Advertisement

Peer-to-Peer Networking and Applications

, Volume 8, Issue 6, pp 1025–1037 | Cite as

A full lifecycle privacy protection scheme for sensitive data in cloud computing

  • Jinbo Xiong
  • Fenghua Li
  • Jianfeng Ma
  • Ximeng Liu
  • Zhiqiang Yao
  • Patrick S. Chen
Article

Abstract

With the rapid development of versatile cloud services, it becomes increasingly susceptible to expose users’ sensitive data into the cloud computing environment. In this paper, we propose a full lifecycle privacy protection scheme for sensitive data (FullPP), which is based on identity-based timed-release encryption (ID-TRE) algorithm and distributed hash table (DHT) network. In the FullPP scheme, we first encrypt the sensitive data into a ciphertext, which is broken up into extracted ciphertext and encapsulated ciphertext by using an extracting algorithm. Then, we leverage the ID-TRE algorithm to encrypt the decryption key and combine the key’s ciphertext with the extracted ciphertext to generate ciphertext shares. Finally, we distribute the ciphertext shares into the DHT network and store the encapsulated ciphertext into cloud servers. To recover the plaintext of the sensitive data, sufficient ciphertext shares, ID-TRE private key and the encapsulated ciphertext should be obtained during the lifecycle of the sensitive data. As a result, FullPP is able to provide full lifecycle privacy protection for users’ sensitive data by making it unreadable before a predefined time and automatically destructed after expiration. Security analysis indicates that the FullPP scheme is able to resist against both traditional attacks on the cloud servers and Sybil attacks on the DHT network. Experiment result shows that the FullPP scheme proposed by us is more effective and efficient than other existing schemes.

Keywords

Sensitive data full lifecycle privacy protection self-destruction distributed hash table (DHT) cloud computing 

Notes

Acknowledgment

This work is supported by Changjiang Scholars and Innovative Research Team in University under grant No.IRT1078; The Key Program of NSFC-Guangdong Union Foundation under grant No.U1135002; The National Natural Science Foundation of China under grant No.61370078 and No.61170251; The National High Technology Research and Development Program of China under grant No.2012AA013102. We thank the editors and reviewers for helpful comments.

