PKIS: practical keyword index search on cloud datacenter

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "PKIS: practical keyword index search on cloud datacenter"

Transcription

1 Park et al. EURASIP Journal on Wreless Communcatons and Networkng 20, 20:64 RESEARCH Open Access PKIS: practcal keyword ndex search on cloud datacenter Hyun-A Park, Jae Hyun Park 2 and Dong Hoon Lee * Abstract Ths paper hghlghts the mportance of the nteroperablty of the encrypted DB n terms of the characterstcs of DB and effcent schemes. Although most pror researches have developed effcent algorthms under the provable securty, they do not focus on the nteroperablty of the encrypted DB. In order to address ths lack of practcal aspects, we conduct two practcal approaches effcency and group search n cloud datacenter. The process of ths paper s as follows: frst, we create two schemes of effcency and group search practcal keyword ndex search I and II; second, we defne and analyze group search secrecy and keyword ndex search prvacy n our schemes; thrd, we experment on effcent performances over our proposed encrypted DB. As the result, we summarze two major results: ()our proposed schemes can support a secure group search wthout re-encryptng all documents under the group-key update and (2)our experments represent that our scheme s approxmately 935 tmes faster than Golle s scheme and about 6 tmes faster than Song s scheme for 0,000 documents. Based on our experments and results, ths paper has the followng contrbutons: () n the current cloud computng envronments, our schemes provde practcal, realstc, and secure solutons over the encrypted DB and (2) ths paper dentfes the mportance of nteroperablty wth database management system for desgnng effcent schemes. Keywords: keyword ndex search, encrypted document, group settng, DBMS, ndex lst table, normalzaton, prmary key, foregn key, group search secrecy, keyword ndex search prvacy, cloud datacenter Introducton Cloud computng technologes have become a central ssue n order to open a new dgtalzed nformaton socety by heterogeneous servces and convergence of technologes. In the era of cloud computng, personal computer and storage have changed ther functons and features n soco-techncal perspectves: the functons of personal computers have changed ther concerns from ndvdual to centralzed manageral ones; the features of storage have also transformed ts boundares from personal databases or Enterprse Resource Plannng (ERP) severs to the datacenter n socal storage systems [,2]. In the cloud computng era, securty research also encounters a varety of challenges and ssues. Because the datacenter s made up of complex prvate nformaton, and the datacenter s faced wth the rsks of * Correspondence: Graduate School of Informaton and Securty, Korea Unversty, 5-Ka, Anamdong, Sungbuk-ku, Seoul 36-70, Korea Full lst of author nformaton s avalable at the end of the artcle nformaton leakages and ntruders or nsders attacks. Wth these reasons, pror researchers have consdered encrypton as the most substantal way for protectng senstve nformaton as the last lne of database defense.. Problem dentfcaton In DB encrypton, prevous researchers have conducted the keyword ndex search over encrypted documents wth varous scenaros; however, the keyword ndex search scheme s neffcent and mpractcal aspects n a real world. The keyword ndex search enables a legtmate queres to search the encrypted documents wth an encrypted keyword over the encrypted ndexes wthout revealng any nformaton on the query and documents, even to the server. In most pror research, we fnd that the ndexes of each data are stored by a row, not by a feld (column) as another neffcent respect. The keyword ndex search schemes requre at least a verfyng test for every row of each data, so that the computatonal complexty of the 20 Park et al; lcensee Sprnger. Ths s an Open Access artcle dstrbuted under the terms of the Creatve Commons Attrbuton Lcense ( whch permts unrestrcted use, dstrbuton, and reproducton n any medum, provded the orgnal work s properly cted.

2 Park et al. EURASIP Journal on Wreless Communcatons and Networkng 20, 20:64 Page 2 of 6 prevous schemes requres at least O(n) f the total number of stored data s n. The computaton or scannng over many felds wthn one row s not fast, whle the computaton or scannng wthn one feld s relatvely faster than n one row. Moreover, encrypton algorthm needs many random factors, whch makes t hard to apply effcent DB schema a to encrypted databases. Our schemes are n the lne of the keyword ndex search area, and ths paper focuses on more practcal approaches over the encrypted database to resolve the problems the effcency and group search of the encrypted database n the cloud datacenter servce. In ths paper, we extend the search scope from between a server and a sngle user to the search between a server and group members (multple users) n the cloud datacenter servces, because current changng cloud computng technologes call for a varety of collaboratons and cooperaton among users n a certan socal networkng envronment. These changng socal networkng envronments requre multple users nformaton sharng n a certan organzaton; therefore, we propose the group key search of database encrypton, when a group member shares hs or her senstve nformaton among multple users. Especally, sharng senstvenformatonshouldbeencryptedbyagroupkeyn group search of database encrypton. On the other hand, a group key has some problems to be used as a search key, because the group key has a dynamc property,.e., a person may jon or leave from the group. When a member leaves from a group, all data accessble to the group should not be accessble any more. It could be resolved by updatng a group key, and the leavng member must not compute a new group key. On the other hand, when a member jons a group, he or she should obtan all of the prevous group keys n order to access all of the group data. Ths problem, a member jons a group, makes desgn much harder. A nave soluton s to decrypt all documents of the group and re-encrypt the documents by the new group key accordng to every membershp change. Yet ths soluton entals a large amount of computatonal overheads. In pror research, most schemes have not consdered practcal usages, whle [3,4] worked on the search schemes of dynamc group membershp changes wthout re-encryptng documents. Park et al. s scheme [3] s relatvely faster than that of Wang et al. [4]. Wang et al. s s based on blnear, whle Park et al. utlzed the reversed hash key chans and bloom flters. The faster Park et al. s scheme has a potental problem related to group member leave. Ths paper, therefore, seeks to fx ths proposed problem from Park et al. s scheme the reversed hash key chans, and t also develops novel effcent schemes wth the experments..2 Key dea and contrbuton The prevous schemes have focused on the development of new encrypton algorthms, whle we apply general DB schema to the encrypted database nstead of developng an effcent encrypton algorthm. Based on ths key dea, we devse two tables and store all ndexes for all documents n one feld (column). The two tables enable to buld database normalzaton b by applyng prmary keys and foregn keys nto the tables. These propertes of two tables enable the server to drectly access the data that a user wants to search wthout any verfcaton processes for every row. Based on these two tables for effcency, we construct PKIS-I wth the reversed one-way hash key chan and PKIS-II wth the key matchng table, for the group search. Through PKIS-I and PKIS-II, we summarze the results as follows: ) Effcency Compared to computatonal complexty durng the search process, our schemes s O(), whle other prevous papers s at least O(n). Our experments represent our scheme s approxmately 935 tmes faster than Golle s scheme and about 6 tmes faster than Song s scheme for 0,000 documents. 2) Group search By re-encryptng keywords or documents wth the group manager (GM) s secret key k c, we resolved the encrypted database group search problem n cloud servce. Whenever every membershp change, our schemes can support a secure group search wthout reencryptng all documents. 3) Securty We made defntons on group search secrecy and keyword ndex search prvacy and analyzed them. Therefore, ths paper has two contrbutons as follows: () our schemes provde practcal and realstc encrypted DB solutons n the cloud computng envronments and (2) ths paper dentfes the mportance of nteroperablty wth DBMS as well as developng algorthms, to desgn effcent schemes..3 Related works The search systems research of encrypted data has been regarded as an actve area wth varous scenaros. In ths

3 Park et al. EURASIP Journal on Wreless Communcatons and Networkng 20, 20:64 Page 3 of 6 secton, we revew the pror papers n search systems on encrypted database. Song et al. [5] frstly proposed a sequental scannng search algorthm, searchable symmetrc key encrypton, over entre documents by usng stream and block cphers. Followng ths dea, most researches have been conducted on the keyword ndex search. Boneh et al. [6] proposed a keyword search wth a publc key system, where they defned the concept of a publc key encrypton wth keyword search (PEKS) and showed that PEKS mples dentty-based encrypton; however, the converse s currently an open problem. Chang et al. [7] suggested two ndex search schemes wth the dea of pre-bult dctonares. Goh [8] formulated a securty model for ndexes known as semantc securty (or ndstngushablty) aganst an adaptve chosen keyword attack (IND- CKA), and they also proposed an secure ndex scheme n the model. Waters et al. [9] publshed the buldng of an encrypted and a searchable audt log, whch searches the encrypted log wth extracted keywords. Byun et al. [0] rased a serous vulnerablty of publc key-based keyword search schemes, whch are susceptble to an off-lne keyword guessng attack through much smaller space than passwords. In addton, some proposed schemes extend the types of encrypted data queres. Boneh and Waters [] suggested a publc key system n order to support queres for testng any predcate on encrypted data wth tokens produced by a secret key. They constructed comparson systems, subset queres, and conjunctve versons of these predcates, whch ntroduce a prmtve, hdden vector encrypton. Hacgumüs et al. [2] proposed the method of range queres on encrypted data n the Database As a Servce (DAS) model by usng prvacy homomorphsm that allows basc arthmetc (+, -, ) on encrypted data. Golle et al. [3] frstly proposed an effcent conjunctve keyword search over encrypted data and ther scheme constructs a keyword feld. Hwang et al. [4] constructed a conjunctve keyword search scheme for group users, based on the publc key. Wang et al. [4] developed threshold prvacy preservng keyword search scheme. These schemes cannot support dynamc groups, whle Park et al. [3] frstly proposed search schemes of dynamc groups, and ther search schemes deal wth membershp changes wthout reencryptng documents for each change of membershp. Later, Wang et al. [5] bult conjunctve keyword searches on encrypted data wthout keyword felds, and they appled these searches to the settng of dynamc groups. Zerr et al. [6] worked on the problem of supportng keyword search for senstve unstructured documents shared wthn collaboraton groups. They proposed r- confdental Zerber ndexng faclty for senstve documents, and they utlzed secret splttng and term mergng to provde tunable lmts on nformaton leakage, even under statstcal attacks. As they admtted, ths proposed ndexng scheme would be unattanable n practce, and ther scheme s neffcent. In successon, Zerr et al. [7] publshed Top-K retreval algorthm from ZERBER +R. In ths work, they focused on ranked keyword search, term frequences, and a novel relevance score transformaton functon. Here, the functon n novel relevance score transformaton hdes the termspecfc dstrbuton of relevance score values, and t makes the scores of dfferent terms ndstngushable. The authors of [8,9] also handled wth the same problems. Wang et al. [20] consdered the problem, concernng effectve yet secure ranked keyword search over encrypted cloud data. In order to acheve practcal performance, Wang et al. proposed a defnton for ranked searchable symmetrc encrypton and used order-preservng symmetrc encrypton. Yet [20] s not a desgn for the group search. Cao et al. frstly explored the problem of mult-keyword ranked search over encrypted cloud data (MRSE), and they establshed a set of strct prvacy requrements for such a secure cloud data utlzaton system to become a realty [2]. They proposed a basc MRSE scheme usng secure nner product and then mproved ths scheme n order to meet dfferent prvacy requrements n two levels of threat models. Addtonally, Zerr et al. s schemes are not Boolean operaton on multple keywords searches n tradtonal searchable encrypton schemes but they are ranked search operaton. The evaluaton methods and securty requrements such as term frequency c are dfferent. Hence, the comparsons wth our schemes are actually meanngless. As for the papers about encrypted data n cloud computng, addtonally, there are L et al. s [22] and Yu et al. s [23]. L et al. handled wth the problem of authorzed prvate keyword searches (APKS) over encrypted data n cloud computng, where multple data owners encrypt ther records along wth a keyword ndex to allow searches by multple users. Ther two novel solutons for APKS are based on herarchcal predcate encrypton, whch uses parng-based cryptography. Yu et al. proposed a secure and scalable fne-graned data access control scheme for cloud computng. In order to acheve ths goal, they combned the technques of attrbute-based encrypton, proxy re-encrypton, and lazy reencrypton, whch are also parng-based cryptography. 2 Prelmnares 2. Keyword ndex search scheme In general, keyword ndex search schemes consst of setup and searchng processes. In the setup process, a clent uploads encrypted data together wth ts ndexes

