Showing papers on "Cloud storage published in 2018"
TL;DR: The results of the evaluation show that performance is improved by reducing the induced delay, reducing the response time, increasing throughput, and the ability to detect real-time attacks in the IoT network with low performance overheads.
Abstract: The recent expansion of the Internet of Things (IoT) and the consequent explosion in the volume of data produced by smart devices have led to the outsourcing of data to designated data centers However, to manage these huge data stores, centralized data centers, such as cloud storage cannot afford auspicious way There are many challenges that must be addressed in the traditional network architecture due to the rapid growth in the diversity and number of devices connected to the internet, which is not designed to provide high availability, real-time data delivery, scalability, security, resilience, and low latency To address these issues, this paper proposes a novel blockchain-based distributed cloud architecture with a software defined networking (SDN) enable controller fog nodes at the edge of the network to meet the required design principles The proposed model is a distributed cloud architecture based on blockchain technology, which provides low-cost, secure, and on-demand access to the most competitive computing infrastructures in an IoT network By creating a distributed cloud infrastructure, the proposed model enables cost-effective high-performance computing Furthermore, to bring computing resources to the edge of the IoT network and allow low latency access to large amounts of data in a secure manner, we provide a secure distributed fog node architecture that uses SDN and blockchain techniques Fog nodes are distributed fog computing entities that allow the deployment of fog services, and are formed by multiple computing resources at the edge of the IoT network We evaluated the performance of our proposed architecture and compared it with the existing models using various performance measures The results of our evaluation show that performance is improved by reducing the induced delay, reducing the response time, increasing throughput, and the ability to detect real-time attacks in the IoT network with low performance overheads
697 citations
TL;DR: This paper studies the data storage and sharing scheme for decentralized storage systems and proposes a framework that combines the decentralized storage system interplanetary file system, the Ethereum blockchain, and ABE technology, and solves the problem that the cloud server may not return all of the results searched or return wrong results.
Abstract: In traditional cloud storage systems, attribute-based encryption (ABE) is regarded as an important technology for solving the problem of data privacy and fine-grained access control. However, in all ABE schemes, the private key generator has the ability to decrypt all data stored in the cloud server, which may bring serious problems such as key abuse and privacy data leakage. Meanwhile, the traditional cloud storage model runs in a centralized storage manner, so single point of failure may leads to the collapse of system. With the development of blockchain technology, decentralized storage mode has entered the public view. The decentralized storage approach can solve the problem of single point of failure in traditional cloud storage systems and enjoy a number of advantages over centralized storage, such as low price and high throughput. In this paper, we study the data storage and sharing scheme for decentralized storage systems and propose a framework that combines the decentralized storage system interplanetary file system, the Ethereum blockchain, and ABE technology. In this framework, the data owner has the ability to distribute secret key for data users and encrypt shared data by specifying access policy, and the scheme achieves fine-grained access control over data. At the same time, based on smart contract on the Ethereum blockchain, the keyword search function on the cipher text of the decentralized storage systems is implemented, which solves the problem that the cloud server may not return all of the results searched or return wrong results in the traditional cloud storage systems. Finally, we simulated the scheme in the Linux system and the Ethereum official test network Rinkeby, and the experimental results show that our scheme is feasible.
627 citations
TL;DR: This paper focuses on the security and privacy requirements related to data flow in MIoT and makes in-depth study on the existing solutions to security andPrivacy issues, together with the open challenges and research issues for future work.
Abstract: Medical Internet of Things, also well known as MIoT, is playing a more and more important role in improving the health, safety, and care of billions of people after its showing up. Instead of going to the hospital for help, patients’ health-related parameters can be monitored remotely, continuously, and in real time, then processed, and transferred to medical data center, such as cloud storage, which greatly increases the efficiency, convenience, and cost performance of healthcare. The amount of data handled by MIoT devices grows exponentially, which means higher exposure of sensitive data. The security and privacy of the data collected from MIoT devices, either during their transmission to a cloud or while stored in a cloud, are major unsolved concerns. This paper focuses on the security and privacy requirements related to data flow in MIoT. In addition, we make in-depth study on the existing solutions to security and privacy issues, together with the open challenges and research issues for future work.
