Privacy-preserving personal data operation on mobile cloud - Chances and challenges over advanced persistent threat

Abstract Bring your own devices have become a new symbol of industrial and education institutional culture to date. A single individual can gain access to personal data anytime at anywhere of his/her workplace due to the advanced WiFi/5G network and cloud technology. The most convenient way for us to access to cloud data is to use personal smartphone. However, smartphone is somewhat vulnerable (because of its innate disadvantage, e.g., low security protection and limited computation resource) while encountering with malicious attacks in open network. Mobile users may be the victims of a recent new type of attack - advanced persistent threat (APT), since attackers may penetrate into different levels of cloud and mobile infrastructures to eavesdrop, steal and temper data. This survey paper introduces some security/privacy risks on mobile cloud in the view point of applied cryptography. Meanwhile, it provides some insights as possible solutions for the risks.

[1]  Yutaka Kawai,et al.  Re-Encryption Verifiability: How to Detect Malicious Activities of a Proxy in Proxy Re-Encryption , 2015, CT-RSA.

[2]  Guomin Yang,et al.  An Adaptively CCA-Secure Ciphertext-Policy Attribute-Based Proxy Re-Encryption for Cloud Data Sharing , 2014, ISPEC.

[3]  Cong Wang,et al.  Harnessing encrypted data in cloud for secure and efficient image sharing from mobile devices , 2015, 2015 IEEE Conference on Computer Communications (INFOCOM).

[4]  Joseph K. Liu,et al.  Identity-based online/offline key encapsulation and encryption , 2011, ASIACCS '11.

[5]  Reza Curtmola,et al.  Provable data possession at untrusted stores , 2007, CCS '07.

[6]  Moni Naor,et al.  Traitor tracing with constant size ciphertext , 2008, CCS.

[7]  Joseph K. Liu,et al.  A secure and efficient Ciphertext-Policy Attribute-Based Proxy Re-Encryption for cloud data sharing , 2015, Future Gener. Comput. Syst..

[8]  Mihir Bellare,et al.  Searchable Encryption Revisited: Consistency Properties, Relation to Anonymous IBE, and Extensions , 2005, Journal of Cryptology.

[9]  Hugo Krawczyk,et al.  Dynamic Searchable Encryption in Very-Large Databases: Data Structures and Implementation , 2014, NDSS.

[10]  William Stallings,et al.  THE ADVANCED ENCRYPTION STANDARD , 2002, Cryptologia.

[11]  Weixin Xie,et al.  Attribute-Based Data Sharing Scheme Revisited in Cloud Computing , 2016, IEEE Transactions on Information Forensics and Security.

[12]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[13]  Joseph K. Liu,et al.  An Efficient Cloud-Based Revocable Identity-Based Proxy Re-encryption Scheme for Public Clouds Data Sharing , 2014, ESORICS.

[14]  Brent Waters,et al.  Efficient Identity-Based Encryption Without Random Oracles , 2005, EUROCRYPT.

[15]  Joonsang Baek,et al.  A Secure Cloud Computing Based Framework for Big Data Information Management of Smart Grid , 2015, IEEE Transactions on Cloud Computing.

[16]  Martin R. Albrecht,et al.  Ciphers for MPC and FHE , 2015, IACR Cryptol. ePrint Arch..

[17]  Hiroshi Doi,et al.  Hybrid Proxy Re-encryption Scheme for Attribute-Based Encryption , 2009, Inscrypt.

[18]  Dimitrios Zissis,et al.  Addressing cloud computing security issues , 2012, Future Gener. Comput. Syst..

[19]  Samee Ullah Khan,et al.  Future Generation Computer Systems ( ) – Future Generation Computer Systems towards Secure Mobile Cloud Computing: a Survey , 2022 .

[20]  Chunhua Su,et al.  Efficient Multi-Function Data Sharing and Searching Mechanism for Cloud-Based Encrypted Data , 2016, AsiaCCS.

[21]  Alptekin Küpçü,et al.  Single password authentication , 2013, Comput. Networks.

