IEEE 2022-2023 : Cloud Computing Projects

Abstract:

Biometric identification allows people to be identified by their unique physical characteristics. Among such schemes, fingerprinting is well-known for biometric identification. Many studies related to fingerprint-based biometric identification have been proposed; however, they are based purely on heavy cryptographic primitives such as additively homomorphic encryption and oblivious transfer. Therefore, it is difficult to apply them to large databases because of the expense. To resolve this problem, some schemes have been proposed that are based on simple matrix operations rather than heavy cryptographic primitives. Recently, Liu et al. proposed an improved matrix-based scheme using the properties of orthogonal matrices. Despite being more efficient when compared to previous systems, it still fails to provide sufficient security against various types of attackers. In this paper, we demonstrate that their scheme is vulnerable to an attacker who operates with a cloud server by introducing statistical-inference attack algorithms. Moreover, we propose concrete identity confirmation parameters that an adversary must always pass, and present experimental results to demonstrate that our algorithms are both feasible and practical.

Abstract:

Security is the fundamental angle for setting solid passwords for all our online media or any kind of records that are protected. The data which is given as an input are secured for privacy purpose, later it is hacked by the intruders. So for that reason, an outline called encoded negative password is proposed. After obtaining the secret phrase from the client, the password is hashed. The hashing is scrambled to obtain the hashed secret key by utilizing two other calculations.The two-way hashed and scrambled secret phrase which is produced is called a negative secret word in the database. The advantage of this technique is that when the data set is hacked additionally no issue with the genuine passwords of the clients due to the decoding of the negative secret phrase. This framework provides a space for true authentication stages

Abstract:

With the popularity of cloud computing, mobile devices can store/retrieve personal data from anywhere at any time. Consequently, the data security problem in mobile cloud becomes more and more severe and prevents further development of mobile cloud. There are substantial studies that have been conducted to improve the cloud security. However, most of them are not applicable for mobile cloud since mobile devices only have limited computing resources and power. Solutions with low computational overhead are in great need for mobile cloud applications. In this paper, we propose a lightweight data sharing scheme (LDSS) for mobile cloud computing. It adopts CP-ABE, an access control technology used in normal cloud environment, but changes the structure of access control tree to make it suitable for mobile cloud environments. LDSS moves a large portion of the computational intensive access control tree transformation in CP-ABE from mobile devices to external proxy servers. Furthermore, to reduce the user revocation cost, it introduces attribute description fields to implement lazy-revocation, which is a thorny issue in program based CP-ABE systems. The experimental results show that LDSS can effectively reduce the overhead on the mobile device side when users are sharing data in mobile cloud environments.

Abstract:

Cloud computing enables users and organizations to conveniently store and share data in large volumes and to enjoy on-demand services. Security and the protection of big data sharing from various attacks is the most challenging issue. Proxy re-encryption (PRE) is an effective method to improve the security of data sharing in the cloud environment. However, in PRE schemes, offloading big data for re-encryption will impose a heavy computational burden on the cloud proxy server, resulting in an increased computation delay and response time for the users. In this paper, we propose a novel parallel PRE workload distribution scheme to dynamically route the big data re-encryption process into the fog of the network. Moreover, this paper proposes a dynamic load balancing technique to avoid an excessive workload for the fog nodes. It also uses lightweight asymmetric cryptography to provide end-to-end security for the big data sharing between users. Within the proposed scheme, the offloading overhead on the centralized cloud server is effectively mitigated. Meanwhile, the processing delay incurred by the big data re-encryption process is efficiently improved.

Abstract—More and more organizations move their data and workload to commercial cloud storage systems. However, the multiplexing and sharing of the resources in a cloud storage system present unpredictable data access latency to tenants, which may make online data-intensive applications unable to satisfy their deadline requirements. Thus, it is important for cloud storage systems to provide deadline guaranteed services. In this paper, to meet a current form of service level objective (SLO) that constrains the percentage of each tenant’s data access requests failing to meet its required deadline below a given threshold, we build a mathematical model to derive the upper bound of acceptable request arrival rate on each server. We then propose a Deadline Guaranteed storage service (called DGCloud) that incorporates three basic algorithms. Its deadline-aware load balancing scheme redirects requests and creates replicas to release the excess load of each server beyond the derived upper bound. Its workload consolidation algorithm tries to maximally reduce servers while still satisfying the SLO to maximize the resource utilization. Its data placement optimization algorithm re-schedules the data placement to minimize the transmission cost of data replication. We further propose three enhancement methods to further improve the performance of DGCloud. A dynamic load balancing method allows an overloaded server to quickly offload its excess workload. A data request queue improvement method sets different priorities to the data responses in a server’s queue so that more requests can satisfy the SLO requirement. A wakeup server selection method selects a sleeping server that stores more popular data to wake up, which allows it to handle more data requests. Our trace-driven experiments in simulation and Amazon EC2 show the superior performance of DGCloud compared with previous methods in terms of deadline guarantees and system resource utilization, and the effectiveness of its individual algorithms.