296 citations
1 Sep 2018
TL;DR: This research work proposes a conceptual design for sharing personal continuous-dynamic health data using blockchain technology supplemented by cloud storage to share the health-related information in a secure and transparent manner and introduces a data quality inspection module based on machine learning techniques to have control over data quality.
Abstract: With the advent of rapid development of wearable technology and mobile computing, huge amount of personal health-related data is being generated and accumulated on continuous basis at every moment. These personal datasets contain valuable information and they belong to and asset of the individual users, hence should be owned and controlled by themselves. Currently most of such datasets are stored and controlled by different service providers and this centralised data storage brings challenges of data security and hinders the data sharing. These personal health data are valuable resources for healthcare research and commercial projects. In this research work, we propose a conceptual design for sharing personal continuous-dynamic health data using blockchain technology supplemented by cloud storage to share the health-related information in a secure and transparent manner. Besides, we also introduce a data quality inspection module based on machine learning techniques to have control over data quality. The primary goal of the proposed system is to enable users to own, control and share their personal health data securely, in a General Data Protection Regulation (GDPR) compliant way to get benefit from their personal datasets. It also provides an efficient way for researchers and commercial data consumers to collect high quality personal health data for research and commercial purposes.
277 citations
TL;DR: This work formalizes the definition and security model, which model collusion attack executed by the existing users cooperating with the revoked users, and presents a user collusion avoidance ciphertext-policy ABE scheme with efficient attribute revocation for the cloud storage system.
Abstract: Attribute-based encryption (ABE) can guarantee confidentiality and achieve fine-grained data access control in a cloud storage system. Due to the fact that every attribute in ABE may be shared by multiple users and each user holds multiple attributes, any single-attribute revocation for some user may affect the other users with the same attribute in the system. Therefore, how to revoke attribute efficiently is an important and challenging problem in ABE schemes. In order to solve above problems, we first give a concrete attack to the existing ABE scheme with attribute revocation. Then, we formalize the definition and security model, which model collusion attack executed by the existing users cooperating with the revoked users. Finally, we present a user collusion avoidance ciphertext-policy ABE scheme with efficient attribute revocation for the cloud storage system. The problem of attribute revocation is solved efficiently by exploiting the concept of an attribute group. When an attribute is revoked from a user, the group manager updates other users’ secret keys. Furthermore, we prove that the proposed scheme is secure against collusion attack launched by the existing users and the revoked users. The security of the proposed scheme is reduced to the computational Diffie–Hellman assumption.
233 citations
TL;DR: A blockchain-based security architecture for distributed cloud storage, where users can divide their own files into encrypted data chunks, and upload those data chunks randomly into the P2P network nodes that provide free storage capacity is proposed.
216 citations
TL;DR: This paper proposes a novel blockchain-based data deletion scheme, which can make the deletion operation more transparent and can achieve public verification without any trusted third party.
152 citations
1 Jan 2018
TL;DR: This paper proposes a decentralized multi-authority CP-ABE access control scheme, which is more practical for supporting the user revocation and can protect the data privacy and the access policy privacy with policy hidden in the cloud storage system.
Abstract: For realizing the flexible, scalable and fuzzy fine-grained access control, ciphertext policy attribute-based encryption (CP-ABE) scheme has been widely used in the cloud storage system. However, the access structure of CP-ABE scheme is outsourced to the cloud storage server, resulting in the disclosure of access policy privacy. In addition, there are multiple authorities that coexist and each authority is able to issue attributes independently in the cloud storage system. However, existing CP-ABE schemes cannot be directly applied to data access control for multi-authority cloud storage system, due to the inefficiency for user revocation. In this paper, to cope with these challenges, we propose a decentralized multi-authority CP-ABE access control scheme, which is more practical for supporting the user revocation. In addition, this scheme can protect the data privacy and the access policy privacy with policy hidden in the cloud storage system. Here, the access policy that is realized by employing the linear secret sharing scheme. Finally, the security and performance analyses demonstrate that our scheme has high security in terms of access policy privacy and efficiency in terms of computational cost of user revocation.
