Recent advances in security and privacy in big data



Similar documents
Comments on "public integrity auditing for dynamic data sharing with multi-user modification"

SECURITY ENHANCEMENT OF GROUP SHARING AND PUBLIC AUDITING FOR DATA STORAGE IN CLOUD

IMPLEMENTATION CONCEPT FOR ADVANCED CLIENT REPUDIATION DIVERGE AUDITOR IN PUBLIC CLOUD

Secure Group Oriented Data Access Model with Keyword Search Property in Cloud Computing Environment

Enhancing Data Security in Cloud Storage Auditing With Key Abstraction

Data Privacy in Remote Data Integrity Checking for Secure Cloud Storage

An Efficient Security Based Multi Owner Data Sharing for Un-Trusted Groups Using Broadcast Encryption Techniques in Cloud

Secure Role-Based Access Control on Encrypted Data in Cloud Storage using Raspberry PI

Secure Data Sharing in Cloud Computing using Hybrid cloud

Sharing Of Multi Owner Data in Dynamic Groups Securely In Cloud Environment

Data management using Virtualization in Cloud Computing

Privacy preserving technique to secure cloud

RIGOROUS PUBLIC AUDITING SUPPORT ON SHARED DATA STORED IN THE CLOUD BY PRIVACY-PRESERVING MECHANISM

A Secure Decentralized Access Control Scheme for Data stored in Clouds

Keywords-- Cloud computing, Encryption, Data integrity, Third Party Auditor (TPA), RC5 Algorithm, privacypreserving,

Distributed Attribute Based Encryption for Patient Health Record Security under Clouds

Secure Alternate Viable Technique of Securely Sharing The Personal Health Records in Cloud

Performance Evaluation Panda for Data Storage and Sharing Services in Cloud Computing

KEY-POLICY ATTRIBUTE BASED ENCRYPTION TO SECURE DATA STORED IN CLOUD

EFFECTIVE DATA RECOVERY FOR CONSTRUCTIVE CLOUD PLATFORM

N TH THIRD PARTY AUDITING FOR DATA INTEGRITY IN CLOUD. R.K.Ramesh 1, P.Vinoth Kumar 2 and R.Jegadeesan 3 ABSTRACT

Secure Collaborative Privacy In Cloud Data With Advanced Symmetric Key Block Algorithm

EFFICIENT AND SECURE ATTRIBUTE REVOCATION OF DATA IN MULTI-AUTHORITY CLOUD STORAGE

Implementation of Data Sharing in Cloud Storage Using Data Deduplication

Authentication. Authorization. Access Control. Cloud Security Concerns. Trust. Data Integrity. Unsecure Communication

Expressive, Efficient, and Revocable Data Access Control for Multi-Authority Cloud Storage

A NOVEL APPROACH FOR MULTI-KEYWORD SEARCH WITH ANONYMOUS ID ASSIGNMENT OVER ENCRYPTED CLOUD DATA

Secure and privacy-preserving DRM scheme using homomorphic encryption in cloud computing

Index Terms Cloud Storage Services, data integrity, dependable distributed storage, data dynamics, Cloud Computing.

EFFICIENT AND SECURE DATA PRESERVING IN CLOUD USING ENHANCED SECURITY

PRIVACY PRESERVING OF HEALTH MONITORING SERVICES IN CLOUD

Privacy Preservation and Secure Data Sharing in Cloud Storage

International Journal of Engineering Research ISSN: & Management Technology November-2015 Volume 2, Issue-6

Third Party Auditing For Secure Data Storage in Cloud through Trusted Third Party Auditor Using RC5

How To Ensure Data Integrity In Cloud Computing

Global Soft Solutions JAVA IEEE PROJECT TITLES

Data Security Using Reliable Re-Encryption in Unreliable Cloud

SECURE AND EFFICIENT PRIVACY-PRESERVING PUBLIC AUDITING SCHEME FOR CLOUD STORAGE

CONCEPTUAL MODEL OF MULTI-AGENT BUSINESS COLLABORATION BASED ON CLOUD WORKFLOW

Cloud Data Service for Issues in Scalable Data Integration Using Multi Authority Attribute Based Encryption

A Security Integrated Data Storage Model for Cloud Environment

Attribute Based Encryption with Privacy Preserving In Clouds

Role Based Encryption with Efficient Access Control in Cloud Storage

Improving data integrity on cloud storage services

Scalable and secure sharing of data in cloud computing using attribute based encryption

SECURE RE-ENCRYPTION IN UNRELIABLE CLOUD USINGSYNCHRONOUS CLOCK

G.J. E.D.T.,Vol.3(1):43-47 (January-February, 2014) ISSN: SUODY-Preserving Privacy in Sharing Data with Multi-Vendor for Dynamic Groups

A Survey on Privacy-Preserving Techniques for Secure Cloud Storage

A Network Simulation Experiment of WAN Based on OPNET

NEW CRYPTOGRAPHIC CHALLENGES IN CLOUD COMPUTING ERA

How To Make A Secure Storage On A Mobile Device Secure

Data Integrity for Secure Dynamic Cloud Storage System Using TPA

Cloud Database Storage Model by Using Key-as-a-Service (KaaS)

ADVANCE SECURITY TO CLOUD DATA STORAGE

PRIVACY-PRESERVING PUBLIC AUDITING FOR SECURE CLOUD STORAGE

AN EFFICIENT AUDIT SERVICE OUTSOURCING FOR DATA IN TEGRITY IN CLOUDS

AN ENHANCED ATTRIBUTE BASED ENCRYPTION WITH MULTI PARTIES ACCESS IN CLOUD AREA

Secure Authentication of Distributed Networks by Single Sign-On Mechanism

JAVA IEEE Privacy Policy Inference of User-Uploaded Images on Content Sharing Sites Data Mining

How To Secure Cloud Computing, Public Auditing, Security, And Access Control In A Cloud Storage System

International Journal of Advance Research in Computer Science and Management Studies

Survey on Efficient Information Retrieval for Ranked Query in Cost-Efficient Clouds

Keywords: Authentication, Third party audit, cloud storage, cloud service provider, Access control.

Certificate Based Signature Schemes without Pairings or Random Oracles

An Efficient Secure Multi Owner Data Sharing for Dynamic Groups in Cloud Computing

Secrecy Maintaining Public Inspecting For Secure Cloud Storage

M. Nathiya 2 B.Tech. (IT), M.E. (CSE), Assistant Professor, Shivani Engineering College, Trichy, Tamilnadu, India.

86 Int. J. Engineering Systems Modelling and Simulation, Vol. 6, Nos. 1/2, 2014

A Layered Signcryption Model for Secure Cloud System Communication

IMPROVED SECURITY MEASURES FOR DATA IN KEY EXCHANGES IN CLOUD ENVIRONMENT

DATA SECURITY IN CLOUD USING ADVANCED SECURE DE-DUPLICATION

OVERVIEW OF SECURITY ISSUES IN CLOUD COMPUTING

Highly Secure Data Sharing in Cloud Storage using Key-Pair Cryptosystem

Data Security Strategy Based on Artificial Immune Algorithm for Cloud Computing

Secure Way of Storing Data in Cloud Using Third Party Auditor

Near Sheltered and Loyal storage Space Navigating in Cloud

How To Protect Your Data In A Cloud Environment

Available online at Available online at

Privacy in Electronic Health Care System Using Public and Private Cloud

Decentralized Access Control Secure Cloud Storage using Key Policy Attribute Based Encryption

COMPUSOFT, An international journal of advanced computer technology, 4 (4), April-2015 (Volume-IV, Issue-IV)

A Proxy-Based Data Security Solution in Mobile Cloud

Application Based Access Control on Cloud Networks for Data Security

Public Auditing & Automatic Protocol Blocking with 3-D Password Authentication for Secure Cloud Storage

SECURE CLOUD STORAGE PRIVACY-PRESERVING PUBLIC AUDITING FOR DATA STORAGE SECURITY IN CLOUD

Tufts University. Department of Computer Science. COMP 116 Introduction to Computer Security Fall 2014 Final Project. Guocui Gao

On the security of auditing mechanisms for secure cloud storage

Keywords Cloud Storage, Error Identification, Partitioning, Cloud Storage Integrity Checking, Digital Signature Extraction, Encryption, Decryption

Security over Cloud Data through Encryption Standards

Transcription:

University of Wollongong Research Online Faculty of Engineering and Information Sciences - Papers Faculty of Engineering and Information Sciences 2015 Recent advances in security and privacy in big data Yong Yu University of Electronic Science and Technology of China, yyong@uow.edu.au Yi Mu University of Wollongong, ymu@uow.edu.au Giuseppe Ateniese Sapienza-University of Rome Publication Details Yu, Y., Mu, Y. & Ateniese, G. (2015). Recent advances in security and privacy in big data. Journal of Universal Computer Science, 21 (3), 365-368. Research Online is the open access institutional repository for the University of Wollongong. For further information contact the UOW Library: research-pubs@uow.edu.au

Recent advances in security and privacy in big data Abstract Big data has become an important topic in science, engineering, medicine, healthcare, finance, business and ultimately society itself. Big data refers to the massive amount of digital information stored or transmitted in computer systems. Approximately, 2.5 quintillion bytes of data are created every day. Almost 90% of data in the world today are created in the last two years alone. Security and privacy issues becomes more critical due to large volumes and variety, due to data hosted in large-scale cloud infrastructures, diversity of data sources and formats, streaming nature of data acquisition and high volume inter-cloud migration. In large-scale cloud infrastructures, a diversity of software platforms provides more opportunities to attackers. Traditional security mechanisms, which are usually invented for securing small-scale data, are inadequate. With a rapid growth of big data applications, it has become critical to introduce new security technology to accommodate the need of big data applications. The objective of this special issue is to capture the latest advances in this research field. Keywords privacy, recent, big, advances, data, security Disciplines Engineering Science and Technology Studies Publication Details Yu, Y., Mu, Y. & Ateniese, G. (2015). Recent advances in security and privacy in big data. Journal of Universal Computer Science, 21 (3), 365-368. This journal article is available at Research Online: http://ro.uow.edu.au/eispapers/3813

Journal of Universal Computer Science, vol. 21, no. 3 (2015), 365-368 submitted: 13/2/15, accepted: 26/2/115, appeared: 1/3/15 J.UCS Recent Advances in Security and Privacy in Big Data J.UCS Special Issue Yong Yu (University of Electronic Science and Technology of China, Chengdu, China yyucd2012@gmail.com) Yi Mu (University of Wollongong, Wollongong, Australia ymu@uow.edu.au) Giuseppe Ateniese (Sapienza-University of Rome, Rome, Italy ateniese@di.uniroma1.it) 1 Introduction and Motivation Big data has become an important topic in science, engineering, medicine, healthcare, finance, business and ultimately society itself. Big data refers to the massive amount of digital information stored or transmitted in computer systems. Approximately, 2.5 quintillion bytes of data are created every day. Almost 90% of data in the world today are created in the last two years alone. Security and privacy issues becomes more critical due to large volumes and variety, due to data hosted in large-scale cloud infrastructures, diversity of data sources and formats, streaming nature of data acquisition and high volume inter-cloud migration. In large-scale cloud infrastructures, a diversity of software platforms provides more opportunities to attackers. Traditional security mechanisms, which are usually invented for securing small-scale data, are inadequate. With a rapid growth of big data applications, it has become critical to introduce new security technology to accommodate the need of big data applications. The objective of this special issue is to capture the latest advances in this research field. We solicited papers through two ways: conference and open call-for-papers. The conference is the 10th International Conference on Information Security Practice and Experience (ISPEC 2014). We also publicized an open call-for-papers at J.UCS website as well as in major academic announcement mailing lists/websites. 2 Contributions Specifically, for this special issue 22 submissions were received. Each paper has followed a strict peer-review process: it was reviewed by at least three international experts, and in several cases a second reviewing found for minor or major revisions

366 Yu Y., Mu Y., Ateniese G.: Recent Advances in Security and Privacy... was performed. Finally, after that process, eight quality research papers were selected for this special issue. The articles presented in this special issue deal with a variety of important topics within the security and privacy scope. In the following, we offer a brief description of each paper. 2.1 Polymorphic Malicious JavaScript Code Detection for APT Attack Defense In this paper, authors propose a method that defines the malicious behaviors of malware using conceptual graphs that are able to describe their concepts and the relationships among them and, consequently, infer their malicious behavior patterns. The inferred patterns are then learned by a Support Vector Machine classifier that compares and classifies the behaviors as either normal or malicious. In the experimental results, it exhibits a better detection rate than that of malicious code detection methods that rely solely on the signature-based approach. 2.2 A Resolving Set based Algorithm for Fault Identification in Wireless Mesh Networks In this paper, authors design a novel malfunctioned router detection algorithm, denoted by A-SRS, on searching resolving set based on private neighbor of dominating set. The A-SRS not only offers a highly efficient solution to position malfunctioned routers against intermitted communication that guarantees the availability of network services, but also pursues the minimum number of detecting routers due to limited resource of wireless mesh routers. 2.3 On the Security of a User Equipment Registration Procedure in Femtocell-Enabled Networks In this paper, authors note that the user equipment registration procedure, which is defined in the Third Generation Partnership Project standard, in a femtocell-enabled network is vulnerable to denial-of-service attacks. The authors then propose a mechanism to defend against these attacks. For compatibility, the proposed mechanism makes use of the well-defined control message in the 3GPP standard and modifies the user equipment registration procedure as little as possible. 2.4 Restricted Identification Secure in the Extended Canetti-Krawczyk Model In this paper, authors consider security of an extended version of the ChARI protocol presented at the 11th International Conference on Trust, Security and Privacy in Computing and Communications. Authors preserve the features of ChARI, but provide security proof in the well-studied Canetti-Krawczyk model. The extension has similar computational complexity as the original ChARI protocol in terms of the number of modular exponentiations.