[22]  Tatsuaki Okamoto,et al.  A New Public-Key Cryptosystem as Secure as Factoring , 1998, EUROCRYPT.

[23]  Joseph K. Liu,et al.  Efficient handover authentication with user anonymity and untraceability for Mobile Cloud Computing , 2016, Future Gener. Comput. Syst..

[24]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.

[25]  Reza Curtmola,et al.  Remote data checking using provable data possession , 2011, TSEC.

[26]  Feng Hao,et al.  Practical Threshold Password-Authenticated Secret Sharing Protocol , 2015, ESORICS.

[27]  Zoe L. Jiang,et al.  Privacy-Preserving Public Auditing for Secure Cloud Storage , 2013, IEEE Transactions on Computers.

[28]  Dongho Won,et al.  Enhanced Password-Based User Authentication Using Smart Phone , 2012, GPC.

[29]  Weizhong Qiang,et al.  Cloud Authentication Based on Anonymous One-Time Password , 2013 .

[30]  Weixin Xie,et al.  An Efficient File Hierarchy Attribute-Based Encryption Scheme in Cloud Computing , 2016, IEEE Transactions on Information Forensics and Security.

[31]  Silvio Micali,et al.  Probabilistic encryption & how to play mental poker keeping secret all partial information , 1982, STOC '82.

[32]  Markus Jakobsson,et al.  Authentication in the clouds: a framework and its application to mobile users , 2010, CCSW '10.

[33]  Robert H. Deng,et al.  Conditional Proxy Broadcast Re-Encryption , 2009, ACISP.

[34]  Jacques Stern,et al.  A new public key cryptosystem based on higher residues , 1998, CCS '98.

[35]  Christof Paar,et al.  The Data Encryption Standard (DES) and Alternatives , 2010 .

[36]  Steven D. Galbraith,et al.  Elliptic Curve Paillier Schemes , 2001, Journal of Cryptology.

[37]  Brent Waters,et al.  Functional Encryption for Regular Languages , 2012, CRYPTO.

[38]  Xiao Tan,et al.  Chosen-ciphertext secure multi-hop identity-based conditional proxy re-encryption with constant-size ciphertexts , 2014, Theor. Comput. Sci..

[39]  Matthew K. Franklin,et al.  An Efficient Public Key Traitor Tracing Scheme , 1999, CRYPTO.

[40]  Joseph K. Liu,et al.  Two-Factor Data Security Protection Mechanism for Cloud Storage System , 2016, IEEE Transactions on Computers.

[41]  Moti Yung,et al.  Traceable Group Encryption , 2014, Public Key Cryptography.

[42]  David Pointcheval,et al.  Multi-factor Authenticated Key Exchange , 2008, ACNS.

[43]  Jiankun Hu,et al.  A fingerprint based bio-cryptographic security protocol designed for client/server authentication in mobile computing environment , 2011, Secur. Commun. Networks.

[44]  Wei Liu,et al.  Anonymous Identity-Based Broadcast Encryption with Chosen-Ciphertext Security , 2016, AsiaCCS.

[45]  Joseph K. Liu,et al.  Special Issue on Security and Privacy in Mobile Clouds , 2016, Pervasive Mob. Comput..

[46]  Craig Gentry,et al.  Homomorphic Evaluation of the AES Circuit , 2012, IACR Cryptol. ePrint Arch..

[47]  Joseph K. Liu,et al.  Credential Wrapping: From Anonymous Password Authentication to Anonymous Biometric Authentication , 2016, AsiaCCS.

[48]  Shouhuai Xu,et al.  Secure and efficient proof of storage with deduplication , 2012, CODASPY '12.

[49]  Fuchun Guo,et al.  Privacy-Preserving and Regular Language Search Over Encrypted Cloud Data , 2016, IEEE Transactions on Information Forensics and Security.

[50]  Jiman Park,et al.  Design and implementation of Mobile Trusted Module for trusted mobile computing , 2010, 2010 Digest of Technical Papers International Conference on Consumer Electronics (ICCE).

[51]  Joseph K. Liu,et al.  Fine-Grained Two-Factor Access Control for Web-Based Cloud Computing Services , 2016, IEEE Transactions on Information Forensics and Security.