144 citations
TL;DR: A trusted data sharing scheme using blockchain to prevent the shared data from being tampered, and the Paillier cryptosystem to realize the confidentiality of the sharing data is proposed.
Abstract: With the development of network technology and cloud computing, data sharing is becoming increasingly popular, and many scholars have conducted in-depth research to promote its flourish. As the scale of data sharing expands, its privacy protection has become a hot issue in research. Moreover, in data sharing, the data is usually maintained in multiple parties, which brings new challenges to protect the privacy of these multi-party data. In this paper, we propose a trusted data sharing scheme using blockchain. We use blockchain to prevent the shared data from being tampered, and use the Paillier cryptosystem to realize the confidentiality of the shared data. In the proposed scheme, the shared data can be traded, and the transaction information is protected by using the (p, t)-threshold Paillier cryptosystem. We conduct experiments in cloud storage scenarios and the experimental results demonstrate the efficiency and effectiveness of the proposed scheme.
140 citations
TL;DR: This paper proposes a scheme named “verifiable searchable encryption with aggregate keys”, which a data owner need only distribute a single aggregate key to other users to selectively share both search and verification privileges over his/her document sets.
139 citations
TL;DR: This paper proposes a solution to secure encrypted cloud storages from EDoS attacks and provide resource consumption accountability in a black-box manner and complies with arbitrary access policy of the CP-ABE.
Abstract: People endorse the great power of cloud computing, but cannot fully trust the cloud providers to host privacy-sensitive data, due to the absence of user-to-cloud controllability. To ensure confidentiality, data owners outsource encrypted data instead of plaintexts. To share the encrypted files with other users, ciphertext-policy attribute-based encryption (CP-ABE) can be utilized to conduct fine-grained and owner-centric access control. But this does not sufficiently become secure against other attacks. Many previous schemes did not grant the cloud provider the capability to verify whether a downloader can decrypt. Therefore, these files should be available to everyone accessible to the cloud storage. A malicious attacker can download thousands of files to launch economic denial of sustainability (EDoS) attacks, which will largely consume the cloud resource. The payer of the cloud service bears the expense. Besides, the cloud provider serves both as the accountant and the payee of resource consumption fee, lacking the transparency to data owners. These concerns should be resolved in real-world public cloud storage. In this paper, we propose a solution to secure encrypted cloud storages from EDoS attacks and provide resource consumption accountability. It uses CP-ABE schemes in a black-box manner and complies with arbitrary access policy of the CP-ABE. We present two protocols for different settings, followed by performance and security analysis.
TL;DR: This paper analyzes Internet of Things (IoT), its use into manufacturing industry, its foundation principles, available elements and technologies for the man-things-software communication already developed in this area, and proves how important its deployment is.
Abstract: Internet of Things (IoT) is changing the world. Software for manufacturing industry is perceived as the new industrial revolution. It is creating new opportunities for both the economies and the society. Deployment of Internet of Things for development of Industry 4.0 changes processes and manufacturing systems while it also changes players in a wide variety of types and shapes. In that sort of systems, information is related to manufacturing status, trends in energy consumption by machinery, movement of materials, customer orders, supply data and all data related to smart devices deployed in the processes. This paper analyzes Internet of Things (IoT), its use into manufacturing industry, its foundation principles, available elements and technologies for the man-things-software communication already developed in this area. And it proves how important its deployment is. Describes a proposal of architecture of the Internet of things applied to the industry, a metamodel of integration (Internet of Things, Social Networks, Cloud and Industry 4.0) for generation of applications for the Industry 4.0, and the manufacturing monitoring prototype implemented with the Raspberry Pi microcomputer, a cloud storage server and a mobile device for controlling an online production process.