Abstract – The major challenging task in the fog-enabled cloud computing paradigm is to ensure the security for accessing the data through cloud and fog nodes. To solve this challenge, a Flexible Access Control using Elliptic Curve Cryptography (FAC-ECC) protocol has been developed in which the user data are encrypted by multiple asymmetric keys. Such keys are handled by both users and fog nodes. Also, data access is controlled by encrypting the data through the user. However, the main problem is to guarantee the privacy and security of resources after processing of User Revocation (UR) by data owners. The issue of UR is needed to consider for satisfying the dynamic change of user access in different applications like healthcare systems, e-commerce, etc. Therefore in this article, a FAC-UR-ECC protocol is proposed to control the data access and realize the UR in fog-enabled cloud systems. In this protocol, a revocable key aggregatebased cryptosystem is applied in the fog-cloud paradigm. It is an extension of the key-aggregate cryptosystem such that a user is revoked if his/her credential is expired. First, the subset-cover model is combined into FAC-ECC protocol to design an efficient revocable key-aggregate encryption depending on multi-linear maps which realizes the user’s access control and revocation. It can simplify the user’s key management efficiently and delegate various clients with decryption permission. Also, it can accomplish revocation of user access privileges and the FAC efficiently. By using this protocol, both the user’s secret key and the ciphertext are preserved in a fixed size. The security of accessing the data is highly enhanced by updating the ciphertext through the data owners successfully. At last, the experimental results exhibit the efficiency of FAC-UR-ECC compared to the FAC-ECC protocol.

Abstract—Although cloud storage service enables people easily maintain and manage amounts of data with lower cost, it cannot ensure the integrity of people’s data. In order to audit the correctness of the data without downloading them, many remote data integrity checking (RDIC) schemes have been presented. Most existing schemes ignore the important issue of data privacy preserving and suffer from complicated certificate management derived from public key infrastructure. To overcome these shortcomings, this article proposes a new Identity-based RDIC scheme that makes use of homomorphic verifiable tag to decrease the system complexity. The original data in proof are masked by random integer addition, which protects the verifier from obtaining any knowledge about the data during the integrity checking process. Our scheme is proved secure under the assumption of computational Diffie– Hellman problem. Experiment result exhibits that our scheme is very efficient and feasible for real-life applications.

Abstract—Privacy has become a considerable issue when the applications of big data are dramatically growing in cloud computing. The benefits of the implementation for these emerging technologies have improved or changed service models and improve application performances in various perspectives. However, the remarkably growing volume of data sizes has also resulted in many challenges in practice. The execution time of the data encryption is one of the serious issues during the data processing and transmissions. Many current applications abandon data encryptions in order to reach an adoptive performance level companioning with privacy concerns. In this paper, we concentrate on privacy and propose a novel data encryption approach, which is called Dynamic Data Encryption Strategy (D2ES). Our proposed approach aims to selectively encrypt data and use privacy classification methods under timing constraints. This approach is designed to maximize the privacy protection scope by using a selective encryption strategy within the required execution time requirements. The performance of D2ES has been evaluated in our experiments, which provides the proof of the privacy enhancement.

Abstract—User activity logs can be a valuable source of information in cloud forensic investigations; hence, ensuring the reliability and integrity of such logs is crucial. Most existing solutions for secure logging are designed for conventional systems rather than the complexity of a cloud environment. In this paper, we propose the Cloud Log Assuring Soundness and Secrecy (CLASS) process as an alternative scheme for the securing of logs in a cloud environment. In CLASS, logs are encrypted using the individual user’s public key so that only the user is able to decrypt the content. In order to prevent unauthorized modification of the log, we generate proof of past log (PPL) using Rabin’s fingerprint and Bloom filter. Such an approach reduces verification time significantly. Findings from our experiments deploying CLASS in OpenStack demonstrate the utility of CLASS in a real-world context.

