Outsourcing storage into the cloud is economically attractive for the cost and complexity of long-term large-scale data storage. At the same time, though, such a service is also eliminating data owners' ultimate control over the fate of their data, which data owners with high service-level requirements have traditionally anticipated. As owners no longer physically possess their cloud data, previous cryptographic primitives for the purpose of storage correctness protection cannot be adopted, due to their requirement of local data copy for the integrity verification. Besides, the large amount of cloud data and owner's constrained computing capabilities further makes the task of data correctness auditing in a cloud environment expensive and even formidable for individual cloud customers. Therefore, enabling public auditability [1,3,16] for cloud storage is of critical importance so that owners can resort to a specialized third party auditor (TPA) to audit cloud storage services and maintain strong storage correctness guarantee, while saving their own precious computing resources.

Considering TPA might learn unauthorized information through the auditing process, especially from owners' unencrypted cloud data, new privacy-preserving storage auditing solutions are further entailed in the cloud [1,10,13] to eliminate such new data privacy vulnerabilities. Moreover, for practical service deployment, secure cloud storage auditing should maintain the same level of data correctness assurance even under the condition that data is dynamically changing [3,4,16,18], and/or multiple auditing request are performed simultaneously for improved efficiency [1,3,10,13]. Techniques we are investigating/developing for these research tasks include proof of storage, random-masking sampling, sequence-enforced Merkle Hash Tree, and their various extensions/novel combinations.

As the data produced by enterprises and individuals that need to be stored and utilized is rapidly increasing, data owners are motivated to outsource their local complex data management systems into the cloud for its great flexibility and economic savings. To protect data privacy and combat unsolicited accesses in cloud and beyond, sensitive data has to be encrypted before outsourcing; this, however, obsoletes the traditional data utilization service based on plaintext keyword search. Thus, enabling an encrypted cloud data search service with privacy-assurance is of paramount importance. Considering the potentially large number of on-demand data users and huge amount of outsourced data files in the cloud, this problem is particularly challenging, as it is extremely difficult to meet also the requirements of performance, system usability and scalability. This research project aims to explore such a privacy-assured and effective cloud data utilization service with high service-level performance and usability, by investigating the two challenging research tasks: fuzzy keyword search and ranked keyword search over encrypted cloud data.

Fuzzy keyword search, opposing to exact keyword match, tolerates minor typos and format inconsistencies in user search request, and greatly enhances system usability and user searching experience. Its challenge lies in the fact that two words similar to each other would no longer be so after one-way cryptographic transformation (for encrypted keyword search). To address the problem, we plan to explore a brand new symbol-based trie-traverse searching approach, in which transformed fuzzy keywords extracted from data files are stored using a multi-way tree structure to support efficient search, while protecting keyword privacy. [5,15]

Ranked keyword search further ensures the file retrieval accuracy and allows the user to find the most/least relevant information efficiently. We explore the statistical measure approach (i.e. relevance score) from information retrieval (IR), and properly hide the scores in an order-preserved manner. The resulting design is expected to facilitate efficient server-side ranking without losing keyword privacy. For practical performance, different system parameters and the corresponding security/efficiency tradeoff are yet to be thoroughly investigated. [2,11]

Another promising research direction we further propose to explore is the secure multi-keywords semantic search, which takes into consideration conjunction of keywords, sequence of keywords, and even the complex natural language semantics to produce highly relevant search results, while maintaining various stringent privacy guarantees.[9]

Various sensitive data pooled in the cloud demands the cloud data sharing service to be responsible for secure, efficient and reliable enforcement of data content access among potentially large number of users on behalf of data owners. As cloud server may no longer be in the same trusted domain as the data owners, we have to rethink the problem of access control in this open environment, where cloud server takes full charge of the management of the outsourced data but are not necessarily trusted with respect to the data confidentiality. What makes the problem more challenging is the enforcement of fine-grained data access, the support of access privilege updates in dynamic scenarios, and the system scalability, while maintaining low level complexity of key management and data encryption. Our goal is to provide tools extending owners' full control over cloud data access and enabling all owners/users to benefit well from current capabilities of the cloud, so as to achieve finer, stronger, and more usable secure cloud data sharing services.

