Secure Sensitive Data Sharing on a Big Data Platform

Xinhua Dong; Ruixuan Li; Heng He; Wanwan Zhou; Zhengyuan Xue; Hao Wu

doi:10.1109/TST.2015.7040516

Tsinghua Science and Technology 2015, 20(1): 72-80 https://doi.org/10.1109/TST.2015.7040516

Open Access | Issue | Published: 12 February 2015

Secure Sensitive Data Sharing on a Big Data Platform

Show Author's Information Hide Author's Information Xinhua Dong, Ruixuan Li(

), Heng He, Wanwan Zhou, Zhengyuan Xue, Hao Wu

School of Computer Science and Technology, Huazhong University of Science and Technology, Wuhan 430074, China.

Keywords:

big data, secure sharing, sensitive data, proxy re-encryption, private space

Cite this article:

Dong X, Li R, He H, et al. Secure Sensitive Data Sharing on a Big Data Platform. Tsinghua Science and Technology, 2015, 20(1): 72-80. https://doi.org/10.1109/TST.2015.7040516

Download citation

EndNote(RIS)

BibTeX

472

Views

Downloads

Citations

Crossref

N/A

WoS

Scopus

CSCD

Abstract Full text About this article

Abstract

Users store vast amounts of sensitive data on a big data platform. Sharing sensitive data will help enterprises reduce the cost of providing users with personalized services and provide value-added data services. However, secure data sharing is problematic. This paper proposes a framework for secure sensitive data sharing on a big data platform, including secure data delivery, storage, usage, and destruction on a semi-trusted big data sharing platform. We present a proxy re-encryption algorithm based on heterogeneous ciphertext transformation and a user process protection method based on a virtual machine monitor, which provides support for the realization of system functions. The framework protects the security of users' sensitive data effectively and shares these data safely. At the same time, data owners retain complete control of their own data in a sound environment for modern Internet information security.

Full text

Abstract

Full text

Outline

About this article

Secure Sensitive Data Sharing on a Big Data Platform

Show Author's information Hide Author's Information Xinhua Dong, Ruixuan Li(

), Heng He, Wanwan Zhou, Zhengyuan Xue, Hao Wu

School of Computer Science and Technology, Huazhong University of Science and Technology, Wuhan 430074, China.

Abstract

Keywords: big data, secure sharing, sensitive data, proxy re-encryption, private space

References(27)

[1]

Yu S., Wang C., Ren K., and Lou W., Attribute based data sharing with attribute revocation, in Proc. 5th ACM Symposium on Information, Computer and Communications Security, Beijing, China, 2010, pp. 261-270.

DOI

[2]

Bethencourt J., Sahai A., and Waters B., Ciphertext-policy attribute-based encryption, in Proc. IEEE Symposium on Security and Privacy, Oakland, USA, 2007, pp. 321-334.

DOI

[3]

Li J., Zhao G., Chen X., Xie D., Rong C., Li W., Tang L., and Tang Y., Fine-grained data access control systems with user accountability in cloud computing, in Proc. 2nd Int. Conf. on Cloud Computing, Indianapolis, USA, 2010, pp. 89-96.

DOI

[4]

Wang L., Wang L., Mambo M., and Okamoto E., New identity-based proxy re-encryption schemes to prevent collusion attacks, in Proc. 4th Int. Conf. Pairing-Based Cryptograghy-Pairing, Ishikawa, Japan, 2010, pp. 327-346.

DOI

[5]

Gentry C., A fully homorphic encryption scheme, Ph.D dissertation, Stanford University, California, USA, 2009.

[6]

Ananthi S., Sendil M.S., and Karthik S., Privacy preserving keyword search over encrypted cloud data, in Proc. 1st Advances in Computing and Communications, Kochi, India, 2011, pp. 480-487.

DOI

[7]

Hu H., Xu J., Ren C., and Choi B., Processing private queries over untrusted data cloud through privacy homomorphism, in Proc. 27th IEEE Int. Conf. on Data Engineering, Hannover, Germany, 2011, pp. 601-612.

DOI

[8]

Cao N., Wang C., Li M., Ren K., and Lou W., Privacy-preserving multi-keyword ranked search over encrypted cloud data, in Proc. 30th IEEE INFOCOM, Shanghai, China, 2011, pp. 829-837.

DOI

[9]

Hong C., Zhang M., and Feng D., AB-ACCS: A cryptographic access control scheme for cloud storage, (in Chinese), Journal of Computer Research and Development, vol. 47, no. 1, pp. 259-265, 2010.

Google Scholar

[10]

Zeldovich N., Boyd-Wickizer S., and Mazieres D., Securing distributed systems with information flow control, in Proc. 5th USENIX Symposium on Networked Systems Design and Implementation, San Francisco, USA, 2008, pp. 293-308.