TL;DR: This paper first proposes two kinds of non-interactive commitments for traitor tracing, and presents a fully secure traceable CP-ABE system for cloud storage service from the proposed commitment.
Abstract: Ciphertext-policy attribute-based encryption (CP-ABE) has been proposed to enable fine-grained access control on encrypted data for cloud storage service. In the context of CP-ABE, since the decryption privilege is shared by multiple users who have the same attributes, it is difficult to identify the original key owner when given an exposed key. This leaves the malicious cloud users a chance to leak their access credentials to outsourced data in clouds for profits without the risk of being caught, which severely damages data security. To address this problem, we add the property of traceability to the conventional CP-ABE. To catch people leaking their access credentials to outsourced data in clouds for profits effectively, in this paper, we first propose two kinds of non-interactive commitments for traitor tracing. Then we present a fully secure traceable CP-ABE system for cloud storage service from the proposed commitment. Our proposed commitments for traitor tracing may be of independent interest, as they are both pairing-friendly and homomorphic. We also provide extensive experimental results to confirm the feasibility and efficiency of the proposed solution.
TL;DR: A novel keyword match based policy update mechanism is designed to enable flexible access policy updating without privacy leakage and extensive comparison and simulation results demonstrate that the algorithms in the proposed system are efficient.
16 Apr 2018
TL;DR: The Blocks Assignment Optimization (BAO) problem is defined which determines the optimal assignment of blocks such that the storage space is fully used and the query cost is minimized and it is proved that the BAO problem is NP-hard.
Abstract: Recently, Blockchain becomes a hot research topic due to the success of Blockchain in many applications, such as cryptocurrency, smart contract, digital assets, distributed cloud storage and so on. The power of Blockchain is that it can achieve the consensus of an ordered set of transactions among nodes which do not trust each other, even with the existence of malicious nodes. However, compared to traditional databases, the current Blockchain technology still cannot handle a massive number of transactions, which is caused by many factors, such as the consensus protocol, structure of the blocks and storage challenge. Among them, the high storage requirement is a key factor that prevents the wide usage of Blockchain on various devices such as mobile phones or low-end PCs. In this paper, to address the storage challenge, we introduce a novel concept called Consensus Unit (CU), which organizes different nodes into one unit and lets them to store at least one copy of Blockchain data in the system together. Based on this idea, we further define the Blocks Assignment Optimization (BAO) problem which determines the optimal assignment of blocks such that the storage space is fully used and the query cost is minimized. We prove that the BAO problem is NP-hard. Thus, we propose three efficient heuristic algorithms to solve the static assignment problem. Furthermore, we present solutions to address the dynamic scenarios when new blocks arrive and nodes join or depart from the CU. To verify the effectiveness of CU, we have conducted extensive experiments on synthetic data and BLOCKBENCH [1]. The results have confirmed the superiority of CU in saving the storage and maintaining the system throughput.
TL;DR: This paper designs an efficient revocable attribute-based encryption (ABE) scheme with the property of ciphertext delegation by exploiting and uniquely combining techniques of identity- based encryption, ABE, subset-cover framework, and ciphertext encoding mechanism and presents a fine-grained access control and data sharing system for on-demand services with dynamic user groups in the cloud.
Abstract: Cloud computing is an emerging computing paradigm that enables users to store their data in a cloud server to enjoy scalable and on-demand services. Nevertheless, it also brings many security issues, since cloud service providers (CSPs) are not in the same trusted domain as users. To protect data privacy against untrusted CSPs, existing solutions apply cryptographic methods (e.g., encryption mechanisms) and provide decryption keys only to authorized users. However, sharing cloud data among authorized users at a fine-grained level is still a challenging issue, especially when dealing with dynamic user groups. In this paper, we propose a secure and efficient fine-grained access control and data sharing scheme for dynamic user groups by: 1) defining and enforcing access policies based on the attributes of the data; 2) permitting the key generation center to efficiently update user credentials for dynamic user groups; and 3) allowing some expensive computation tasks to be performed by untrusted CSPs without requiring any delegation key. Specifically, we first design an efficient revocable attribute-based encryption (ABE) scheme with the property of ciphertext delegation by exploiting and uniquely combining techniques of identity-based encryption, ABE, subset-cover framework, and ciphertext encoding mechanism. We then present a fine-grained access control and data sharing system for on-demand services with dynamic user groups in the cloud. The experimental data show that our proposed scheme is more efficient and scalable than the state-of-the-art solution.