4 Park et al. EURASIP Journal on Wreless Communcatons and Networkng 20, 20:64 Page 4 of 6 (also called searchable nformaton) on a database server, and the ndexes are encrypted keywords for searchng the data. To search data wth a keyword n the searchng process, a user generates a trapdoor and sends t to the server. Here, the trapdoor s the encrypton of the keyword and provdes only search capabltes to the server wthout revealng any nformaton about the keyword. The database manager runs the test algorthm wth the ndexes and the trapdoor as nput to fnd the correspondng data. That s, ths searchng verfcaton s performed on the ndexes rather than on the encrypted data. The results are returned to the clent, and the clent fnally decrypts the results and sends them back to the user. 2.2 System envronments 2.2. Multple user settng Our system s devsed for a certan group organzaton, whch ncludes many departments such as government offces, organzatons, or enterprses. Ths group ncludes subgroups (g, g 2,..., g 7 ) and ther members (p, p 2,..., p 5 ). Ths paper dentfes a group as a set of people wth the same ams, and the group organzes the people workng together. In ths paper, we focus on a group search, because prvate search s possble through the same process as well Cloud datacenter servce and modfed DAS model Our applcaton storage system s a datacenter for the cloud storage servce. d The users of group members store ther sharng documents n a datacenter, not ther own server. In ths case, we cannot guarantee that the datacenter server managers are trust; therefore, we utlze the cryptographc method for the data. Ths s smlar to DAS model of [2]. In the DAS model, a clent s trustworthy, whle users data are stored n and managed by an untrustworthy server. A clent has a restrcted computatonal power and storage and reles on the server for a mass computatonal power and storage. A server can be an nsde attacker and s not allowed to read the data. Hence, the encrypton key should not be known to the server (or the database admnstrator). Data prvacy s assured under the condtons that a clent does not share encrypton keys, metadata or orgnal data wth any party. Here, we modfy the DAS model nto our applcaton system. Our scheme s made up of three partes: () users of group members, (2) a group manager GM, and (3) a datacenter server DS. Users of group members are the owners of documents, and they are regstered n ther organzaton. GM plays a smlar role of a clent server, and t s a trusted party n our scheme. In our scheme, the GM manages the group sesson keys and the search keys of all groups, for secure communcaton and secure keyword ndex search. DS s not a trustable party n our scheme. Hence, all of the documents n a server should be encrypted and queryng keywords should be also encrypted. One of the most mportant thngs s that there s no decrypton by a server through all processes. 2.3 Notatons TG: a huge herarchcal group g : th small group of G g j : a small group g at jth sesson D n : nth documents W n : keywords lst of D n w n : th keyword of W n d n : dentfer of D n gk : group sesson key of a small group g k : ndex generaton key of a small group g dk : documents encrypton key of a small group g gk j : group sesson key of g at jth sesson k j : ndex generaton key of g at jth sesson dk j : documents encrypton key of g at jth sesson k c :GM s secret key f ( ): pseudorandom functon (PRF) h( ): one-way hash functon 2.4 Defntons Defnton. One-Way Hash Key Chan It s generated by selectng the last value at random and applyng a one-way hash functon h repeatedly. Note that the ntally chosen value s the last value of the key chan. The followngs are two propertes of a one-way hash chan [24]. Property : Anybody can deduce that an earler value k belongs to the one-way key chan by usng the later value k j of the chan and by checkng h j- (k j ) whch equals k wth the later value k j. Property 2 : Gven the latest released value k of a one-way key chan, an adversary cannot fnd a later value k j such that h j- (k j )equalsk.evenwhenvalue k + s released, the second pre-mage collson resstant property prevents an adversary from fndng k + dfferent from k + such that h(k + ) equals k. Defnton 2. PRF We say that F : K f X Y s (t, q, e)-secure PRF f every oracle algorthm A makng at most q oracle queres and wth runnng tme at most t has advantage Adv A <e. The advantage s defned as Adv A = Pr[A F k =] Pr[A R =] where R represents a random functon selected unformly from the set of all

5 Park et al. EURASIP Journal on Wreless Communcatons and Networkng 20, 20:64 Page 5 of 6 maps from X to Y, n whch the probabltes are taken over the choce of k and R [5]. 2.5 Algorthm SysPara( k ). It takes an nput as a securty parameter k and outputs a system parameter l. l determnes elements n order to set the encrypted database system such as the sze of database, encrypton/decrypton algorthm, functons, the sze of parameters, and so on. KeyGen(l). Takngl as an nput, ths algorthm generates users group sesson key set {g k }, ndex generaton key set {k}, and document encrypton key set {dk}. IndGen(k, W). Inputs of algorthm IndGen are an ndex generaton key k and a keyword set W. Output s ndex lst table. DocEnc(dk, D). Gven a document encrypton key dk and a document D, ths algorthm outputs an encrypted document. TrapGen(w, k). Ths algorthm takes a keyword w and ndex generaton key k. It encrypts the keyword w wth ndex generaton key k and returns the encrypton value, whch s the trapdoor T w for the keyword w. Retreval(T w ). Ths algorthm takes nput as trapdoor T w. If there exst matchng values to the trapdoor T w n an ndex lst, then t outputs the encrypted documents that are mapped to the dentfers of the matchng values n the ndex lst table. Dec(E(D), dk). Gven a document encrypton key dk and encrypted document E(D), t outputs a plantext document D. 3 Constructon Of Practcal Keyword Index Search-I (PKIS-I) Our scheme PKIS largely comprses of two parts; () uploadng phase and (2) downloadng phase. The uploadng phase conssts of four algorthms of SysPara; KeyGen; IndGen; DocEnc. The downloadng phase s composed of three algorthms of TrapGen; Retreval; Dec. PKIS-I s group key generaton method s based on [3]. However, n [3], SIS-G has a bg potental problem. If one of group members would reveal hs/her group key to a server, the server could know all of the prevous documents of the group members. In order to resolve ths problem, we add a re-encrypton process through GM and propose a new practcal scheme wth normalzed database tables over encrypted documents n a keyword ndex search protocol area. 3. Uploadng phase 3.. SysPara( k ) constructon Wth the algorthm SysPara( k ), GM generates system parameter l =(f ( ), h( ), q). f : {0, } k {0,}* {0, } k s a PRF and h :{0,}* {0, } k s one-way hash functon. q s the length of one-way hash key chan KeyGen(l) constructon In ths constructon, group search keys are generated. Wth system parameter l, GM generates group sesson keys {gk j },ndexgeneratonkeys{kj },anddocument encrypton keys {dk j }, where ndex generaton keys and document encrypton keys are called as search keys. The search keys are reversely generated by one-way hash key chans. At frst, the last key of a key chan s selected (. e. k q and dkq, f the length of a key chan s q). GM apples the last key to a hash functon repeatedly and computes all other keys untl the frst key comes out. It can be expressed lke ths: k = h(k+ ), dk = h(dk+ ) where Î [,q -]. In more detal; {k } = {kq R{0, } k, h(k q )=kq, h(k q )=k q 2,... h(k 4 )=k3, h(k 3 )=k2, h(k 2 )=k }. {dk } = {dkq R{0, }k, h(dk q )=dkq, h(dk q )=dk q 2,... h(dk 4 )=dk3, h(dk 3 )=dk2, h(dk 2 )=dk }. For example, f an event of a sesson-change happens for a subgroup g, the frst sesson s changed nto the second sesson and then the group sesson key, a document encrypton key, and an ndex generaton key are changed lke ths: gk gk2, dk dk2, k k2. One-way hash functon h plays the mportant role of group search key n PKIS-I. One-wayness property of hash functon can prohbt a leavng member from computng new keys after leavng the group. But any newly jonng member can obtan all prevous keys through applyng the current key to hash functon h repeatedly.

6 Park et al. EURASIP Journal on Wreless Communcatons and Networkng 20, 20:64 Page 6 of 6 Ths elmnates decrypton and re-encrypton of the prevous documents. These search keys are dstrbuted to all of the group members every membershp change. For example, n the second sesson, a member of subgroup g receves a new group sesson key gk 2 at frst. Ths group sesson key can be dstrbuted by GM wth well-known group key protocols, such as one n [25]. Then, dk 2 and k2,whch are computed n advance by the hash key chan, are encrypted wth gk 2 and transferred to all members of subgroup g. It s llustrated n Fgure IndGen(k, W) and DocEnc(dk, D) constructon When a user stores documents D n and ts keywords W n ={w n,, w n,2,...} n a server, he encrypts the document and keywords wth the algorthms DocEnc and IndGen. For a member of a small group g n the jth sesson, the encrypted document and ndexes are generated as follows; {d n, f dk j f k j (D n ), f k j (w n, ), f j k (w n,2 ),...} (w n, ), f j k (w n,2 ),... are ndexes that are the encrypted keywords. The user sends the encrypted document and ndexes to GM Database update Recevng the encrypted document and ts ndexes, GM re-encrypts them wth hs securty key k c.afterths, GM sends them to a datacenter server DS. DS adds the receved data to the tables of Index Lst and Encrypted Document every uploadng tme. Index Lst s composed of ndexes and ther document dentfers as follows: f kc (f j k (w n, )), f kc (d n ); f kc (f j k (w n,2 )), f kc (d n ), f kc (d n ). Table shows some parts of ndex lst table. Then, DS stores an dentfer f kc (d n ) and encrypted documents f kc (f dk 2 (D n )) n a row lke Table 2. Namely, PKIS s composed of two tables, where f kc (d n ) plays a role of a ponter as well as an dentfer of D n. Snce an ndex lst s made by ths way, we can make a relatonal DB by applyng prmary key and foregn key nto PKIS. The Index and Identfer of Document of Table are defned as prmary key, and Identfer of Document of Table 2 s defned as foregn key. There s no computaton to test and to search n a datacenter server. We can dmnsh the gap from general plantext search systems through mnmzng computatonal overhead n the retreval stage and applyng effcent DB schema. 3.2 Downloadng phase 3.2. TrapGen(w, k) constructon Algorthm TrapGen(w, k) outputs trapdoors for a keyword w. Weassumeaganthattheuserofgroupg at the second sesson wants to search a keyword w. The keyword w may be ncluded n the document at the second sesson or/and the frst sesson. Therefore, the user has to generate two trapdoors encrypted wth k and k 2. That s, a user has to generate the trapdoors as many as the number of sesson-changes, whch s possble because a user can compute all the prevous search keys by applyng the current search key to hash functon h repeatedly. Then, the user computes trapdoors usng the same method as ndex generaton and sends them to GM. GM re-encrypts them wth hs secret key and then queres a datacenter server DS wth the trapdoors. For a member of a small group g n the jth sesson, the trapdoors for a keyword w are as follows; T w = {f kc (f k s (w)), s j} = {f kc (f k (w)), f kc (f k 2 (w)),..., f kc (f j k (w))} Retreval(T w ) and Dec(E(D), dk) constructon By the algorthm Retreval, at frst, DS searches the same values as the queryng trapdoors n the Index feld of Table and fnds out the matchng values to Index and Identfer of Document. Then, DS searches thesamevaluesas Identfer of Document n Table 2 and returns the matchng Encrypted Document s to GM. GM decrypts them wth hs secure key k c and sends them to the user agan. The user decrypts them wth hs/her group document encrypton key. Fgure descrbes the whole process of PKIS-I. 4 Constructon Of Practcal Keyword Index Search II (PKIS-II) In PKIS-II, the man dfference from PKIS-I s that the search keys are not changed but fxed, rrespectvely of membershp changes. GM keeps the key matchng nformaton for groups, whch conssts of all of the group sesson keys and group search keys for each group. All users of group members do not know ther group search keys. The only thng they know s a group sesson key. Instead, GM takes users places for search processes. The operatve processes are smlar to PKIS-I. 4. Uploadng phase 4.. SysPara( k ) constructon Ths process s the same as PKIS-I KeyGen(l) constructon GM generates group sesson keys, ndex generaton keys, and document encrypton keys for each group and stores them n a key matchng table. In PKIS-II, f a sesson-change happens, for example of a subgroup g from the frst sesson to the second sesson, then the group sesson key s changed from gk to gk2.however,the search keys of document encrypton key dk and ndex encrypton key k are unchanged and reman stll as dk

7 Park et al. EURASIP Journal on Wreless Communcatons and Networkng 20, 20:64 Page 7 of 6 User GM DS Uploadng. System Parameter Generaton λ =(f ( ), h( ), q) 2. Key Generaton f j(k j gk,dkj ) {gk}, {k, dk} Trans f er 3. Index Generaton and Document Encrypton {d n, f j(d n ), f j(w n, ), f j(w n,2 ),...} dk k k 4. Database Update Re encrypt; { f kc (d n ), f kc ( f j(d n )), f kc ( f j(w n, )),...} dk k Insert to Database Downloadng. Trapdoor Generaton T w =( f k (w),...,f j(w)) k Re encrypt; T w =( f kc ( f k (w)),...,f kc ( f j(w))) k 2. Retreval Index Lst 3. Decrypton {D t } Fgure The whole process of PKIS-I. Decrypt; { f dk s (D t )} Encrypted Document Return; { f kc ( f dk s (D t ))}

