| The emerging network environment is developing rapidly under the impetus of new computing models such as cloud computing and has become a key infrastructure for various industrial applications.Specifically,large-scale data are continuously gathered from Io T terminals to cloud servers,thereby promoting cloud-based application research and deployment.For instance,the cloud-assisted data transmission,aggregation,release and query are typical daily applications.Moreover,in order to boost the performance of the cloud computing,deploying fog nodes between the users and the cloud servers has become prevalent in modern networks.Despite the convenience brought by the new network and computing paradigms,the security and privacy issues of massive data have increasingly become the main concern of both academia and industry.Many research challenges remain to be resolved.First,it is challenging to secure the transmission of data in the new network environments.For instance,more and more enterprises and institutions choose to virtualize network functions,and outsource the functions such as packet inspection and transmission to the cloud.However,how to provide efficient and versatile packet inspection functions with privacy-preserving still needs further research.Besides,to provide medical and research institutions with better medical data aggregation and release services,more and more institutions have introduced cloud data centers.However,the functionality and privacy protection level of the existing schemes need to be improved.Specifically,weighted additive aggregation and non-additive aggregation are not well supported.In addition,how to better protect the privacy of user data during the execution of the data aggregation protocol is an important and challenging issue.In terms of cloudbased spatial data query,few studies have considered the privacy-preserving circular range query.This should be the fundamental function of modern social networks.The previously proposed approaches are not efficient when dealing with large-scale queries with privacy-preserving.Existing works also do not consider embedding fog nodes to mitigate the problem of high latency.Considering the current research results,this dissertation thoroughly studies the secure and privacy-preserving data transmission,aggregation,release and query under the new network environment.Specifically,this article focuses on the privacy-preserving network packets inspection for cloud-based virtualized network functions;the privacy-enhanced medical data multi-functional aggregation and release;privacy-preserving circular range query over cloud platform;the fog-assisted encrypted query architecture.The details of research contents are summarized as follows:1.Research on the privacy-preserving data transmission:(1)We have proposed an efficient and privacy-preserving deep packet inspection(DPI)scheme.In our scheme,the network functions are not deployed on real network middleboxes.All the services of the middleboxes are virtualized and outsourced to two non-collusion cloud servers.In order to boost the inspection speed and reduce the packet latency,our scheme only leverages symmetric encryption techniques as the building blocks.In specific,a two-layer filtering method is proposed.In which,the first layer can fast filter out most regular packets by using Bloom filter and pseudo-random function;the second layer is designed for accurate rule matching atop Boolean symmetric searchable encryption.In addition,we use symmetric cryptography to provide verification service,allowing users to verify whether the cloud server honestly follows the pre-defined protocols.The proposed scheme supports post-mortem verification,and the verification as well as the inspection can be conducted in parallel.Therefore,the proposed verification scheme does not cut down the efficiency of packet inspection and forwarding.(2)We have proposed a secure and multi-functional packet inspection scheme atop public key encryption.First,we designed a secure packet header inspection protocol using searchable homomorphic encryption.This protocol supports cloud servers to detect the header of the encrypted passing packets.This is a core function of network firewall.Then,we use additive homomorphic encryption to achieve an efficient and privacy-preserving packet inspection scheme that supports multiple connections and result verification.In addition,we have introduced a new privacy concept,probable cause privacy(PCP).When a packet is detected to contain dangerous content,the user’s privacy will no longer be protected.The cloud server can decrypt the payload and perform further inspection.PCP is more in line with practical needs,but it poses a threat to the privacy of other regular users as the decryption key is exposed to the cloud server.To mitigate this problem,we propose a key management scheme that not only meets the PCP requirements but also protects the privacy of regular users.2.Research on the privacy-preserving data aggregation and release:(1)We have proposed multiple secure and privacy-preserving data aggregation protocols for cloud-assisted wireless body area networks(WBANs).In the protocols,we use additive homomorphic encryption to encrypt users’ data.Also,the Shamir secret sharing and multiple cloud servers are used to compute the intermediate aggregation results.The final result is then revealed by a trusted authority.Besides,before releasing the aggregation result,the Laplace noises are added to offer differential privacy guarantee.In terms of functionality,we have achieved diverse additive and non-additive aggregation functions,such as average,weighted average,histogram,etc.In terms of privacy protection,we have avoided to disclose the final aggregation result to one of the cloud servers.Meanwhile,the proposed scheme supports fault tolerance when no more than half cloud servers are crashed.In general,all the presented aggregation protocols are able to preserve the confidentiality and privacy of individual’s data.3.Research on the privacy-preserving data query:(1)We have proposed a secure and efficient circular range query scheme.The proposed scheme is deployed over the cloud server with encrypted outsourced data.The data structure R-tree and Asymmetric Scalar-product-Preserving Encryption(ASPE)are utilized to construct the encrypted index.The Advanced Encryption Standard(AES)is used to encrypt the original data points.With such design,the accurate and privacy-preserving circular range query is supported under ciphertext domain.Compared to the existing schemes,our scheme has significantly improved the efficiency of data,index and query token encryption.Meanwhile,the time cost for returning the query result is reduced.(2)As the infrastructure of the Internet of Things(Io T),the deep fusion of cloud computing and fog computing has become a technical trend.In this context,we have put forward a thing-fog-cloud framework to support secure and efficient data query architecture with strong scalability atop the classic scenarios of querying on the cloud servers and two-tiered sensor networks.Based on the current research progress,we have also discussed the potential research opportunities and paths to promote future efforts on this topic.For all the above schemes,we have carried out a comprehensive security and privacy analysis on the above schemes.In addition,we have demonstrated the performance of our schemes through extensive experiments and comparison with existing scheme. |
PDF Full Text Request