Abstract—Enabling cryptographically enforced access controls for data hosted in untrusted cloud is attractive for many users and organizations. However, designing efficient cryptographically enforced dynamic access control system in the cloud is still challenging. In this paper, we propose Crypt-DAC, a system that provides practical cryptographic enforcement of dynamic access control. Crypt-DAC revokes access permissions by delegating the cloud to update encrypted data. In Crypt-DAC, a file is encrypted by a symmetric key list which records a file key and a sequence of revocation keys. In each revocation, a dedicated administrator uploads a new revocation key to the cloud and requests it to encrypt the file with a new layer of encryption and update the encrypted key list accordingly. Crypt-DAC proposes three key techniques to constrain the size of key list and encryption layers. As a result, Crypt-DAC enforces dynamic access control that provides efficiency, as it does not require expensive decryption/reencryption and uploading/re-uploading of large data at the administrator side, and security, as it immediately revokes access permissions. We use formalization framework and system implementation to demonstrate the security and efficiency of ourconstruction.

Abstract—Cloud computing has become prevalent due to its nature of massive storage and vast computing capabilities. Ensuring a secure data sharing is critical to cloud applications. Recently, a number of identity-based broadcast proxy re-encryption (IB-BPRE) schemes have been proposed to resolve the problem. However, the IB-BPRE requires a cloud user (Alice) who wants to share data with a bunch of other users (e.g. colleagues) to participate the group shared key renewal process because Alice’s private key is a prerequisite for shared key generation. This, however, does not leverage the benefit of cloud computing and causes the inconvenience for cloud users. Therefore, a novel security notion named revocable identity-based broadcast proxy re-encryption (RIB-BPRE) is presented to address the issue of key revocation in this work. In a RIB-BPRE scheme, a proxy can revoke a set of delegates, designated by the delegator, from the re-encryption key. The performance evaluation reveals that the proposed scheme is efficient and practical.

Abstract:

Map Reduce plays a critical role as a leading framework for big data analytics. In this paper, we consider a geo distributed cloud architecture that provides Map Reduce services based on the big data collected from end users all over the world. Existing work handles Map Reduce jobs by a traditional computation-centric approach that all input data distributed in multiple clouds are aggregated to a virtual cluster that resides in a single cloud. Its poor efficiency and high cost for big data support motivate us to propose a novel data-centric architecture with three key techniques, namely, cross-cloud virtual cluster, data-centric job placement, and network coding based traffic routing. Our design leads to an optimization framework with the objective of minimizing both computation and transmission cost for running a set of Map Reduce jobs in geo-distributed clouds. We further design a parallel algorithm by decomposing the original large-scale problem into several distributively solvable sub problems that are coordinated by a high-level master problem. Finally, we conduct real-world experiments and extensive simulations to show that our proposal significantly outperforms the existing works.

Abstract:

To reduce a user’s decryption cost and protect the private information from being leaked, Green et al. proposed an approach our sourcing the decryption of the attribute based encryption (ABE) scheme to the cloud server. Later, almost all ABE schemes with outsourced decryption (ABE-OD) used their model or approach. However, the cloud server needs to repeat the outsourced decryption service of the same cipher text for distinct users satisfying the same access policy in these schemes. Green computing is the atmosphere conscientious and recyclable utilization of resources. The green cloud networks can reduce their cost or energy requirements by adapting its performance, optimizing resources management and services. The method is not efficient for the cloud server in the green cloud networks. In this article, to take into account recyclable utilization of resources for the cloud server, we put forward a new and secure approach to reduce total overhead of the cloud server when many users satisfying an access policy require the outsourced decryptions for the same cipher text besides decreasing the decryption computation cost for users. Compared with the existing ABE-OD schemes, our total overhead of the cloud server is independent of the number of the users who satisfy an access policy and request the outsourcing decryption service. Finally, we extend our approach to a RCCA-secure ABE-OD scheme.

Abstract

Cloud is a computing model that provides sharing and supports ubiquitous on-demand access computing, providing new data processing and services for many industries, significantly reducing user computing and storage costs, and improving ease of use. With the development of cloud-scale and intensification, cloud security has become an essential issue in the field of cloud computing. Access control is one of the critical security technologies for protecting sensitive data stored in the cloud by enterprises and individuals. Since the centralized access control mechanism is adopted in the cloud, the sensitive data in the cloud are easy to be tampered with or leaked by hackers or cloud internal managers. To address this issue, we propose a blockchain-based access control framework with privacy protection called  Privacy Chain. Firstly, we use the account address of the node in blockchain as the identity, and at the same time, redefine the access control permission of data for the cloud, which is encrypted and stored in blockchain. After that, we design processes of access control, orization, and orization revocation in Privacy Chain. Finally, we implement Privacy Chain based on enterprise operation system (EOS), and the results show that Privacy Chain can not only prevent hackers and administrators from illegally accessing resources, but also protect orized privacy.