[52]  Ron Steinfeld,et al.  Trusted Boolean Search on Cloud Using Searchable Symmetric Encryption , 2016, 2016 IEEE Trustcom/BigDataSE/ISPA.

[53]  Thomas A. Berson,et al.  Differential Cryptanalysis Mod 2^32 with Applications to MD5 , 1992, EUROCRYPT.

[54]  Kim-Kwang Raymond Choo,et al.  Exfiltrating data from Android devices , 2015, Comput. Secur..

[55]  Craig Gentry,et al.  Practical Identity-Based Encryption Without Random Oracles , 2006, EUROCRYPT.

[56]  Rongxing Lu,et al.  Secure bidirectional proxy re-encryption for cryptographic cloud storage , 2016, Pervasive Mob. Comput..

[57]  Joseph K. Liu,et al.  Toward efficient and privacy-preserving computing in big data era , 2014, IEEE Network.

[58]  Moni Naor,et al.  Protecting Cryptographic Keys: The Trace-and-Revoke Approach , 2003, Computer.

[59]  M. Mambo,et al.  Proxy Cryptosystems: Delegation of the Power to Decrypt Ciphertexts (Special Section on Cryptography and Information Security) , 1997 .

[60]  Rafail Ostrovsky,et al.  Public Key Encryption with Keyword Search , 2004, EUROCRYPT.

[61]  Bala Srinivasan,et al.  Secure sharing and searching for real-time video data in mobile cloud , 2015, IEEE Network.

[62]  Li Xu,et al.  Cost-Effective Authentic and Anonymous Data Sharing with Forward Security , 2015, IEEE Transactions on Computers.

[63]  Joseph K. Liu,et al.  Privacy-Preserving Ciphertext Multi-Sharing Control for Big Data Storage , 2015, IEEE Transactions on Information Forensics and Security.

[64]  Joseph K. Liu,et al.  Efficient and Fully CCA Secure Conditional Proxy Re-Encryption from Hierarchical Identity-Based Encryption , 2015, Comput. J..

[65]  Zhen Liu,et al.  A CCA-Secure Identity-Based Conditional Proxy Re-Encryption without Random Oracles , 2012, ICISC.

[66]  Jonathan Katz,et al.  Tracing Insider Attacks in the Context of Predicate Encryption Schemes , 2011 .

[67]  Thomas Plantard,et al.  Broadcast encryption with dealership , 2015, International Journal of Information Security.

[68]  Mario Strefler Broadcast Encryption with Traitor Tracing. (Diffusion chiffrée avec traçage de traîtres) , 2013 .

[69]  Jian Li,et al.  TEES: An Efficient Search Scheme over Encrypted Data on Mobile Cloud , 2017, IEEE Transactions on Cloud Computing.

[70]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[71]  Namje Park,et al.  AONT Encryption Based Application Data Management in Mobile RFID Environment , 2010, ICCCI.

[72]  Lakshminarayanan Subramanian,et al.  Multi-factor Authentication as a Service , 2015, 2015 3rd IEEE International Conference on Mobile Cloud Computing, Services, and Engineering.

[73]  Qiong Huang,et al.  A Conditional Proxy Broadcast Re-Encryption Scheme Supporting Timed-Release , 2013, ISPEC.

[74]  Yi Mu,et al.  Anonymous Proxy Signature with Hierarchical Traceability , 2016, Comput. J..

[75]  Rituparna Chaki,et al.  A Survey of Security and Privacy Issues for Biometrics Based Remote Authentication in Cloud , 2014, CISIM.

[76]  Mario Strefler Broadcast Encryption with Traitor Tracing , 2013 .

[77]  Hugo Krawczyk,et al.  Highly-Scalable Searchable Symmetric Encryption with Support for Boolean Queries , 2013, IACR Cryptol. ePrint Arch..

[78]  Xiaohua Jia,et al.  An Efficient and Secure Dynamic Auditing Protocol for Data Storage in Cloud Computing , 2013, IEEE Transactions on Parallel and Distributed Systems.