8 Park et al. EURASIP Journal on Wreless Communcatons and Networkng 20, 20:64 Page 8 of 6 Table Index lst Index Identfer of document f kc (f k (w n, )) f kc (d ) f kc (f k (w,2 )) f kc (d ) f kc (f k (w,t )) f kc (d ) f kc (f k 2 (w 2, )) f kc (d 2 ) f kc (f k 2 (w 2,2 )) f kc (d 2 ) f kc (f k 2 (w 2,t )) f kc (d 2 ) f kc (f k 3 (w 4, )) f kc (d 4 ) f kc (f k 3 (w 4,t )) f kc (d 4 ) f kc (f k s (w n,t )) f kc (d n ) and k. When needed, they can be encrypted wth GM s secret key k c IndGen(k, W) and DocEnc(dk, D) constructon When a user stores a document D n and ts keywords {w n,, w n,2,...} n a server, he encrypts the document and keywords wth hs group sesson key. For a member of a small group g n the jth sesson, the encrypted document and ndexes n PKI-II are generated as follows; {f gk j (d n ), f gk j (D n ), f gk j (w n, ), f j gk (w n,2 ),...} The user sends these to GM Database update Recevng the encrypted document and ts ndexes, GM decrypts them wth the group g s sesson key and then re-encrypts wth the group search keys (ndex encrypton key and document encrypton key) and GM s secret key. Then, GM sends them to a server as follows: {f kc (d n ), f dkj (D n ), f k (w n, ), f kj (w n,2 ),...} The next process s the same as PKIS-I. Table 2 Encrypted document Identfer of documents f kc (d ) f kc (f dk (D )) f kc (d 2 ) f kc (f dk 2 (D 2 )) f kc (d 7 ) f kc (f dk 3 (D 7 )) f kc (d 8 ) f kc (f dk 3 2 (D 8 )) f kc (d 9 ) f kc (f dk 2 3 (D 9 )) Encrypted document f kc (d 4 ) f kc (f dk 3 (D 4 )) f kc (d 56 ) f kc (f dk 22 8 (D 56 )) f kc (d n ) f kc (f dk s l n)) 4.2 Downloadng phase 4.2. TrapGen(w, k) constructon Man dfference from PKIS-I n the constructon of algorthm TrapGen(w, k) sthatpkis-iidoesnotneedto generate trapdoors as many as the number of sessonchanges. If a user wants to search a keyword w, the user encrypts the keyword wth hs group sesson key and sends the trapdoor to GM. Lke the Database Update Stage, GM decrypts and re-encrypts them. Then, GM queres DS wth t. For a member of a small group g, the trapdoor for a keyword w n PKIS-II s only one for every tme lke ths; T w =(f k (w)) Retreval(T w ) and Dec(E(D), dk) constructon The retreval stage s also the same as PKIS-I. Recevng the results (encrypted documents) from DS, GM decrypts them wth data encrypton key dk and reencrypts wth group sesson key gk j.andthen,gm sends them to the user agan. The user decrypts them wth hs group sesson key gk j. Fgure 2 shows the whole process of PKIS-II. 5 Securty Analyss 5. Group search secrecy Our retreval system s the group key-based cryptographc searchng method on encrypted documents. Therefore, n ths secton, we dscuss group key secrecy. The followng are group key securty requrements n [26]. Group key secrecy: It must be computatonally nfeasble for a passve adversary to dscover any secret group key. Forward secrecy: Any passve adversary beng n possesson of a subset of old group keys must not be able to dscover any subsequent group key. Backward secrecy: Any passve adversary beng n possesson of a subset of subsequent group keys mustnotbeabletodscoveranyprecednggroup key. Key ndependence: Any passve adversary beng n possesson of any subset of group keys must not be able to dscover any other group key. Forward secrecy provdes securty for subtractve events (leave), snce t prevents former group members from computng the updated group key. Smlarly, backward secrecy provdes securty for addtve events (jon), because t prevents new members from dscoverng the prevously used group keys [27]. In ths paper, the term neglgble functon refers to a functon h :N R such that for any c Î N, there exsts n c Î N, such that η(n) < n c for all n n c [3].

9 Park et al. EURASIP Journal on Wreless Communcatons and Networkng 20, 20:64 Page 9 of 6 User GM DS Uploadng. System Parameter Generaton λ =(f ( ), h( ), q) 2. Key Generaton {gk} Trans f er Keep the KEY MATCHING Table 3. Index Generaton and Document Encrypton { f j(d n ), f j(d n ), f j(w n, ), f j(w n,2 ),...} gk gk gk gk 4. Database Update Decrypt Re encrypt; { f k c (d n), f dk (D n ), f k (w n, ),...} Insert to Database Downloadng. Trapdoor Generaton {g, f j(w)} gk Decrypt Re encrypt; T w = f k (w) 2. Retreval Index Lst 3. Decrypton {D t } Fgure 2 The whole process of PKIS-II. Decrypt Re encrypt; { f j(d t )} gk Encrypted Document Return; { f dk (D t )}

10 Park et al. EURASIP Journal on Wreless Communcatons and Networkng 20, 20:64 Page 0 of 6 However, group key-based search system should not follow the above propertes because a new joner to the group such as a company or a government offce should be able to search all of the prevous documents to perform ther successve tasks of the group. Namely, backward secrecy must not be a securty requrement for our group search system. In ths paper, we defne group search secrecy as follows. Forward search secrecy : For any group g j,the probablty that a partcpant p g j can generate vald trapdoors for (j +)th sesson s neglgble when the partcpant knows vald group search key K j, where p gj+ and 0 <j<q. k j and dkj fall under K j n PKIS-I and gkj falls under Kj n PKIS-II. It means that all leavng members from a group should not access to all of the next documents of the group any more. Backward search accessblty :Foranygroupg j, the probablty that a partcpant p g j can generate vald trapdoors for (j -l)th sesson s - h (n) when the partcpant knows vald group search key K j, where p g j l and 0 <l<j. k j and dkj fall under Kj n PKIS-I and gk j falls under Kj n PKIS-II. Namely, all jonng members to a group can access to all of the prevous documents of the group. Group search secrecy: For a datacenter server DS, when a revelaton of group search key K j happens, the probablty that DS can guess correctly the encrypted documents of group g at the jth sesson s neglgble. It must be computatonally nfeasble for DS to know or guess correctly the contents of the encrypted documents and trapdoors even f a leavng member or another member n a group reveals hs group search keys. 5.. PKIS-I In PKIS-I, group search keys are reversely generated by the one-way hash key chan. Our scheme PKIS-I satsfes wth Group Search Secrecy as follows. Forwardsearchsecrecy:BytheProperty2of Defnton, f the latest released group search key s K j, any partcpant cannot know a later value Kl such that h l j (K l)=kj. Therefore, the probablty that a partcpant p g j can generate vald trapdoors for the next (j + )th sesson s neglgble, where p g j+. Backward search accessblty: BytheProperty of Defnton, f the latest released group search key s K j, any partcpant can deduce an earler value K l by applyng the later value K j to one-way hash key chan lke ths; h j l (K j )=Kl. Therefore, the probablty that a partcpant p g j can generate vald trapdoors for (j -l)th sesson s - h(n), where p g j l and 0 <l<j. Group search secrecy: In PKIS-I, GM re-encrypts all documents and ndexes ncludng trapdoors wth hs secret key k c. Although one of group members reveals hs/her group search keys to a datacenter server DS, DS cannot learn anythng because DS does not know GM s secret key k c. Therefore, the probablty that DS can guess correctly the encrypted documents of group g at the jth sesson s neglgble when K j s revealed to DS PKIS-II Group search keys k and dk are unchangeable n PKIS-II and actual group search secrecy depends on group sesson key gk. When a user queres GM wth a keyword, the keyword s encrypted by hs/her group sesson key. If the user s a vald member of a certan group, GM can decrypt the queryng keyword and then can generate a vald trapdoor for the user wth hs/her group search key. In ths respect, t s proper that we regard a group sesson key as a group search key n PKIS-II. Thus, group search secrecy s up to the securty of a group key agreement protocol. Forward search secrecy: If membershp changes occur, a new group sesson key s generated and dstrbuted securely to vald members accordng to a gven protocol, and leavng members cannot get a new group sesson key. Hence, the leavng member cannot generate the vald trapdoor for a new sesson because GM decrypts a trapdoor wth the group s newly updated sesson key. We assume that a gven group key agreement protocol satsfes wth forward secrecy wth the probablty of - h (n). Then, the probablty that a partcpant p g j can generate vald trapdoors n the next (j +) sesson s neglgble (or follows neglgble functon) when the partcpant knows the jth vald group search key K j (= gkj ).

11 Park et al. EURASIP Journal on Wreless Communcatons and Networkng 20, 20:64 Page of 6 Backward search accessblty: For jonng members, a new group sesson key s generated and dstrbuted securely to vald members accordng to a gven protocol, and the new joners can also retreve all of the prevous documents because group search keys k and dk are unchangeable n PKIS-II. If a joner s authentcated as a vald user wth hs/her group sesson key, GM queres DS wth a trapdoor nstead of the user. The trapdoor s encrypted by unchangeable ndex generaton key k. We assume agan that the gven group key agreement protocol satsfes wth backward secrecy wth the probablty of - h (n). Then, the probablty that a partcpant p g j can generate vald trapdoors for (j -l)-th sesson s - h(n) when the partcpant knows vald group search key K j (= gkj ), where p g j l and 0 <l<j. Group search secrecy: Members of a group cannot know ther group search keys k and dk n PKIS- II and only GM knows them. Even f a leavng member or another malcous member reveals hs group sesson key gk to DS, DS cannot know the contents of the documents or trapdoor because they are encrypted wth the group search keys k and dk that group members do not know. Therefore, the probablty that a datacenter server DS can guess correctly the encrypted data of a group g at the jth sesson s neglgble when K j (= gkj ) s revealed to DS. 5.2 Keyword ndex search prvacy Song et al. [5] frstly proposed a cryptographc scheme whch queres wth encrypted keyword over encrypted data wthout decryptng anythngbyaserver.they ntroduced four securty requrements under an untrustworthy server. They are provable secrecy (an untrustworthy server cannot learn anythng about the plantext gven only the cphertext), controlled searchng (an untrustworthy server cannot search for a word wthout the user s authorzaton), hdden queres (an user may ask the untrustworthy server to search for a secret word wthout revealng the word to the server), and query solaton (an untrustworthy server learns nothng more than the search result about the plantext). However, Song s scheme s not for an ndex search system so that ndstngushablty of ndexes have been consdered addtonally n other keyword ndex search schemes as well as the Song s requrements. In our scheme, we assume an untrustworthy server as an adversary and our goal s to prevent a server from revealng or msusng users nformaton wthout users consent. We accomplsh our goal by encryptng documents and queryng keywords. Wth relaton to ths goal, we defne our securty requrements usng the term of Prvacy. The prvacy s the ablty to control prvate nformaton, whch ncludes dentty and dentfers, and senstve nformaton [28],.e., self-control for hs/her nformaton. The followng s our defnton about keyword ndex search prvacy Retreval access control User access control. For partcpants p Î g, the probablty that p can search for the documents of gt s neglgble, where, t, t. It means that all of the users encrypt ther documents wth ther secret key and can retreve only ther documents. It s because only a legtmate user who has a vald key can generate vald trapdoors and decrypt the retreved data, where vald trapdoors mean the queryng keywords to GM, generated by vald users. ) PKIS-I: If a user p Î g tres to retreve some documents of a group g t n the second sesson, p should know k t, k2 t and dk t, dk2 t, whch are encrypted wth each group sesson keys and transferred to the group members of g t lke ths: f gk 2 t (k 2 t, dk2 t ), f gk 2(k2 t t, dk2 t ). Refer to Fgure 2. The only users that know the search keys k t and k 2 t can generate vald trapdoors. Then, the users query GM wth the trapdoors. Except for the members of a group g t, nobody knows the values k 2 t, k2 t and dk t, dk2 t because of the securty of PRF f. We assume that f s (t, q, e)-secure PRF and a user p Î g tres to retreve the documents of a group g t n the jth sesson, where, t, t. Then, by Defnton 2, we know AdvA < e j,0<e<. Therefore, we can say that the probablty of retreval s neglgble. In addton, f malcous leavng members from g t reveal ther group search keys to other groups members when a sesson s changed from the second to the thrd, other users can know only k t, k2 t and dk t, dk2 t. Because they cannot know new sesson s keysk 3 t, dk3 t,theycannot generate vald trapdoors for the thrd sesson so that they cannot be authentcated as vald users to GM. Ths problem falls under Forward Search Secrecy. 2) PKIS-II: A user p Î g should know gk j t to retreve the documents of a group g t n the jth sesson. Ths s because vald users generate trapdoors wth ther group sesson key and then query GM wth the trapdoors n PKIS-II. The group sesson keys are dstrbuted to the group members securely accordng to a gven group