Abstract:

Nowadays cloud servers have become the primary choice to store and share data with multiple users across the globe. The major challenge in sharing data using cloud servers is to protect data against untrusted cloud service provider and illegitimate users. Attribute-Based Encryption (ABE) has emerged as a useful cryptographic technique to securely share data with legitimate recipients in fine-grained manner. Several solutions employing ABE have been proposed to securely share data using cloud servers. However, most of the solutions are data owner-centric and focus on providing data owner complete control on his outsourced data. The existing solutions in cloud computing fail to provide shared access privileges among users and to enable cloud users to delegate their access privileges in a flexible manner. In order to simultaneously achieve the notion of fine-grained access control, scalability and to provide cloud users shared access privileges and flexibility on delegation of their access privileges, we propose a scalable attribute-based access control scheme for cloud storage. The scheme extends the ciphertext policy attribute-based encryption to achieve flexible delegation of access privileges and shared access privileges along with scalability and fine-grained access control. The scheme achieves scalability by employing hierarchical structure of users. Furthermore, we formally prove the security of our proposed scheme based on security of the ciphertext-policy attribute-based encryption. We also implement the algorithm to show its scalability and efficiency. 

Abstract:

In public cloud storage services, data are outsourced to semi-trusted cloud servers which are outside of data owners’ trusted domain. To prevent untrustworthy service providers from accessing data owners’ sensitive data, outsourced data are often encrypted. In this scenario, conducting access control over these data becomes a challenging issue. Attribute-based encryption (ABE) has been proved to be a powerful cryptographic tool to express access policies over attributes, which can provide a fine-grained, flexible, and secure access control over outsourced data. However, the existing ABE-based access control schemes do not support users to gain access permission by collaboration. In this paper, we explore a special attribute-based access control scenario where multiple users having different attribute sets can collaborate to gain access permission if the data owner allows their collaboration in the access policy. Meanwhile, the collaboration that is not designated in the access policy should be regarded as a collusion and the access request will be denied. We propose an attribute-based controlled collaborative access control scheme through designating translation nodes in the access structure. Security analysis shows that our proposed scheme can guarantee data confidentiality and has many other critical security properties. Extensive performance analysis shows that our proposed scheme is efficient in terms of storage and computation overhead.

   Contact: 

   +91-98451 66723

  +91-98866 92401

Abstract:

Phrase search allows retrieval of documents containing an exact phrase, which plays an important role in many machine learning applications for cloud-based Internet of Things (IoT), such as intelligent medical data analytics. In order to protect sensitive information from being leaked by service providers, documents (e.g., clinic records) are usually encrypted by data owners before being outsourced to the cloud. This, however, makes the search operation an extremely challenging task. Existing searchable encryption schemes for multikeyword search operations fail to perform phrase search, as they are unable to determine the location relationship of multiple keywords in a queried phrase over encrypted data on the cloud server side. In this paper, we propose P3, an efficient privacy-preserving phrase search scheme for intelligent encrypted data processing in cloud-based IoT. Our scheme exploits the homomorphic encryption and bilinear map to determine the location relationship of multiple queried keywords over encrypted data. It also utilizes a probabilistic trapdoor generation algorithm to protect users’ search patterns. Thorough security analysis demonstrates the security guarantees achieved by P3. We implement a prototype and conduct extensive experiments on real-world datasets. The evaluation results show that compared with existing multikeyword search schemes, P3 can greatly improve the search accuracy with moderate overheads.

   Contact: 

   +91-98451 66723

  +91-98866 92401

Abstract:

Attribute-based encryption (ABE) is a promising cryptographic tool for data owner (DO) to realize fine-grained date sharing in the cloud computing. In the encryption of most existing ABE schemes, a substantial number of modular exponentiations are often required; the computational cost of it is growing linearly with the complexity of the access policy. Besides, in the most existing ABE with outsourced decryption, the computation cost of generating transformation key is growing linearly with the number of attributes associated with user private key; these computations are prohibitively high for mobile device users, which becomes a bottleneck limiting its application. To address the above issues, we propose a secure outsourcing algorithm for modular exponentiation in one single untrusted server model and a new method to generate the transformation key. Based on these techniques and Brent Waters’s ciphertext-policy ABE scheme, we propose an ABE scheme with verifiable outsourced both encryption and decryption, which can securely outsource encryption and decryption to untrusted encryption service provider (ESP) and decryption service provider (DSP), respectively, leaving only a constant number of simple operations for the DO and eligible users to perform locally. In addition, both DO and the eligible users can check the correctness of results returned from the ESP and the DSP with a probability, respectively. Finally, we provide the experimental evaluation and security analysis of our scheme, which indicates that our construction is suitable for the mobile environment.