TL;DR: A new insider attack to the Cui's multi-key aggregate searchable encryption scheme, where the unauthorized inside users can guess the other users private keys, is discussed and a novel file-centric multi- key aggregate keyword searchableryption (Fc-MKA-KSE) system is proposed.
Abstract: Cloud storage has been used to reduce the cost and support convenient collaborations for industrial Internet of things (IIoT) data management. When data owners share IIoT data with authorized parties for data interaction, secure cloud data searching and file access control are fundamental security requirements. In this paper, first we discuss a new insider attack to the Cui's multi-key aggregate searchable encryption scheme, where the unauthorized inside users can guess the other users private keys. Then, we propose a novel file-centric multi-key aggregate keyword searchable encryption (Fc-MKA-KSE) system for the IIoT data in the file-centric framework. Specifically, we present two formal security models, namely, the security models of the indistinguishable selective-file chosen keyword attack and the indistinguishable selective-file keyword guessing attack, which can satisfy the security requirements. Our experimental results show that the proposed scheme achieves computational efficiency.
1 Jan 2018
TL;DR: A prototype of multi-user system for access control to datasets stored in an untrusted cloud environment using a blockchain-based decentralized ledger and a set of cryptographic protocols ensuring privacy of cryptographic operations requiring secret or private keys are proposed.
Abstract: In this paper, we present a prototype of multi-user system for access control to datasets stored in an untrusted cloud environment. Cloud storage like any other untrusted environment needs the ability to secure share information. Our approach provides an access control over the data stored in the cloud without the provider participation. The main tool of access control mechanism is ciphertext-policy attribute-based encryption scheme with dynamic attributes. Using a blockchain-based decentralized ledger, our system provides immutable log of all meaningful security events, such as key generation, access policy assignment, change or revocation, access request. We propose a set of cryptographic protocols ensuring privacy of cryptographic operations requiring secret or private keys. Only ciphertexts of hash codes are transferred through the blockchain ledger. The prototype of our system is implemented using smart contracts and tested on Ethereum blockchain platform.
TL;DR: This paper investigates deduplication techniques based on text and multimedia data along with their corresponding taxonomies as these techniques have different challenges for duplicate data detection.
Abstract: The exponential growth of digital data in cloud storage systems is a critical issue presently as a large amount of duplicate data in the storage systems exerts an extra load on it. Deduplication is an efficient technique that has gained attention in large-scale storage systems. Deduplication eliminates redundant data, improves storage utilization and reduces storage cost. This paper presents a broad methodical literature review of existing data deduplication techniques along with various existing taxonomies of deduplication techniques that have been based on cloud data storage. Furthermore, the paper investigates deduplication techniques based on text and multimedia data along with their corresponding taxonomies as these techniques have different challenges for duplicate data detection. This research work is useful to identify deduplication techniques based on text, image and video data. It also discusses existing challenges and significant research directions in deduplication for future researchers, and article concludes with a summary of valuable suggestions for future enhancements in deduplication.
TL;DR: A practical ABE scheme is proposed which can solve aforementioned issues simultaneously and achieves large universe and multiple attribute authorities, followed by extensive experiments to demonstrate its effectiveness and practicability.
1 Aug 2018
TL;DR: This paper proposes a security architecture of VANET based on blockchain and mobile edge computing, which includes three layers, namely perception layer, edge computing layer and service layer.
