Abstract:With the rapid development of cloud computing technology, its security issues have become more and more obvious and received much attention in both industry and academia. High security risk is widespread in traditional cloud architecture. Hacking into a virtual machine destroys the availability of cloud services or resources. Un-Trusted cloud storage makes it more difficult to share or search users' private data. The risk of privacy leakage is caused by various outsourcing computation and application requirements. From the perspective of security and privacy preserving technologies in cloud computing, this paper first introduces related research progress of cloud virtualization security, cloud data security and cloud application security. In addition, it analyzes the characteristics and application scopes of typical schemes, and compares their different effectiveness on the security defense and privacy preserving. Finally, the paper discusses current limitations and possible directions for future research.

Abstract:Trust is one of the key factors that affect people's preferences in choosing cloud computing. However, the content and the evaluation basis of cloud trust are still not perfect, and there are lack of strict theoretical analysis and evaluation methods on its dynamic properties. For the status quo, this paper first defines cloud trust, and describes in details its sub-properties according to related international cloud security standards and trust specifications. Then, the basis, purpose, and scope of a model for analyzing cloud trust is presented. Next, to the process for building this model is described. Using LTS as an operational semantics profiling tool, starting from the interactive process of internal components in cloud, the cloud service is depicted as the interactions between users and cloud, and interactions among entities inside cloud. Finally, the model analysis tool, Kronos is used to analyze system state variations in service provision from multiple perspectives including availability, reliability and security. The analysis results demonstrate that the presented model can find not only known trusty problems but also unknown risks, which indicates the model is effective, and can provide theoretical support for trusted cloud construction.

Abstract:Trusted cloud architecture provides isolated execution environment for trusted and secure cloud services, which protects the security of cloud users' data computation and storage. However, with the rapid development of mobile cloud computing, there is currently no secure solution for mobile terminals accessing trusted cloud architecture. To address this issue, this research proposes a secure access scheme of cloud services for trusted mobile terminals. By fully considering the background of mobile cloud computing, an architecture of trusted mobile terminal is constructed using ARM TrustZone hardware-based isolation technology that can prevent the cloud service client and security-sensitive operations on the terminal from malicious attacks. Leveraging physical unclonable function (PUF), the key and sensitive data management mechanism is presented. Based on the trusted mobile terminal and by employing trusted computing technology, the secure access protocol is designed. The protocol is compatible with trusted cloud architecture and establishes an end-to-end authenticated channel between mobile cloud client and cloud server. Six security properties of the scheme are analyzed and an instance of mobile cloud storage is provided. Finally a prototype system is implement. The experimental results indicate that the proposed scheme has good expandability and secure controllability. Moreover, the scheme achieves small TCB for mobile terminal and high operating efficiency for cloud users.

Abstract:Virtual machine introspection (VMI) has received much attention from both academic and industrial community, and plays an important role in intrusion detection, kernel integrity protection and many other areas. However, the semantic gap has greatly limited the development of this technology. In this respect, this paper divides existing VMI technologies into four categories based on the methods of semantic reconstruction, followed by the problems and their corresponding researches. Analysis results reveal the difficulties in meeting all the requirements. The paper therefore details the relevant applied research in security based on VMI. Finally, it presents the future research directions that need in-depth study, such as VMI's security, availability and transparency.

Abstract:Live migration of virtual machines is the transfer of running virtual machines from one host server to a new host server to ensure computing tasks completed without notifying the owners of virtual machines, which has many beneficial characteristics such as load balancing, hardware independent, and high efficiency utilization of resource. However, live migration of virtual machines exposes information of virtual machines and their users to the network, making its security in the virtualized environment a serious problem that concerns many users becomes a hot issue in the industry and academia. This article focuses on researching the mechanism of virtualization and the source code of virtualization operating system, and explores breakthrough in security problems of live migration. Firstly the article analyzes potential memory-leak security threat of live migration. Then it designs and puts forward a new security protection model based on hybrid random transform coding method. Combined with KVM (kernel-based virtual machine) virtualization structure, communication mechanism and migration mechanism, the model adds monitor module and security module at source and destination of live migration, ensuring the data security while the virtual machines are migrating. Finally, a series of experiments are designed to simulate and test the security protection capability of the model and its impact to virtual machine's performance. The simulation results show that the proposed model can ensure the security of live migration in the KVM virtualization environment, as well as balance the security of virtual machines and performance of live migration.

