cloud computing - ansprotech.com cc.pdf · 17ansp-cc-008 circuit ciphertext -policy attribute based...

27
ANSPRO TECHNOLOGIES #7, 1st Floor, 100 ft Ring Road B.T.M 2nd Stage, Near Jayadeva Hospital, Bangaluru-7 Ph:080-64350727 Mob:8095286693 / 9886832434/ 7204005296 Email: [email protected] www.ansprotech.com IEEE 2016-17 PROJECT LIST(JAVA) Cloud Computing 17ANSP-CC-001 A Secure and Dynamic Multi-Keyword Ranked Search Scheme over Encrypted Cloud Data Due to the increasing popularity of cloud computing, more and more data owners are motivated to outsource their data to cloud servers for great convenience and reduced cost in data management. However, sensitive data should be encrypted before outsourcing for privacy requirements, which obsoletes data utilization like keyword-based document retrieval. In this paper, we present a secure multi-keyword ranked search scheme over encrypted cloud data, which simultaneously supports dynamic update operations like deletion and insertion of documents. Specifically, the vector space model and the widely-used TF _ IDF model are combined in the index construction and query generation. We construct a special tree-based index structure and propose a “Greedy Depth-first Search” algorithm to provide efficient multi- keyword ranked search. The secure kNN algorithm is utilized to encrypt the index and query vectors, and meanwhile ensure accurate relevance score calculation between encrypted index and query vectors. In order to resist statistical attacks, phantom terms are added to the index vector for blinding search results. Due to the use of our special tree-based index structure, the proposed scheme can achieve sub-linear search time and deal with the deletion and insertion of documents flexibly. Extensive experiments are conducted to demonstrate the efficiency of the proposed scheme. 17ANSP-CC-002 Privacy-Preserving Patient-Centric Clinical Decision Support System on Na¨ıve Bayesian Classification

Upload: truongque

Post on 01-May-2018

218 views

Category:

Documents


1 download

TRANSCRIPT

Page 1: Cloud Computing - ansprotech.com CC.pdf · 17ANSP-CC-008 Circuit Ciphertext -Policy Attribute Based Hybrid Encryption with Verifiable Delegation in Cloud Computing ... policy attribute-based

ANSPRO TECHNOLOGIES

#7, 1st Floor, 100 ft Ring Road B.T.M 2nd Stage, Near Jayadeva Hospital, Bangaluru-7

Ph:080-64350727 Mob:8095286693 / 9886832434/ 7204005296

Email: [email protected]

www.ansprotech.com

IEEE 2016-17 PROJECT LIST(JAVA)

Cloud Computing

17ANSP-CC-001 A Secure and Dynamic Multi-Keyword Ranked Search

Scheme over Encrypted Cloud Data

Due to the increasing popularity of cloud computing, more

and more data owners are motivated to outsource their data to

cloud servers for great convenience and reduced cost in data

management. However, sensitive data should be encrypted

before outsourcing for privacy requirements, which obsoletes

data utilization like keyword-based document retrieval. In this

paper, we present a secure multi-keyword ranked search

scheme over encrypted cloud data, which simultaneously

supports dynamic update operations like deletion and

insertion of documents. Specifically, the vector space model

and the widely-used TF _ IDF model are combined in the

index construction and query generation. We construct a

special tree-based index structure and propose a “Greedy

Depth-first Search” algorithm to provide efficient multi-

keyword ranked search. The secure kNN algorithm is utilized

to encrypt the index and query vectors, and meanwhile ensure

accurate relevance score calculation between encrypted index

and query vectors. In order to resist statistical attacks,

phantom terms are added to the index vector for blinding

search results. Due to the use of our special tree-based index

structure, the proposed scheme can achieve sub-linear search

time and deal with the deletion and insertion of documents

flexibly.

Extensive experiments are conducted to demonstrate the

efficiency of the proposed scheme. 17ANSP-CC-002 Privacy-Preserving Patient-Centric Clinical Decision Support

System on Na¨ıve Bayesian Classification

Page 2: Cloud Computing - ansprotech.com CC.pdf · 17ANSP-CC-008 Circuit Ciphertext -Policy Attribute Based Hybrid Encryption with Verifiable Delegation in Cloud Computing ... policy attribute-based

ANSPRO TECHNOLOGIES

#7, 1st Floor, 100 ft Ring Road B.T.M 2nd Stage, Near Jayadeva Hospital, Bangaluru-7

Ph:080-64350727 Mob:8095286693 / 9886832434/ 7204005296

Email: [email protected]

www.ansprotech.com

Clinical decision support system, which uses advanced data

mining techniques to help clinician make proper decisions,

has received considerable attention recently. The advantages

of clinical decision support system include not only

improving diagnosis accuracy but also reducing diagnosis

time. Specifically, with large amounts of clinical data

generated everyday, na¨ıve Bayesian classification can be

utilized to excavate valuable information to improve a clinical

decision support system. Although the clinical decision

support system is quite promising, the flourish of the system

still faces many challenges including information security and

privacy concerns. In this paper, we propose a new privacy-

preserving patient-centric clinical decision support system,

which helps clinician complementary to diagnose the risk of

patients’ disease in a privacy-preserving way. In the proposed

system, the past patients’ historical data are stored in cloud

and can be used to train the na¨ıve Bayesian classifier without

leaking any individual patient medical data, and then the

trained classifier can be applied to compute the disease risk

for new coming patients and also allow these patients to

retrieve the top-k disease names according to their own

preferences. Specifically, to protect the privacy of past

patients’ historical data, a new cryptographic tool called

additive homomorphic proxy aggregation scheme is

designed. Moreover, to leverage the leakage of na¨ıve

Bayesian classifier, we introduce a privacy-preserving topk

disease names retrieval protocol in our system. Detailed

privacy analysis ensures that patient’s information is private

and will not be leaked out during the disease diagnosis phase.

In addition, performance evaluation via extensive simulations

also demonstrates that our system can efficiently calculate

patient’s disease risk with high accuracy in a privacy-

preserving way.

Page 3: Cloud Computing - ansprotech.com CC.pdf · 17ANSP-CC-008 Circuit Ciphertext -Policy Attribute Based Hybrid Encryption with Verifiable Delegation in Cloud Computing ... policy attribute-based

ANSPRO TECHNOLOGIES

#7, 1st Floor, 100 ft Ring Road B.T.M 2nd Stage, Near Jayadeva Hospital, Bangaluru-7

Ph:080-64350727 Mob:8095286693 / 9886832434/ 7204005296

Email: [email protected]

www.ansprotech.com

17ANSP-CC-003 Heuristic Virtual Machine Allocation for Multi-Tier Ambient

Assisted Living Applications in a Cloud Data Center

Cloud computing provides the essential infrastructure for

multi-tier Ambient Assisted Living (AAL) applications that

facilitate people’s lives. Resource provisioning is a critically

important problem for AAL applications in cloud data centers

(CDCs). This paper focuses on modeling and analysis of

multi-tier AAL applications, and aims to optimize resource

provisioning while meeting requests’ response time

constraint. This paper models a multi-tier AAL application as

a hybrid multi-tier queueing model consisting of an M/M/c

queueing model and multiple M/ M/1 queueing models. Then,

virtual machine (VM) allocation is formulated as a

constrained optimization problem in a CDC, and is further

solved with the proposed heuristic VM allocation algorithm

(HVMA). The results demonstrate that the proposed model

and algorithm can effectively achieve dynamic resource

provisioning while meeting the performance constraint. 17ANSP-CC-004 Encrypted Data Management with Deduplication in Cloud