   Contact: 

   +91-98451 66723

  +91-98866 92401

Abstract:

Enabling cryptographically enforced access controls for data hosted in untrusted cloud is attractive for many users and organizations. However, designing efficient cryptographically enforced dynamic access control system in the cloud is still challenging. In this paper, we propose Crypt-DAC, a system that provides practical cryptographic enforcement of dynamic access control. Crypt-DAC revokes access permissions by delegating the cloud to update encrypted data. In Crypt-DAC, a file is encrypted by a symmetric key list which records a file key and a sequence of revocation keys. In each revocation, a dedicated administrator sends a new revocation key to the cloud and requests it to encrypt the file with a new layer of encryption and update the encrypted key list accordingly. Crypt-DAC proposes three key techniques to constrain the size of key list and encryption layers. As a result, Crypt-DAC enforces dynamic access control that provides effi- ciency, as it does not require expensive decryption/re-encryption and uploading/re-uploading of large data at the administrator side, and security, as it immediately revokes access permissions. We use formalization framework and system implementation to demonstrate the security and efficiency of our construction.

   Contact: 

   +91-98451 66723

  +91-98866 92401

Abstract:

We present CHARON, a cloud-backed storage system capable of storing and sharing big data in a secure, reliable, and efficient way using multiple cloud providers and storage repositories to comply with the legal requirements of sensitive personal data. CHARON implements three distinguishing features: (1) it does not require trust on any single entity, (2) it does not require any client-managed server, and (3) it efficiently deals with large files over a set of geo-dispersed storage services. Besides that, we developed a novel Byzantine-resilient data-centric leasing protocol to avoid write-write conflicts between clients accessing shared repositories. We evaluate CHARON using micro and application-based benchmarks simulating representative workflows from bioinformatics, a prominent big data domain. The results show that our unique design is not only feasible but also presents an end-to-end performance of up to 2.5x better than other cloud-backed solutions.

   Contact: 

   +91-98451 66723

  +91-98866 92401

Cloud computing is now being utilized as a prospective alternative for catering storage service. Security issues of cloud storage are a potential deterrent in its widespread adoption. Privacy breach, malicious modification and data loss are emerging cyber threats against cloud storage. Recently, a fog server based three-layer architecture has been presented for secure storage employing multiple clouds. The underlying techniques used are Hash-Solomon code and customized hash algorithm in order to attain the goal. However, it resulted in loss of smaller portion of data to cloud servers and failed to provide better modification detection and data recoverability. This paper proposes a novel fog-centric secure cloud storage scheme to protect data against unauthorized access, modification, and destruction. To prevent illegitimate access, the proposed scheme employs a new technique Xor-Combination to conceal data. Moreover, Block-Management outsources the outcomes of Xor-Combination to prevent malicious retrieval and to ensure better recoverability in case of data loss. Simultaneously, we propose a technique based on hash algorithm in order to facilitate modification detection with higher probability. We demonstrate robustness of the proposed scheme through security analysis. Experimental results validate performance supremacy of the proposed scheme compared to contemporary solutions in terms of data processing time.

   Contact: 

   +91-98451 66723

  +91-98866 92401

Abstract: Bio-metric identification has become increasingly popular in recent years.With the development of cloud computing, database owners are motivated to outsource the large size of bio metric data and identification tasks to the cloud to get rid of the expensive storage and computation costs, which, however, brings potential threats to users’ privacy. In this paper, we propose an efficient and privacy-preserving bio-metric identification outsourcing scheme. Specially, the bio metric To execute a bio metric identification, the database owner encrypts the query data and submits it to the cloud. The cloud performs identification operations over the encrypted database and returns the result to the database owner. A thorough security analysis indicates that the proposed scheme is secure even if attackers can forge identification requests and collude with the cloud. Compared with previous protocols, experimental results show that the proposed scheme achieves a better performance in both preparation and identification procedures.                                                                                                                       

   Contact: 

   +91-98451 66723

  +91-98866 92401

Abstract: User activity logs can be a valuable source of information in cloud forensic investigations; hence, ensuring the reliability  and integrity of such logs is crucial. Most existing solutions for secure logging are designed for conventional systems rather than  the complexity of a cloud environment. In this paper, we propose the Cloud Log Assuring Soundness and Secrecy (CLASS)  process as an alternative scheme for the securing of logs in a cloud environment. In CLASS, logs are encrypted using the  individual user’s public key so that only the user is able to decrypt the content. In order to prevent unauthorized modification of  the log, we generate proof of past log (PPL) using Rabin’s fingerprint and Bloom filter. Such an approach reduces verification time  significantly. Findings from our experiments deploying CLASS in Open Stack demonstrate the utility of CLASS in a real-world  context.                                                                                       

