Collaborative Research: CICI: Secure and Resilient Architecture: Data Integrity Assurance and Privacy Protection Solutions for Secure Interoperability of Cloud Resources

合作研究：CICI：安全和弹性架构：云资源安全互操作性的数据完整性保证和隐私保护解决方案

• 批准号: 1642078
• 负责人: Ragib Hasan
• 金额: $ 22.46万
• 依托单位: University of Alabama at Birmingham
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2016
• 资助国家: 美国
• 起止时间: 2016-10-01 至 2022-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1642078&HistoricalAwards=false
• 关键词: Collaborative; Research; CICI; Secure; Resilient

Cloud computing provides many clear benefits for users, including scalability and reduced system acquisition cost. However, data security, integrity and privacy are becoming major concerns for scientific researchers when they access data from the cloud to conduct experiments or analytics. In addition, data owners may not want to reveal their data to cloud service providers either because of the sensitivity of the data (e.g., medical records) or because of its value. Therefore, it is important to create cloud data integrity assurance and privacy protection solutions that help users fully embrace cloud services as well as protect cyberinfrastructure resources. With a cloud database, data owners can store large‐scale datasets collected from various sources. Users can then launch queries retrieving the data records for conducting research and experiments. However, there are several possible threats to query result accuracy. For example, a cloud database could be compromised and the stored data could be tampered with. There could be a malfunction in the cloud server, so that the cloud database inadvertently returns incomplete query results. It is unlikely that the client would be aware of such incorrect or incomplete query results. Consequently, erroneous data could be employed in subsequent scientific experiments or analyses, which could lead to false results. Cloud database query integrity assurance is critical issue that underpins a secure and trustworthy end‐to‐end scientific workflow. This work approaches these problems in a privacy‐friendly manner, building on top of encrypted queries over encrypted data. This is key for achieving both data privacy and data integrity. Data provenance - the history of the data and how its been handled - is also an important aspect of scientific workflows. However, securing the provenance to provide integrity, privacy, and confidentiality guarantees is also challenging, making it hard for many scientific workflows to provide a verifiable provenance history of scientific data and query results. With clouds, providing such guarantees is difficult for both data and provenance. This project enables infrastructural support for secure collection, storage, transmission, and verification of provenance information for all data and results stored and computed in the cloud. The availability of such verifiable provenance offers benefits to scientific workflows, making the process more trustworthy via verifiable history and results. The research team creates a query integrity assurance, data privacy protection, and verifiable provenance framework which provides an array of solutions for supporting secure cloud services. This project contributes to the cybersecurity research community by piloting novel cloud data security approaches that accomplish the following goals: (1) developing Voronoi diagram‐based integrity assurance techniques, (2) designing cloud database data privacy protection methods, (3) modeling the trade off between query integrity assurance and query evaluation costs, (4) realizing secure cloud data provenance mechanisms, and (5) implementing a prototype system, where all the components are integrated for security and performance evaluation.

云计算为用户提供了许多明显的好处，包括可扩展性和降低系统购置成本。然而，当科学研究人员从云端访问数据进行实验或分析时，数据安全、完整性和隐私正成为他们关注的主要问题。此外，由于数据（例如医疗记录）的敏感性或其价值，数据所有者可能不想向云服务提供商透露其数据。因此，创建云数据完整性保证和隐私保护解决方案，帮助用户充分拥抱云服务并保护网络基础设施资源非常重要。通过云数据库，数据所有者可以存储从各种来源收集的大规模数据集。然后，用户可以启动查询来检索数据记录以进行研究和实验。然而，查询结果的准确性可能存在多种威胁。例如，云数据库可能会受到损害，存储的数据可能会被篡改。云服务器可能出现故障，导致云数据库无意中返回不完整的查询结果。客户端不太可能知道这种不正确或不完整的查询结果。因此，错误的数据可能会被用于后续的科学实验或分析，从而导致错误的结果。云数据库查询完整性保证是支撑安全且值得信赖的端到端科学工作流程的关键问题。这项工作以隐私友好的方式解决这些问题，建立在加密数据的加密查询之上。这是实现数据隐私和数据完整性的关键。数据来源——数据的历史及其处理方式——也是科学工作流程的一个重要方面。然而，确保来源以提供完整性、隐私和机密性保证也具有挑战性，这使得许多科学工作流程很难提供科学数据和查询结果的可验证来源历史。对于云来说，提供这样的保证对于数据和来源来说都是困难的。该项目为云中存储和计算的所有数据和结果的来源信息的安全收集、存储、传输和验证提供基础设施支持。这种可验证来源的可用性为科学工作流程带来了好处，通过可验证的历史和结果使该过程更加值得信赖。研究团队创建了查询完整性保证、数据隐私保护和可验证来源框架，为支持安全云服务提供了一系列解决方案。该项目通过试点新颖的云数据安全方法来为网络安全研究社区做出贡献，这些方法可实现以下目标：(1) 开发基于 Voronoi 图的完整性保证技术，(2) 设计云数据库数据隐私保护方法，(3) 建模查询完整性保证和查询评估成本之间的权衡，（4）实现安全的云数据来源机制，以及（5）实现原型系统，其中集成了所有组件以进行安全性和性能评估。

项目成果

AVGuard: A Forensic Investigation Framework for Autonomous Vehicles

AVGuard：自动驾驶汽车取证调查框架

• DOI: 10.1109/icc42927.2021.9500652
• 发表时间: 2021-06
• 期刊: ICC 2021 - IEEE International Conference on Communications
• 作者: Hoque, Mohammad Aminul;Hasan, Ragib
• 通讯作者: Hasan, Ragib

Towards Strengthening the Security of Healthcare Devices using Secure Configuration Provenance

使用安全配置来源加强医疗设备的安全性

• DOI: 10.1109/icdh55609.2022.00043
• 发表时间: 2022-07-01
• 期刊: 2022 IEEE International Conference on Digital Health (ICDH)
• 作者: Ragib Hasan

IoTaaS: Drone-Based Internet of Things as a Service Framework for Smart Cities

IoTaaS：基于无人机的物联网作为智慧城市的服务框架

• DOI: 10.1109/jiot.2021.3137362
• 发表时间: 2022-07
• 期刊: IEEE Internet of Things Journal
• 影响因子: 10.6
• 作者: Hoque, Mohammad Aminul;Hossain, Mahmud;Noor, Shahid;Islam, S. M.;Hasan, Ragib
• 通讯作者: Hasan, Ragib

Towards a Threat Model for Vehicular Fog Computing

• DOI: 10.1109/uemcon47517.2019.8993064
• 发表时间: 2019-10-01
• 期刊: 2019 IEEE 10th Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON)
• 作者: Mohammad Aminul Hoque;Ragib Hasan
• 通讯作者: Ragib Hasan

A Trust Management Framework for Connected Autonomous Vehicles Using Interaction Provenance

使用交互来源的联网自动驾驶车辆的信任管理框架

• DOI: 10.1109/icc45855.2022.9838476
• 发表时间: 2022-05-16
• 期刊: ICC 2022 - IEEE International Conference on Communications
• 作者: Mohammad Aminul Hoque;Ragib Hasan
• 通讯作者: Ragib Hasan