12 Park et al. EURASIP Journal on Wreless Communcatons and Networkng 20, 20:64 Page 2 of 6 key agreement protocol. We assume that a gven group key agreement protocol s secure for key dstrbuton wth the probablty of - h(n). Therefore, the probablty that a partcpant p Î g can retreve the documents of g t follows neglgble functon h (n), where, t, t. Server search control. For a datacenter server DS, when DS generates trapdoors wth a random selected keyword and search keys, the probablty that a server succeeds n retrevng s neglgble. It s the smlar concept to controlled searchng of [5] and capablty of [3]. An untrustworthy server cannot search for a word wthout gven searchng ablty from users. In our schemes, the concept s the same meanng as a vald trapdoor. The vald trapdoor generaton requres that a user should know secret key values. Here, vald trapdoors mean the queryng keywords generated by GM to a datacenter server DS. ) PKIS-I: Vald trapdoors are generated by the secret values of each sesson n PKIS-I: an ndex generaton key k and GM s secret key k c.the two values are secret keys for PRF f. ByDefnton 2, f DS generates trapdoors wth a random selected keyword and search keys, the probablty that a server can succeed n retrevng s e 2, neglgble. 2) PKIS-II: Vald trapdoors are generated by an unchangng ndex generaton key k. In PKIS-II, k s the secret key whch any user does not know but only GM knows that. The key s also a secret key for PRF f. Therefore, by Defnton 2, f DS generates trapdoors wth a random selected keyword and search keys, the probablty that a server can succeed n retrevng s e, neglgble Unobservablty Generally, unobservablty means that when a user utlzes a resource or servce, the others cannot know the resource or servce s beng used [29]. If f s a pseudorandom functon, h s one-way hash functon, and all processes are performed accordng to the gven protocol, all attackers(ncludng nsders such as a datacenter server DS) cannot learn anythng about the contents of encrypted documents by queryng wth encrypted keywords. It s because all the search processes by DS are mplemented wthout decryptng anythng. We assume that f s (t, q, e)-secure PRF as we defne earler, h s (t, e h ) one-way hash functon such that any attack algorthm A runnng n tme t has success probablty at most e h, and a gven group key agreement protocol s secure wth the probablty of - h (n). We choose the key materal as descrbed above, and all processes are done accordng to the gven protocol. Then, our scheme PKIS-I can guarantee the securty at least -{e h +(2e 2 + e) +e 2 } through whole processes n that an adversary cannot learn anythng about the contents of encrypted documents except for the results. e PKIS-II can guarantee the securty at least - {h (n)+3e +2e} Unlnkablty ndex ndstngushablty Unlnkablty means that when resources and servces are used by someone, the others cannot lnk these beng correlated or used together. In keyword ndex search system, t can be regarded as ndex ndstngushablty. Snce Goh [8] formulated IND-CKA for ndexes known as semantc securty, most researchers have followed Goh s securty defnton and proof n ths area. Indstngushablty for Indexes guarantees that an adversary cannot deduce data s contents from ts ndex lst. An adversary cannot know even the fact whether two documents have the common keyword or not. Gven two word lsts W 0 and W, we say that the search scheme provdes Index Indstngushablty f a server S cannot dstngush the ndex lst I 0 from I for W 0 and W wth non-neglgble advantage. However, our schemes do not guarantee ths property. In our scheme, the common keywords n dfferent documents for a certan group have the same ndex values. Even f an adversary does not know what the keywords mean, the adversary can know that the keywords have somethng n common. An adversary mght guess that two documents have somethng correlated. Ths s becauseweuseonlydetermnstc symmetrc functons that have the same encrypton value under the same data and the same key. And we dd not use any random factor n our schemes. It makes our schemes more effcent than any other schemes because we can apply the database schema of prmary key and foregn key. The detals are addressed n the next secton. Consequently, our schemes can guarantee Retreval Access Control and Unobservablty but not Unlnkablty. However, n a common real world, users would lke to choose practcal schemes under the approprate control of securty other than the scheme whch s hard to apply a real world due to neffcency from the hgh level of securty. 6 Experments Of Performance In ths secton, we descrbe the experments of our proposed schemes. 6. Settng of experments Our system processes the transactons on an Intel Pentum 4 CPU 2.66 GHz processor wth 52 MB RAM. We use MS SQL Server 2000 as the database system and use WnAPI C Lbrary and MS-SQL DB Lbrary for

13 Park et al. EURASIP Journal on Wreless Communcatons and Networkng 20, 20:64 Page 3 of 6 C. These experments use OpenSSL cryptography modules for cryptographc operatons such as SHA- and AES. Table 3 descrbes the detaled mplementaton parameters. We assume dfferent documents contan common keywords, and we set that a common keyword repeats at least every 435 documents among 0,000 documents. Through our experments, group search and effcency can be dentfed as prmary results of our schemes. Consequently, our experments consst of largely two parts: Sectons 6.2 and 6.3. Secton 6.2 deals wth the analyss of our schemes n group search. Secton 6.3 deals wth comparsons of our scheme PKIS-II wth other schemes n order to show the effcency of our schemes. 6.2 Analyss on PKIS-I and PKIS-II We experment wth respect to the number of documents and the number of sessons. For example, the search process of PKIS-I takes about 7.9 ms ( s) at the frst sesson and PKIS-II takes about 8.8 ms ( s) for 0,000 documents. Refer to Table 4. The man dfference between PKIS-I and PKIS-II s key management. In PKIS-I, group search keys k and dk are reversely generated wth hash key chans by GM, whch are dynamc to sesson-changes. The group search keys for each sesson are encrypted wth a group sesson key and then transferred to group members. Actual encrypton keys for ndexes and documents n database tables are made up of the group search keys and GM s secretkey. Thsmeansthatsecretvaluesaremanagedtogetherby group members and GM. Especally, the more number of sessons have passed, the more trapdoors for one keyword query should be generated n PKIS-I, because group search keys k and dk are updated dynamcally to sesson-changes. Nevertheless, the searchng tme of Table 4 Searchng tme accordng to sesson-changes (tme unt: ms) Scheme PKIS-I PKIS-II No. of sessons documents documents documents documents PKIS-I s only wthn 53 ms (0.053 s) when a sesson s the 000th. In fact, the current sesson may be over 000 n some envronments such as moble envronments, and t would requre more tme and computatonal overheads. However, our applcatons are for organzatons such as companes or muncpal offces, so that our performance can manage these applcatons (group organzatons) suffcent. In PKIS-II, group search keys k and dk are unchangng rrespectvely of sesson-changes. GM keeps a key matchng nformaton for groups, where group search keys k and dk are matched to the dynamc group s sesson keys. When group members query GM wth some data, the data should be encrypted wth the group s sessonkey, whereby a group member can be authentcated as a vald group member. Once a member passes the authentcaton, most processes are mplemented by GM nstead of the member. Recevng some data from a group member or a server, GM decrypts and re-encrypts the receved data, so that GM gets to know all of the contents of documents and trapdoors every query tme. However, only one trapdoor s suffcent for one keyword due to unchangng group search keys ndependently of sessonchanges. The nvarable searchng tme s requred rrespectvely of sesson-changes. If the current number of sesson s hgh, the performance of PKIS-II s more effcent than PKIS-I as descrbed n Table 4. Table 3 Implementaton envronment and parameters Agent Processor Intel Pentum 4 CPU 2.66 GHz RAM 52 MB Language C++ Crypto. Eng. OpenSSL Crypto Lbrary(AES-CBC-28) Database Product MS SQL Server 2000 Interface WnAPI Lbrary MS-SQL DB Lbrary for C Cryptographc PRF AES (28 bts) Parameter Hash functon SHA- (60 bts) The number of keywords 7 Dataset The number of common keywords 435 The number of documents 2500 = 5000 = 7500 = 0000 The number of sessons = 0 = 00 = 000

14 Park et al. EURASIP Journal on Wreless Communcatons and Networkng 20, 20:64 Page 4 of Comparson of our scheme wth other schemes 6.3. The results of mplementaton In order to evaluate our scheme s performance wth objectve valdty, we experment the followng four prevous schemes: () Song et al. s [5]; (2) Golle et al. s [3]; (3) Waters et al. s [9] varaton; and (4) Park et al. s [30]. Song et al. deal wth the symmetrc cryptographc method as a poneerng work n ths area. Golle et al. conduct the most secure scheme, whch satsfes query solaton and ndex ndstngushablty as well. Waters et al. deal wth audt log server; however, we assume that ther server s as a general database server, because ther keyword search technque on the encrypted data has wde applcatons beyond searchable audt logs. We experment only one, symmetrc scheme of ther two symmetrc and asymmetrc schemes, because symmetrc scheme s much faster. Park et al. s schemes also deal wth symmetrc methods. They work on smlarty search, and ther schemes are the encrypted characters by characters. The searchng method s approxmate strng matchng test by hammng dstance,.e., we can expect the schemes would be neffcent. However, Park et al. mantan Golle et al. s securty and mprove Golle et al. s neffcency n spte of the characterwse encrypton method. In ther paper [30], they dd not show the formal securty proof and the expermental proof. Therefore, ths paper compares Golle et al. s and Park et al. s wth our schemes. Although there are many papers as the recent schemes such as [8,20-23], [8,20,2] do not deal wth the Boolean operaton on keyword searches as the tradtonal searchable encrypton schemes, but the ranked search operaton. As we mentoned earler, the comparson wth our method s meanngless, because ther evaluaton method and securty requrements are dfferent. In addton, these schemes of [22,23] are also not approprate to compare wth our schemes, because [22,23] deal wth asymmetrc schemes based on parng-based cryptography. Secton demonstrates the detaled reasons. In order to evaluate the effcency of encrypted search systems more precsely, we also perform experments on the plantext verson (PKISIIP) wthout encrypton. We compared only PKIS-II wth other schemes, because our schemes take the multple user settng of group search. On the other hand, PKIS-II has the smlar search processes to other schemes, because t does not requre the group search key changes such as PKIS-I. Table 5 shows the result of our experments. The performance of our scheme s much better than the exstng schemes. For nstance, the performance of PKIS-II s about 935 tmes faster than Golle s scheme and about 6 tmes faster than Song et al. s scheme for 0,000 documents. Park et al. s schemes, SSS-I and SSS-II are Table 5 Searchng tme comparson wth other schemes (tme unt: ms) Song Golle Waters SSS- I SSS- II PKIS- II PKIS- IIP 2500 documents documents documents documents not fast but ther schemes are faster than Golle s as they clamed. In the search process, PKIS-II needs very slght computatonal overheads, wthn 0 ms (0.0 s). Wth the respect to tme consumpton, a search process s the most mportant factor. The search process of PKIS-II s smlar to general plantext search system because t can drectly access the data wthout verfyng for every row. It needs the addtonal tme only to generate a trapdoor and to decrypt returned documents. The used cryptographc functon n PKIS s also very fast. From the next subsecton, we analyze our results n two respects of the applcablty of DB schema and the nfluence of functons The applcablty of DB schema In most exstng schemes, the ndexes of each document are encrypted wth random factors for ndstngushabltyandtheencryptedndexesarestoredbyarow. Hence, a server should mplement at least one computaton for each document every row to verfy whether ths document contans the queryng keyword or not. Ths makes t dffcult to apply DB schemas nto encrypted database search systems. Accordngly, the computatonal complexty of prevous schemes requres at least O(n) f the number of documents s n. In addton, most prevous schemes store a document s ndexes by a row not n a feld (column). The computaton or scannng wthn one feld s relatvely faster than wthn one row. In contrast, the computaton or scannng for many felds wthn one row s not fast. Our schemes solved these problems by dfferent database structures from other schemes. In Table Index Lst, all of the ndexes for all documents are stored n one feld. Generally, the row sze lmtaton s strct but the feld sze of database s at least 4 TB or more,.e. relatvely unrestrcted. For example, the maxmum number of bytes per row of MS SQL 2000 s only 8 kb and MS SQL 2005 s 2 GB [3]. Hence, settng an ndex column for all ndexes does not have any problem n our schemes, and the encrypted documents and ther dentfers are stored n another table.