   Contact: 

   +91-98451 66723

  +91-98866 92401

Abstract: Outsourcing data to a third-party administrative control, as is done in cloud computing, gives rise to security concerns. The data compromise may occur due to attacks by other users and nodes within the cloud. Therefore, high security measures are required to protect data within the cloud. However, the employed security strategy must also take into account the optimization of the data retrieval time. In this paper, we propose Division and Replication of Data in the Cloud for Optimal Performance and Security (DROPS) that collectively approaches the security and performance issues. In the DROPS methodology, we divide a file into fragments, and replicate the fragmented data over the cloud nodes. Each of the nodes stores only a single fragment of a particular data file that ensures that even in case of a successful attack, no meaningful information is revealed to the attacker. Moreover, the nodes storing the fragments, are separated with certain distance by means of graph T-coloring to prohibit an attacker of guessing the locations of the fragments. Furthermore, the DROPS methodology does not rely on the traditional cryptographic techniques for the data security; thereby relieving the system of computationally expensive methodologies. We show that the probability to locate and compromise all of the nodes storing the fragments of a single file is extremely low. We also compare the performance of the DROPS methodology with ten other schemes. The higher level of security with slight performance overhead was observed                                                      

   Contact: 

   +91-98451 66723

  +91-98866 92401

Abstract :In the past decade, Cloud-Computing emerged as  a new computing concept with a distributed nature using virtual  network and systems. Many businesses rely on this technology to  keep their systems running but concerns are rising about security  breaches in cloud computing. Cloud providers (CPs) are taking  significant measures to maintain the security and privacy of the  data stored on their premises, in order to preserve the customers’  trust. Nevertheless, in certain applications, such as medical  health records for example, the medical facility is responsible for  preserving the privacy of the patients’ data. Although the facility  can offload the overhead of storing large amounts of data by  using cloud storage, relying solely on the security measures taken  by the CP might not be sufficient. Any security breach at the  CP’s premises does not protect the medical facility from being  held accountable. This work aims to solve this problem by  presenting a secure approach for storing data on the cloud while  keeping the customer in control of the security and privacy of  their data.                                     

   Contact: 

   +91-98451 66723

  +91-98866 92401

Abstract : With the rapid development of cloud computing services, more and more individuals and enterprises prefer to outsource their data or computing to clouds. In order to preserve data privacy, the data should be encrypted before outsourcing and it is a challenge to perform searches over encrypted data. In this paper, we propose a privacy-preserving multi-keyword ranked search scheme over encrypted data in hybrid clouds, which is denoted as MRSE-HC. The keyword dictionary of documents is clustered into balanced partitions by a bisecting k-means clustering based keyword partition algorithm. According to the partitions, the keyword partition based bit vectors are adopted for documents and queries which are utilized as the index of searches. The private cloud filters out the candidate documents by the keyword partition based bit vectors, and then the public cloud uses the trapdoor to determine the result in the candidates.

Abstract : High availability is one of the core properties of Infrastructure as a Service (IaaS) and ensures that users have anytime access to on-demand cloud services. However, significant variations of workflow and the presence of super-tasks, mean that heterogeneous workload can severely impact the availability of IaaS clouds. Although previous work has investigated global queues, VM deployment, and failure of PMs, two aspects are yet to be fully explored: one is the impact of task size and the other is the differing features across PMs such as the variable execution rate and capacity. To address these challenges we propose an attribute-based availability model of large scale IaaS developed in the formal modeling language CARMA. The size of tasks in our model can be a fixed integer value or follow the normal, uniform or log-normal distribution.

Abstract : Mobile health (mHealth) has emerged as a new patient centric model which allows real-time collection of patient data via wearable sensors, aggregation and encryption of these data at mobile devices, and then uploading the encrypted data to the cloud for storage and access by healthcare staff and researchers. However, efficient and scalable sharing of encrypted data has been a very challenging problem. In this paper, we propose a Lightweight Sharable and Traceable (LiST) secure mobile health system in which patient data are encrypted end-to-end from a patient’s mobile device to data users.

Abstract : Frequent item set mining, which is the essential operation in association rule mining, is one of the most widely used data mining techniques on massive datasets nowadays. With the dramatic increase on the scale of datasets collected and stored with cloud services in recent years, it is promising to carry this computation-intensive mining process in the cloud. Amount of work also transferred the approximate mining computation into the exact computation, where such methods not only improve the accuracy also aim to enhance the efficiency. However, while mining data stored on public clouds, it inevitably introduces privacy concerns on sensitive datasets.