[11]

Lv Z., Hong C., Zhang M., and Feng D., A secure and efficient revocation scheme for fine-grained access control in cloud storage, in Proc. 4th IEEE Int. Conf. on Cloud Computing Technology and Science, Taipei, Taiwan, China, 2012, pp. 545-550.

DOI

[12]

Azab A. M., Ning P., Sezer E. C., and Zhang X., HIMA: A hypervisor-based integrity measurement agent, in Proc. 25th Annual Computer Security Applications Conf., Hawaii, USA, 2009, pp. 461-470.

DOI

[13]

Azab A. M., Ning P., Wang Z., Jiang X., Zhang X., and Skalsky N. C., HyperSentry: Enabling stealthy in-context measurement of hypervisor integrity, in Proc. 17th ACM Conference on Computer and Communications Security, Chicago, USA, 2010, pp. 38-49.

DOI

[14]

Trusted Computing Group, TNC architecture for interoperability, http://www.trustedcomputinggroup.org/resources/tnc_architecture_for_interoperability_specification, 2014.

[15]

Zhang H., Chen L., and Zhang L., Research on trusted network connection, (in Chinese), Chinese Journal of Computers, vol. 33, no. 4, pp. 706-717, 2010.

DOI Google Scholar

[16]

Feng D., Qin Y., Wang D., and Chu X., Research on trusted computing technology, (in Chinese), Journal of Computer Research and Development, vol. 48, no. 8, pp. 1332-1349, 2011.

Google Scholar

[17]

Zhang F., Chen J., Chen H., and Zang B., Cloudvisor: Retrofitting protection of virtual machines in multi-tenant cloud with nested virtualization, in Proc. 23rd ACM Symposium on Operating Systems Principles, Cascais, Portugal, 2011, pp. 203-216.

DOI

[18]

Chen X., Garfinkel T., Lewis E. C., and Spasojevic B., Overshadow: A virtualization-based approach to retrofitting protection in commodity operating systems, in Proc. 13th Int. Conf. on Architectural Support for Programming Languages and Operating Systems, Seattle, USA, 2008, pp. 2-13.

DOI

[19]

Yang J. and Shin K. G., Using hypervisor to provide data secrecy for user applications on a per-page basis, in Proc. 4th Int. Conf. on Virtual Execution Environments, Seattle, USA, 2008, pp. 71-80.

DOI

[20]

Chen H., Zhang F., Chen C., Yang Z., Chen R., Zang B., Mao W., Chen H., Zhang F., Chen C., al. et, Tamper-resistant execution in an untrusted operating system using a virtual machine monitor, Technical Report, Parallel Processing Institute, Fudan University, FDUPPITR-2007-0801, 2007.

DOI

[21]

Dewan P., Durham D., Khosravi H., Long M., and Nagabhushan G., A hypervisor-based system for protecting software runtime memory and persistent storage, in Proc. the 2008 Spring Simulation Multiconference, Ottawa, Canada, 2008, pp. 828-835.

[22]

Wang G., Yue F., and Liu Q., A secure self-destructing scheme for electronic data, Journal of Computer and System Sciences, vol. 79, no. 2, pp. 279-290, 2013.

DOI Google Scholar

[23]

Zeng L., Shi Z., Xu S., and Feng D., Safevanish: An improved data self-destruction for protecting data privacy, in Proc. 2nd Cloud Computing International Conf., Indianapolis, USA, 2010, pp. 521-528.

DOI

[24]

Dong L., Zhuang Y., Gao Y., and Bu Y., Research on real-time trigger system for sensitive data safe destruction, (in Chinese), Journal of Chinese Computer System, vol. 31, no. 7, pp. 1323-1327, 2010.

Google Scholar

[25]

Qin J., Deng Q., and Zhang J., Design of multi-grade safety data destruction mechanism of HDFS, (in Chinese), Computer Technology and Development, vol. 23, no. 3, pp. 129-133, 2013.

Google Scholar

[26]

Zhang F., Chen J., Chen H., and Zang B., Lifetime privacy and self-destruction of data in the cloud, (in Chinese), Journal of Computer Research and Development, vol. 48, no. 7, pp. 1155-1167, 2011.

Google Scholar

[27]

Razick S., Mocnik R., Thomas L. F., Ryeng E., Drabløs F., and Sætrom P., The eGenVar data management system — Cataloguing and sharing sensitive data and metadata for the life sciences, Database, vol. 2014, p. bau027, 2014.

DOI Google Scholar

About this article

Publication history

Acknowledgements

Rights and permissions

Publication history

Received: 05 December 2014

Accepted: 25 December 2014

Published: 12 February 2015

Issue date: February 2015

Copyright

Acknowledgements

This work was supported by the National Natural Science Foundation of China (Nos. 61173170, 61300222, 61433006, and U1401258), and Independent Innovation Fund of Huazhong University of Science and Technology (Nos. 2012TS052, 2012TS053, 2013QN120, and CXY13Q019). We sincerely thank the anonymous reviewers for their very comprehensive and constructive comments.