Abstract:Provable data possession (PDP) and proofs of retrievability (POR) are techniques for a client to verify the integrity of outsourced data in cloud storage. Recently, numerous PDP and POR schemes have been proposed while the techniques are widely used in academic and industrial community. However, due to specific and unique requirements of different groups, PDP/POR schemes vary and many functionalities such as data deduplication have not been implemented. How to construct an efficient group PDP/POR scheme to meet these unique requirements of functionality and security has received much attention. In this paper, a group PDP with deduplication (GPDP) is presented. Based on matrix calculation and pseudo-random function, GPDP can efficiently guarantee data possession with deduplication, as well as defend against selective opening attacks of a malicious party.The security of GPDP in the standard model is proved and a prototype based on GPDP scheme in a realistic cloud platform of Baidu is implemented. To evaluate the performance of GPDP, this work utilizes data size of 10GB for experiments and analysis. The result of experiments show that GPDP can guarantee data possession efficiently with deduplication and protect against selective opening attacks. In particular, the performance is superior to private schemes in the phase of pre-process and public schemes in the phase of verification (as efficient as private scheme in the phase of verification). Furthermore, GPDP reduces the extra storage and communication cost to a minimum than the other PDP/POR schemes applied in a group.

Abstract:Enforcing access controls on cloud storage by cryptography is an important topic of cloud security. Based on access control policies, selective encryption builds key derivation graphs to distribute symmetric keys among users. Selective encryption can ensure the confidentiality and fine-grained access control of cloud storage data, while simplifying data encryption procedure and reducing the total number of keys. However, the existing selective encryption solutions have to fully or at least partially disclose the access control policies. This policy information unfortunately, is usually related to the authorization relation between users and files, leading to privacy leakage. This work significantly improves the existing policy-hiding schemes (of selective encryption) with much less privacy leakage and much faster key derivation, while supporting fine-grained access control on encrypted cloud storage.

Abstract:Verifying the integrity of cloud data shared by a group is one of the most common usage of cloud storage integrity checking. In cloud storage integrity checking, the private key which is used to generate data signatures by user may be unavailable because of the damage or the fault of storage medium. However, currently existing cloud storage integrity checking schemes for shared data do not consider this realistic problem. This paper first explores how to deal with the problem of the private key unavailability in cloud storage integrity checking for shared data. A new scheme that enables cloud storage integrity checking for shared data with private key-recovery ability is proposed. In this scheme, when a group user's private key is unavailable, this user's private key can be recovered with the help of t or more users in the group. At the same time, a random masking technology is designed to guarantee the security of participating members' private keys. The user can also verify the correctness of the recovered private key. Finally, the analysis of security and experimental results are provided to show that the proposed scheme is secure and efficient.

Abstract:The analysis and research described in this paper aim at solving the problem of data confidentiality and fault-tolerant in cloud storage environments. It first shows that the existing solutions can either solve the problem of confidentiality or fault tolerance, but are not able to take both for consideration. In order to solve the problems, the paper proposes a secure cloud storage system with data confidentiality and fault-tolerant (SCSM-DCF)，which is based on threshold public key encryption scheme and erasure codes over exponents. The formal definition, security definition, and communication protocols between entities are given in this paper. Finally, the performance of the model is analyzed, and the result indicates that the model is not only correct and secure, but also has the higher efficiency.

Abstract:With the development of big data and data mining technology, the access pattern becomes a risk of leaking user's privacy in the cloud computing environment. Oblivious random access memory (ORAM) is an effective way to protect the user's access pattern. The existing ORAMs mostly support a single user. The only ORAM supporting multi-user is based on the hierarchical ORAM including a reshuffling phase that may cause high computational complexity. In order to avoid reshuffling, this paper designs a new multi-user ORAM based on binary tree. First, a proxy encryption scheme is improved. Second, a proxy between users and the cloud server is introduced. The data encrypted by different users is encrypted again by the proxy to obtain the final ciphertext encrypted by the same key, and the final ciphertext is stored on the server. The security of the scheme is based on the indistinguishability of the pseudorandom function, and the worst computational complexity and the amortized computational complexity are all O(log²n), achieving higher efficiency than the existing multi-user ORAM schemes.