15 Park et al. EURASIP Journal on Wreless Communcatons and Networkng 20, 20:64 Page 5 of 6 We acheved database normalzaton wth prmary key and foregn key. Ths s possble because we use dfferent database table structure and determnstc functons. We do not use any random factors. Consequently, these propertes enable a server to drectly access the data that a user wants. Thus, there s no computaton to test whether ths document contans the queryng keyword or not for every row The nfluence of functon The knd of appled functons greatly nfluences on the search tme. There are many schemes dealng wth blnear functon such as [3,22,23,32-37] among the recently proposed keyword search schemes. For example, n the experment of [35], searchng 0,000 ndexes requres approxmately 720 s ( ms). Compared wth symmetrc cryptographc method, the calculaton of one parng takes much more tme. Consequently, blnear functon s not approprate for real-world applcatons. On the other hand, our proposed schemes are based on the only symmetrc cryptographc functon. 7 Concluson In cloud computng envronments, DAS model s the most realstc to manage senstve nformaton wth safety, because a server manager s consdered untrustworthy. Encrypton over database s also one of the most substantal ways n order to accomplsh the goal of the DAS model. Although the encrypton method has some negatve effects such as neffcency and hardness of applyng DB schemas, we should not hnder the performance or general operatons of database because of the encrypton for securty and prvacy. Consderng pror researchers endeavors n the ndvdual settng between a server and a user, ths paper focuses on more realstc applcatons and envronments wth two aspects: the group search and effcency. To do ths, frstly, we conduct a group search rather than a prvate settng. Ths group search does not requre re-encryptng all documents under the key update from sesson-change. Secondly, for more effcent applcaton n a real world, we develop the database table n order to apply the effcent DB schemas (normalzaton usng prmary key and foregn key) to encrypted documents. Also, we defne and analyze the group search secrecy and keyword ndex search prvacy. Moreover, ths paper represents our scheme s effcency through experments. Ths paper realzes effcent performances by developng two novel encrypted database tables. These two encrypted database tables make t possble a server to access data drectly. Pror papers computatonal complexty s at least O(n), whle our schemes computatonal complexty s O() durng a search process. Therefore, our scheme s approxmately 935 tmes faster than Golle s scheme and around 6 tmes faster than Song s scheme for 0,000 documents. As the result of our experments, we mantan the characterstcs of DB applcaton layers, whch supports the nteroperablty of DB applcatons n order to desgn effcent schemes. Ths paper has two contrbutons: () n the cloud datacenter servce envronments, our schemes provde practcal and realstc encrypted DB soluton and (2) dentfyng the mportance of nteroperablty wth DBMS for desgnng effcent schemes. For future works, we need to focus on the more experments of the performance n real moble applcatons. In cloud computng envronments, end-users requre varous types of usages wth moble applcatons such as PDA or moble phone as many as PCs. Therefore, we beleve nteroperablty of a moble applcaton and compatblty between moble and DB applcatons as mportant factors to mprove the effcency of schemes. 9 Endnotes a DB schema s the structure of a database system, descrbed n a formal language supported by the DBMS. In a relatonal database, the schema defnes the tables, the felds n each table, and the relatonshps. b Database normalzaton can be defned as the practce to optmze table structures. Partcularly concentratng on how these data are nterrelated, optmzaton s the result of a nvestgaton from the varous peces of data stored wthn the database. Consderng the analyss of ths data and ts correspondng relatonshps, t s advantageous n two ponts: frst, the analyss wll be the result of substantal mprovement of the speed when the tables are quered; second, t decreases the chance of the database ntegrty compromsed due to tedous mantenance procedures. c In ranked search, term frequency means a count of the number of tmes that term appears n that document [6]. d The perspectve of utlty computng. The cloud computng technologes and servces enables for provders and companes to offer a polcy: pay-forwhat-you-use such as that of electrcty, fuel, and water. Wth these economc strengths, cloud computng has become a leadng computng technology and expanded seamless servces; however, securty studes encounter new challenges and ssues n cloud computng era. Frst of all, the datacenter of cloud storage servces has hgh rsk of nformaton leakage by ntruders or nsders. Especally, t cannot guaranteed that datacenter managers are trustful. Storng confdental nformaton outsde (datacenter) makes the data center rsky n terms of the nfrngement of prvacy and securty. Cloud servces are broadly dvded nto three categores: Infrastructureas-a- Servce (IaaS), Platform-as-a-Servce (PaaS) and Software-as-a-Servce (SaaS) [38]. e The frst part wthn

16 Park et al. EURASIP Journal on Wreless Communcatons and Networkng 20, 20:64 Page 6 of 6 a brace s for key generaton, the second part s for database table, and the thrd part s for trapdoor. Acknowledgements Ths research was supported by the MKE (The Mnstry of Knowledge Economy), Korea, under the ITRC support program supervsed by the NIPA (Natonal IT Industry Promoton Agency) (NIPA-200-C ). Author detals Graduate School of Informaton and Securty, Korea Unversty, 5-Ka, Anamdong, Sungbuk-ku, Seoul 36-70, Korea 2 Department of Informaton Systems, Weatherhead School of Management, Case Western Reserve Unversty, 0900 Eucld Avenue, Cleveland, OH 4406, USA Competng nterests ) The artcle-processng charge for ths manuscrpt was supported by ITRC support program supervsed by the NIPA (Natonal IT Industry Promoton Agency) of Korea. 2) The two encrypted tables to buld database normalzaton s Korean Regstered Patent by Hyun-A Park, Regstered No.( ), June Receved: 5 December 200 Accepted: 7 August 20 Publshed: 7 August 20 References. M Armbrust, A Fox, R Grffth, AD Joseph, RH Katz, A Konwnsk, G Lee, Above the clouds: a Berkeley vew of cloud computng. Techncal Report: EECS (February 0, 2009) 2. R Buyya, Market-orented cloud computng: vson, hype, and realty of delverng computng as the 5th utlty, n 9th IEEE/ACM Internatonal Symposum on Cluster Computng and the Grd, ccgrd, (2009) 3. H Park, J Byun, D Lee, Secure ndex search for groups, n TrustBus 2005, LNCS3592, (2005) 4. P Wang, H Wang, J Peprzyk, Threshold prvacy preservng key word searches, n SOFSEM 2008, LNCS 490, (2008) 5. D Song, D Wagner, A Perrg, Practcal technques for searches on encrypted data, n IEEE Symposum on Securty and Prvacy, (2000) 6. D Boneh, GD Crescenzo, R Ostrovsky, G Persano, Publc-key encrypton wth keyword search, n Eurocrypt04, LNCS 3027, (2004) 7. YC Chang, M Mtzenmacher, Prvacy preservng keyword searches on remote encrypted data. Cryptology (eprnt Archve) (2004) 8. E Goh, Secure ndexes. Cryptology (eprnt Archve) (2004) 9. B Waters, D Balfanz, G Durfee, D Smetters, Buldng an encrypted and searchable audt log, n NDSS04, The Internet Socety, (2004) 0. J Byun, H Rhee, H Park, D Lee, Off-Lne Keyword Guessng Attacks on Recent KeywordSearch Schemes over Encrypted Data, n SDM2006, Lecture Notes n Computer Scence 465, (2006). D Boneh, B Waters, Conjunctve, subset, and range queres on encrypted data, n Proceedngs of TCC 07 (2007) 2. H Hacgumus, B Iyer, S Mehrotra, Effcent executon of aggregaton queres over encrypted relatonal databases, n DASFAA 2004, LNCS 2793, (2004) 3. P Golle, J Staddon, B Waters, Secure conjunctve keyword search over encrypted data, n ACNS04, LNCS 3089, 3 45 (2004) 4. Y Hwang, P Lee, Publc key encrypton wth conjunctve keyword search and ts extenson to a mult-user system, n Parng 2007, LNCS 4575, 2 22 (2007) 5. P Wang, H Wang, J Peprzyk, Keyword feld-free conjunctve keyword searches on encrypted data and extenson for dynamc groups, n CANS 2008, LNCS (2008) 6. S Zerr, E Demdova, D Olmedlla, W Nejdl, M Wnslett, S Mtra, Zerber: r- confdental ndexng for dstrbuted documents, n EDBT 08: Proceedngs of the th nternatonal conference on Extendng database technology, (2008) 7. S Zerr, D Olmedlla, W Nejdl, W Sbersk, Zerber+R: top-k retreval from a confdental ndex, n EDBT 09: Proc. of the 2th Internatonal Conference on Extendng Database Technology: Advances n Database Technology, (2009) 8. H Pang, X Dng, X Xao, Embellshng text search queres to protect user prvacy, PVLDB 3(), (200) 9. A Swamnathan, Y Mao, G-M Su, H Gou, A Varna, S He, M Wu, D Oard, Confdentalty-preservng rank-ordered search, n Storage SS 07, n Proc. of the 2007 ACM workshop on Storage securty and survvablty, 7 2 (2007) 20. C Wang, N Cao, J L, K Ren, W Lou, Secure ranked keyword search over encrypted cloud data, n ICDCS 0, n Proc. of the 200 IEEE 30th Internatonal Conference on Dstrbuted Computng Systems, (200) 2. N Cao, C Wang, M L, K Ren, W Lou, Prvacy-preservng multkeyword ranked search over encrypted cloud data, n IEEE INFOCOM (20) 22. M L, S Yu, N Cao, W Lou, Authorzed prvate keyword search over encrypted data n cloud computng, n Proc of IEEE ICDCS (20) 23. S Yu, C Wang, K Ren, W Lou, Achevng secure, scalable, and fne-graned data access control n cloud computng, n IEEE INFOCOM 0 (200) 24. Y Hu, A Perrg, DB Johnson, Effcent securty mechansms for routng protocols, n Network and Dstrbuted System Securty Symposum, NDSS 03, (February 2003) 25. M Burrnester, Y Desmedt, A secure and effcent conference key dstrbuton system, The Advances n Cryptology EUROCRYPT (994) 26. Y Km, A Perrg, G Tsudk, Tree-based group key agreement. ACM Trans Inf Syst Secur. 7(), (2004). do:0.45/ L Lao, M Manuls, Tree-based group key agreement framework for moble ad-hoc networks. Fut Gener Comput Syst. 23(6), (2007). do:0.06/j.future M Burmester, Y Desmedt, RN Wrght, A Yasnsac, Accountable Prvacy. Securty Protocols 2004, LNCS 3957, (2006) 29. Ontaro, Offce of the Informaton and Prvacy Commssoner (IPC) and Netherlands Regstratekamer. Prvacy-Enhancng Technologes: The Path to Anonymty, Informaton and Prvacy Commssoner and Regstratekamer Papers-Summary/Default.aspx?d=329&prnt= (995) 30. H Park, B Km, D Lee, Y Chung, J Zhan, Secure smlarty search, Grc 2007, (IEEE ComputerSocety Press, 2007), pp and-2005.aspx 32. M Abdalla, M Bellare, D Catalano, E Kltz, T Kohno, T Lange, J Malone-Lee, G Neven, P Paller, H Ash, Searchable encrypton revsted: consstency propertes, relaton to anonymous IBE, and extensons. Crypto05, LNCS (2005) 33. S Bellovn, W Cheswck, Prvacy-enhanced searches usng encrypted bloom flters. Cryptology eprnt Archve, R eport2004/022 (February 2004) 34. L Ballard, M Green, B de Mederos, F Monrose, Correlaton-resstant storage va keyword-searchable encrypton, n SPAR Techncal Report. TR-SP-BGMM L Ballad, S Kamara, F Monrose, Achevng effcent conjunctve keyword searches over encrypted data. n ICICS 2005, LNCS3783, (2005) 36. W Ogata, K Kurosawa, Oblvous keyword search. J Complexty. 20, (2004). do:0.06/j.jco H Park, J Hong, J Park, J Zhan, D Lee, Combned authentcaton based mult-level access control n moble applcaton for DalyLfeServce. IEEE Trans Moble Comput. 9(6), (200) 38. H Park, J Park, J Cho, D Lee, Toward an ntegrated system between cloud computng and smartcard applcaton, n ICCIT 200 (IEEE Computer Socety Press, 200), pp do:0.86/ Cte ths artcle as: Park et al.: PKIS: practcal keyword ndex search on cloud datacenter. EURASIP Journal on Wreless Communcatons and Networkng 20 20:64.

