Skip to main content
SpringerLink
Log in

A full lifecycle privacy protection scheme for sensitive data in cloud computing

  • Published:
Peer-to-Peer Networking and Applications Aims and scope Submit manuscript

Abstract

With the rapid development of versatile cloud services, it becomes increasingly susceptible to expose users’ sensitive data into the cloud computing environment. In this paper, we propose a full lifecycle privacy protection scheme for sensitive data (FullPP), which is based on identity-based timed-release encryption (ID-TRE) algorithm and distributed hash table (DHT) network. In the FullPP scheme, we first encrypt the sensitive data into a ciphertext, which is broken up into extracted ciphertext and encapsulated ciphertext by using an extracting algorithm. Then, we leverage the ID-TRE algorithm to encrypt the decryption key and combine the key’s ciphertext with the extracted ciphertext to generate ciphertext shares. Finally, we distribute the ciphertext shares into the DHT network and store the encapsulated ciphertext into cloud servers. To recover the plaintext of the sensitive data, sufficient ciphertext shares, ID-TRE private key and the encapsulated ciphertext should be obtained during the lifecycle of the sensitive data. As a result, FullPP is able to provide full lifecycle privacy protection for users’ sensitive data by making it unreadable before a predefined time and automatically destructed after expiration. Security analysis indicates that the FullPP scheme is able to resist against both traditional attacks on the cloud servers and Sybil attacks on the DHT network. Experiment result shows that the FullPP scheme proposed by us is more effective and efficient than other existing schemes.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3

Similar content being viewed by others

References

  1. Wang G, Yue F, Liu Q (2013) A secure self-destructing scheme for electronic data. J Comput Syst Sci 79(2):279–290

    Article  MathSciNet  Google Scholar 

  2. Xiong J, Yao Z, Ma J, Li F, Liu X (2014) A secure self-destruction scheme with ibe for the internet content privacy. Chin J Comput 37(1):139–150

    Google Scholar 

  3. Gheorghe G, Lo Cigno R, Montresor A (2011) Security and privacy issues in p2p streaming systems: a survey. Peer-to-Peer Netw Appl 4(2):75–91

    Article  Google Scholar 

  4. Chan ACF, Blake IF (2005) Scalable, server-passive, user-anonymous timed release cryptography. In: Proceedings of the international conference on distributed computing systems. IEEE, pp 504–513

  5. Rivest RL, Shamir A, Wagner DA (1996) Time-lock puzzles and timed-release crypto. Technical Report

  6. Chalkias K, Hristu-Varsakelis D, Stephanides G (2007) Improved anonymous timed-release encryption. In: Proceedings of the 12th european symposium on research in computer security. Springer, pp 311–326

  7. Cathalo J, Libert B, Quisquater J-J (2005) Efficient and non-interactive timed-release encryption. In: Proceedings of the information and communications security. Springer, pp 291–303

  8. Dent AW, Tang Q (2007) Revisiting the security model for timed-release encryption with pre-open capability. In: Proceedings of the information security. Springer, pp 158–174

  9. Kikuchi R, Fujioka A, Okamoto Y, Saito T (2012) Strong security notions for timed-release public-key encryption revisited. In: Proceedings of the information security and cryptology. Springer, pp 88–108

  10. Chow SSM, Yiu S-M (2008) Timed-release encryption revisited. In: Proceedings of the provable security. Springer, pp 38–51

  11. Hwang YH, Yum DH, Lee PJ (2005) Timed-release encryption with pre-open capability and its application to certified e-mail system. In: Information security. Springer, pp 344–358

  12. Liang K, Huang Q, Schlegel R, Wong DS, Tang C (2013) A conditional proxy broadcast re-encryption scheme supporting timed-release. In: Information security practice and experience. Springer, pp 132–146

  13. Boneh D, Franklin M (2003) Identity-based encryption from the weil pairing. SIAM J Comput 32(3):586–615

    Article  MathSciNet  MATH  Google Scholar 

  14. Reardon J, Basin D, Capkun S (2013) Sok: secure data deletion. In: Proceedings of the 34th IEEE symposium on security and privacy. IEEE, pp 1–15

  15. Popper C, Basin D, Capkun S, Cremers C (2010) Keeping data secret under full compromise using porter devices. In: Proceedings of the 26th annual computer security applications conference. ACM, pp 241–250

  16. Boneh D, Lipton R (1996) A revocable backup system. In: Proceedings of the USENIX security symposium. USENIX, pp 91–96

  17. Diesburg SM, Andy Wang A-I (2010) A survey of confidential data storage and deletion methods. ACM Comput Surv (CSUR) 43(1):2

    Article  Google Scholar 

  18. Reardon J, Capkun S, David A, Capkun S, Capkun S, David A, David A (2012) Data node encrypted file system: Efficient secure deletion for flash memory. In: Proceedings of the USENIX Security Symposium. USENIX, pp 1–16

  19. Cachin C, Haralambiev K, Hsiao H-C, Sorniotti A (2013) Policy-based secure deletion. In: Proceedings of the ACM conference computer and communications security. ACM, pp 152–167

