A Privacy-Leakage-Tolerance Based Noise Enhancing Strategy for Privacy Protection in Cloud Computing

Cloud computing promises a service-oriented environment where customers can utilise IT services in a pay-as-you-go fashion while saving huge capital investments on their own IT infrastructures. Due to the openness, malicious service providers may exist in these environments. Some of these service providers could record service data in cloud service processes about a customer and then collectively deduce the customer's private information without authorisation. Noise obfuscation is an effective approach in this regard by utilising noise data. For example, it can generate and inject noise service requests into real customer service requests so that service providers are not able to distinguish which ones are real ones. However, existing typical noise obfuscations do not consider the customer-defined privacy-leakage-tolerance in noise obfuscation processes. Specifically, cloud customers could define a boundary of privacy leakage possibility to require noise obfuscation on privacy protection in cloud computing. In other words, under this boundary -- privacy-leakage-tolerance, noise obfuscation could be enhanced by the efficiency improvement on privacy protection, such as reducing noise service requests injected into real ones. So, the customer can obtain a lower cost on noise data in the pay-as-you-go fashion for cloud environments, with a reasonable effectiveness of privacy protection. Therefore, to address this privacy concern, a novel noise enhancing strategy can be presented. We firstly analyse the privacy-leakage-tolerance for cloud customers in terms of noise generation. Then, the creation of a noise generation set can be presented based on the privacy-leakage-tolerance, and the set can guide and enhance existing noise generation strategies by this boundary. Lastly, we present our novel privacy-leakage-tolerance based noise enhancing strategy for privacy protection in cloud computing. The simulation evaluation demonstrates that our strategy can significantly improve the efficiency of privacy protection on existing noise obfuscations in cloud environments.

[1]  Rajkumar Buyya,et al.  Article in Press Future Generation Computer Systems ( ) – Future Generation Computer Systems Cloud Computing and Emerging It Platforms: Vision, Hype, and Reality for Delivering Computing as the 5th Utility , 2022 .

[2]  Douglas M. Blough,et al.  Data obfuscation: anonymity and desensitization of usable data sets , 2004, IEEE Security & Privacy Magazine.

[3]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[4]  Lingdi Ping,et al.  Trust Model to Enhance Security and Interoperability of Cloud Environment , 2009, CloudCom.

[5]  Jinjun Chen,et al.  A trust‐based noise injection strategy for privacy protection in cloud , 2012, Softw. Pract. Exp..

[6]  Vitaly Shmatikov,et al.  De-anonymizing Social Networks , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[7]  Randy H. Katz,et al.  Above the Clouds: A Berkeley View of Cloud Computing , 2009 .

[8]  Liang Yan,et al.  Strengthen Cloud Computing Security with Federal Identity Management Using Hierarchical Identity-Based Cryptography , 2009, CloudCom.

[9]  Chedy Raïssi,et al.  Anonymizing set-valued data by nonreciprocal recoding , 2012, KDD.

[10]  Randy H. Katz,et al.  A view of cloud computing , 2010, CACM.

[11]  Eyal Kushilevitz,et al.  Private information retrieval , 1995, Proceedings of IEEE 36th Annual Foundations of Computer Science.

[12]  Bu-Sung Lee,et al.  TrustCloud: A Framework for Accountability and Trust in Cloud Computing , 2011, 2011 IEEE World Congress on Services.

[13]  Siani Pearson,et al.  A Privacy Manager for Cloud Computing , 2009, CloudCom.

[14]  Hao Chen,et al.  Noise Injection for Search Privacy Protection , 2009, 2009 International Conference on Computational Science and Engineering.

[15]  Timothy Grance,et al.  Guidelines on Security and Privacy in Public Cloud Computing | NIST , 2012 .

[16]  Alexander Pretschner,et al.  Implementing Trust in Cloud Infrastructures , 2011, 2011 11th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing.

[17]  Sushmita Ruj,et al.  Privacy Preserving Access Control with Authentication for Securing Data in Clouds , 2012, 2012 12th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (ccgrid 2012).

[18]  Graham Cormode,et al.  Personal privacy vs population privacy: learning to attack anonymization , 2011, KDD.

[19]  Jinjun Chen,et al.  A historical probability based noise generation strategy for privacy protection in cloud computing , 2012, J. Comput. Syst. Sci..

[20]  Shui Yu,et al.  Predicted Packet Padding for Anonymous Web Browsing Against Traffic Analysis Attacks , 2012, IEEE Transactions on Information Forensics and Security.

[21]  Paul F. Syverson,et al.  Onion routing , 1999, CACM.

[22]  Mark Ryan,et al.  Cloud computing privacy concerns on our doorstep , 2011, Commun. ACM.

[23]  Ian Goldberg,et al.  Practical PIR for electronic commerce , 2011, CCS '11.

[24]  Ling Liu,et al.  Output privacy in data mining , 2011, TODS.

[25]  Xiao Liu,et al.  A Time-Series Pattern Based Noise Generation Strategy for Privacy Protection in Cloud Computing , 2012, 2012 12th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (ccgrid 2012).

[26]  Xiao Liu,et al.  The Design of Cloud Workflow Systems , 2012, SpringerBriefs in Computer Science.

[27]  Sabrina De Capitani di Vimercati,et al.  An Obfuscation-Based Approach for Protecting Location Privacy , 2011, IEEE Transactions on Dependable and Secure Computing.

[28]  Carmela Troncoso,et al.  OB-PWS: Obfuscation-Based Private Web Search , 2012, 2012 IEEE Symposium on Security and Privacy.

[29]  Ramakrishnan Srikant,et al.  Privacy-preserving data mining , 2000, SIGMOD '00.