However, most of the schemes suffer from security flaws, since they do not consider the dynamic changes in the ownership of outsourced data that occur frequently in a practical Cloud Storage service. In this paper, we propose a novel server-side deduplication scheme for encrypted data. It allows the Cloud server to control access to outsourced data even when the ownership changes dynamically by exploiting randomized convergent encryption and secure ownership group key distribution. This prevents data leakage not only to revoked users even though they previously owned that data, but also to an honest-but-curious Cloud Storage server. In addition, the proposed scheme guarantees data integrity against any tag inconsistency attack. Thus, security is enhanced in the proposed scheme. The efficiency analysis results demonstrate that the proposed scheme is almost as efficient as the previous schemes, while the additional computational overhead is negligible.
Kan Yang - One of the best experts on this subject based on the ideXlab platform.
-
expressive efficient and revocable data access control for multi authority Cloud Storage
IEEE Transactions on Parallel and Distributed Systems, 2014Co-Authors: Kan Yang, Xiaohua JiaAbstract:Data access control is an effective way to ensure the data security in the Cloud. Due to data outsourcing and untrusted Cloud servers, the data access control becomes a challenging issue in Cloud Storage systems. Ciphertext-Policy Attribute-based Encryption (CP-ABE) is regarded as one of the most suitable technologies for data access control in Cloud Storage, because it gives data owners more direct control on access policies. However, it is difficult to directly apply existing CP-ABE schemes to data access control for Cloud Storage systems because of the attribute revocation problem. In this paper, we design an expressive, efficient and revocable data access control scheme for multi-authority Cloud Storage systems, where there are multiple authorities co-exist and each authority is able to issue attributes independently. Specifically, we propose a revocable multi-authority CP-ABE scheme, and apply it as the underlying techniques to design the data access control scheme. Our attribute revocation method can efficiently achieve both forward security and backward security. The analysis and simulation results show that our proposed data access control scheme is secure in the random oracle model and is more efficient than previous works.
-
dac macs effective data access control for multiauthority Cloud Storage systems
IEEE Transactions on Information Forensics and Security, 2013Co-Authors: Kan Yang, Xiaohua Jia, Kui Ren, Bo Zhang, Ruitao XieAbstract:Data access control is an effective way to ensure data security in the Cloud. However, due to data outsourcing and untrusted Cloud servers, the data access control becomes a challenging issue in Cloud Storage systems. Existing access control schemes are no longer applicable to Cloud Storage systems, because they either produce multiple encrypted copies of the same data or require a fully trusted Cloud server. Ciphertext-policy attribute-based encryption (CP-ABE) is a promising technique for access control of encrypted data. However, due to the inefficiency of decryption and revocation, existing CP-ABE schemes cannot be directly applied to construct a data access control scheme for multiauthority Cloud Storage systems, where users may hold attributes from multiple authorities. In this paper, we propose data access control for multiauthority Cloud Storage (DAC-MACS), an effective and secure data access control scheme with efficient decryption and revocation. Specifically, we construct a new multiauthority CP-ABE scheme with efficient decryption, and also design an efficient attribute revocation method that can achieve both forward security and backward security. We further propose an extensive data access control scheme (EDAC-MACS), which is secure under weaker security assumptions.
-
dac macs effective data access control for multi authority Cloud Storage systems
International Conference on Computer Communications, 2013Co-Authors: Kan Yang, Xiaohua Jia, Kui Ren, Bo ZhangAbstract:Data access control is an effective way to ensure the data security in the Cloud. However, due to data outsourcing and untrusted Cloud servers, the data access control becomes a challenging issue in Cloud Storage systems. Existing access control schemes are no longer applicable to Cloud Storage systems, because they either produce multiple encrypted copies of the same data or require a fully trusted Cloud server. Ciphertext-Policy Attribute-based Encryption (CP-ABE) is a promising technique for access control of encrypted data. It requires a trusted authority manages all the attributes and distributes keys in the system. In Cloud Storage systems, there are multiple authorities co-exist and each authority is able to issue attributes independently. However, existing CP-ABE schemes cannot be directly applied to data access control for multi-authority Cloud Storage systems, due to the inefficiency of decryption and revocation. In this paper, we propose DAC-MACS (Data Access Control for Multi-Authority Cloud Storage), an effective and secure data access control scheme with efficient decryption and revocation. Specifically, we construct a new multi-authority CP-ABE scheme with efficient decryption and also design an efficient attribute revocation method that can achieve both forward security and backward security. The analysis and the simulation results show that our DAC-MACS is highly efficient and provably secure under the security model.
