Abstract:Cloud computing enables an economically
promising paradigm of computation outsourcing. However, how to protect
customers confidential data processed and generated during the computation is
becoming the major security concern. Focusing on engineering computing and
optimization tasks, this paper investigates secure outsourcing of widely
applicable linear programming (LP) computations. Our mechanism design
explicitly decomposes LP computation outsourcing into public LP solvers running
on the cloud and private LP parameters owned by the customer. The resulting
flexibility allows us to explore appropriate security/efficiency tradeoff via
higher-level abstraction of LP computation than the general circuit
representation. Specifically, by formulating private LP problem as a set of
matrices/vectors, we develop efficient privacy-preserving problem
transformation techniques, which allow customers to transform the original LP
into some random one while protecting sensitive input/output information. To
validate the computation result, we further explore the fundamental duality
theorem of LP and derive the necessary and sufficient conditions that correct
results must satisfy. Such result verification mechanism is very efficient and
incurs close-to-zero additional cost on both cloud server and customers.
Extensive security analysis and experiment results show the immediate
practicability of our mechanism design.
IEEE 2016: On Traffic-Aware Partition and Aggregation in
MapReduce for Big Data Applications
Abstract:The
MapReduce programming model simplifies large-scale data processing on commodity
cluster by exploiting parallel map tasks and reduce tasks. Although many
efforts have been made to improve the performance of MapReduce jobs, they
ignore the network traffic generated in the shuffle phase, which plays a
critical role in performance enhancement. Traditionally, a hash function
is used to partition intermediate data among reduce tasks, which, however,
is not traffic-efficient because network topology and data size associated with
each key are not taken into consideration. In this paper, we study to reduce
network traffic cost for a MapReduce job by designing a novel intermediate data
partition scheme. Furthermore, we jointly consider the aggregator placement problem,
where each aggregator can reduce merged traffic from multiple map tasks. A
decomposition-based distributed algorithm is proposed to deal with the
large-scale optimization problem for big data application and an online
algorithm is also designed to adjust data partition and aggregation in a
dynamic manner. Finally, extensive simulation results demonstrate that our
proposals can significantly reduce network traffic cost under both offline and
online cases.
IEEE 2016: DeyPoS: Deduplicatable Dynamic Proof of Storage for
Multi-User Environments
Abstract: Dynamic
Proof of Storage (PoS) is a useful cryptographic primitive that enables a user
to check the integrity of out sourced files and to efficiently update the files
in a cloud server. Although researchers have proposed many dynamic PoS schemes
in single user environments, the problem in multi-user environments has not
been investigated sufficiently. A practical multi-user cloud storage system
needs the secure client-side cross-user deduplication technique, which allows a
user to skip the uploading process and obtain the ownership of the files
immediately, when other owners of the same files have uploaded them to the
cloud server. To the best of our knowledge, none of the existing dynamic PoSs
can support this technique. In this paper, we introduce the concept of deduplicatable
dynamic proof of storage and propose an efficient construction called DeyPoS,
to achieve dynamic PoS and secure cross-user deduplication, simultaneously.
Considering the challenges of structure diversity and private tag generation,
we exploit a novel tool called Homomorphic Authenticated Tree (HAT). We prove
the security of our construction, and the theoretical analysis and experimental
results show that our construction is efficient in practice.
IEEE 2016: Fine-Grained Two-Factor Access Control for Web-Based Cloud
Computing Services
Abstract:In
this paper, we introduce a new fine-grained two-factor authentication (2FA)
access control system for web-based cloud computing services. Specifically, in
our proposed 2FA access control system, an attribute-based access control
mechanism is implemented with the necessity of both a user secret key and a
lightweight security device. As a user cannot access the system if they do not
hold both, the mechanism can enhance the security of the system, especially in
those scenarios where many users share the same computer for web-based cloud
services. In addition, attribute-based control in the system also enables the
cloud server to restrict the access to those users with the same set of
attributes while preserving user privacy, i.e., the cloud server only knows
that the user fulfills the required predicate, but has no idea on the exact
identity of the user. Finally, we also carry out a simulation to demonstrate
the practicability of our proposed 2FA system.