  20. Reardon J, Ritzdorf H, Basin D, Capkun S (2013) Secure data deletion from persistent media. In: Proceedings of the 2013 ACM SIGSAC conference on computer and communications security. ACM, pp 271–284

  21. Li H, Lu R, Zhou L, Yang B, Shen X (2013) An efficient merkle-tree-based authentication scheme for smart grid. IEEE Syst J 1–9

  22. Li H, Liang X, Lu R, Lin X, Shen X (2012) Edr: an efficient demand response scheme for achieving forward secrecy in smart grid. In: Proceedings of the 2012 IEEE global communications conference (GLOBECOM). IEEE, pp 929–934

  23. Li H, Lin X, Yang H, Liang X, Lu R, Shen X (2013) Eppdr: an efficient privacy-preserving demand response scheme with adaptive key evolution in smart grid. IEEE Trans Parallel Distrib Syst 1–11

  24. Perlman R (2005) File system design with assured delete. In: Proceedings of the third IEEE international security in storage workshop. IEEE, pp 83–88

  25. Perlman R (2005) The ephemerizer: making data disappear. J Inf Syst Secur 1(1):21–32

    Google Scholar 

  26. Tang Y, Lee PPC, Lui JCS, Perlman R (2012) Secure overlay cloud storage with access control and assured deletion. IEEE Trans Dependable Secure Comput 9(6):903–916

    Article  Google Scholar 

  27. Geambasu R, Kohno T, Levy A, Levy HM (2009) Vanish: Increasing data privacy with self-destructing data. In: Proceedings of the 18th USENIX security symposium. USENIX, pp 299–315

  28. Zeng L, Chen S, Wei Q, Feng D (2013) Sedas: a self-destructing data system based on active storage framework. IEEE Trans Magn 49(6):2548–2554

    Article  Google Scholar 

  29. Xiong J, Yao Z, Ma J, Liu X, Li Q (2013) A secure document self-destruction scheme: an abe approach. In: Proceedings of the 15th IEEE international conference on high performance computing and communications. IEEE, pp 59–64

  30. Xiong J, Yao Z, Ma J, Li F, Liu X, Li Q (2014) A secure self-destruction scheme for composite documents with attribute based encryption. Acta Electronica Sinica 42(2):366–376

    Google Scholar 

  31. Liu X, Ma J, Xiong J, Liu G (2014) Ciphertext-policy hierarchical attribute-based encryption for fine-grained access control of encryption data. Int J Netw Secur 16(4):351–357

    Google Scholar 

  32. Wang G, Liu Q, Wu J, Guo M (2011) Hierarchical attribute-based encryption and scalable user revocation for sharing data in cloud servers. Comput Secur 30(5):320–331

    Article  Google Scholar 

  33. Falkner J, Piatek M, John JP, Krishnamurthy A, Anderson T (2007) Profiling a million user dht. In: Proceedings of the 7th ACM SIGCOMM conference on Internet measurement. ACM, 129–134

  34. Wolchok S, Hofmann OS, Heninger N, Felten EW, Halderman JA, Rossbach CJ, Waters B, Witchel E (2010) Defeating vanish with low-cost sybil attacks against large dhts. In: Proceedings of the 17th annual network and distributed system security conference, NDSS. ISOC, pp 1–15

  35. Shamir A (1979) How to share a secret. Commun ACM 22(11):612–613

    Article  MathSciNet  MATH  Google Scholar 

  36. Zeng L, Shi Z, Xu S, Feng D (2010) Safevanish: an improved data self-destruction for protecting data privacy. In: Proceedings of the second international conference on cloud computing technology and science. IEEE, pp 521–528

Download references

Acknowledgment

This work is supported by Changjiang Scholars and Innovative Research Team in University under grant No.IRT1078; The Key Program of NSFC-Guangdong Union Foundation under grant No.U1135002; The National Natural Science Foundation of China under grant No.61370078 and No.61170251; The National High Technology Research and Development Program of China under grant No.2012AA013102. We thank the editors and reviewers for helpful comments.

Author information

Authors and Affiliations

  1. Faculty of Software, Fujian Normal University, Qishan Campus, Minhou District, Fuzhou, 350108, China

    Jinbo Xiong & Zhiqiang Yao

  2. State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Minzhuang Road 89#, Haidian District, Beijing, 100093, China

    Jinbo Xiong & Fenghua Li

  3. School of Computer Science and Technology, Xidian University, Taibai Road 2#, Yanta District, Xi’an, 710071, China

    Jianfeng Ma & Ximeng Liu

  4. Department of Information Management, Tatung University, 40, Sect.3, Zhongshan N. Road, 104, Taipei, Taiwan

    Patrick S. Chen

Authors
  1. Jinbo Xiong
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Fenghua Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jianfeng Ma
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Ximeng Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Zhiqiang Yao
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Patrick S. Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Zhiqiang Yao.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Xiong, J., Li, F., Ma, J. et al. A full lifecycle privacy protection scheme for sensitive data in cloud computing. Peer-to-Peer Netw. Appl. 8, 1025–1037 (2015). https://doi.org/10.1007/s12083-014-0295-x

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12083-014-0295-x

Keywords

Search

Navigation