Kui Ren - One of the best experts on this subject based on the ideXlab platform.
-
enabling Cloud Storage auditing with key exposure resistance
IEEE Transactions on Information Forensics and Security, 2015Co-Authors: Kui Ren, Cong Wang, Vijay VaradharajanAbstract:Cloud Storage auditing is viewed as an important service to verify the integrity of the data in public Cloud. Current auditing protocols are all based on the assumption that the client’s secret key for auditing is absolutely secure. However, such assumption may not always be held, due to the possibly weak sense of security and/or low security settings at the client. If such a secret key for auditing is exposed, most of the current auditing protocols would inevitably become unable to work. In this paper, we focus on this new aspect of Cloud Storage auditing. We investigate how to reduce the damage of the client’s key exposure in Cloud Storage auditing, and give the first practical solution for this new problem setting. We formalize the definition and the security model of auditing protocol with key-exposure resilience and propose such a protocol. In our design, we employ the binary tree structure and the preorder traversal technique to update the secret keys for the client. We also develop a novel authenticator construction to support the forward security and the property of blockless verifiability. The security proof and the performance analysis show that our proposed protocol is secure and efficient.
-
dac macs effective data access control for multiauthority Cloud Storage systems
IEEE Transactions on Information Forensics and Security, 2013Co-Authors: Kan Yang, Xiaohua Jia, Kui Ren, Bo Zhang, Ruitao XieAbstract:Data access control is an effective way to ensure data security in the Cloud. However, due to data outsourcing and untrusted Cloud servers, the data access control becomes a challenging issue in Cloud Storage systems. Existing access control schemes are no longer applicable to Cloud Storage systems, because they either produce multiple encrypted copies of the same data or require a fully trusted Cloud server. Ciphertext-policy attribute-based encryption (CP-ABE) is a promising technique for access control of encrypted data. However, due to the inefficiency of decryption and revocation, existing CP-ABE schemes cannot be directly applied to construct a data access control scheme for multiauthority Cloud Storage systems, where users may hold attributes from multiple authorities. In this paper, we propose data access control for multiauthority Cloud Storage (DAC-MACS), an effective and secure data access control scheme with efficient decryption and revocation. Specifically, we construct a new multiauthority CP-ABE scheme with efficient decryption, and also design an efficient attribute revocation method that can achieve both forward security and backward security. We further propose an extensive data access control scheme (EDAC-MACS), which is secure under weaker security assumptions.
-
dac macs effective data access control for multi authority Cloud Storage systems
International Conference on Computer Communications, 2013Co-Authors: Kan Yang, Xiaohua Jia, Kui Ren, Bo ZhangAbstract:Data access control is an effective way to ensure the data security in the Cloud. However, due to data outsourcing and untrusted Cloud servers, the data access control becomes a challenging issue in Cloud Storage systems. Existing access control schemes are no longer applicable to Cloud Storage systems, because they either produce multiple encrypted copies of the same data or require a fully trusted Cloud server. Ciphertext-Policy Attribute-based Encryption (CP-ABE) is a promising technique for access control of encrypted data. It requires a trusted authority manages all the attributes and distributes keys in the system. In Cloud Storage systems, there are multiple authorities co-exist and each authority is able to issue attributes independently. However, existing CP-ABE schemes cannot be directly applied to data access control for multi-authority Cloud Storage systems, due to the inefficiency of decryption and revocation. In this paper, we propose DAC-MACS (Data Access Control for Multi-Authority Cloud Storage), an effective and secure data access control scheme with efficient decryption and revocation. Specifically, we construct a new multi-authority CP-ABE scheme with efficient decryption and also design an efficient attribute revocation method that can achieve both forward security and backward security. The analysis and the simulation results show that our DAC-MACS is highly efficient and provably secure under the security model.