Computing

This article proposes a scheme based on attribute based

encryption (ABE) to deduplicate encrypted data stored in the

cloud while at the same time supporting secure data access

control. Cloud computing offers a new way to deliver services

by rearranging resources over the Internet and providing them

to users on demand. It plays an important role in supporting

data storage, processing, and management in the Internet of

Things (IoT). Various cloud service providers (CSPs) offer

huge volumes of storage to maintain and manage IoT data,

which can include videos, photos, and personal health

records. Cloud computing offers a new way to deliver

services by rearranging resources over the Internet and

providing them to users on demand. It plays an important role

Page 4: Cloud Computing - ansprotech.com CC.pdf · 17ANSP-CC-008 Circuit Ciphertext -Policy Attribute Based Hybrid Encryption with Verifiable Delegation in Cloud Computing ... policy attribute-based

ANSPRO TECHNOLOGIES

#7, 1st Floor, 100 ft Ring Road B.T.M 2nd Stage, Near Jayadeva Hospital, Bangaluru-7

Ph:080-64350727 Mob:8095286693 / 9886832434/ 7204005296

Email: [email protected]

www.ansprotech.com

in supporting data storage, processing, and management in the

Internet of Things (IoT). Various cloud service providers

(CSPs) offer huge volumes of storage to maintain and manage

IoT data, which can include videos, photos, and personal

health records. 17ANSP-CC-005 Resource Allocation in Cloud Computing Using the

Uncertainty Principle of Game Theory

Virtualization of resources on the cloud offers a scalable

means of consuming services beyond the capabilities of small

systems. In a cloud that offers infrastructure such as

processor, memory, hard disk, etc., a coalition of virtual

machines formed by grouping two or more may be needed.

Economical management of cloud resources needs allocation

strategies with minimum wastage, while configuring services

ahead of actual requests. We propose a resource allocation

mechanism for machines on the cloud, based on the principles

of coalition formation and the uncertainty principle of game

theory. We compare the results of applying this mechanism

with existing resource allocation methods that have been

deployed on the cloud. We also show that this method of

resource allocation by coalition-formation of the machines on

the cloud leads not only to better resource utilization but also

higher request satisfaction. 17ANSP-CC-006 A Semi-Automatic Approach of Transforming Applications

to be Multi-Tenancy Enabled

As a popular technique in cloud computing, multi-tenancy

(MT) can significantly ease software maintenance, and

improve resource utilization. To make use of the MT

technique, an application may need to be transformed to be

MT-enabled. This process involves finding and processing a

special kind of data entities named global isolation points

(GIPs). Practically, finding all GIPs of an application is

challenging. Traditional method involves manually browsing

Page 5: Cloud Computing - ansprotech.com CC.pdf · 17ANSP-CC-008 Circuit Ciphertext -Policy Attribute Based Hybrid Encryption with Verifiable Delegation in Cloud Computing ... policy attribute-based

ANSPRO TECHNOLOGIES

#7, 1st Floor, 100 ft Ring Road B.T.M 2nd Stage, Near Jayadeva Hospital, Bangaluru-7

Ph:080-64350727 Mob:8095286693 / 9886832434/ 7204005296

Email: [email protected]

www.ansprotech.com

the application code, requiring a great deal of human effort.

To solve this problem, we introduce a toolkit named Auto-

MT to help find and process GIPs of an application. Auto-MT

is able to find new GIPs based on their relations to known

GIPs. To characterize the relation, a novel graph called value

flow graph (VFG) is introduced, which models the value

flows of data entities. It can also be used in other scenarios,

like taint analysis. We have implemented Auto-MT as an

Eclipse Plug-in, and applied it to transform Roller, a widely

used Java application. Experimental results show that Auto-

MT saves substantial human effort, and accelerates the

process of transforming applications to be MT-enabled. 17ANSP-CC-007 A Secure Anti-Collusion Data Sharing Scheme for Dynamic

Groups in the Cloud

Benefited from cloud computing, users can achieve an

effective and economical approach for data sharing among

group members in the cloud with the characters of low

maintenance and little management cost. Meanwhile, we must

provide security guarantees for the sharing data files since

they are outsourced. Unfortunately, because of the frequent

change of the membership, sharing data while providing

privacy-preserving is still a challenging issue, especially for

an untrusted cloud due to the collusion attack.

Moreover, for existing schemes, the security of key

distribution is based on the secure communication channel,

however, to have such channel is a strong assumption and is

difficult for practice. In this paper, we propose a secure data

sharing scheme for dynamic members. First, we propose a

secure way for key distribution without any secure

communication channels, and the users can securely obtain

their private keys from group manager. Second, our scheme

can achieve fine-grained access control, any user in the group

can use the source in the cloud and revoked users cannot

access the cloud again after they are revoked. Third, we can

Page 6: Cloud Computing - ansprotech.com CC.pdf · 17ANSP-CC-008 Circuit Ciphertext -Policy Attribute Based Hybrid Encryption with Verifiable Delegation in Cloud Computing ... policy attribute-based

ANSPRO TECHNOLOGIES

#7, 1st Floor, 100 ft Ring Road B.T.M 2nd Stage, Near Jayadeva Hospital, Bangaluru-7

Ph:080-64350727 Mob:8095286693 / 9886832434/ 7204005296

Email: [email protected]

www.ansprotech.com

protect the scheme from collusion attack, which means that

revoked users cannot get the original data file even if they

conspire with the untrusted cloud. In our approach, by

leveraging polynomial function, we can achieve a secure user

revocation scheme. Finally, our scheme can achieve fine

efficiency, which means previous users need not to update

their private keys for the situation either a new user joins in

the group or a user is revoked from the group. 17ANSP-CC-008 Circuit Ciphertext-Policy Attribute-Based Hybrid Encryption

with Verifiable Delegation in Cloud Computing

In the cloud, for achieving access control and keeping data

confidential, the data owners could adopt attribute-based

encryption to encrypt the stored data. Users with limited

computing power are however more likely to delegate the

mask of the decryption task to the cloud servers to reduce the

computing cost. As a result, attribute-based encryption with

delegation emerges. Still, there are caveats and questions

remaining in the previous relevant works. For instance, during

the delegation, the cloud servers could tamper or replace the

delegated ciphertext and respond a forged computing result

with malicious intent. They may also cheat the eligible users

by responding them that they are ineligible for the purpose of

cost saving. Furthermore, during the encryption, the access

policies may not be flexible enough as well. Since policy for

general circuits enables to achieve the strongest form of

access control, a construction for realizing circuit ciphertext-

policy attribute-based hybrid encryption with verifiable

delegation has been considered in our work. In such a system,

combined with verifiable computation and encrypt-then-mac

mechanism, the data confidentiality, the fine-grained access

control and the correctness of the delegated computing results

are well guaranteed at the same time. Besides, our scheme

achieves security against chosen-plaintext attacks under the

k-multilinear Decisional Diffie-Hellman assumption.