Abstract: The development of Vehicular Ad-hoc NETwork (VANET) has brought many conveniences to human beings, but also brings a very prominent security problem. The traditional solution to the security problem is based on centralized approach which requires a trusted central entity which exists a single point of failure problem. Moreover, there is no approach of technical level to ensure security of data. Therefore, this paper proposes a security architecture of VANET based on blockchain and mobile edge computing. The architecture includes three layers, namely perception layer, edge computing layer and service layer. The perception layer ensures the security of VANET data in the transmission process through the blockchain technology. The edge computing layer provides computing resources and edge cloud services to the perception layer. The service layer uses the combination of traditional cloud storage and blockchain to ensure the security of data.
Proceedings Article•
11 Jul 2018TL;DR: This paper explores the suitability of different cloud storage services (e.g., object stores and distributed caches) as remote storage for serverless analytics and the need for a pay-what-you-use storage service that can support the high throughput demands of highly parallel applications.
Abstract: Serverless computing frameworks allow users to launch thousands of concurrent tasks with high elasticity and fine-grain resource billing without explicitly managing computing resources. While already successful for IoT and web microservices, there is increasing interest in leveraging serverless computing to run data-intensive jobs, such as interactive analytics. A key challenge in running analytics workloads on serverless platforms is enabling tasks in different execution stages to efficiently communicate data between each other via a shared data store. In this paper, we explore the suitability of different cloud storage services (e.g., object stores and distributed caches) as remote storage for serverless analytics. Our analysis leads to key insights to guide the design of an ephemeral cloud storage system, including the performance and cost efficiency of Flash storage for serverless application requirements and the need for a pay-what-you-use storage service that can support the high throughput demands of highly parallel applications.
TL;DR: GSSE is proposed, the first generic verifiable SSE scheme in the single-owner multiple-user model, which provides verifiability for any SSE schemes and further supports data updates and develops a timestamp-chain for data freshness maintenance across multiple users.
Abstract: Searchable Symmetric Encryption (SSE) has been widely studied in cloud storage, which allows cloud services to directly search over encrypted data. Most SSE schemes only work with honest-but-curious cloud services that do not deviate from the prescribed protocols. However, this assumption does not always hold in practice due to the untrusted nature in storage outsourcing. To alleviate the issue, there have been studies on Verifiable Searchable Symmetric Encryption (VSSE), which functions against malicious cloud services by enabling results verification. But to our best knowledge, existing VSSE schemes exhibit very limited applicability, such as only supporting static database, demanding specific SSE constructions, or only working in the single-user model. In this paper, we propose GSSE, the first generic verifiable SSE scheme in the single-owner multiple-user model, which provides verifiability for any SSE schemes and further supports data updates. To generically support result verification, we first decouple the proof index in GSSE from SSE. We then leverage Merkle Patricia Tree (MPT) and Incremental Hash to build the proof index with data update support. We also develop a timestamp-chain for data freshness maintenance across multiple users. Rigorous analysis and experimental evaluations show that GSSE is secure and introduces small overhead for result verification.
TL;DR: This paper proposes the first privacy-preserving deduplication protocol capable of efficient ownership management in fog computing, and achieves fine-grained access control by introducing user-level key management and update mechanisms.
1 Aug 2018
TL;DR: The proposed protocol is aimed to provide good data privacy, reduces the data security attacks, improving data management and the computation efficiency at all channels, and is based on the recent research presented by Lewis protocol et al.
Abstract: The bandwidth hungry applications are growing drastically and soon exceeding the bandwidth limits of existing wireless communication network systems. The current increasing demand for higher capacity and data rates are therefore leading to the 5G technology thus changing the norm of communications in providing the high-speed data rate and lower latency. One of the promising technologies that avail from the 5G would be the vehicular cloud networks (VCN). A prominent service out of this 5G VCN is the roadside accident video reporting by using 5G over the cloud. This service may contain private data/information that can be compromised at any channel (from vehicles to 5G and cloud storage) due to many reasons. This service is vulnerable to security attacks due to its availability for a long time at different channels. Moreover, multiple video reporting can cause huge storage and computation issues leading to inefficient computation and storage management. Consequently, data privacy, security, data management and computing efficiency of data storage become the main challenges in roadside accident vehicular cloud network video reporting services. This research is proposing a solution based on a new protocol to address the stated issues by extending the recent research presented by Lewis protocol et al. The proposed protocol is aimed to provide good data privacy, reduces the data security attacks, improving data management and the computation efficiency at all channels.