A Secure Password-Authenticated Key Agreement Using Smart Cards

A Secure Password-Authenticated Key Agreement Using Smart Cards A Secure Password-Authentcated Key Agreement Usng Smart Cards Ka Chan 1, Wen-Chung Kuo 2 and Jn-Chou Cheng 3 1 Department of Computer and Informaton Scence, R.O.C. Mltary Academy, Kaohsung 83059, Tawan,

More information

Proactive Secret Sharing Or: How to Cope With Perpetual Leakage

Proactive Secret Sharing Or: How to Cope With Perpetual Leakage Proactve Secret Sharng Or: How to Cope Wth Perpetual Leakage Paper by Amr Herzberg Stanslaw Jareck Hugo Krawczyk Mot Yung Presentaton by Davd Zage What s Secret Sharng Basc Idea ((2, 2)-threshold scheme):

More information

RUHR-UNIVERSITÄT BOCHUM

RUHR-UNIVERSITÄT BOCHUM RUHR-UNIVERSITÄT BOCHUM Horst Görtz Insttute for IT Securty Techncal Report TR-HGI-2006-002 Survey on Securty Requrements and Models for Group Key Exchange Mark Manuls Char for Network and Data Securty

More information

What is Candidate Sampling

What is Candidate Sampling What s Canddate Samplng Say we have a multclass or mult label problem where each tranng example ( x, T ) conssts of a context x a small (mult)set of target classes T out of a large unverse L of possble

More information

Compact CCA2-secure Hierarchical Identity-Based Broadcast Encryption for Fuzzy-entity Data Sharing

Compact CCA2-secure Hierarchical Identity-Based Broadcast Encryption for Fuzzy-entity Data Sharing Compact CCA2-secure Herarchcal Identty-Based Broadcast Encrypton for Fuzzy-entty Data Sharng Weran Lu 1, Janwe Lu 1, Qanhong Wu 1, Bo Qn 2, Davd Naccache 3, and Houda Ferrad 4 1 School of Electronc and

More information

AN EFFICIENT GROUP AUTHENTICATION FOR GROUP COMMUNICATIONS

AN EFFICIENT GROUP AUTHENTICATION FOR GROUP COMMUNICATIONS Internatonal Journal of Network Securty & Its Applcatons (IJNSA), Vol.5, No.3, May 2013 AN EFFICIENT GROUP AUTHENTICATION FOR GROUP COMMUNICATIONS Len Harn 1 and Changlu Ln 2 1 Department of Computer Scence

More information

Fuzzy Keyword Search over Encrypted Data in Cloud Computing

Fuzzy Keyword Search over Encrypted Data in Cloud Computing Fuzzy Keyword Search over Encrypted Data n Cloud Computng Jn L,QanWang, Cong Wang,NngCao,KuRen, and Wenjng Lou Department of ECE, Illnos Insttute of Technology Department of ECE, Worcester Polytechnc Insttute

More information

A role based access in a hierarchical sensor network architecture to provide multilevel security

A role based access in a hierarchical sensor network architecture to provide multilevel security 1 A role based access n a herarchcal sensor network archtecture to provde multlevel securty Bswajt Panja a Sanjay Kumar Madra b and Bharat Bhargava c a Department of Computer Scenc Morehead State Unversty

More information

The Development of Web Log Mining Based on Improve-K-Means Clustering Analysis

The Development of Web Log Mining Based on Improve-K-Means Clustering Analysis The Development of Web Log Mnng Based on Improve-K-Means Clusterng Analyss TngZhong Wang * College of Informaton Technology, Luoyang Normal Unversty, Luoyang, 471022, Chna wangtngzhong2@sna.cn Abstract.

More information

Canon NTSC Help Desk Documentation

Canon NTSC Help Desk Documentation Canon NTSC Help Desk Documentaton READ THIS BEFORE PROCEEDING Before revewng ths documentaton, Canon Busness Solutons, Inc. ( CBS ) hereby refers you, the customer or customer s representatve or agent

More information

An Interest-Oriented Network Evolution Mechanism for Online Communities

An Interest-Oriented Network Evolution Mechanism for Online Communities An Interest-Orented Network Evoluton Mechansm for Onlne Communtes Cahong Sun and Xaopng Yang School of Informaton, Renmn Unversty of Chna, Bejng 100872, P.R. Chna {chsun,yang}@ruc.edu.cn Abstract. Onlne

More information

Supporting Recovery, Privacy and Security in RFID Systems Using a Robust Authentication Protocol

Supporting Recovery, Privacy and Security in RFID Systems Using a Robust Authentication Protocol Supportng Recovery Prvacy and Securty n RFID Systems Usng a Robust Authentcaton Protocol Md. Endadul Hoque MSCS Dept. Marquette Unversty Mlwaukee Wsconsn USA. mhoque@mscs.mu.edu Farzana Rahman MSCS Dept.

More information

8 Algorithm for Binary Searching in Trees

8 Algorithm for Binary Searching in Trees 8 Algorthm for Bnary Searchng n Trees In ths secton we present our algorthm for bnary searchng n trees. A crucal observaton employed by the algorthm s that ths problem can be effcently solved when the

More information

Luby s Alg. for Maximal Independent Sets using Pairwise Independence

Luby s Alg. for Maximal Independent Sets using Pairwise Independence Lecture Notes for Randomzed Algorthms Luby s Alg. for Maxmal Independent Sets usng Parwse Independence Last Updated by Erc Vgoda on February, 006 8. Maxmal Independent Sets For a graph G = (V, E), an ndependent

More information

Provably Secure Single Sign-on Scheme in Distributed Systems and Networks

Provably Secure Single Sign-on Scheme in Distributed Systems and Networks 0 IEEE th Internatonal Conference on Trust, Securty and Prvacy n Computng and Communcatons Provably Secure Sngle Sgn-on Scheme n Dstrbuted Systems and Networks Jangshan Yu, Guln Wang, and Y Mu Center for

More information

Tracker: Security and Privacy for RFID-based Supply Chains

Tracker: Security and Privacy for RFID-based Supply Chains Tracker: Securty and Prvacy for RFID-based Supply Chans Erk-Olver Blass Kaoutar Elkhyaou Refk Molva EURECOM Sopha Antpols, France {blass elkhyao molva}@eurecom.fr Abstract The counterfetng of pharmaceutcs

More information

benefit is 2, paid if the policyholder dies within the year, and probability of death within the year is ).

benefit is 2, paid if the policyholder dies within the year, and probability of death within the year is ). REVIEW OF RISK MANAGEMENT CONCEPTS LOSS DISTRIBUTIONS AND INSURANCE Loss and nsurance: When someone s subject to the rsk of ncurrng a fnancal loss, the loss s generally modeled usng a random varable or

More information

Ensuring Data Storage Security in Cloud Computing

Ensuring Data Storage Security in Cloud Computing 1 Ensurng Data Storage Securty n Cloud Computng Cong Wang,Qan Wang, Ku Ren, and Wenjng Lou Dept of ECE, Illnos Insttute of Technology, Emal: {cwang, qwang, kren}@ecetedu Dept of ECE, Worcester Polytechnc

More information

Riposte: An Anonymous Messaging System Handling Millions of Users

Riposte: An Anonymous Messaging System Handling Millions of Users Rposte: An Anonymous Messagng System Handlng Mllons of Users Henry Corrgan-Gbbs, Dan Boneh, and Davd Mazères Stanford Unversty Abstract Ths paper presents Rposte, a new system for anonymous broadcast messagng.

More information

RequIn, a tool for fast web traffic inference

RequIn, a tool for fast web traffic inference RequIn, a tool for fast web traffc nference Olver aul, Jean Etenne Kba GET/INT, LOR Department 9 rue Charles Fourer 90 Evry, France Olver.aul@nt-evry.fr, Jean-Etenne.Kba@nt-evry.fr Abstract As networked

More information

DP5: A Private Presence Service

DP5: A Private Presence Service DP5: A Prvate Presence Servce Nkta Borsov Unversty of Illnos at Urbana-Champagn, Unted States nkta@llnos.edu George Danezs Unversty College London, Unted Kngdom g.danezs@ucl.ac.uk Ian Goldberg Unversty

More information

1. Fundamentals of probability theory 2. Emergence of communication traffic 3. Stochastic & Markovian Processes (SP & MP)

1. Fundamentals of probability theory 2. Emergence of communication traffic 3. Stochastic & Markovian Processes (SP & MP) 6.3 / -- Communcaton Networks II (Görg) SS20 -- www.comnets.un-bremen.de Communcaton Networks II Contents. Fundamentals of probablty theory 2. Emergence of communcaton traffc 3. Stochastc & Markovan Processes

More information

Secure Cloud Storage Service with An Efficient DOKS Protocol

Secure Cloud Storage Service with An Efficient DOKS Protocol Secure Cloud Storage Servce wth An Effcent DOKS Protocol ZhengTao Jang Councaton Unversty of Chna z.t.ang@163.co Abstract Storage servces based on publc clouds provde custoers wth elastc storage and on-deand

More information

Efficient Dynamic Integrity Verification for Big Data Supporting Users Revocability

Efficient Dynamic Integrity Verification for Big Data Supporting Users Revocability nformaton Artcle Effcent Dynamc Integrty Verfcaton for Bg Data Supportng Users Revocablty Xnpeng Zhang 1,2, *, Chunxang Xu 1, Xaojun Zhang 1, Tazong Gu 2, Zh Geng 2 and Guopng Lu 2 1 School of Computer

More information

Module 2 LOSSLESS IMAGE COMPRESSION SYSTEMS. Version 2 ECE IIT, Kharagpur

Module 2 LOSSLESS IMAGE COMPRESSION SYSTEMS. Version 2 ECE IIT, Kharagpur Module LOSSLESS IMAGE COMPRESSION SYSTEMS Lesson 3 Lossless Compresson: Huffman Codng Instructonal Objectves At the end of ths lesson, the students should be able to:. Defne and measure source entropy..

More information

1.1 The University may award Higher Doctorate degrees as specified from time-to-time in UPR AS11 1.

1.1 The University may award Higher Doctorate degrees as specified from time-to-time in UPR AS11 1. HIGHER DOCTORATE DEGREES SUMMARY OF PRINCIPAL CHANGES General changes None Secton 3.2 Refer to text (Amendments to verson 03.0, UPR AS02 are shown n talcs.) 1 INTRODUCTION 1.1 The Unversty may award Hgher

More information

A Novel Multi-factor Authenticated Key Exchange Scheme With Privacy Preserving

A Novel Multi-factor Authenticated Key Exchange Scheme With Privacy Preserving A Novel Mult-factor Authentcated Key Exchange Scheme Wth Prvacy Preservng Dexn Yang Guangzhou Cty Polytechnc Guangzhou, Chna, 510405 yangdexn@21cn.com Bo Yang South Chna Agrcultural Unversty Guangzhou,

More information

An Alternative Way to Measure Private Equity Performance

An Alternative Way to Measure Private Equity Performance An Alternatve Way to Measure Prvate Equty Performance Peter Todd Parlux Investment Technology LLC Summary Internal Rate of Return (IRR) s probably the most common way to measure the performance of prvate

More information

Communication Networks II Contents

Communication Networks II Contents 8 / 1 -- Communcaton Networs II (Görg) -- www.comnets.un-bremen.de Communcaton Networs II Contents 1 Fundamentals of probablty theory 2 Traffc n communcaton networs 3 Stochastc & Marovan Processes (SP

More information

Data Broadcast on a Multi-System Heterogeneous Overlayed Wireless Network *

Data Broadcast on a Multi-System Heterogeneous Overlayed Wireless Network * JOURNAL OF INFORMATION SCIENCE AND ENGINEERING 24, 819-840 (2008) Data Broadcast on a Mult-System Heterogeneous Overlayed Wreless Network * Department of Computer Scence Natonal Chao Tung Unversty Hsnchu,

More information

Yixin Jiang and Chuang Lin. Minghui Shi and Xuemin Sherman Shen*

Yixin Jiang and Chuang Lin. Minghui Shi and Xuemin Sherman Shen* 198 Int J Securty Networks Vol 1 Nos 3/4 2006 A self-encrypton authentcaton protocol for teleconference servces Yxn Jang huang Ln Departent of oputer Scence Technology Tsnghua Unversty Beng hna E-al: yxang@csnet1cstsnghuaeducn

More information

SEVERAL trends are opening up the era of Cloud

SEVERAL trends are opening up the era of Cloud IEEE Transactons on Cloud Computng Date of Publcaton: Aprl-June 2012 Volume: 5, Issue: 2 1 Towards Secure and Dependable Storage Servces n Cloud Computng Cong Wang, Student Member, IEEE, Qan Wang, Student

More information

PAS: A Packet Accounting System to Limit the Effects of DoS & DDoS. Debish Fesehaye & Klara Naherstedt University of Illinois-Urbana Champaign

PAS: A Packet Accounting System to Limit the Effects of DoS & DDoS. Debish Fesehaye & Klara Naherstedt University of Illinois-Urbana Champaign PAS: A Packet Accountng System to Lmt the Effects of DoS & DDoS Debsh Fesehaye & Klara Naherstedt Unversty of Illnos-Urbana Champagn DoS and DDoS DDoS attacks are ncreasng threats to our dgtal world. Exstng

More information

SEVERAL trends are opening up the era of Cloud

SEVERAL trends are opening up the era of Cloud 1 Towards Secure and Dependable Storage Servces n Cloud Computng Cong Wang, Student Member, IEEE, Qan Wang, Student Member, IEEE, Ku Ren, Member, IEEE, Nng Cao, Student Member, IEEE, and Wenjng Lou, Senor

More information

Fully Homomorphic Encryption Scheme with Symmetric Keys

Fully Homomorphic Encryption Scheme with Symmetric Keys Fully Homomorphc Encrypton Scheme wth Symmetrc Keys A Dssertaton submtted n partal fulfllment for the award of the Degree of Master of Technology n Department of Computer Scence & Engneerng (wth specalzaton