Page 7: Cloud Computing - ansprotech.com CC.pdf · 17ANSP-CC-008 Circuit Ciphertext -Policy Attribute Based Hybrid Encryption with Verifiable Delegation in Cloud Computing ... policy attribute-based

ANSPRO TECHNOLOGIES

#7, 1st Floor, 100 ft Ring Road B.T.M 2nd Stage, Near Jayadeva Hospital, Bangaluru-7

Ph:080-64350727 Mob:8095286693 / 9886832434/ 7204005296

Email: [email protected]

www.ansprotech.com

Moreover, an extensive simulation campaign confirms the

feasibility and efficiency of the proposed solution.

17ANSP-CC-009 An Efficient Algorithm for the Bursting of Service-Based

Applications in Hybrid Clouds

Enterprises are more and more using hybrid cloud

environments to deploy and run applications. This consists in

providing and managing software and hardware resources

within the enterprise and getting additional resources

provided externally by public clouds whenever this is needed.

In this later case, deployment of new applications consists in

choosing a placement of some components in the private

cloud and some others in the public cloud. To tackle this NP-

hard problem, we have proposed in a previous work an

approximate approach based on communication and hosting

costs induced by the deployment of components in the public

cloud. In this paper, we go further and propose a new efficient

algorithm adapted for service-based applications modelled

that can be not only described as behavior-based but also as

architecture-based compositions of services. 17ANSP-CC-010 Enabling Fine-Grained Multi-Keyword Search Supporting

Classified Sub-Dictionaries over Encrypted Cloud Data

Using cloud computing, individuals can store their data on

remote servers and allow data access to public users through

the cloud servers. As the outsourced data are likely to contain

sensitive privacy information, they are typically encrypted

before uploaded to the cloud. This, however, significantly

limits the usability of outsourced data due to the difficulty of

searching over the encrypted data. In this paper, we address

this issue by developing the fine-grained multi-keyword

search schemes over encrypted cloud data. Our original

contributions are three-fold. First, we introduce the relevance

scores and preference factors upon keywords which enable

Page 8: Cloud Computing - ansprotech.com CC.pdf · 17ANSP-CC-008 Circuit Ciphertext -Policy Attribute Based Hybrid Encryption with Verifiable Delegation in Cloud Computing ... policy attribute-based

ANSPRO TECHNOLOGIES

#7, 1st Floor, 100 ft Ring Road B.T.M 2nd Stage, Near Jayadeva Hospital, Bangaluru-7

Ph:080-64350727 Mob:8095286693 / 9886832434/ 7204005296

Email: [email protected]

www.ansprotech.com

the precise keyword search and personalized user experience.

Second, we develop a practical and very efficient multi-

keyword search scheme. The proposed scheme can support

complicated logic search the mixed “AND”, “OR” and “NO”

operations of keywords. Third, we further employ the

classified sub-dictionaries technique to achieve better

efficiency on index building, trapdoor generating and query.

Lastly, we analyze the security of the proposed schemes in

terms of confidentiality of documents, privacy protection of

index and trapdoor, and unlinkability of trapdoor. Through

extensive experiments using the real-world dataset, we

validate the performance of the proposed schemes. Both the

security analysis and experimental results demonstrate that

the proposed schemes can achieve the same security level

comparing to the existing ones and better performance in

terms of functionality, query complexity and efficiency. 17ANSP-CC-011 CloudArmor: Supporting Reputation-Based Trust

Management for Cloud Services

Trust management is one of the most challenging issues for

the adoption and growth of cloud computing. The highly

dynamic, distributed, and non-transparent nature of cloud

services introduces several challenging issues such as

privacy, security, and availability. Preserving consumers’

privacy is not an easy task due to the sensitive information

involved in the interactions between consumers and the trust

management service. Protecting cloud services against their

malicious users (e.g., such users might give misleading

feedback to disadvantage a particular cloud service) is a

difficult problem. Guaranteeing the availability of the trust

management service is another significant challenge because

of the dynamic nature of cloud environments. In this article,

we describe the design and implementation of CloudArmor, a

reputation-based trust management framework that provides

a set of functionalities to deliver trust as a service (TaaS),

Page 9: Cloud Computing - ansprotech.com CC.pdf · 17ANSP-CC-008 Circuit Ciphertext -Policy Attribute Based Hybrid Encryption with Verifiable Delegation in Cloud Computing ... policy attribute-based

ANSPRO TECHNOLOGIES

#7, 1st Floor, 100 ft Ring Road B.T.M 2nd Stage, Near Jayadeva Hospital, Bangaluru-7

Ph:080-64350727 Mob:8095286693 / 9886832434/ 7204005296

Email: [email protected]

www.ansprotech.com

which includes i) a novel protocol to prove the credibility of

trust feedbacks and preserve users’ privacy, ii) an adaptive

and robust credibility model for measuring the credibility of

trust feedbacks to protect cloud services from malicious users

and to compare the trustworthiness of cloud services, and iii)

an availability model to manage the availability of the

decentralized implementation of the trust management

service. The feasibility and benefits of our approach have

been validated by a prototype and experimental studies using

a collection of real-world trust feedbacks on cloud services. 17ANSP-CC-012 Dispersing Instant Social Video Service Across Multiple

Clouds

Instant social video sharing which combines the online social

network and user-generated short video streaming services,

has become popular in today’s Internet. Cloud-based hosting

of such instant social video contents has become a norm to

serve the increasing users with user-generated contents. A

fundamental problem of cloud-based social video sharing

service is that users are located globally, who cannot be

served with good service quality with a single cloud provider.

In this paper, we investigate the feasibility of dispersing

instant social video contents to multiple cloud providers. The

challenge is that inter-cloud social propagation is

indispensable with such multi-cloud social video hosting, yet

such inter-cloud traffic incurs substantial operational cost. We

analyze and formulate the multi-cloud hosting of an instant

social video system as an optimization problem. We conduct

large-scale measurement studies to show the characteristics of

instant social video deployment, and demonstrate the trade-

off between satisfying users with their ideal cloud providers,

and reducing the inter-cloud data propagation. Our

measurement insights of the social propagation allow us to

propose a heuristic algorithm with acceptable complexity to

solve the optimization problem, by partitioning a

Page 10: Cloud Computing - ansprotech.com CC.pdf · 17ANSP-CC-008 Circuit Ciphertext -Policy Attribute Based Hybrid Encryption with Verifiable Delegation in Cloud Computing ... policy attribute-based

ANSPRO TECHNOLOGIES

#7, 1st Floor, 100 ft Ring Road B.T.M 2nd Stage, Near Jayadeva Hospital, Bangaluru-7

Ph:080-64350727 Mob:8095286693 / 9886832434/ 7204005296

Email: [email protected]

www.ansprotech.com

propagation-weighted social graph in two phases: a

preference-aware initial cloud provider selection and a

propagation-aware re-hosting. Our simulation experiments

driven by real-world social network traces show the

superiority of our design. 17ANSP-CC-013 Coral: A Cloud-Backed Frugal File System

With simple access interfaces and flexible billing models,

cloud storage has become an attractive solution to simplify

the storage management for both enterprises and individual

users. However, traditional file systems with extensive

optimizations for local disk-based storage backend can not

fully exploit the inherent features of the cloud to obtain

desirable performance. In this paper, we present the design,

implementation, and evaluation of Coral, a cloud based file

system that strikes a balance between performance and

monetary cost. Unlike previous studies that treat cloud storage

as just a normal backend of existing networked file systems,

Coral is designed to address several key issues in optimizing

cloud-based file systems such as the data layout, block

management, and billing model. With carefully designed data

structures and algorithms, such as identifying semantically

correlated data blocks, kd-tree based caching policy with self-

adaptive thrashing prevention, effective data layout, and

optimal garbage collection, Coral achieves good performance

and cost savings under various workloads as demonstrated by

extensive evaluations. 17ANSP-CC-014 An Efficient Privacy-Preserving Ranked Keyword Search

Method

Cloud data owners prefer to outsource documents in an

encrypted form for the purpose of privacy preserving.