To achieve fine-grainedness, we propose to treat data as files associated with a set of meaningful attributes, use logical composition of attributes to reflect fine-grained data access, and enforce owner's control via attribute-based encryption. For the inherent scalability requirement of cloud system, where user access privilege updates happen very frequently and thus inevitably incurs significant user/data management burden on data owner, we further propose to treat the cloud as a mediated proxy, to which data owners can delegate most cumbersome workload, like handling user access privilege dynamics in large system, without affecting the underlying data confidentiality [12,14]. In addition, we are also exploring other security goals in a practical cloud data sharing system, including user access privilege confidentiality, and user accountability in case of user access key abuse attacks [17]. We believe these efforts will lead us to an integrated final solution to a more practice- oriented data sharing service deployment in Cloud.

A fundamental concern to move computational workloads from private resources to the cloud is the protection of the confidential data that the computation consumes and produces. Thus, secure computation outsourcing services are in great need to not only protect sensitive workload information but validate the integrity of the computation result. This is, however, a very difficult task due to a number of challenges that have to be met simultaneously. Firstly, such a service has to be practically feasible (immediate practicality) in terms of computational complexity. Secondly, it has to provide sound security guarantee without restricted system assumptions. Thirdly, it also has to enable substantial computational savings at the end-user's side as compared to the amount of the efforts that otherwise has to be committed to solve the problem locally. These challenges practically exclude the applicability of the existing techniques developed in the context of secure multi-party computation and fully homomorphic encryption.

Our research studies secure computation outsourcing in cloud computing with the above challenges in mind. We focus on widely applicable engineering computing and optimization problems. Our methodology is to explicitly decompose computations into public programs and private data and leverage the structures of specific computations for achieving desirable trade-offs among security, efficiency, and practicality. We plan to organize these secure outsourcing mechanisms into a hierarchy, where computation can be represented at various abstraction levels, such that the aforementioned trade-offs can be flexibly explored in a systematic manner. Two critical applications to be studied in this project include secure outsourcing systems of linear equations (LE) [6] and secure outsourcing linear programming (LP) [8] in the cloud. These two applications are among the most widely used algorithmic and computational tools in various engineering disciplines that analyze and optimize real-world systems. The study would prepare a solid knowledge base and provide insights for further research on more advanced computation problems, such as secure outsourcing convex programming in cloud.

1. Cong Wang, Sherman S.M. Chow, Qian Wang, Kui Ren, and Wenjing Lou, "Privacy-Preserving Public Auditing for Secure Cloud Storage," IEEE Transactions on Computers (TC), 2011 (A preliminary version of this paper appeared at the 29th IEEE Conference on Computer Communications (INFOCOM'10)).

 

2. Cong Wang, Ning Cao, Kui Ren, and Wenjing Lou, "Enabling Secure and Efficient Ranked Keyword Search over Outsourced Cloud Data," IEEE Transactions on Parallel and Distributed Systems (TPDS), 2011 (A preliminary version of this paper appeared at the 30th International Conference on Distributed Computing Systems (ICDCS'10)).

 

3. Qian Wang, Cong Wang, Kui Ren, Wenjing Lou, and Jin Li, "Enabling Public Verifiability and Data Dynamics for Storage Security in Cloud Computing", To appear, IEEE Transactions on Parallel and Distributed Systems (TPDS), Vol. 22, No. 5, pp. 847-859, May, 2011. (A preliminary version of this paper appeared at the 14th European Symposium on Research in Computer Security (ESORICS'09).)

 

4. Cong Wang, Qian Wang, Kui Ren, and Wenjing Lou, "Towards Secure and Dependable Storage Services in Cloud Computing," To appear, IEEE Transactions on Service Computing (TSC). (A preliminary version of this paper appeared at the 17th IEEE International Workshop on Quality of Service (IWQoS'09)).