-
privacy preserving public auditing for secure Cloud Storage
IEEE Transactions on Computers, 2013Co-Authors: Cong Wang, Sherman S. M. Chow, Kui Ren, Qian Wang, Wenjing LouAbstract:Using Cloud Storage, users can remotely store their data and enjoy the on-demand high-quality applications and services from a shared pool of configurable computing resources, without the burden of local data Storage and maintenance. However, the fact that users no longer have physical possession of the outsourced data makes the data integrity protection in Cloud computing a formidable task, especially for users with constrained computing resources. Moreover, users should be able to just use the Cloud Storage as if it is local, without worrying about the need to verify its integrity. Thus, enabling public auditability for Cloud Storage is of critical importance so that users can resort to a third-party auditor (TPA) to check the integrity of outsourced data and be worry free. To securely introduce an effective TPA, the auditing process should bring in no new vulnerabilities toward user data privacy, and introduce no additional online burden to user. In this paper, we propose a secure Cloud Storage system supporting privacy-preserving public auditing. We further extend our result to enable the TPA to perform audits for multiple users simultaneously and efficiently. Extensive security and performance analysis show the proposed schemes are provably secure and highly efficient. Our preliminary experiment conducted on Amazon EC2 instance further demonstrates the fast performance of the design.
-
privacy preserving public auditing for secure Cloud Storage
IACR Cryptology ePrint Archive, 2009Co-Authors: Cong Wang, Sherman S. M. Chow, Kui Ren, Qian Wang, Wenjing LouAbstract:Using Cloud Storage, users can remotely store their data and enjoy the on-demand high quality applications and services from a shared pool of configurable computing resources, without the burden of local data Storage and maintenance. However, the fact that users no longer have physical possession of the outsourced data makes the data integrity protection in Cloud Computing a formidable task, especially for users with constrained computing resources. Moreover, users should be able to just use the Cloud Storage as if it is local, without worrying about the need to verify its integrity. Thus, enabling public auditability for Cloud Storage is of critical importance so that users can resort to a third party auditor (TPA) to check the integrity of outsourced data and be worry-free. To securely introduce an effective TPA, the auditing process should bring in no new vulnerabilities towards user data privacy, and introduce no additional online burden to user. In this paper, we propose a secure Cloud Storage system supporting privacy-preserving public auditing. We further extend our result to enable the TPA to perform audits for multiple users simultaneously and efficiently. Extensive security and performance analysis show the proposed schemes are provably secure and highly efficient.
Henry C H Chen - One of the best experts on this subject based on the ideXlab platform.
-
enabling data integrity protection in regenerating coding based Cloud Storage theory and implementation
IEEE Transactions on Parallel and Distributed Systems, 2014Co-Authors: Henry C H ChenAbstract:To protect outsourced data in Cloud Storage against corruptions, adding fault tolerance to Cloud Storage, along with efficient data integrity checking and recovery procedures, becomes critical. Regenerating codes provide fault tolerance by striping data across multiple servers, while using less repair traffic than traditional erasure codes during failure recovery. Therefore, we study the problem of remotely checking the integrity of regenerating-coded data against corruptions under a real-life Cloud Storage setting. We design and implement a practical data integrity protection (DIP) scheme for a specific regenerating code, while preserving its intrinsic properties of fault tolerance and repair-traffic saving. Our DIP scheme is designed under a mobile Byzantine adversarial model, and enables a client to feasibly verify the integrity of random subsets of outsourced data against general or malicious corruptions. It works under the simple assumption of thin-Cloud Storage and allows different parameters to be fine-tuned for a performance-security trade-off. We implement and evaluate the overhead of our DIP scheme in a real Cloud Storage testbed under different parameter choices. We further analyze the security strengths of our DIP scheme via mathematical models. We demonstrate that remote integrity checking can be feasibly integrated into regenerating codes in practical deployment.