Therefore it is essential to develop efficient and reliable

ciphertext search techniques. One challenge is that the

relationship between documents will be normally concealed

Page 11: Cloud Computing - ansprotech.com CC.pdf · 17ANSP-CC-008 Circuit Ciphertext -Policy Attribute Based Hybrid Encryption with Verifiable Delegation in Cloud Computing ... policy attribute-based

ANSPRO TECHNOLOGIES

#7, 1st Floor, 100 ft Ring Road B.T.M 2nd Stage, Near Jayadeva Hospital, Bangaluru-7

Ph:080-64350727 Mob:8095286693 / 9886832434/ 7204005296

Email: [email protected]

www.ansprotech.com

in the process of encryption, which will lead to significant

search accuracy performance degradation. Also the volume of

data in data centers has experienced a dramatic growth. This

will make it even more challenging to design ciphertext

search schemes that can provide efficient and reliable online

information retrieval on large volume of encrypted data. In

this paper, a hierarchical clustering method is proposed to

support more search semantics and also to meet the demand

for fast ciphertext search within a big data environment. The

proposed hierarchical approach clusters the documents based

on the minimum relevance threshold, and then partitions the

resulting clusters into sub-clusters until the constraint on the

maximum size of cluster is reached. In the search phase, this

approach can reach a linear computational complexity against

an exponential size increase of document collection. In order

to verify the authenticity of search results, a structure called

minimum hash sub-tree is designed in this paper. Experiments

have been conducted using the collection set built from the

IEEE Xplore. The results show that with a sharp increase of

documents in the dataset the search time of the proposed

method increases linearly whereas the search time of the

traditional method increases exponentially. Furthermore, the

proposed method has an advantage over the traditional

method in the rank privacy and relevance of retrieved

documents. 17ANSP-CC-015 Performance-Aware Cloud Resource Allocation via Fitness-

Enabled Auction

Cloud computing is a new computing paradigm which

features renting the computation devices instead of buying

them. In a typical cloud computing environment, there will

always be different kinds of cloud resources and a number of

cloud services making use of cloud resources to run on. As

we can see, these cloud services usually have different

performance traits. Some may be I/O-intensive, like those

Page 12: Cloud Computing - ansprotech.com CC.pdf · 17ANSP-CC-008 Circuit Ciphertext -Policy Attribute Based Hybrid Encryption with Verifiable Delegation in Cloud Computing ... policy attribute-based

ANSPRO TECHNOLOGIES

#7, 1st Floor, 100 ft Ring Road B.T.M 2nd Stage, Near Jayadeva Hospital, Bangaluru-7

Ph:080-64350727 Mob:8095286693 / 9886832434/ 7204005296

Email: [email protected]

www.ansprotech.com

data querying services, while others might demand more CPU

cycles, like 3D image processing services. Meanwhile, cloud

resources also have different kinds of capabilities such as data

processing, I/O throughput, 3D image rendering, etc. A

simple fact is that allocating a suitable resource will greatly

improve the performance of the cloud service, and make the

cloud resource itself more efficient as well. In this paper, a

new cloud resource allocating algorithm via fitness-enabled

auction is proposed to guarantee the fitness of performance

traits between cloud resources (sellers) and cloud services

(buyers). We study the allocating algorithm in terms of

economic efficiency and system performance, and

experiments show that the allocation is far more efficient in

comparison with the continuous double auction in which the

idea of fitness is not introduced. 17ANSP-CC-016 CaCo: An Efficient Cauchy Coding Approach for Cloud

Storage Systems

Users of cloud storage usually assign different redundancy

configurations (i.e., k, m, w) of erasure codes, depending on

the desired balance between performance and fault tolerance.

Our study finds that with very low probability, one coding

scheme chosen by rules of thumb, for a given redundancy

configuration, performs best. In this paper, we propose CaCo,

an efficient Cauchy coding approach for data storage in the

cloud. First, CaCo uses Cauchy matrix heuristics to produce

a matrix set. Second, for each matrix in this set, CaCo uses

XOR schedule heuristics to generate a series of schedules.

Finally, CaCo selects the shortest one from all the produced

schedules. In such a way, CaCo has the ability to identify an

optimal coding scheme, within the capability of the current

state of the art, for an arbitrary given redundancy

configuration. By leverage of CaCo’s nature of ease to

parallelize, we boost significantly the performance of the

selection process with abundant computational resources in

Page 13: Cloud Computing - ansprotech.com CC.pdf · 17ANSP-CC-008 Circuit Ciphertext -Policy Attribute Based Hybrid Encryption with Verifiable Delegation in Cloud Computing ... policy attribute-based

ANSPRO TECHNOLOGIES

#7, 1st Floor, 100 ft Ring Road B.T.M 2nd Stage, Near Jayadeva Hospital, Bangaluru-7

Ph:080-64350727 Mob:8095286693 / 9886832434/ 7204005296

Email: [email protected]

www.ansprotech.com

the cloud. We implement CaCo in the Hadoop distributed file

system and evaluate its performance by comparing with

“Hadoop-EC” developed by Microsoft research. Our

experimental results indicate that CaCo can obtain an optimal

coding scheme within acceptable time. Furthermore, CaCo

outperforms Hadoop-EC by 26.68-40.18 percent in the

encoding time and by 38.4-52.83 percent in the decoding time

simultaneously. 17ANSP-CC-017 Incentive Mechanisms for Crowdsensing: Crowdsourcing

With Smartphones

Smartphones are programmable and equipped with a set of

cheap but powerful embedded sensors, such as accelerometer,

digital compass, gyroscope, GPS, microphone, and camera.

These sensors can collectively monitor a diverse range of

human activities and the surrounding environment.

Crowdsensing is a new paradigm which takes advantage of

the pervasive smartphones to sense, collect, and analyze data

beyond the scale of what was previously possible. With the

crowdsensing system, a crowdsourcer can recruit smartphone

users to provide sensing service. Existing crowdsensing

applications and systems lack good incentive mechanisms

that can attract more user participation. To address this issue,

we design incentive mechanisms for crowdsensing. We

consider two system models: the crowdsourcer-centric model

where the crowdsourcer provides a reward shared by

participating users, and the user-centric model where users

have more control over the payment they will receive. For the

crowdsourcer-centric model, we design an incentive

mechanism using a Stackelberg game, where the

crowdsourcer is the leader while the users are the followers.