    

5. Cong Wang, Kui Ren, Shucheng Yu, and Karthik Mahendra Raje Urs, "Achieving Usable and Privacy-assured Similarity Search over Outsourced Cloud Data", IEEE INFOCOM'12, Orlando, Florida, March 25-30, 2012

 

6. Cong Wang, Kui Ren, Jia Wang, and Karthik Mahendra Raje Urs, "Harnessing the Cloud for Securely Solving Large Systems of Linear Equations," The 31st International Conference on Distributed Computing Systems (ICDCS'11), Minneapolis, MN, June 20-24, 2011. (Note: this online version is the extended full paper of the conference camera-ready one.)

    

7. Ning Cao, Zhenyu Yang, Cong Wang, Kui Ren, and Wenjing Lou, "Privacy-perserving Query over Encrypted Graph-Structured Data in Cloud Computing," The 31st International Conference on Distributed Computing Systems (ICDCS'11), Minneapolis, MN, June 20-24, 2011.

    

8. Cong Wang, Kui Ren, and Jia Wang, "Secure and Practical Outsourcing of Linear Programming in Cloud Computing", The 30th IEEE Conference on Computer Communications (INFOCOM'11), Shanghai, China, April 10-15, 2011. (Note: this online version is the extended full paper of the conference camera-ready one.)

 

9. Ning Cao, Cong Wang, Ming Li, Kui Ren, and Wenjing Lou, "Privacy-Preserving Multi-keyword Ranked Search over Encrypted Cloud Data", The 30th IEEE Conference on Computer Communications (INFOCOM'11), Shanghai, China, April 10-15, 2011.

 

10. Cong Wang, Kui Ren, Wenjing Lou, and Jin Li, "Towards Publicly Auditable Secure Cloud Data Storage Services", IEEE Network Magazine, Vol. 24, No. 4, pp. 19-24, July/August 2010

 

11. Cong Wang, Ning Cao, Jin Li, Kui Ren, and Wenjing Lou, "Secure Ranked Keyword Search over Encrypted Cloud Data", The 30th International Conference on Distributed Computing Systems (ICDCS'10), Genoa, Italy, June, 21-25, 2010.

 

12. Shucheng Yu, Cong Wang, Kui Ren, and Wenjing Lou, "Attribute Based Data Sharing with Attribute Revocation", The 5th ACM Symposium on Information, Computer and Communications Security (ASIACCS'10), Beijing, China, April 13-16, 2010.

 

13. Cong Wang, Qian Wang, Kui Ren, and Wenjing Lou, "Privacy-preserving Public Auditing for Data Storage Security in Cloud Computing", The 29th IEEE Conference on Computer Communications (INFOCOM'10), San Diego, CA, March 15-19, 2010.

 

14. Shucheng Yu, Cong Wang, Kui Ren, and Wenjing Lou, "Achieving Secure, Scalable, and Fine-grained Data Dccess Control in Cloud Computing", The 29th IEEE Conference on Computer Communications (INFOCOM'10), San Diego, CA, March 15-19, 2010.

 

15. Jin Li, Qian Wang, CongWang, Ning Cao, Kui Ren, and Wenjing Lou, "Fuzzy Keyword Search over Encrypted Data in Cloud Computing", The 29th IEEE Conference on Computer Communications (INFOCOM'10), mini-conference, San Diego, CA, March 15-19, 2010.

 

16. Qian Wang, Cong Wang, Jin Li, Kui Ren, and Wenjing Lou, "Enabling Public Verifiability and Data Dynamics for Storage Security in Cloud Computing", The 14th European Symposium on Research in Computer Security (ESORICS'09), Saint Malo, France, September 21-23, 2009.

 

17. Shucheng Yu, Kui Ren, Wenjing Lou, and Jin Li, "Defending Against Key Abuse Attacks in KP-ABE Enabled Broadcast Systems", The 5th International Conference on Security and Privacy in Communication Networks (Securecomm'09), Athens, Greece, Sept. 14-18, 2009.

 

18. Cong Wang, Qian Wang, Kui Ren, and Wenjing Lou, "Ensuring Data Storage Security in Cloud Computing", The 17th IEEE International Workshop on Quality of Service (IWQoS'09), Charleston, South Carolina, July 13-15, 2009.

Disclaimer: The papers here are made available for timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders.