Collaborative Research: CICI: Secure and Resilient Architecture: Data Integrity Assurance and Privacy Protection Solutions for Secure Interoperability of Cloud Resources

合作研究：CICI：安全和弹性架构：云资源安全互操作性的数据完整性保证和隐私保护解决方案

• 批准号: 1642133
• 负责人: Xiao Qin
• 金额: $ 64.04万
• 依托单位: Auburn University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2016
• 资助国家: 美国
• 起止时间: 2016-10-01 至 2021-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1642133&HistoricalAwards=false
• 关键词: Collaborative; Research; CICI; Secure; Resilient

Cloud computing provides many clear benefits for users, including scalability and reduced system acquisition cost. However, data security, integrity and privacy are becoming major concerns for scientific researchers when they access data from the cloud to conduct experiments or analytics. In addition, data owners may not want to reveal their data to cloud service providers either because of the sensitivity of the data (e.g., medical records) or because of its value. Therefore, it is important to create cloud data integrity assurance and privacy protection solutions that help users fully embrace cloud services as well as protect cyberinfrastructure resources. With a cloud database, data owners can store large-scale datasets collected from various sources. Users can then launch queries retrieving the data records for conducting research and experiments. However, there are several possible threats to query result accuracy. For example, a cloud database could be compromised and the stored data could be tampered with. There could be a malfunction in the cloud server, so that the cloud database inadvertently returns incomplete query results. It is unlikely that the client would be aware of such incorrect or incomplete query results. Consequently, erroneous data could be employed in subsequent scientific experiments or analyses, which could lead to false results. Cloud database query integrity assurance is critical issue that underpins a secure and trustworthy end-to-end scientific workflow. This work approaches these problems in a privacy-friendly manner, building on top of encrypted queries over encrypted data. This is key for achieving both data privacy and data integrity. Data provenance - the history of the data and how its been handled - is also an important aspect of scientific workflows. However, securing the provenance to provide integrity, privacy, and confidentiality guarantees is also challenging, making it hard for many scientific workflows to provide a verifiable provenance history of scientific data and query results. With clouds, providing such guarantees is difficult for both data and provenance. This project enables infrastructural support for secure collection, storage, transmission, and verification of provenance information for all data and results stored and computed in the cloud. The availability of such verifiable provenance offers benefits to scientific workflows, making the process more trustworthy via verifiable history and results. The research team creates a query integrity assurance, data privacy protection, and verifiable provenance framework which provides an array of solutions for supporting secure cloud services. This project contributes to the cybersecurity research community by piloting novel cloud data security approaches that accomplish the following goals: (1) developing Voronoi diagram‐based integrity assurance techniques, (2) designing cloud database data privacy protection methods, (3) modeling the trade off between query integrity assurance and query evaluation costs, (4) realizing secure cloud data provenance mechanisms, and (5) implementing a prototype system, where all the components are integrated for security and performance evaluation.

云计算为用户提供了许多明显的好处，包括可扩展性和降低的系统采购成本。然而，当科学研究人员从云端访问数据进行实验或分析时，数据安全性、完整性和隐私正成为他们的主要担忧。此外，数据所有者可能不想向云服务提供商透露他们的数据，因为数据的敏感性（例如，或者是因为它的价值。因此，创建云数据完整性保证和隐私保护解决方案非常重要，可以帮助用户完全接受云服务并保护网络基础设施资源。通过云数据库，数据所有者可以存储从各种来源收集的大规模数据集。然后，用户可以启动检索数据记录的查询，以进行研究和实验。然而，有几个可能的威胁查询结果的准确性。例如，云数据库可能会受到损害，存储的数据可能会被篡改。云服务器可能出现故障，导致云数据库意外返回不完整的查询结果。客户端不太可能意识到这种不正确或不完整的查询结果。因此，在随后的科学实验或分析中可能会使用错误的数据，从而导致错误的结果。云数据库查询完整性保证是支撑安全和可信的端到端科学工作流的关键问题。这项工作以隐私友好的方式处理这些问题，建立在加密数据的加密查询之上。这是实现数据隐私和数据完整性的关键。数据来源-数据的历史及其处理方式-也是科学工作流程的一个重要方面。然而，保护出处以提供完整性、隐私性和保密性保证也具有挑战性，使得许多科学工作流难以提供科学数据和查询结果的可验证出处历史。对于云计算，提供这样的保证对于数据和来源都是困难的。该项目为安全收集、存储、传输和验证云中存储和计算的所有数据和结果的来源信息提供基础设施支持。这种可验证的出处的可用性为科学工作流程提供了好处，通过可验证的历史和结果使过程更加可信。研究团队创建了查询完整性保证、数据隐私保护和可验证的出处框架，为支持安全云服务提供了一系列解决方案。该项目通过试验新的云数据安全方法为网络安全研究社区做出贡献，这些方法实现了以下目标：（1）开发Voronoi图‐基于完整性保证技术，（2）设计云数据库数据隐私保护方法，（3）建模查询完整性保证和查询评估成本之间的权衡，（4）实现安全的云数据起源机制，（5）实现了一个原型系统，在该原型系统中集成了所有组件，以进行安全性和性能评估。

项目成果

Security-Aware Energy Management in Clouds

• DOI: 10.1109/tps-isa50397.2020.00044
• 发表时间: 2020-10
• 期刊: 2020 Second IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA)
• 作者: Jianzhou Mao;T. Cao;Xiaopu Peng;T. Bhattacharya;Wei-Shinn Ku;X. Qin

EDOM: Improving energy efficiency of database operations on multicore servers

• DOI: 10.1016/j.future.2017.02.043
• 发表时间: 2020-04-01
• 期刊: FUTURE GENERATION COMPUTER SYSTEMS-THE INTERNATIONAL JOURNAL OF ESCIENCE
• 影响因子: 7.5
• 作者: Zhou, Yi;Taneja, Shubbhi;Zhang, Jifu
• 通讯作者: Zhang, Jifu

A framework for anonymous routing in delay tolerant networks

• DOI: 10.1109/icnp.2017.8117531
• 发表时间: 2017-10
• 期刊: 2017 IEEE 25th International Conference on Network Protocols (ICNP)
• 作者: Kazuya Sakai;Min-Te Sun;Wei-Shinn Ku;Jie Wu

Secure Data Communications in Wireless Networks Using Multi-Path Avoidance Routing

• DOI: 10.1109/twc.2019.2928801
• 发表时间: 2019-07
• 期刊: IEEE Transactions on Wireless Communications
• 影响因子: 10.4
• 作者: Kazuya Sakai;Min-Te Sun;Wei-Shinn Ku;Jie Wu;T. Lai

Data Verification in Integrated RFID Systems

• DOI: 10.1109/jsyst.2018.2865571
• 发表时间: 2019-06
• 期刊: IEEE Systems Journal
• 影响因子: 4.4
• 作者: Kazuya Sakai;Min-Te Sun;Wei-Shinn Ku;Hua Lu;T. Lai