We show how to compute the unique Stackelberg

Equilibrium, at which the utility of the crowdsourcer is

maximized, and none of the users can improve its utility by

Page 14: Cloud Computing - ansprotech.com CC.pdf · 17ANSP-CC-008 Circuit Ciphertext -Policy Attribute Based Hybrid Encryption with Verifiable Delegation in Cloud Computing ... policy attribute-based

ANSPRO TECHNOLOGIES

#7, 1st Floor, 100 ft Ring Road B.T.M 2nd Stage, Near Jayadeva Hospital, Bangaluru-7

Ph:080-64350727 Mob:8095286693 / 9886832434/ 7204005296

Email: [email protected]

www.ansprotech.com

unilaterally deviating from its current strategy. For the user-

centric model, we design an auction-based incentive

mechanism, which is computationally efficient, individually

rational, profitable, and truthful. Through extensive

simulations, we evaluate the performance and validate the

theoretical properties of our incentive mechanisms. 17ANSP-CC-018 Enabling Mobile Cloud Wide Spread Through an

Evolutionary Market-Based Approach

Mobile clouds are an ongoing research topic that has yet to

become ubiquitous as the now popular cloud paradigm. This

is because of a number of issues with mobile clouds that still

need to be addressed such as: incentives, security, privacy,

context, data management, usability, and cost benefits. Out of

these issues, the most important one that needs to be

addressed is the issue of incentives, without which mobile

clouds cannot gain enough users for the concept to be useful.

Unlike public, company-owned cloud systems, in mobile

clouds, the amount of resources or processing power is

directly dependent on mobile cloud users that are in the

proximity of the individual that requires extra resources. With

an increase in the number of mobile cloud users willing to

share resources or willing to use the service offered by others,

comes an increase in the likeliness that enough mobile-cloud-

enabled devices will be available. In this paper, we study

incentives for mobile cloud systems and consider as a solution

an evolutionary market-based approach to create these

incentives. Creating a market for these systems is particularly

difficult because of the large number of individuals that need

to be involved and their high mobility. 17ANSP-CC-019 Trust-but-Verify: Verifying Result Correctness of

Outsourced Frequent Itemset Mining in Data-Mining-As-a-

Service Paradigm

Page 15: Cloud Computing - ansprotech.com CC.pdf · 17ANSP-CC-008 Circuit Ciphertext -Policy Attribute Based Hybrid Encryption with Verifiable Delegation in Cloud Computing ... policy attribute-based

ANSPRO TECHNOLOGIES

#7, 1st Floor, 100 ft Ring Road B.T.M 2nd Stage, Near Jayadeva Hospital, Bangaluru-7

Ph:080-64350727 Mob:8095286693 / 9886832434/ 7204005296

Email: [email protected]

www.ansprotech.com

Cloud computing is popularizing the computing paradigm in

which data is outsourced to a third-party service provider

(server) for data mining. Outsourcing, however, raises a

serious security issue: how can the client of weak

computational power verify that the server returned correct

mining result? In this paper, we focus on the specific task of

frequent itemset mining. We consider the server that is

potentially untrusted and tries to escape from verification by

using its prior knowledge of the outsourced data. We propose

efficient probabilistic and deterministic verification

approaches to check whether the server has returned correct

and complete frequent itemsets. Our probabilistic approach

can catch incorrect results with high probability, while our

deterministic approach measures the result correctness with

100 percent certainty. We also design efficient verification

methods for both cases that the data and the mining setup are

updated. We demonstrate the effectiveness and efficiency of

our methods using an extensive set of empirical results on real

datasets. 17ANSP-CC-020 Privacy Preserving Ranked Multi-Keyword Search for

Multiple Data Owners in Cloud Computing

With the advent of cloud computing, it has become

increasingly popular for data owners to outsource their data

to public cloud servers while allowing data users to retrieve

this data. For privacy concerns, secure searches over

encrypted cloud data has motivated several research works

under the single owner model. However, most cloud servers

in practice do not just serve one owner; instead, they support

multiple owners to share the benefits brought by cloud

computing. In this paper, we propose schemes to deal with

privacy preserving ranked multi-keyword search in a multi-

owner model (PRMSM). To enable cloud servers to perform

secure search without knowing the actual data of both

keywords and trapdoors, we systematically construct a novel

Page 16: Cloud Computing - ansprotech.com CC.pdf · 17ANSP-CC-008 Circuit Ciphertext -Policy Attribute Based Hybrid Encryption with Verifiable Delegation in Cloud Computing ... policy attribute-based

ANSPRO TECHNOLOGIES

#7, 1st Floor, 100 ft Ring Road B.T.M 2nd Stage, Near Jayadeva Hospital, Bangaluru-7

Ph:080-64350727 Mob:8095286693 / 9886832434/ 7204005296

Email: [email protected]

www.ansprotech.com

secure search protocol. To rank the search results and

preserve the privacy of relevance scores between keywords

and files, we propose a novel additive order and privacy

preserving function family. To prevent the attackers from

eavesdropping secret keys and pretending to be legal data

users submitting searches, we propose a novel dynamic secret

key generation protocol and a new data user authentication

protocol. Furthermore, PRMSM supports efficient data user

revocation. Extensive experiments on real-world datasets

confirm the efficacy and efficiency of PRMSM. 17ANSP-CC-021 TMACS: A Robust and Verifiable Threshold Multi-Authority

Access Control System in Public Cloud Storage

Attribute-based Encryption (ABE) is regarded as a promising

cryptographic conducting tool to guarantee data owners’

direct control over their data in public cloud storage. The

earlier ABE schemes involve only one authority to maintain

the whole attribute set, which can bring a single-point

bottleneck on both security and performance. Subsequently,

some multi-authority schemes are proposed, in which

multiple authorities separately maintain disjoint attribute

subsets. However, the single-point bottleneck problem

remains unsolved. In this paper, from another perspective, we

conduct a threshold multi-authority CP-ABE access control

scheme for public cloud storage, named TMACS, in which

multiple authorities jointly manage a uniform attribute set. In

TMACS, taking advantage of (t; n) threshold secret sharing,

the master key can be shared among multiple authorities, and

a legal user can generate his/her secret key by interacting with

any t authorities. Security and performance analysis results

show that TMACS is not only verifiable secure when less than

t authorities are compromised, but also robust when no less

than t authorities are alive in the system. Furthermore, by

efficiently combining the traditional multi-authority scheme

with TMACS, we construct a hybrid one, which satisfies the

Page 17: Cloud Computing - ansprotech.com CC.pdf · 17ANSP-CC-008 Circuit Ciphertext -Policy Attribute Based Hybrid Encryption with Verifiable Delegation in Cloud Computing ... policy attribute-based

ANSPRO TECHNOLOGIES

#7, 1st Floor, 100 ft Ring Road B.T.M 2nd Stage, Near Jayadeva Hospital, Bangaluru-7

Ph:080-64350727 Mob:8095286693 / 9886832434/ 7204005296

Email: [email protected]

www.ansprotech.com

scenario of attributes coming from different authorities as

well as achieving security and system-level robustness.