References

  1. 1.
    Wang G, Yue F, Liu Q (2013) A secure self-destructing scheme for electronic data. J Comput Syst Sci 79(2):279–290MathSciNetCrossRefGoogle Scholar
  2. 2.
    Xiong J, Yao Z, Ma J, Li F, Liu X (2014) A secure self-destruction scheme with ibe for the internet content privacy. Chin J Comput 37(1):139–150Google Scholar
  3. 3.
    Gheorghe G, Lo Cigno R, Montresor A (2011) Security and privacy issues in p2p streaming systems: a survey. Peer-to-Peer Netw Appl 4(2):75–91CrossRefGoogle Scholar
  4. 4.
    Chan ACF, Blake IF (2005) Scalable, server-passive, user-anonymous timed release cryptography. In: Proceedings of the international conference on distributed computing systems. IEEE, pp 504–513Google Scholar
  5. 5.
    Rivest RL, Shamir A, Wagner DA (1996) Time-lock puzzles and timed-release crypto. Technical ReportGoogle Scholar
  6. 6.
    Chalkias K, Hristu-Varsakelis D, Stephanides G (2007) Improved anonymous timed-release encryption. In: Proceedings of the 12th european symposium on research in computer security. Springer, pp 311–326Google Scholar
  7. 7.
    Cathalo J, Libert B, Quisquater J-J (2005) Efficient and non-interactive timed-release encryption. In: Proceedings of the information and communications security. Springer, pp 291–303Google Scholar
  8. 8.
    Dent AW, Tang Q (2007) Revisiting the security model for timed-release encryption with pre-open capability. In: Proceedings of the information security. Springer, pp 158–174Google Scholar
  9. 9.
    Kikuchi R, Fujioka A, Okamoto Y, Saito T (2012) Strong security notions for timed-release public-key encryption revisited. In: Proceedings of the information security and cryptology. Springer, pp 88–108Google Scholar
  10. 10.
    Chow SSM, Yiu S-M (2008) Timed-release encryption revisited. In: Proceedings of the provable security. Springer, pp 38–51Google Scholar
  11. 11.
    Hwang YH, Yum DH, Lee PJ (2005) Timed-release encryption with pre-open capability and its application to certified e-mail system. In: Information security. Springer, pp 344–358Google Scholar
  12. 12.
    Liang K, Huang Q, Schlegel R, Wong DS, Tang C (2013) A conditional proxy broadcast re-encryption scheme supporting timed-release. In: Information security practice and experience. Springer, pp 132–146Google Scholar
  13. 13.
    Boneh D, Franklin M (2003) Identity-based encryption from the weil pairing. SIAM J Comput 32(3):586–615MathSciNetCrossRefzbMATHGoogle Scholar
  14. 14.
    Reardon J, Basin D, Capkun S (2013) Sok: secure data deletion. In: Proceedings of the 34th IEEE symposium on security and privacy. IEEE, pp 1–15Google Scholar
  15. 15.
    Popper C, Basin D, Capkun S, Cremers C (2010) Keeping data secret under full compromise using porter devices. In: Proceedings of the 26th annual computer security applications conference. ACM, pp 241–250Google Scholar
  16. 16.
    Boneh D, Lipton R (1996) A revocable backup system. In: Proceedings of the USENIX security symposium. USENIX, pp 91–96Google Scholar
  17. 17.
    Diesburg SM, Andy Wang A-I (2010) A survey of confidential data storage and deletion methods. ACM Comput Surv (CSUR) 43(1):2CrossRefGoogle Scholar
  18. 18.
    Reardon J, Capkun S, David A, Capkun S, Capkun S, David A, David A (2012) Data node encrypted file system: Efficient secure deletion for flash memory. In: Proceedings of the USENIX Security Symposium. USENIX, pp 1–16Google Scholar
  19. 19.
    Cachin C, Haralambiev K, Hsiao H-C, Sorniotti A (2013) Policy-based secure deletion. In: Proceedings of the ACM conference computer and communications security. ACM, pp 152–167Google Scholar
  20. 20.
    Reardon J, Ritzdorf H, Basin D, Capkun S (2013) Secure data deletion from persistent media. In: Proceedings of the 2013 ACM SIGSAC conference on computer and communications security. ACM, pp 271–284Google Scholar
  21. 21.
    Li H, Lu R, Zhou L, Yang B, Shen X (2013) An efficient merkle-tree-based authentication scheme for smart grid. IEEE Syst J 1–9Google Scholar
  22. 22.
    Li H, Liang X, Lu R, Lin X, Shen X (2012) Edr: an efficient demand response scheme for achieving forward secrecy in smart grid. In: Proceedings of the 2012 IEEE global communications conference (GLOBECOM). IEEE, pp 929–934Google Scholar
  23. 23.
    Li H, Lin X, Yang H, Liang X, Lu R, Shen X (2013) Eppdr: an efficient privacy-preserving demand response scheme with adaptive key evolution in smart grid. IEEE Trans Parallel Distrib Syst 1–11Google Scholar
  24. 24.
    Perlman R (2005) File system design with assured delete. In: Proceedings of the third IEEE international security in storage workshop. IEEE, pp 83–88Google Scholar
  25. 25.
    Perlman R (2005) The ephemerizer: making data disappear. J Inf Syst Secur 1(1):21–32Google Scholar
  26. 26.
    Tang Y, Lee PPC, Lui JCS, Perlman R (2012) Secure overlay cloud storage with access control and assured deletion. IEEE Trans Dependable Secure Comput 9(6):903–916CrossRefGoogle Scholar
  27. 27.
    Geambasu R, Kohno T, Levy A, Levy HM (2009) Vanish: Increasing data privacy with self-destructing data. In: Proceedings of the 18th USENIX security symposium. USENIX, pp 299–315Google Scholar
  28. 28.
    Zeng L, Chen S, Wei Q, Feng D (2013) Sedas: a self-destructing data system based on active storage framework. IEEE Trans Magn 49(6):2548–2554CrossRefGoogle Scholar
  29. 29.
    Xiong J, Yao Z, Ma J, Liu X, Li Q (2013) A secure document self-destruction scheme: an abe approach. In: Proceedings of the 15th IEEE international conference on high performance computing and communications. IEEE, pp 59–64Google Scholar
  30. 30.
    Xiong J, Yao Z, Ma J, Li F, Liu X, Li Q (2014) A secure self-destruction scheme for composite documents with attribute based encryption. Acta Electronica Sinica 42(2):366–376Google Scholar
  31. 31.
    Liu X, Ma J, Xiong J, Liu G (2014) Ciphertext-policy hierarchical attribute-based encryption for fine-grained access control of encryption data. Int J Netw Secur 16(4):351–357Google Scholar
  32. 32.
    Wang G, Liu Q, Wu J, Guo M (2011) Hierarchical attribute-based encryption and scalable user revocation for sharing data in cloud servers. Comput Secur 30(5):320–331CrossRefGoogle Scholar
  33. 33.
    Falkner J, Piatek M, John JP, Krishnamurthy A, Anderson T (2007) Profiling a million user dht. In: Proceedings of the 7th ACM SIGCOMM conference on Internet measurement. ACM, 129–134Google Scholar
  34. 34.
    Wolchok S, Hofmann OS, Heninger N, Felten EW, Halderman JA, Rossbach CJ, Waters B, Witchel E (2010) Defeating vanish with low-cost sybil attacks against large dhts. In: Proceedings of the 17th annual network and distributed system security conference, NDSS. ISOC, pp 1–15Google Scholar
  35. 35.
    Shamir A (1979) How to share a secret. Commun ACM 22(11):612–613MathSciNetCrossRefzbMATHGoogle Scholar
  36. 36.
    Zeng L, Shi Z, Xu S, Feng D (2010) Safevanish: an improved data self-destruction for protecting data privacy. In: Proceedings of the second international conference on cloud computing technology and science. IEEE, pp 521–528Google Scholar

Copyright information

© Springer Science+Business Media New York 2014

Authors and Affiliations

  • Jinbo Xiong
    • 1
    • 2
  • Fenghua Li
    • 2
  • Jianfeng Ma
    • 3
  • Ximeng Liu
    • 3
  • Zhiqiang Yao
    • 1
  • Patrick S. Chen
    • 4
  1. 1.Faculty of SoftwareFujian Normal UniversityFuzhouChina
  2. 2.State Key Laboratory of Information Security, Institute of Information EngineeringChinese Academy of SciencesBeijingChina
  3. 3.School of Computer Science and TechnologyXidian UniversityXi’anChina
  4. 4.Department of Information ManagementTatung UniversityTaipeiTaiwan

Personalised recommendations