-
enabling data integrity protection in regenerating coding based Cloud Storage
Symposium on Reliable Distributed Systems, 2012Co-Authors: Henry C H Chen, Patrick P C LeeAbstract:To protect outsourced data in Cloud Storage against corruptions, enabling integrity protection, fault tolerance, and efficient recovery for Cloud Storage becomes critical. Regenerating codes provide fault tolerance by striping data across multiple servers, while using less repair traffic than traditional erasure codes during failure recovery. Therefore, we study the problem of remotely checking the integrity of regenerating-coded data against corruptions under a real-life Cloud Storage setting. We design and implement a practical data integrity protection (DIP) scheme for a specific regenerating code, while preserving the intrinsic properties of fault tolerance and repair traffic saving. Our DIP scheme is designed under a Byzantine adversarial model, and enables a client to feasibly verify the integrity of random subsets of outsourced data against general or malicious corruptions. It works under the simple assumption of thin-Cloud Storage and allows different parameters to be fine-tuned for the performance-security trade-off. We implement and evaluate the overhead of our DIP scheme in a real Cloud Storage test bed under different parameter choices. We demonstrate that remote integrity checking can be feasibly integrated into regenerating codes in practical deployment.
Junbeom Hur - One of the best experts on this subject based on the ideXlab platform.
-
secure data deduplication with dynamic ownership management in Cloud Storage
International Conference on Data Engineering, 2017Co-Authors: Junbeom Hur, Youngjoo Shin, Dongyoung Koo, Kyungtae KangAbstract:In Cloud services, deduplication technology is commonly used to reduce the space and bandwidth requirements of services by eliminating redundant data and storing only a single copy. Deduplication is most effective when multiple users outsource the same data to the Cloud Storage, but it raises issues relating to security and ownership. Proof-ofownership schemes allow any owner of the same data to prove to the Cloud Storage server that he owns the data in a robust way. However, if encrypted data is outsourced into the Cloud Storage and the ownership changes dynamically, deduplication would be hampered. Thus, we propose a secure deduplication scheme that supports dynamic ownership management based on randomized convergent encryption [3] in this study.
-
Secure Data Deduplication with Dynamic Ownership Management in Cloud Storage
IEEE Transactions on Knowledge and Data Engineering, 2016Co-Authors: Junbeom Hur, Youngjoo Shin, Dongyoung Koo, Kyungtae KangAbstract:In Cloud Storage services, deduplication technology is commonly used to reduce the space and bandwidth requirements of services by eliminating redundant data and storing only a single copy of them. Deduplication is most effective when multiple users outsource the same data to the Cloud Storage, but it raises issues relating to security and ownership. Proof-of-ownership schemes allow any owner of the same data to prove to the Cloud Storage server that he owns the data in a robust way. However, many users are likely to encrypt their data before outsourcing them to the Cloud Storage to preserve privacy, but this hampers deduplication because of the randomization property of encryption. Recently, several deduplication schemes have been proposed to solve this problem by allowing each owner to share the same encryption key for the same data. However, most of the schemes suffer from security flaws, since they do not consider the dynamic changes in the ownership of outsourced data that occur frequently in a practical Cloud Storage service. In this paper, we propose a novel server-side deduplication scheme for encrypted data. It allows the Cloud server to control access to outsourced data even when the ownership changes dynamically by exploiting randomized convergent encryption and secure ownership group key distribution. This prevents data leakage not only to revoked users even though they previously owned that data, but also to an honest-but-curious Cloud Storage server. In addition, the proposed scheme guarantees data integrity against any tag inconsistency attack. Thus, security is enhanced in the proposed scheme. The efficiency analysis results demonstrate that the proposed scheme is almost as efficient as the previous schemes, while the additional computational overhead is negligible.