17ANSP-CC-022 Skyline Discovery and Composition of Multi-Cloud Mashup

Services

A cloud mashup is composed of multiple services with shared

datasets and integrated functionalities. For example, the

elastic compute cloud (EC2) provided by Amazon Web

Service (AWS), the authentication and authorization services

provided by Facebook, and the Map service provided by

Google can all be mashed up to deliver real-time,

personalized driving route recommendation service. To

discover qualified services and compose them with

guaranteed quality of service (QoS), we propose an integrated

skyline query processing method for building up cloud

mashup applications. We use a similarity test to achieve

optimal localized skyline. This mashup method scales well

with the growing number of cloud sites involved in the

mashup applications. Faster skyline selection, reduced

composition time, dataset sharing, and resources integration

assure the QoS over multiple clouds. We experiment with the

quality of web service (QWS) benchmark over 10,000 web

services along six QoS dimensions. By utilizing block-

elimination, data-space partitioning, and service similarity

pruning, the skyline process is shortened by three times, when

compared with two state-of-the-art methods. 17ANSP-CC-023 Ensuring Cloud Data Reliability with Minimum Replication

by Proactive Replica Checking

Data reliability and storage costs are two primary concerns for

current Cloud storage systems. To ensure data reliability, the

widely used multi-replica (typically three) replication strategy

in current Clouds incurs a huge extra storage consumption,

resulting in a huge storage cost for data-intensive applications

in the Cloud in particular. In order to reduce the Cloud storage

Page 18: Cloud Computing - ansprotech.com CC.pdf · 17ANSP-CC-008 Circuit Ciphertext -Policy Attribute Based Hybrid Encryption with Verifiable Delegation in Cloud Computing ... policy attribute-based

ANSPRO TECHNOLOGIES

#7, 1st Floor, 100 ft Ring Road B.T.M 2nd Stage, Near Jayadeva Hospital, Bangaluru-7

Ph:080-64350727 Mob:8095286693 / 9886832434/ 7204005296

Email: [email protected]

www.ansprotech.com

consumption while meeting the data reliability requirement,

in this paper we present a cost-effective data reliability

management mechanism named PRCR based on a

generalized data reliability model. By using a proactive

replica checking approach, while the running overhead for

PRCR is negligible, PRCR ensures reliability of the massive

Cloud data with the minimum replication, which can also

serve as a cost effectiveness benchmark for replication based

approaches. Our simulation indicates that, compared with the

conventional three-replica strategy, PRCR can reduce from

one-third to two-thirds of the Cloud storage space

consumption, hence significantly lowering the storage cost in

a Cloud. 17ANSP-CC-024 Secure Cloud Storage Meets with Secure Network Coding

This paper reveals an intrinsic relationship between secure

cloud storage and secure network coding for the first time.

Secure cloud storage was proposed only recently while secure

network coding has been studied for more than ten years.

Although the two areas are quite different in their nature and

are studied independently, we show how to construct a secure

cloud storage protocol given any secure network coding

protocol. This gives rise to a systematic way to construct

secure cloud storage protocols. Our construction is secure

under a definition which captures the real world usage of the

cloud storage. Furthermore, we propose two specific secure

cloud storage protocols based on two recent secure network

coding protocols. In particular, we obtain the first publicly

verifiable secure cloud storage protocol in the standard model.

We also enhance the proposed generic construction to support

user anonymity and third-party public auditing, which both

have received considerable attention recently. Finally, we

prototype the newly proposed protocol and evaluate its

performance. Experimental results validate the effectiveness

of the protocol.

Page 19: Cloud Computing - ansprotech.com CC.pdf · 17ANSP-CC-008 Circuit Ciphertext -Policy Attribute Based Hybrid Encryption with Verifiable Delegation in Cloud Computing ... policy attribute-based

ANSPRO TECHNOLOGIES

#7, 1st Floor, 100 ft Ring Road B.T.M 2nd Stage, Near Jayadeva Hospital, Bangaluru-7

Ph:080-64350727 Mob:8095286693 / 9886832434/ 7204005296

Email: [email protected]

www.ansprotech.com

17ANSP-CC-025 Leveraging Data Deduplication to Improve the Performance

of Primary Storage Systems in the Cloud

With the explosive growth in data volume, the I/O bottleneck

has become an increasingly daunting challenge for big data

analytics in the Cloud. Recent studies have shown that

moderate to high data redundancy clearly exists in primary

storage systems in the Cloud. Our experimental studies reveal

that data redundancy exhibits a much higher level of intensity

on the I/O path than that on disks due to relatively high

temporal access locality associated with small I/O requests to

redundant data. Moreover, directly applying data

deduplication to primary storage systems in the Cloud will

likely cause space contention in memory and data

fragmentation on disks. Based on these observations, we

propose a performance-oriented I/O deduplication, called

POD, rather than a capacity-oriented I/O deduplication,

exemplified by iDedup, to improve the I/O performance of

primary storage systems in the Cloud without sacrificing

capacity savings of the latter. POD takes a two-pronged

approach to improving the performance of primary storage

systems and minimizing performance overhead of

deduplication, namely, a request-based selective

deduplication technique, called Select-Dedupe, to alleviate

the data fragmentation and an adaptive memory management

scheme, called iCache, to ease the memory contention

between the bursty read traffic and the bursty write traffic. We

have implemented a prototype of POD as a module in the

Linux operating system. The experiments conducted on our

lightweight prototype implementation of POD show that POD

significantly outperforms iDedup in the I/O performance

measure by up to 87.9 percent with an average of 58.8 percent.

Moreover, our evaluation results also show that POD achieves

comparable or better capacity savings than iDedup.

Page 20: Cloud Computing - ansprotech.com CC.pdf · 17ANSP-CC-008 Circuit Ciphertext -Policy Attribute Based Hybrid Encryption with Verifiable Delegation in Cloud Computing ... policy attribute-based

ANSPRO TECHNOLOGIES

#7, 1st Floor, 100 ft Ring Road B.T.M 2nd Stage, Near Jayadeva Hospital, Bangaluru-7

Ph:080-64350727 Mob:8095286693 / 9886832434/ 7204005296

Email: [email protected]

www.ansprotech.com

17ANSP-CC-026 Systematic Data Placement Optimization in Multi-Cloud

Storage for Complex Requirements

Multi-cloud storage can provide better features such as

availability and scalability. Current works use multiple cloud

storage providers with erasure coding to achieve certain

benefits including fault-tolerance improving or vendor lock-

in avoiding. However, these works only use the multi-cloud

storage in ad-hoc ways, and none of them considers the

optimization issue in general. In fact, the key to optimize the

multi-cloud storage is to effectively choose providers and

erasure coding parameters. Meanwhile, the data placement

should satisfy system or application developers’

requirements. As developers often demand various objectives

to be optimized simultaneously, such complex requirement

optimization cannot be easily fulfilled by ad-hoc ways. This

paper presents Triones, a systematic model to formally

formulate data placement in multi-cloud storage by using

erasure coding. Firstly, Triones addresses the problem of data

placement optimization by applying non-linear programming

and geometric space abstraction. It could satisfy complex

requirements involving multi-objective optimization.

Secondly, Triones can effectively balance among different

objectives in optimization and is scalable to incorporate new

ones. The effectiveness of the model is proved by extensive

experiments on multiple cloud storage providers in the real

world. For simple requirements, Triones can achieve 50

percent access latency reduction, compared with the model in

mLibCloud. For complex requirements, Triones can improve

fault-tolerance level by 2_ and reduce access latency and

vendor lock-in level by 30_70 percent and 49.85 percent

respectively with about 19.19 percent more cost, compared

with the model only optimizing cost in Scalia.