TL;DR: This work proposes a novel cloud storage scheme based on fog computing, in which user’s private data is separately stored in the cloud and fog servers, which can be ensured because the data is retrieved from cloud as well as fog, which is safer.
1 Dec 2018
TL;DR: This paper presents a framework for blockchain-based data integrity verification in P2P cloud storage, making verification more open, transparent, and auditable, and develops rational sampling strategies to make sampling verification more effective.
Abstract: With the popularity of cloud storage, how to verify the integrity of data on the cloud has become a challenging problem. Traditional verification framework involves the Third Party Auditors (TPAs) which are not entirely credible. In this paper, we present a framework for blockchain-based data integrity verification in P2P cloud storage, making verification more open, transparent, and auditable. In this framework, we present Merkle trees for data integrity verification, and analyze the system performance under different Merkle trees structures. Furthermore, we develop rational sampling strategies to make sampling verification more effective. Moreover, we discuss the optimal sample size to tradeoff the conflict between verification overhead and verification precision, and suggest two efficient algorithms of order of verification. Finally, we conduct a series of experiments to evaluate the schemes of our framework. The experimental results show that our schemes can effectively improve the performance of data integrity verification.
TL;DR: The state-of-the-art of PoR is examined and the issues and challenges as a result of employing PoR specifically and cloud storage generally are described and some possible countermeasures to address the identified issues are suggested.
3 Sep 2018
TL;DR: This paper proposes two DSSE schemes supporting range queries, one of which is forward-secure and supports a large number of documents and the other can achieve both forward security and backward security, while it can only support a limited number of Documents.
Abstract: Dynamic searchable symmetric encryption (DSSE) is a useful cryptographic tool in encrypted cloud storage. However, it has been reported that DSSE usually suffers from file-injection attacks and content leak of deleted documents. To mitigate these attacks, forward security and backward security have been proposed. Nevertheless, the existing forward/backward-secure DSSE schemes can only support single keyword queries. To address this problem, in this paper, we propose two DSSE schemes supporting range queries. One is forward-secure and supports a large number of documents. The other can achieve both forward security and backward security, while it can only support a limited number of documents. Finally, we also give the security proofs of the proposed DSSE schemes in the random oracle model.
Proceedings Article•
1 Jan 2018TL;DR: This work presents Selecta, a tool that recommends nearoptimal configurations of cloud compute and storage resources for data analytics workloads, and uses it to draw significant insights about cloud storage systems, including the performance-cost efficiency of NVMe Flash devices, the need for cloud storage with support for fine-grain capacity and bandwidth allocation, and the motivation for end-to-end storage optimizations.
Abstract: Data analytics are an important class of data-intensive workloads on public cloud services. However, selecting the right compute and storage configuration for these applications is difficult as the space of available options is large and the interactions between options are complex. Moreover, the different data streams accessed by analytics workloads have distinct characteristics that may be better served by different types of storage devices. We present Selecta, a tool that recommends nearoptimal configurations of cloud compute and storage resources for data analytics workloads. Selecta uses latent factor collaborative filtering to predict how an application will perform across different configurations, based on sparse data collected by profiling training workloads. We evaluate Selecta with over one hundred Spark SQL and ML applications, showing that Selecta chooses a near-optimal performance configuration (within 10% of optimal) with 94% probability and a near-optimal cost configuration with 80% probability. We also use Selecta to draw significant insights about cloud storage systems, including the performance-cost efficiency of NVMe Flash devices, the need for cloud storage with support for fine-grain capacity and bandwidth allocation, and the motivation for end-to-end storage optimizations.