Abstract:Fully homomorphic encryption allows valid operation on encrypted data without decrypting, providing a new solution to data confidentiality and privacy protection. However, current fully homomorphic encryption schemes are faced with challenges like large size of public key or low efficiency in calculation. To achieve an efficient fully homomorphic encryption scheme, this work provides an identity-based fully homomorphic encryption scheme employing the idea of eigenvector and arbitrary cyclotomic rings. Compared with existing scheme, this identity-based fully homomorphic encryption with eigenvector is able to successfully avoid the evaluation key, resulting a true identity-based scheme. Compared with special cyclotomic rings whose degree is power of 2, utilizing arbitrary cyclotomic rings may double the efficiency of encryption schemes and further improve the efficiency of calculation and memory using SIMD technique.

Abstract:Through introducing the access structure into attribute-based encryption, users can achieve the fine-grained access control to the ciphertext. Any access structure can be realized by general circuit. Therefore, designing attribute-based encryption for general circuit is difficult in this field. Garg etc. presented the first general circuit access structure based on multilinear maps. However the usability of the access structures is rather limited as gate can only output layer by layer and the depth of the circuit are fixed in l. In order to solve this limitation, this paper proposes a key-policy attribute-based encryption scheme for general circuits based on the Garg's scheme. In key generation step, the new scheme implements any circuit that depth is greater than 1 and less than or equal to l by equivalent conversion of the circuit and addition of the conversion key. It also achieves cross layer output by adding its child node depth into every non-leaf node's key component. Selective security of the proposed scheme in the standard model is proved under the decisional multilinear Diffie-Hellman assumption.

Abstract:Multi-factor authenticated key exchange (MFAKE) protocols combine different authentication factors to realize strong secure identity authentication and access control, and have great application potential in mobile ubiquitous services with high-level security requirements. Until now, literatures about MFAKE protocols are rare and far from satisfactory. Moreover, existing multi-factor authenticated key exchange protocols are proven secure only in the random oracle model. The study proposes a MFAKE protocol using two-party password authenticated key exchange protocols, fuzzy extractors and signature schemes as building blocks. The security of this MFAKE protocol is conducted in the standard model. The server does not need to know the biometric template of the user, thus the biometric privacy of the user is preserved. Compared with existing MFAKE protocols, our protocol achieves stronger security with lower computation and communication costs. Consequently, the proposed protocol is more suitable for mobile ubiquitous services with high-level security requirements.

Abstract:To tackle the problems of security threat and the shortcomings in the process of ID authentication between user and cloud, this paper applies Portable TPM chip and certificateless public key cryptography for the first time to solve the issues in the cloud environment, and proposes a scheme for bidirectional ID authentication between user and cloud. Compared with previous authentication schemes, the proposed scheme has the several advantages. First, based on the unique identity of user and cloud by the identity management mechanism, portable TPM can not only achieves secure and trusted terminal platform, which ensures the authentication result between user and cloud is correct and valid, but also supports the objectives of ID authentication between user and cloud in user's any terminal device. Furthermore, Dual-factor ID authentication (password + key) is implemented with certificateless public key signature algorithm provided by the new scheme. Finally, security proof and performance analysis show that this proposed scheme has the security level of EUF-CMA, and the computation overhead of ID authentication between user and cloud is significantly improved.

Abstract:Tenant separation is a provision for cloud computing to be provided to tenants as a third party service, therefore the tenants' confidence in the security effectiveness of cloud tenant is critical to the promotion of cloud services. However, in a third party service such as cloud computing, tenants have few opportunities to take part in the construction and management of the infrastructure of cloud computing, making it hard for the tenants to trust the tenant separation mechanism in cloud. This paper views the transparency requirement as a part of trusted cloud tenant separation mechanism, implements a cloud tenant separation mechanism and its transparency requirement based on the inter-domain information flow control policy in cloud computing systems, and proves that the resulting cloud tenant separation mechanism is secure and effective by non-interference theory.