More information

Scalable and Secure Architecture for Digital Content Distribution

Scalable and Secure Architecture for Digital Content Distribution Valer Bocan Scalable and Secure Archtecture for Dgtal Content Dstrbuton Mha Fagadar-Cosma Department of Computer Scence and Engneerng Informaton Technology Department Poltehnca Unversty of Tmsoara Alcatel

More information

Ensuring Data Storage Security in Cloud Computing

Ensuring Data Storage Security in Cloud Computing Ensurng Data Storage Securty n Cloud Computng Cong Wang, Qan Wang, and Ku Ren Department of ECE Illnos Insttute of Technology Emal: {cwang, qwang, kren}@ece.t.edu Wenjng Lou Department of ECE Worcester

More information

Enterprise Master Patient Index

Enterprise Master Patient Index Enterprse Master Patent Index Healthcare data are captured n many dfferent settngs such as hosptals, clncs, labs, and physcan offces. Accordng to a report by the CDC, patents n the Unted States made an

More information

Identity-Based Encryption Gone Wild

Identity-Based Encryption Gone Wild An extended abstract of ths paper appeared n Mchele Bugles, Bart Preneel, Vladmro Sassone, and Ingo Wegener, edtors, 33rd Internatonal Colloquum on Automata, Languages and Programmng ICALP 2006, volume

More information

From Selective to Full Security: Semi-Generic Transformations in the Standard Model

From Selective to Full Security: Semi-Generic Transformations in the Standard Model An extended abstract of ths work appears n the proceedngs of PKC 2012 From Selectve to Full Securty: Sem-Generc Transformatons n the Standard Model Mchel Abdalla 1 Daro Fore 2 Vadm Lyubashevsky 1 1 Département

More information

An RFID Distance Bounding Protocol

An RFID Distance Bounding Protocol An RFID Dstance Boundng Protocol Gerhard P. Hancke and Markus G. Kuhn May 22, 2006 An RFID Dstance Boundng Protocol p. 1 Dstance boundng Verfer d Prover Places an upper bound on physcal dstance Does not

More information

Secure Network Coding Over the Integers

Secure Network Coding Over the Integers Secure Network Codng Over the Integers Rosaro Gennaro Jonathan Katz Hugo Krawczyk Tal Rabn Abstract Network codng has receved sgnfcant attenton n the networkng communty for ts potental to ncrease throughput

More information

A new anonymity-based protocol preserving privacy based cloud environment

A new anonymity-based protocol preserving privacy based cloud environment Abstract A new anonymty-based protocol preservng prvacy based cloud envronment Jan Wang 1*, Le Wang 2 1 College of Computer and Informaton Engneerng, Henan Unversty of Economcs and Law, Chna 2 SIAS Internatonal

More information

A Performance Analysis of View Maintenance Techniques for Data Warehouses

A Performance Analysis of View Maintenance Techniques for Data Warehouses A Performance Analyss of Vew Mantenance Technques for Data Warehouses Xng Wang Dell Computer Corporaton Round Roc, Texas Le Gruenwald The nversty of Olahoma School of Computer Scence orman, OK 739 Guangtao

More information

An Optimally Robust Hybrid Mix Network (Extended Abstract)

An Optimally Robust Hybrid Mix Network (Extended Abstract) An Optmally Robust Hybrd Mx Network (Extended Abstract) Markus Jakobsson and Ar Juels RSA Laboratores Bedford, MA, USA {mjakobsson,ajuels}@rsasecurty.com Abstract We present a mx network that acheves effcent

More information

A Cryptographic Key Assignment Scheme for Access Control in Poset Ordered Hierarchies with Enhanced Security

A Cryptographic Key Assignment Scheme for Access Control in Poset Ordered Hierarchies with Enhanced Security Internatonal Journal of Network Securty, Vol.7, No., PP.3 34, Sept. 8 3 A ryptographc Key Assgnment Scheme for Access ontrol n Poset Ordered Herarches wth Enhanced Securty Debass Gr and P. D. Srvastava

More information

Secure and Efficient Proof of Storage with Deduplication

Secure and Efficient Proof of Storage with Deduplication Secure and Effcent Proof of Storage wth Deduplcaton Qng Zheng Department of Computer Scence Unversty of Texas at San Antono qzheng@cs.utsa.edu Shouhua Xu Department of Computer Scence Unversty of Texas

More information

Stochastic Protocol Modeling for Anomaly Based Network Intrusion Detection

Stochastic Protocol Modeling for Anomaly Based Network Intrusion Detection Stochastc Protocol Modelng for Anomaly Based Network Intruson Detecton Juan M. Estevez-Tapador, Pedro Garca-Teodoro, and Jesus E. Daz-Verdejo Department of Electroncs and Computer Technology Unversty of

More information

A SECURE BILLING SERVICE WITH TWO-FACTOR USER AUTHENTICATION IN WIRELESS SENSOR NETWORKS. Received March 2010; revised July 2010

A SECURE BILLING SERVICE WITH TWO-FACTOR USER AUTHENTICATION IN WIRELESS SENSOR NETWORKS. Received March 2010; revised July 2010 Internatonal Journal of Innovatve Computng, Informaton and Control ICIC Internatonal c 2011 ISSN 1349-4198 Volume 7, Number 8, August 2011 pp. 4821 4831 A SECURE BILLING SERVICE WITH TWO-FACTOR USER AUTHENTICATION

More information

Practical and Secure Solutions for Integer Comparison

Practical and Secure Solutions for Integer Comparison In Publc Key Cryptography PKC 07, Vol. 4450 of Lecture Notes n Computer Scence, Sprnger-Verlag, 2007. pp. 330-342. Practcal and Secure Solutons for Integer Comparson Juan Garay 1, erry Schoenmakers 2,

More information

IT09 - Identity Management Policy

IT09 - Identity Management Policy IT09 - Identty Management Polcy Introducton 1 The Unersty needs to manage dentty accounts for all users of the Unersty s electronc systems and ensure that users hae an approprate leel of access to these

More information

v a 1 b 1 i, a 2 b 2 i,..., a n b n i.

v a 1 b 1 i, a 2 b 2 i,..., a n b n i. SECTION 8.4 COMPLEX VECTOR SPACES AND INNER PRODUCTS 455 8.4 COMPLEX VECTOR SPACES AND INNER PRODUCTS All the vector spaces we have studed thus far n the text are real vector spaces snce the scalars are

More information

RESEARCH ON DUAL-SHAKER SINE VIBRATION CONTROL. Yaoqi FENG 1, Hanping QIU 1. China Academy of Space Technology (CAST) yaoqi.feng@yahoo.

RESEARCH ON DUAL-SHAKER SINE VIBRATION CONTROL. Yaoqi FENG 1, Hanping QIU 1. China Academy of Space Technology (CAST) yaoqi.feng@yahoo. ICSV4 Carns Australa 9- July, 007 RESEARCH ON DUAL-SHAKER SINE VIBRATION CONTROL Yaoq FENG, Hanpng QIU Dynamc Test Laboratory, BISEE Chna Academy of Space Technology (CAST) yaoq.feng@yahoo.com Abstract

More information

Research of concurrency control protocol based on the main memory database

Research of concurrency control protocol based on the main memory database Research of concurrency control protocol based on the man memory database Abstract Yonghua Zhang * Shjazhuang Unversty of economcs, Shjazhuang, Shjazhuang, Chna Receved 1 October 2014, www.cmnt.lv The

More information

A Replication-Based and Fault Tolerant Allocation Algorithm for Cloud Computing

A Replication-Based and Fault Tolerant Allocation Algorithm for Cloud Computing A Replcaton-Based and Fault Tolerant Allocaton Algorthm for Cloud Computng Tork Altameem Dept of Computer Scence, RCC, Kng Saud Unversty, PO Box: 28095 11437 Ryadh-Saud Araba Abstract The very large nfrastructure

More information

Capacity-building and training

Capacity-building and training 92 Toolkt to Combat Traffckng n Persons Tool 2.14 Capacty-buldng and tranng Overvew Ths tool provdes references to tranng programmes and materals. For more tranng materals, refer also to Tool 9.18. Capacty-buldng

More information

Calculation of Sampling Weights

Calculation of Sampling Weights Perre Foy Statstcs Canada 4 Calculaton of Samplng Weghts 4.1 OVERVIEW The basc sample desgn used n TIMSS Populatons 1 and 2 was a two-stage stratfed cluster desgn. 1 The frst stage conssted of a sample

More information

sscada: securing SCADA infrastructure communications

sscada: securing SCADA infrastructure communications Int. J. Communcaton Networks and Dstrbuted Systems, Vol. 6, No. 1, 2011 59 sscada: securng SCADA nfrastructure communcatons Yongge Wang Department of SIS, UNC Charlotte, 9201 Unversty Cty Blvd, Charlotte,

More information

Recurrence. 1 Definitions and main statements

Recurrence. 1 Definitions and main statements Recurrence 1 Defntons and man statements Let X n, n = 0, 1, 2,... be a MC wth the state space S = (1, 2,...), transton probabltes p j = P {X n+1 = j X n = }, and the transton matrx P = (p j ),j S def.

More information

A powerful tool designed to enhance innovation and business performance

A powerful tool designed to enhance innovation and business performance A powerful tool desgned to enhance nnovaton and busness performance The LEGO Foundaton has taken over the responsblty for the LEGO SERIOUS PLAY method. Ths change wll help create the platform for the contnued

More information

Trust Formation in a C2C Market: Effect of Reputation Management System

Trust Formation in a C2C Market: Effect of Reputation Management System Trust Formaton n a C2C Market: Effect of Reputaton Management System Htosh Yamamoto Unversty of Electro-Communcatons htosh@s.uec.ac.jp Kazunar Ishda Tokyo Unversty of Agrculture k-shda@noda.ac.jp Toshzum

More information

Calculating the high frequency transmission line parameters of power cables

Calculating the high frequency transmission line parameters of power cables < ' Calculatng the hgh frequency transmsson lne parameters of power cables Authors: Dr. John Dcknson, Laboratory Servces Manager, N 0 RW E B Communcatons Mr. Peter J. Ncholson, Project Assgnment Manager,

More information

Project Networks With Mixed-Time Constraints

Project Networks With Mixed-Time Constraints Project Networs Wth Mxed-Tme Constrants L Caccetta and B Wattananon Western Australan Centre of Excellence n Industral Optmsaton (WACEIO) Curtn Unversty of Technology GPO Box U1987 Perth Western Australa

More information

Robust Design of Public Storage Warehouses. Yeming (Yale) Gong EMLYON Business School

Robust Design of Public Storage Warehouses. Yeming (Yale) Gong EMLYON Business School Robust Desgn of Publc Storage Warehouses Yemng (Yale) Gong EMLYON Busness School Rene de Koster Rotterdam school of management, Erasmus Unversty Abstract We apply robust optmzaton and revenue management

More information

Fault tolerance in cloud technologies presented as a service

Fault tolerance in cloud technologies presented as a service Internatonal Scentfc Conference Computer Scence 2015 Pavel Dzhunev, PhD student Fault tolerance n cloud technologes presented as a servce INTRODUCTION Improvements n technques for vrtualzaton and performance

More information

Forecasting the Direction and Strength of Stock Market Movement

Forecasting the Direction and Strength of Stock Market Movement Forecastng the Drecton and Strength of Stock Market Movement Jngwe Chen Mng Chen Nan Ye cjngwe@stanford.edu mchen5@stanford.edu nanye@stanford.edu Abstract - Stock market s one of the most complcated systems

More information

8.5 UNITARY AND HERMITIAN MATRICES. The conjugate transpose of a complex matrix A, denoted by A*, is given by

8.5 UNITARY AND HERMITIAN MATRICES. The conjugate transpose of a complex matrix A, denoted by A*, is given by 6 CHAPTER 8 COMPLEX VECTOR SPACES 5. Fnd the kernel of the lnear transformaton gven n Exercse 5. In Exercses 55 and 56, fnd the mage of v, for the ndcated composton, where and are gven by the followng

More information

FREQUENCY OF OCCURRENCE OF CERTAIN CHEMICAL CLASSES OF GSR FROM VARIOUS AMMUNITION TYPES

FREQUENCY OF OCCURRENCE OF CERTAIN CHEMICAL CLASSES OF GSR FROM VARIOUS AMMUNITION TYPES FREQUENCY OF OCCURRENCE OF CERTAIN CHEMICAL CLASSES OF GSR FROM VARIOUS AMMUNITION TYPES Zuzanna BRO EK-MUCHA, Grzegorz ZADORA, 2 Insttute of Forensc Research, Cracow, Poland 2 Faculty of Chemstry, Jagellonan