Abstract : Data sharing through the cloud is flourishing with the development of cloud computing technology. The new wave of technology will also give rise to new security challenges, particularly the data confidentiality in cloud-based sharing applications. Searchable encryption is considered as one of the most promising solutions for balancing data confidentiality and usability. However, most existing searchable encryption schemes cannot simultaneously satisfy requirements for both high search efficiency and strong security due to lack of some must-have properties, such as parallel search and forward security.

Abstract : Recently, attribute-based keyword search (ABKS) schemes have been used to provide fine-grained search over encrypted data on eHealth cloud in the Internet of Things (IoT) platforms. As compared to conventional public key encryption with keyword search (PEKS) schemes, ABKS schemes provide more powerful and flexible search operations which allow encrypted data to be retrieved by multiple users that satisfy set of attributes. However, there are still some limitations and security issues on the existing ABKS schemes. Many of the existing ABKS schemes only support for the encryption of keyword and require a separate cryptographi primitive to encrypt the message. Also, most of the schemes cannot resist offline keyword guessing attacks by inside attackers (i.e., the honest-but-curious servers). A secure-channel is needed for most of the ABKS schemes to transmit the trapdoors between the server and receivers.

Abstract : Vehicular cloud computing (VCC) is composed of multiple distributed vehicular clouds (VCs), which are formed on-the-fly by dynamically integrating underutilized vehicular resources including computing power, storage, and so on. Existing proposals for identity-as-a-service (IDaaS) are not suitable for use in VCC due to limited computing resources and storage capacity of onboard vehicle devices. In this paper, we first propose an improved ciphertext-policy attribute-bas Utilizing the improved CP-ABE scheme and the permissioned blockchain technology, we propose a lightweight and privacy-preserving IDaaS architecture for VCC named IDaaSoVCC.ed encryption (CPABE) scheme.

Abstract:The cloud Storage Providers (CSPs) present geological documents are put away with a few memory space classes with arranging costs. A noteworthy issue encountering by the cloud customers can be the methods by which to blow this additional room classes for you to serve a license request with a period, contrasting residual job that needs to be done about its materials at any rate aggregate expense. Records intermittent notwithstanding replication approaches have a fundamental activity around appropriated methodologies over the electronic encouraging. In this paper arranged DRA Criteria to determine the technique which will complete a capacity zone strategy in which utilizes the specific Division and even Replication approach to putting away the data. In this procedure, the report will be isolated and these zones will be replicated and blend as demonstrated by the duplication factor before taking care of the idea upon the cloud. Usually, the parts are normally dissipated with the end goal that progressive clients in the electronic encouraging don’t hold the areas of any proportionate convenience in this way while a PC is yielded no huge information is emphatically spilled on the attacker. This structure will improve cloud prosperity gauges using Category and Duplication of data on Cloud proposed for Optimal Functionality and Safety gauges reasoning.

Abstract:Sentiment analysis and opinion mining have taken a leading position ever since the boom of the internet which led to an enormous amount of opinionated data being posted online. Hence, it has become essential to structure an efficient algorithm for analysing sentiments from text. Even though traditional machine learning algorithms were a breakthrough in the domain, there remained a demand for a better solution. This paper presents a systematic & qualitative literature review for various approaches to sentiment analysis using hybridized soft-computing techniques to cater to noise and improve the flexibility of a fuzzy inference-based sentiment analysis system. This qualitative literature review adds to the body of evidence that soft-computing and fuzzy logic techniques can be effectively applied to a range of applications where noise is inherent, especially in the case of sentiment analysis and opinion mining..

Abstract:Smart cities’ vision will encompass connected industrial vehicles, which will offer data-driven and intelligent services to the user. Such interaction within dispersed connected objects are sometimes referred as the industrial Internet-of-Vehicles (IIoV). The prime motivation of an intelligent transportation system (ITS) is ensuring the safety of the drivers and offering a comfortable experience to the user. However, such complex infrastructures opens broad attack surfaces to the adversaries, which can remotely exploit and control the critical mechanics in the smart vehicles, including engine and brake systems. Security and privacy concerns are significant barriers to the wide adoption of this revolutionary technology that has to be addressed before a comprehensive implementation of the real vision of ITS. This article is a stepping stone to address access control issues in the IIoV ecosystem and propose a formal attribute-based access control system (referred to ITS-ABAC $\mathrm{_G}$ ). The proposed model introduces the notion of groups, which are assigned to various smart entities based on the different attributes. It also offers the implementation of fine-grained security policies and considers individualized privacy preferences along with system-wide policies to accept or reject notification, alerts, and advertisements from different participating smart entities. We present the prototype implementation of our proposed model in the Amazon Web Services IoT platform together with extensive performance to reflect the practicality and wide-scale adoption of the proposed system..