Page 21: Cloud Computing - ansprotech.com CC.pdf · 17ANSP-CC-008 Circuit Ciphertext -Policy Attribute Based Hybrid Encryption with Verifiable Delegation in Cloud Computing ... policy attribute-based

ANSPRO TECHNOLOGIES

#7, 1st Floor, 100 ft Ring Road B.T.M 2nd Stage, Near Jayadeva Hospital, Bangaluru-7

Ph:080-64350727 Mob:8095286693 / 9886832434/ 7204005296

Email: [email protected]

www.ansprotech.com

17ANSP-CC-027 EPLQ: Efficient Privacy-Preserving Location-Based Query

Over Outsourced Encrypted Data

With the pervasiveness of smart phones, location based

services (LBS) have received considerable attention and

become more popular and vital recently. However, the use of

LBS also poses a potential threat to user’s location privacy. In

this paper, aiming at spatial range query, a popular LBS

providing information about points of interest (POIs) within a

given distance, we present an efficient and privacy-preserving

location-based query solution, called EPLQ. Specifically, to

achieve privacy preserving spatial range query, we propose

the first predicate-only encryption scheme for inner product

range (IPRE), which can be used to detect whether a position

is within a given circular area in a privacy-preserving way. To

reduce query latency, we further design a privacy-preserving

tree index structure in EPLQ. Detailed security analysis

confirms the security properties of EPLQ. In addition,

extensive experiments are conducted, and the results

demonstrate that EPLQ is very efficient in privacy preserving

spatial range query over outsourced encrypted data. In

particular, for a mobile LBS user using an Android phone,

around 0.9 s is needed to generate a query, and it also only

requires a commodity workstation, which plays the role of the

cloud in our experiments, a few seconds to search POIs. 17ANSP-CC-028 Cloud Customer’s Historical Record Based Resource Pricing

Media content in its digital form has been rapidly scaling up,

resulting in popularity gain of cloud computing. Cloud

computing makes it easy to manage the vastly increasing

digital content. Moreover, additional features like,

omnipresent access, further service creation, discovery of

services, and resource management also play an important

role in this regard. The forthcoming era is interoperability of

multiple clouds, known as cloud federation or inter-cloud

Page 22: Cloud Computing - ansprotech.com CC.pdf · 17ANSP-CC-008 Circuit Ciphertext -Policy Attribute Based Hybrid Encryption with Verifiable Delegation in Cloud Computing ... policy attribute-based

ANSPRO TECHNOLOGIES

#7, 1st Floor, 100 ft Ring Road B.T.M 2nd Stage, Near Jayadeva Hospital, Bangaluru-7

Ph:080-64350727 Mob:8095286693 / 9886832434/ 7204005296

Email: [email protected]

www.ansprotech.com

computing. With cloud federation, services would be

provided through two or more clouds. Once matured and

standardized, inter-cloud computing is supposed to provide

services which would be more scalable, better managed, and

efficient. Such tasks are provided through a middleware entity

called cloud broker. A broker is responsible for reserving

resources, managing them, discovering services according to

customer’s demands, Service Level Agreement (SLA)

negotiation, and match-making between the involved service

provider and the customer. So far existing studies discuss

brokerage in a narrow focused way. In the research outcome

presented in this paper, we provide a holistic brokerage model

to manage on-demand and advance service reservation,

pricing, and reimbursement. A unique feature of this study is

that we have considered dynamic management of customer’s

characteristics and historical record in evaluating the

economics related factors. Additionally, a mechanism of

incentive and penalties is provided, which helps in trust build-

up for the customers and service providers, prevention of

resource underutilization, and profit gain for the involved

entities. For practical implications, the framework is modeled

on Amazon Elastic Compute Cloud (EC2) On-Demand and

Reserved Instances service pricing. For certain features

required in the model, data was gathered from Google Cluster

trace. 17ANSP-CC-029 Achieving Simple, Secure and Efficient Hierarchical Access

Control in Cloud Computing

Access control is an indispensable security component of

cloud computing, and hierarchical access control is of

particular interest since in practice one is entitled to different

access privileges. This paper presents a hierarchical key

assignment scheme based on linear-geometry as the solution

of flexible and finegrained hierarchical access control in

cloud computing. In our scheme, the encryption key of each

Page 23: Cloud Computing - ansprotech.com CC.pdf · 17ANSP-CC-008 Circuit Ciphertext -Policy Attribute Based Hybrid Encryption with Verifiable Delegation in Cloud Computing ... policy attribute-based

ANSPRO TECHNOLOGIES

#7, 1st Floor, 100 ft Ring Road B.T.M 2nd Stage, Near Jayadeva Hospital, Bangaluru-7

Ph:080-64350727 Mob:8095286693 / 9886832434/ 7204005296

Email: [email protected]

www.ansprotech.com

class in the hierarchy is associated with a private vector and a

public vector, and the inner product of the private vector of an

ancestor class and the public vector of its descendant class can

be used to derive the encryption key of that descendant class.

The proposed scheme belongs to direct access schemes on

hierarchical access control, namely each class at a higher level

in the hierarchy can directly derive the encryption key of its

descendant class without the need of iterative computation. In

addition to this basic hierarchical key derivation, we also give

a dynamic key management mechanism to efficiently address

potential changes in the hierarchy. Our scheme only needs

light computations over finite field and provides strong key

indistinguishability under the assumption of pseudorandom

functions. Furthermore, the simulation shows that our scheme

has an optimized trade-off between computation consumption

and storage space. 17ANSP-CC-030 Towards Building Forensics Enabled Cloud Through Secure

Logging-as-a-Service

Collection and analysis of various logs (e.g., process logs,

network logs) are fundamental activities in computer

forensics. Ensuring the security of the activity logs is

therefore crucial to ensure reliable forensics investigations.

However, because of the black-box nature of clouds and the

volatility and co-mingling of cloud data, providing the cloud

logs to investigators while preserving users’ privacy and the

integrity of logs is challenging. The current secure logging

schemes, which consider the logger as trusted cannot be

applied in clouds since there is a chance that cloud providers

(logger) collude with malicious users or investigators to alter

the logs. In this paper, we analyze the threats on cloud users’

activity logs considering the collusion between cloud users,

providers, and investigators. Based on the threat model, we

propose Secure-Logging-as-a-Service (SecLaaS), which

preserves various logs generated for the activity of virtual

Page 24: Cloud Computing - ansprotech.com CC.pdf · 17ANSP-CC-008 Circuit Ciphertext -Policy Attribute Based Hybrid Encryption with Verifiable Delegation in Cloud Computing ... policy attribute-based

ANSPRO TECHNOLOGIES

#7, 1st Floor, 100 ft Ring Road B.T.M 2nd Stage, Near Jayadeva Hospital, Bangaluru-7