Abstract:Secure multiparty computation (SMC) is a key technology of cyberspace security and privacy preservation, and it is vital to provide secure cloud computing with SMC based on homomorphic encryption schemes. Secure set computing, which has extensive applications, is a fundamental problem in SMC. Existing solutions to secure set computing are mainly constructed between two parties, but less presented on multi-parties. Those schemes are inefficient, and are hardly adequate to cloud computing. This study proposes a new coding scheme and incorporates homomorphic encryption algorithm to construct a protocol for secure set union computing in cloud environment. The proposed scheme is universal and secure against the collusion of participants. The homomorphic encryption adopted can be either additive or multiplicative. The paper also proposes an efficient secure set union computing scheme, incorporating the G?del numbering and ElGamal public key encryption. The proposed schemes can be used to sort multiple sets, and are proved to be secure in the semi-honest model. In addition, with few modifications, the protocol can also securely compute the intersection of multiple sets.

Abstract:With extensive applications of cloud computing, data capacity of data centers has grown rapidly. Furthermore, document information, which usually contains user's sensitive information, needs to be encrypted before being outsourced to data centers. Faced with such a large amount of ciphertext data, current techniques have low search efficiency in this scenario. Aiming at solving this problem, this paper proposes an efficient ciphertext search method based on similarity search tree (MRSE-SS) that can handle big data volume. The proposed approach clusters the documents based on the max distance between the cluster center and its members, constructs an n-dimensional hyper sphere by using the cluster center as the center of sphere and the max distance as radius, and then gradually clusters small clusters into large clusters. In the search phase of the ciphertext document collection constructed by this method, the ideal retrieval results can be obtained only by searching the query vector's neighboring clusters, thus improving the efficiency of ciphertext search. An experiment is conducted using the collection set built from the recent ten years' JC publications, containing about 2900 documents with nearly 4800 keywords. The results show that the presented approach can reach a linear computational complexity against exponential size of document collection. In addition, the retrieved documents have a better relationship with each other than by traditional methods.

Abstract:With advances in cloud computing, hospitals and healthcare organizations can outsource the storage and management of their encrypted electronic medical records (EMRs) to the cloud services for great flexibility and economic savings. Although encryption helps protecting user data confidentiality, designing secure and practically efficient search functions over encrypted data remains challenging problem. This paper first constructs a multi-field conjunctive keyword search (MCKS) scheme, called MCKS_I, which supports equality query. For more flexible and complex MCKS, such as subset and range query, it then proposes an improved scheme, MCKS_II, based on a novel vector representation of hierarchical attributes. The new schemes are proven to be able to resist known plaintext attack. Extensive analysis and experiments show that the proposed schemes are extremely practical.

Abstract:Homomorphic encryption, which protects privacy effectively and allows algebraic operations directly in the ciphertext, has been a active topic in the study of cloud computing. Due to security threats in cloud computing, the security protection and integrity authentication of encrypted data remain critical problems. The challenge lies in how to retrieve the encrypted data. To achieve more effective management and security protection of encrypted images on-line, this paper proposes a reversible data hiding scheme for ciphertext based on the public key cryptosystems with homomorphic and probabilistic properties. In the proposed scheme, partial pixels are selected as target pixels by a secret key and all bits of the target pixels are embedded into the other pixels with difference expansion (DE) to vacate room before encryption. As a bonus, secret data can be embedded directly in homomorphic encrypted domain by altering the target pixels with the fake pixels which are comprised of secret data. With the legal key, the receiver can extract the embedded data from the encrypted image and the directly decrypted image. Furthermore, user can accurately recover the original image after decryption and data extraction. Finally, experimental results show that extra data can be embedded more efficiently in homomorphic encrypted domain while keeping the quantity of data unchanged. Besides, the embedded data can be extracted in both ciphertext and plaintext.