Yu Y., Mu Y., Ateniese G.: Recent Advances in Security and Privacy... 367 2.5 Searchable Public-Key Encryption with Data Sharing in Dynamic Groups for Mobile Cloud Storage In this paper, authors propose a searchable public-key encryption scheme for a group of users in mobile cloud storage. In the proposal, a dynamic asymmetric group key agreement protocol is utilized for data sharing among a body of mobile users and the technique of proxy re-signature is employed to update the searchable ciphertexts when the mobile users in the group varies. 2.6 An Improved Cloud Data Sharing Scheme with Hierarchical Attribute Structure In this paper, authors present a new approach to implement scalable and fine-grained access control systems, which can be applied for big data in untrusted cloud computing environment. The solution is based on symmetric, efficient broadcast encryption and ne-grained attribute-based encryption. In this access control system, users are able to join and revoked with broadcast encryption. An outsourced Hierarchical ABE scheme is proposed to construct the access control system. 2.7 Insecurity of an Efficient Privacy-preserving Public Auditing Scheme for Cloud Data Storage In this paper, authors demonstrate that a new auditing protocol due to Worku et al. fails to achieve soundness and obtains merely limited privacy. Specifically, authors show even deleting all the files of a data owner, a malicious cloud server is able to generate a response to a challenge without being caught by TPA in their enhanced but unrealistic security model. Worse still, the protocol is insecure even in a correct security model. For privacy, a dishonest verifier can tell which file is stored on the cloud. 2.8 Multi-Authority Attribute-Based Encryption Scheme from Lattices In this paper, authors present a multi-authority attribute-based encryption scheme from lattices, in which identities of users are authenticated by a central authority, which improves the efficiency of authentication. Furthermore, different attribute private keys are still distributed by different authorities, and the central authority cannot obtain any secret information of other attribute authorities, which resolves key escrow problem to some extent. 3 Reviewers We would like to express our gratitude to the reviewers involved in this special issue for their valuable comments and detailed feedback. Most of them are program members of ISPEC 2014. Man Ho Au, Hong Kong Polytechnic University, China Joonsang Baek, KUSTAR, UAE

368 Yu Y., Mu Y., Ateniese G.: Recent Advances in Security and Privacy... David Chadwick, University of Kent, UK Songqing Chen, George Mason University, USA Xiaofeng Chen, Xidian University, China Chen-Mou Cheng, National Taiwan University, Taiwan Jongmoo Choi, Dankook University, Korea Sherman S. M. Chow, Chinese University of Hong Kong, China Cheng-Kang Chu, Huawei, Singapore Wei Gao, Ludong University, China Fuchun Guo, University of Wollongong, Australia Junyoung Heo, Dankook University, Korea Qiong Huang, South China Agricultural University, China Xinyi Huang, Fujian Normal University, China Cheonshik Kim, Anyang University, Korea Jiguo Li, Hehai University, China Joseph Liu, Monash University, Australia Der-Chyuan Lou, Chang Gung University, Korea Jianbing Ni, University of Waterloo, Canada Lei Niu, University of Wollongong, Australia Jun Shao, Zhejiang Gongshang University, China Yangguang Tian, University of Wollongong, Australia Raylin Tso, National Chengchi University, Taiwan Xiaofen Wang, University of Wollongong, Australia Chi-Yao Wenig, National Tsing Hua University, Taiwan Qianhong Wu, Beihang University, China Wei Wu, Fujian Normal University, China Guomin Yang, University of Wollongong, Australia Zhenfeng Zhang, Chinese Academy of Science, China Leyou Zhang, Xidian University, China Wentao Zhu, Chinese Academy of Science, China Yong Yu Yi Mu Giuseppe Ateniese January 2015 China, Australia, Italy

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information