IEEE 2020: Toward Practical
Privacy-Preserving Frequent Item set Mining on Encrypted Cloud Data
Abstract: Frequent item set mining, which is the essential operation in
association rule mining, is one of the most widely used data mining techniques
on massive datasets nowadays. With the dramatic increase on the scale of
datasets collected and stored with cloud services in recent years, it is
promising to carry this computation-intensive mining process in the cloud.
Amount of work also transferred the approximate mining computation into the
exact computation, where such methods not only improve the accuracy also aim to
enhance the efficiency. However, while mining data stored on public clouds, it
inevitably introduces privacy concerns on sensitive datasets.
Click for more details
IEEE 2020: An Attribute-based
Availability Model for Large Scale IaaS Clouds with CARMA
Abstract: High availability is one of the core properties of Infrastructure
as a Service (IaaS) and ensures that users have anytime access to on-demand
cloud services. However, significant variations of workflow and the presence of
super-tasks, mean that heterogeneous workload can severely impact the
availability of IaaS clouds. Although previous work has investigated global
queues, VM deployment, and failure of PMs, two aspects are yet to be fully
explored: one is the impact of task size and the other is the differing
features across PMs such as the variable execution rate and capacity. To address
these challenges we propose an attribute-based availability model of large
scale IaaS developed in the formal modeling language CARMA. The size of tasks
in our model can be a fixed integer value or follow the normal, uniform or
log-normal distribution.
Click for more details
IEEE-2019: A Secure Cloud-of-Clouds System for Storing and Sharing Big
Data
Abstract: We present CHARON, a cloud-backed storage system capable of
storing and sharing big data in a secure, reliable, and efficient way using
multiple cloud providers and storage repositories to comply with the legal
requirements of sensitive personal data. CHARON implements three distinguishing
features: (1) it does not require trust on any single entity, (2) it does not
require any client-managed server, and (3) it efficiently deals with large
files over a set of geo-dispersed storage services. Besides that, we developed
a novel Byzantine-resilient data-centric leasing protocol to avoid write-write
conflicts between clients accessing shared repositories. We evaluate CHARON
using micro and application-based benchmarks simulating representative
workflows from bioinformatics, a prominent big data domain. The results show
that our unique design is not only feasible but also presents an end-to-end
performance of up to 2:5_ better than other cloud-backed solutions.
IEEE-2019:Crypt-DAC:Cryptographically Enforced Dynamic Access
Control in the Cloud
Abstract: Enabling cryptographically enforced access controls for data
hosted in untrusted cloud is attractive for many users and organizations.
However, designing efficient cryptographically enforced dynamic access control
system in the cloud is still challenging. In this paper, we propose Crypt-DAC,
a system that provides practical cryptographic enforcement of dynamic access
control. Crypt-DAC revokes access permissions by delegating the cloud to update
encrypted data. In Crypt-DAC, a file is encrypted by a symmetric key list which
records a file key and a sequence of revocation keys. In each revocation, a
dedicated administrator uploads a new revocation key to the cloud and requests
it to encrypt the file with a new layer of encryption and update the encrypted
key list accordingly. Crypt-DAC proposes three key techniques to constrain the
size of key list and encryption layers. As a result, Crypt-DAC enforces dynamic
access control that provides efficiency, as it does not require expensive
decryption/reencryption and
uploading/re-uploading of large data at the administrator side, and security,
as it immediately revokes access permissions. We use formalization framework
and system implementation to demonstrate the security and efficiency of our
construction.
IEEE 2018: Secure Attribute-Based Signature Scheme
with Multiple Authorities for Blockchain in Electronic Health Records Systems
Abstract: Electronic Health
Records (EHRs) are entirely controlled by hospitals instead of patients, which complicates
seeking medical advices from different hospitals. Patients face a critical need
to focus on the details of their own healthcare and restore management of their
own medical data. The rapid development of blockchain technology promotes
population healthcare, including medical records as well as patient-related data.
This technology provides patients with comprehensive, immutable records, and
access to EHRs free from service providers and treatment websites. In this
paper, to guarantee the validity of EHRs encapsulated in blockchain, we present
an attribute-based signature scheme with multiple authorities, in which a
patient endorses a message according to the attribute while disclosing no
information other than the evidence that he has attested to it. Furthermore,
there are multiple authorities without a trusted single or central one to generate
and distribute public/private keys of the patient, which avoids the escrow
problem and conforms t the mode of distributed data storage in the blockchain.
By sharing the secret pseudorandom function seeds among authorities, this
protocol resists collusion attack out of N from N 1 corrupted
authorities. Under the assumption of the computational bilinear Dif_e-Hellman,
we also formally demonstrate that, in terms of the unforgeability and perfect
privacy of the attribute-signer, this attribute-based signature scheme is
secure in the random oracle model. The comparison shows the ef_ciency and
properties between the proposed method and methods proposed in other studies.
Click for more details