Ph:080-64350727 Mob:8095286693 / 9886832434/ 7204005296

Email: [email protected]

www.ansprotech.com

machines running in clouds and ensures the confidentiality

and integrity of such logs. Investigators or the court authority

can only access these logs by the RESTful APIs provided by

SecLaaS, which ensures confidentiality of logs. The integrity

of the logs is ensured by hash-chain scheme and proofs of past

logs published periodically by the cloud providers. In prior

research, we used two accumulator schemes Bloom filter and

RSA accumulator to build the proofs of past logs. In this

paper, we propose a new accumulator scheme—Bloom-Tree,

which performs better than the other two accumulators in

terms of time and space requirement. 17ANSP-CC-031 Fine-Grained Two-Factor Access Control for Web-Based

Cloud Computing Services

In this paper, we introduce a new fine-grained two-factor

authentication (2FA) access control system for web-based

cloud computing services. Specifically, in our proposed 2FA

access control system, an attribute-based access control

mechanism is implemented with the necessity of both a user

secret key and a lightweight security device. As a user cannot

access the system if they do not hold both, the mechanism can

enhance the security of the system, especially in those

scenarios where many users share the same computer for web-

based cloud services. In addition, attribute-based control in

the system also enables the cloud server to restrict the access

to those users with the same set of attributes while preserving

user privacy, i.e., the cloud server only knows that the user

fulfills the required predicate, but has no idea on the exact

identity of the user. Finally, we also carry out a simulation to

demonstrate the practicability of our proposed 2FA system.

17ANSP-CC-032 Conjunctive Keyword Search With Designated Tester and

Timing Enabled Proxy Re-Encryption Function for E-Health

Clouds

Page 25: Cloud Computing - ansprotech.com CC.pdf · 17ANSP-CC-008 Circuit Ciphertext -Policy Attribute Based Hybrid Encryption with Verifiable Delegation in Cloud Computing ... policy attribute-based

ANSPRO TECHNOLOGIES

#7, 1st Floor, 100 ft Ring Road B.T.M 2nd Stage, Near Jayadeva Hospital, Bangaluru-7

Ph:080-64350727 Mob:8095286693 / 9886832434/ 7204005296

Email: [email protected]

www.ansprotech.com

An electronic health (e-health) record system is a novel

application that will bring great convenience in healthcare.

The privacy and security of the sensitive personal information

are the major concerns of the users, which could hinder

further development and widely adoption of the systems. The

searchable encryption (SE) scheme is a technology to

incorporate security protection and favorable operability

functions together, which can play an important role in the e-

health record system. In this paper, we introduce a novel

cryptographic primitive named as conjunctive keyword

search with designated tester and timing enabled proxy

reencryption function (Re-dtPECK), which is a kind of a

time-dependent SE scheme. It could enable patients to

delegate partial access rights to others to operate search

functions over their records in a limited time period. The

length of the time period for the delegatee to search and

decrypt the delegator’s encrypted documents can be

controlled. Moreover, the delegatee could be automatically

deprived of the access and search authority after a specified

period of effective time. It can also support the conjunctive

keywords search and resist the keyword guessing attacks. By

the solution, only the designated tester is able to test the

existence of certain keywords. We formulate a system model

and a security model for the proposed Re-dtPECK scheme to

show that it is an efficient scheme proved secure in the

standard model. The comparison and extensive simulations

demonstrate that it has a low computation and storage

overhead. 17ANSP-CC-033 A Multi-Level Authorization Based Tenant Separation

Mechanism in Cloud Computing Environment

Separation issue is one of the most important problems about

cloud computing security. Tenants should be separated from

each other based on cloud infrastructure and different users

from one tenant should be separated from each other with the

Page 26: Cloud Computing - ansprotech.com CC.pdf · 17ANSP-CC-008 Circuit Ciphertext -Policy Attribute Based Hybrid Encryption with Verifiable Delegation in Cloud Computing ... policy attribute-based

ANSPRO TECHNOLOGIES

#7, 1st Floor, 100 ft Ring Road B.T.M 2nd Stage, Near Jayadeva Hospital, Bangaluru-7

Ph:080-64350727 Mob:8095286693 / 9886832434/ 7204005296

Email: [email protected]

www.ansprotech.com

constraint of security policies. Learning from the notion of

trusted cloud computing and trustworthiness in cloud, in this

paper, a multi-level authorization separation model is

formally described, and a series of rules are proposed to

summarize the separation property of this model. The correct-

ness of the rules is proved. Furthermore, based on this model,

a tenant separation mechanism is deployed in a real world

mixed-critical in- formation system. Performance

benchmarks have shown the availability and efficiency of this

mechanism. 17ANSP-CC-034 SafeProtect: Controlled Data Sharing With User-Defined

Policies in Cloud-Based Collaborative Environment

There are many cloud-based applications consumed by users,

which encourage data sharing with not only peers, but also

new friends and collaborators. Data are increasingly being

stored outside the confines of the data owner’s machine with

little knowledge to the data owner, how and where the data

are being stored and used. Hence, there is a strong need for

the data owner to have a stronger control over their data,

similar to the level of control they possess when the data are

stored on their own machine. For instance, when a data owner

shares a secret file with a friend, he cannot guarantee what his

friend will do with the data. In this paper, we attempt to

address this problem by monitoring and preventing

unauthorized operations by the data consumer. We present a

solution called SafeProtect, which bundles the data owner’s

data and policy, based on XACML, in an object. SafeProtect

enforces the policies set out by the data owner by

communicating with the SaaS applications to disable certain

commands and/or run a background process monitor for

auditability/accountability purposes. We define a protocol

that will enable secure data sharing in the cloud and leverage

the use of the trusted extension device for authentication

purposes.

Page 27: Cloud Computing - ansprotech.com CC.pdf · 17ANSP-CC-008 Circuit Ciphertext -Policy Attribute Based Hybrid Encryption with Verifiable Delegation in Cloud Computing ... policy attribute-based

ANSPRO TECHNOLOGIES

#7, 1st Floor, 100 ft Ring Road B.T.M 2nd Stage, Near Jayadeva Hospital, Bangaluru-7

Ph:080-64350727 Mob:8095286693 / 9886832434/ 7204005296

Email: [email protected]

www.ansprotech.com

17ANSP-CC-035 Circuit Ciphertext-Policy Attribute-Based Hybrid Encryption

with Verifiable Delegation in Cloud Computing

In the cloud, for achieving access control and keeping data

confidential, the data owners could adopt attribute-based

encryption to encrypt the stored data. Users with limited

computing power are however more likely to delegate the

mask of the decryption task to the cloud servers to reduce the

computing cost. As a result, attribute-based encryption with

delegation emerges. Still, there are caveats and questions

remaining in the previous relevant works. For instance, during

the delegation, the cloud servers could tamper or replace the

delegated ciphertext and respond a forged computing result

with malicious intent. They may also cheat the eligible users

by responding them that they are ineligible for the purpose of

cost saving. Furthermore, during the encryption, the access

policies may not be flexible enough as well. Since policy for

general circuits enables to achieve the strongest form of

access control, a construction for realizing circuit ciphertext-

policy attribute-based hybrid encryption with verifiable

delegation has been considered in our work. In such a system,

combined with verifiable computation and encrypt-then-mac

mechanism, the data confidentiality, the fine-grained access

control and the correctness of the delegated computing results

are well guaranteed at the same time. Besides, our scheme

achieves security against chosen-plaintext attacks under the

k-multilinear Decisional Diffie-Hellman assumption.

Moreover, an extensive simulation campaign confirms the

feasibility and efficiency of the proposed solution.