Privacy preserving in cloud computing environment

Cloud computing is dramatically changing the way that organizations manage their data, owing to its attractive features such as robustness, low cost, and ubiquitous nature. However, privacy concerns arise whenever sensitive data is outsourced to the cloud where the data is processed and stored. The fact that users no longer have physical possession of the outsourced data makes it a formidable task to achieve the data confidentiality and integrity. As the data, in most cases encrypted, have to be not only stored, but also processed in clouds, the cryptography-based data confidentiality and integrity protection approaches are not adequate to satisfy the security requirements. Privacy preserving in cloud environments includes two aspects: data processing security and data storage security. Data processing security covers the issues of how to protect user privacy at runtime in a virtualized cloud platform. Data storage security covers the issues of guaranteeing user data privacy when the data is stored in data center. This special issue consists of eight papers addressing the security and privacy issues in cloud computing. In the first paper “SAKE: scalable authenticated key exchange for mobile e-health networks”, Weiran Liu, Jianwei Liu, Qianhong Wu, Willy Susilo, Hua Deng, and Bo Qin focus on the key management mechanism for data encryption in data transmission in Mobile e-Health Network (MHN). A virtual MHN architecture with only three levels yet suitable to realistic MHNs with arbitrary hierarchical levels has been presented. By exploiting the virtual architecture, an efficient authenticated key exchange framework to secure MHNs has been proposed. A scalable authenticated key exchange (SAKE) scheme with a dedicated variant of a recent hierarchical identitybased signature and the well-known Diffie–Hellman key exchange protocol has been realized. Theoretical analysis and experimental results show that SAKA is secure and scalable, and hence practical to secure MHNs. The multi-level and complex features make cloud computing system more prone to failure. The second paper, “CDMCR: Multi-level Fault-tolerant System for Distributed Applications in Cloud”, by Weizhong Qiang, Changqing Jiang, Longbo Ran, Deqing Zou, and Hai Jin, presents a multi-level fault-tolerant system for distributed applications in cloud. The proposed system backups the complete state of applications periodically with a snapshot-based distributed checkpointing protocol, including file system state. A multi-level recovery strategy is proposed, which includes process-level recovery, virtual machine recreation, and host rescheduling, enabling comprehensive and efficient fault tolerance for different components in cloud. Experiments on the prototype demonstrate the correctness of the system. Analysis shows that the proposed system does not cause message loss or data loss, and the backup time remains nearly constant as the number of nodes increases on virtual cluster. Smart grid is regarded as the modernization of the electricity delivery system. In digital communities, smart grid proposals may threaten user privacy because of potentially disclosing fine-grained consumption data to utility providers. The third paper, “A robust and privacy-preserving aggregation scheme for secure smart grid communications in digital communities” by Shuai Fu, Jianfeng Ma, Hongtao Li, and Qi Jiang, proposes a robust and privacypreserving aggregation scheme for smart grid communications. The construction of member list allows the fault tolerance of the proposed scheme to tolerant against accidental errors. By integrating privacy homomorphism encryption and aggregation signature scheme, data authentication and integrity protection are performed and proved without disclosing any fine-grained data records. Security analysis and performance evaluation demonstrate that the proposed scheme can resist various security threats and preserve identity privacy, and has significantly less communication overhead and computation cost than other existing approaches. Opportunistic vehicular ad hoc networks have attracted enormous attention from both industry and academia in recent years. However, the presence of selfish behaviors of nodes could cause a severe threat to well-designed opportunistic routing scheme, and even jeopardize the whole network. The fourth paper, “A privacy-preserving distance-based incentive scheme in opportunistic VANETs” by Jun Song, ChunJiao He, Fan Yang and HuanGuo Zhang, presents a privacy-preserving distance-based incentive scheme, particularly to address issues of the nodes’ selfish behavior and the location privacy. The proposed protocol adopts secure multiparty computation and homomorphic encryption methods to realize three properties, i.e. the confidentiality of nodes location information, the integrity of the message carried distance, and the correctness of reputation computation. Furthermore, this incentive scheme can satisfy the following security requirements, such as mutual authentication, non-repudiation, and conditional privacy preservation, and it can also stimulate the active helpers and suppress harmful behaviors fairly and reasonably. The security analysis and performance evaluation show that the proposed framework is secure, efficient, and practical. SECURITY AND COMMUNICATION NETWORKS Security Comm. Networks (2016) Published online in Wiley Online Library (wileyonlinelibrary.com). DOI: 10.1002/sec.1498