More information

Efficient Project Portfolio as a tool for Enterprise Risk Management

Efficient Project Portfolio as a tool for Enterprise Risk Management Effcent Proect Portfolo as a tool for Enterprse Rsk Management Valentn O. Nkonov Ural State Techncal Unversty Growth Traectory Consultng Company January 5, 27 Effcent Proect Portfolo as a tool for Enterprse

More information

Fast Variants of RSA

Fast Variants of RSA Fast Varants of RSA Dan Boneh dabo@cs.stanford.edu Hovav Shacham hovav@cs.stanford.edu Abstract We survey three varants of RSA desgned to speed up RSA decrypton. These varants are backwards compatble n

More information

Relay Secrecy in Wireless Networks with Eavesdropper

Relay Secrecy in Wireless Networks with Eavesdropper Relay Secrecy n Wreless Networks wth Eavesdropper Parvathnathan Venktasubramanam, Tng He and Lang Tong School of Electrcal and Computer Engneerng Cornell Unversty, Ithaca, NY 14853 Emal : {pv45, th255,

More information

APPLICATION OF PROBE DATA COLLECTED VIA INFRARED BEACONS TO TRAFFIC MANEGEMENT

APPLICATION OF PROBE DATA COLLECTED VIA INFRARED BEACONS TO TRAFFIC MANEGEMENT APPLICATION OF PROBE DATA COLLECTED VIA INFRARED BEACONS TO TRAFFIC MANEGEMENT Toshhko Oda (1), Kochro Iwaoka (2) (1), (2) Infrastructure Systems Busness Unt, Panasonc System Networks Co., Ltd. Saedo-cho

More information

DEFINING %COMPLETE IN MICROSOFT PROJECT

DEFINING %COMPLETE IN MICROSOFT PROJECT CelersSystems DEFINING %COMPLETE IN MICROSOFT PROJECT PREPARED BY James E Aksel, PMP, PMI-SP, MVP For Addtonal Informaton about Earned Value Management Systems and reportng, please contact: CelersSystems,

More information

A Game-Theoretic Approach for Minimizing Security Risks in the Internet-of-Things

A Game-Theoretic Approach for Minimizing Security Risks in the Internet-of-Things A Game-Theoretc Approach for Mnmzng Securty Rsks n the Internet-of-Thngs George Rontds, Emmanoul Panaouss, Aron Laszka, Tasos Daguklas, Pasquale Malacara, and Tansu Alpcan Hellenc Open Unversty, Greece

More information

Multiple-Period Attribution: Residuals and Compounding

Multiple-Period Attribution: Residuals and Compounding Multple-Perod Attrbuton: Resduals and Compoundng Our revewer gave these authors full marks for dealng wth an ssue that performance measurers and vendors often regard as propretary nformaton. In 1994, Dens

More information

A Certified Email Protocol using Key Chains

A Certified Email Protocol using Key Chains A Certfed Emal Protocol usng Key Chans J. Cederqust SQIG-IT and IST, TULsbon, Portugal M. Torab Dasht CWI, Amsterdam, The Netherlands S. Mauw Unversty of Luxembourg, Luxembourg Abstract Ths paper ntroduces

More information

ANALYZING THE RELATIONSHIPS BETWEEN QUALITY, TIME, AND COST IN PROJECT MANAGEMENT DECISION MAKING

ANALYZING THE RELATIONSHIPS BETWEEN QUALITY, TIME, AND COST IN PROJECT MANAGEMENT DECISION MAKING ANALYZING THE RELATIONSHIPS BETWEEN QUALITY, TIME, AND COST IN PROJECT MANAGEMENT DECISION MAKING Matthew J. Lberatore, Department of Management and Operatons, Vllanova Unversty, Vllanova, PA 19085, 610-519-4390,

More information

When do data mining results violate privacy? Individual Privacy: Protect the record

When do data mining results violate privacy? Individual Privacy: Protect the record When do data mnng results volate prvacy? Chrs Clfton March 17, 2004 Ths s jont work wth Jashun Jn and Murat Kantarcıoğlu Indvdual Prvacy: Protect the record Indvdual tem n database must not be dsclosed

More information

Conversion between the vector and raster data structures using Fuzzy Geographical Entities

Conversion between the vector and raster data structures using Fuzzy Geographical Entities Converson between the vector and raster data structures usng Fuzzy Geographcal Enttes Cdála Fonte Department of Mathematcs Faculty of Scences and Technology Unversty of Combra, Apartado 38, 3 454 Combra,

More information

Design and Development of a Security Evaluation Platform Based on International Standards

Design and Development of a Security Evaluation Platform Based on International Standards Internatonal Journal of Informatcs Socety, VOL.5, NO.2 (203) 7-80 7 Desgn and Development of a Securty Evaluaton Platform Based on Internatonal Standards Yuj Takahash and Yoshm Teshgawara Graduate School

More information

Research of Network System Reconfigurable Model Based on the Finite State Automation

Research of Network System Reconfigurable Model Based on the Finite State Automation JOURNAL OF NETWORKS, VOL., NO. 5, MAY 24 237 Research of Network System Reconfgurable Model Based on the Fnte State Automaton Shenghan Zhou and Wenbng Chang School of Relablty and System Engneerng, Behang

More information

Power-of-Two Policies for Single- Warehouse Multi-Retailer Inventory Systems with Order Frequency Discounts

Power-of-Two Policies for Single- Warehouse Multi-Retailer Inventory Systems with Order Frequency Discounts Power-of-wo Polces for Sngle- Warehouse Mult-Retaler Inventory Systems wth Order Frequency Dscounts José A. Ventura Pennsylvana State Unversty (USA) Yale. Herer echnon Israel Insttute of echnology (Israel)

More information

Efficient Bandwidth Management in Broadband Wireless Access Systems Using CAC-based Dynamic Pricing

Efficient Bandwidth Management in Broadband Wireless Access Systems Using CAC-based Dynamic Pricing Effcent Bandwdth Management n Broadband Wreless Access Systems Usng CAC-based Dynamc Prcng Bader Al-Manthar, Ndal Nasser 2, Najah Abu Al 3, Hossam Hassanen Telecommuncatons Research Laboratory School of

More information

Negative Selection and Niching by an Artificial Immune System for Network Intrusion Detection

Negative Selection and Niching by an Artificial Immune System for Network Intrusion Detection Negatve Selecton and Nchng by an Artfcal Immune System for Network Intruson Detecton Jungwon Km and Peter Bentley Department of omputer Scence, Unversty ollege London, Gower Street, London, W1E 6BT, U.K.

More information

A Novel Methodology of Working Capital Management for Large. Public Constructions by Using Fuzzy S-curve Regression

A Novel Methodology of Working Capital Management for Large. Public Constructions by Using Fuzzy S-curve Regression Novel Methodology of Workng Captal Management for Large Publc Constructons by Usng Fuzzy S-curve Regresson Cheng-Wu Chen, Morrs H. L. Wang and Tng-Ya Hseh Department of Cvl Engneerng, Natonal Central Unversty,

More information

The OC Curve of Attribute Acceptance Plans

The OC Curve of Attribute Acceptance Plans The OC Curve of Attrbute Acceptance Plans The Operatng Characterstc (OC) curve descrbes the probablty of acceptng a lot as a functon of the lot s qualty. Fgure 1 shows a typcal OC Curve. 10 8 6 4 1 3 4

More information

ABSTRACT. Categories and Subject Descriptors. General Terms. Keywords

ABSTRACT. Categories and Subject Descriptors. General Terms. Keywords On Desgnng Incentve-Compatble Routng and Forwardng Protocols n Wreless Ad-Hoc Networks An Integrated Approach Usng Game Theoretcal and Cryptographc Technques Sheng Zhong L (Erran) L Yanbn Grace Lu Yang

More information

Data security in Intelligent Transport Systems

Data security in Intelligent Transport Systems Data securty n Intellgent Transport Systems Tomas ZELINKA Czech Techncal Unversty n rague, FTS 110 00 raha 1, Czech Republc Mroslav SVITEK Czech Techncal Unversty n rague, FTS 110 00 raha 1, Czech Republc

More information

THE deployment of IEEE 802.11 wireless networks

THE deployment of IEEE 802.11 wireless networks IEEE TRANSACTIONS ON MOBILE COMPUTING, VOL. X, NO. X, XXX 2008 1 Passve Onlne Detecton of 802.11 Traffc Usng Sequental Hypothess Testng wth TCP ACK-Pars We We, Member, IEEE, Kyoungwon Suh, Member, IEEE,

More information

To manage leave, meeting institutional requirements and treating individual staff members fairly and consistently.

To manage leave, meeting institutional requirements and treating individual staff members fairly and consistently. Corporate Polces & Procedures Human Resources - Document CPP216 Leave Management Frst Produced: Current Verson: Past Revsons: Revew Cycle: Apples From: 09/09/09 26/10/12 09/09/09 3 years Immedately Authorsaton:

More information

Complete Fairness in Secure Two-Party Computation

Complete Fairness in Secure Two-Party Computation Complete Farness n Secure Two-Party Computaton S. Dov Gordon Carmt Hazay Jonathan Katz Yehuda Lndell Abstract In the settng of secure two-party computaton, two mutually dstrustng partes wsh to compute

More information

Minimal Coding Network With Combinatorial Structure For Instantaneous Recovery From Edge Failures

Minimal Coding Network With Combinatorial Structure For Instantaneous Recovery From Edge Failures Mnmal Codng Network Wth Combnatoral Structure For Instantaneous Recovery From Edge Falures Ashly Joseph 1, Mr.M.Sadsh Sendl 2, Dr.S.Karthk 3 1 Fnal Year ME CSE Student Department of Computer Scence Engneerng

More information

Secure encrypted-data aggregation for wireless sensor networks

Secure encrypted-data aggregation for wireless sensor networks In Wreless Networks, 16:4, May 2010, pp. 915-927 Wreless Netw (2010) 16:915 927 DOI 10.1007/s11276-009-0177-y Secure encrypted-data aggregaton for wreless sensor networks Shh-I Huang Æ Shuhpyng Sheh Æ

More information

The Current Employment Statistics (CES) survey,

The Current Employment Statistics (CES) survey, Busness Brths and Deaths Impact of busness brths and deaths n the payroll survey The CES probablty-based sample redesgn accounts for most busness brth employment through the mputaton of busness deaths,

More information

Practical PIR for Electronic Commerce

Practical PIR for Electronic Commerce Practcal PIR for Electronc Commerce Ryan Henry Cherton School of Computer Scence Unversty of Waterloo Waterloo ON Canada N2L 3G1 rhenry@cs.uwaterloo.ca Fem Olumofn Cherton School of Computer Scence Unversty

More information

Traffic-light a stress test for life insurance provisions

Traffic-light a stress test for life insurance provisions MEMORANDUM Date 006-09-7 Authors Bengt von Bahr, Göran Ronge Traffc-lght a stress test for lfe nsurance provsons Fnansnspetonen P.O. Box 6750 SE-113 85 Stocholm [Sveavägen 167] Tel +46 8 787 80 00 Fax

More information

QOS DISTRIBUTION MONITORING FOR PERFORMANCE MANAGEMENT IN MULTIMEDIA NETWORKS

QOS DISTRIBUTION MONITORING FOR PERFORMANCE MANAGEMENT IN MULTIMEDIA NETWORKS QOS DISTRIBUTION MONITORING FOR PERFORMANCE MANAGEMENT IN MULTIMEDIA NETWORKS Yumng Jang, Chen-Khong Tham, Ch-Chung Ko Department Electrcal Engneerng Natonal Unversty Sngapore 119260 Sngapore Emal: {engp7450,

More information

For example, you might want to capture security group membership changes. A quick web search may lead you to the 632 event.

For example, you might want to capture security group membership changes. A quick web search may lead you to the 632 event. Audtng Wndows & Actve Drectory Changes va Wndows Event Logs Ths document takes a lghtweght look at the steps and consderatons nvolved n settng up Wndows and/or Actve Drectory event log audtng. Settng up

More information

Small pots lump sum payment instruction

Small pots lump sum payment instruction For customers Small pots lump sum payment nstructon Please read these notes before completng ths nstructon About ths nstructon Use ths nstructon f you re an ndvdual wth Aegon Retrement Choces Self Invested

More information

One Click.. Ȯne Location.. Ȯne Portal...

One Click.. Ȯne Location.. Ȯne Portal... New Addton to your NJ-HITEC Membershp! Member Portal Detals & Features Insde! One Clck.. Ȯne Locaton.. Ȯne Portal... Connect...Share...Smplfy Health IT Member Portal Benefts Trusted Advsor - NJ-HITEC s

More information