Abstract:Air pollution is one of the greatest problems being faced by mankind. Millions of people die each year because of reasons directly or indirectly related to air pollution. Effective strategies to counter the harmful effects of air pollution are an imperative need of the times. The responses to the air pollution problems are usually knee-jerk reactions, which don’t help in the long run. For developing an effective counter-strategy for combating air pollution, it is necessary to focus the efforts on the pollutants that are most responsible for the air pollution. This paper focuses on identifying the pollutant that plays the most important role in defining the Air Quality Index of a region and also attempts to establish the trend patterns followed by the identified pollutant. This will help the decision makers to devise counter-strategies well in advance for countering the harmful effects of the main pollutant thereby helping to reduce air pollution.

Abstract:Privacy-preserving similarity search plays an essential role in data analytics, especially when very large encrypted datasets are stored in the cloud. Existing mechanisms on privacy-preserving similarity search were not able to support secure updates (addition and deletion) efficiently when frequent updates are needed. In this article, we propose a new mechanism to support parallel privacypreserving similarity search in a distributed key-value store in the cloud, with a focus on efficient addition and deletion operations, both executed with sublinear time complexity. If search accuracy is the top priority, we further leverage Yao’s garbled circuits and the homomorphic property of Hash-ElGamal encryption to build a secure evaluation protocol, which can obtain the top-R most accurate results without extensive client-side post-processing. We have formally analyzed the security strength of our proposed approach, and performed an extensive array of experiments to show its superior performance as compared to existing mechanisms in the literature. In particular, we evaluate the performance of our proposed protocol with respect to the time it takes to build the index and perform similarity queries. Extensive experimental results demonstrated that our protocol can speedup the index building process by up to 800x with 2 threads and the similarity queries by up to -7x with comparable accuracy, as compared to the state-of-the-art in the literature.

Abstract:The features of decentralization and tamper-proof enable blockchain to be an emerging technology for integrity protection of important data stored on it. Blockchains are also used to combine with cloud storage for access control and sharing of private data. To protect the confidentiality of the private data, attribute-based encryption (ABE) schemes that can provide one-to-many encryption are commonly used as the solutions. However, there are problems, such as inefficiency, key abuse, and inflexibility of access control policy, when adopting ABE solutions. This paper proposes an efficient traceable attribute-based encryption with dynamic access control (TABE-DAC) scheme based on blockchain for fine-grained sharing of encrypted private data on cloud. The proposed TABE-DAC scheme supports traceability for the accountability of malicious users who leak the private key. The proposed solution also realizes dynamic access control where data owners have the flexibility to update access control policy. We also prove the security of the proposed TABE-DAC scheme. Finally, through theoretical comparison and experimental analysis, we verify the efficiency of the proposed solution.

Abstract:Provable Data Possession (PDP) model provides an efficient means for people to audit the integrity of data stored in cloud storage. When sensitive data is shared among multiple users based on cloud storage, it is critical to preserve the anonymity of the data uploader against the auditor. That is, the auditor should not get data uploader’s identity through the data audition. To address this problem, many PDP schemes with user identity privacy-persevering are proposed. However, most proposed schemes are designed based on PKI technique which suffers from big burden of certificate management. Moreover, data auditors in most proposed schemes bear heavy computation cost which results to the lower efficiency of the scheme. To overcome the shortcomings, we present a novel identity-based PDP protocol to audit efficiently the integrity of group shared data with uploader’s privacy-preserving. Due to the inherent structural advantage of identity-based crypto mechanism, our PDP scheme is able to avoid the problem of certificate management. Different from previous works, our scheme ensures the relationship of the data and the data uploader in the phase of proof generation not the phase of integrity audition. Therefore, the data auditor does not know the relationship at all as well as the extract data uploader of the challenged data. At the same time, establishing the relationship by cloud server in proof generation step can reduce the computational cost of data auditor greatly. Furthermore, the relationship of data uploader and challenged data in the proof is randomized so as to strength the security of the scheme. All these efforts are made in our scheme to efficiently realize the anonymity protection of the data uploader. We give the detailed security proof of our scheme under the computational Diffie-Hellman assumption. Many experiments are performed to evaluate the efficiency of our scheme, the results show that our new scheme is efficient and feasible