[79]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[80]  Matt Blaze,et al.  Divertible Protocols and Atomic Proxy Cryptography , 1998, EUROCRYPT.

[81]  T. Elgamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, CRYPTO 1984.

[82]  Jorge Gonçalves,et al.  A data hiding approach for sensitive smartphone data , 2016, UbiComp.

[83]  Yutaka Kawai,et al.  Fully-Anonymous Functional Proxy-Re-Encryption , 2013, IACR Cryptol. ePrint Arch..

[84]  Moni Naor,et al.  Efficient trace and revoke schemes , 2000, International Journal of Information Security.

[85]  LinLin Shen,et al.  Differentiated security levels for personal identifiable information in identity management system , 2011, Expert Syst. Appl..

[86]  Toshihiko Matsuo,et al.  Proxy Re-encryption Systems for Identity-Based Encryption , 2007, Pairing.

[87]  Joseph K. Liu,et al.  A DFA-Based Functional Proxy Re-Encryption Scheme for Secure Public Cloud Data Sharing , 2014, IEEE Transactions on Information Forensics and Security.

[88]  Duncan S. Wong,et al.  A ciphertext‐policy attribute‐based proxy re‐encryption scheme for data sharing in public clouds , 2015, Concurr. Comput. Pract. Exp..

[89]  Albert Y. Zomaya,et al.  On the Characterization of the Structural Robustness of Data Center Networks , 2013, IEEE Transactions on Cloud Computing.

[90]  Amos Fiat,et al.  Tracing traitors , 2000, IEEE Trans. Inf. Theory.

[91]  Willy Susilo,et al.  Searchable Attribute-Based Mechanism With Efficient Data Sharing for Secure Cloud Storage , 2015, IEEE Transactions on Information Forensics and Security.

[92]  David Cash,et al.  Dynamic Proofs of Retrievability Via Oblivious RAM , 2013, Journal of Cryptology.

[93]  Willy Susilo,et al.  A Ciphertext-Policy Attribute-Based Proxy Re-encryption with Chosen-Ciphertext Security , 2013, 2013 5th International Conference on Intelligent Networking and Collaborative Systems.

[94]  Joseph K. Liu,et al.  Traceable and Retrievable Identity-Based Encryption , 2008, ACNS.

[95]  M. Akila,et al.  Biometric personal authentication using keystroke dynamics: A review , 2011, Appl. Soft Comput..

[96]  Tsz Hon Yuen,et al.  An Efficient Non-interactive Multi-client Searchable Encryption with Support for Boolean Queries , 2016, ESORICS.

[97]  Dan Boneh,et al.  Efficient Selective-ID Secure Identity Based Encryption Without Random Oracles , 2004, IACR Cryptol. ePrint Arch..

[98]  Ronald L. Rivest,et al.  ON DATA BANKS AND PRIVACY HOMOMORPHISMS , 1978 .

[99]  Xiaolei Dong,et al.  TR-MABE: White-box traceable and revocable multi-authority attribute-based encryption and its applications to multi-level privacy-preserving e-healthcare cloud computing systems , 2015, 2015 IEEE Conference on Computer Communications (INFOCOM).

[100]  Zhen Liu,et al.  Practical Attribute-Based Encryption: Traitor Tracing, Revocation and Large Universe , 2016, Comput. J..

[101]  Pascal Paillier,et al.  Paillier Encryption and Signature Schemes , 2005, Encyclopedia of Cryptography and Security.

[102]  Guomin Yang,et al.  Edit Distance Based Encryption and Its Application , 2016, ACISP.

[103]  Xiaodong Lin,et al.  RCCA-Secure Multi-use Bidirectional Proxy Re-encryption with Master Secret Security , 2014, ProvSec.

[104]  Wazir Zada Khan,et al.  A Graphical Password Based System for Small Mobile Devices , 2011, ArXiv.

[105]  Craig Gentry,et al.  Implementing Gentry's Fully-Homomorphic Encryption Scheme , 2011, EUROCRYPT.

[106]  Joseph K. Liu,et al.  An Efficient Identity-Based Online/Offline Encryption Scheme , 2009, ACNS.