Cloud computing is envisioned as the next generation architecture of IT enterprises, which provides convenient remote access to massively scalable data storage and application services. Despite the cloud’s promise for huge potential economical savings, by outsourcing data services to the cloud, users lose physical control over their data while cloud service providers can no longer be trusted to guarantee their data security and privacy. This leads to a paradigm shift in cloud security research in recent years, under which many issues including data confidentiality, access control, integrity protection and utilization need to be revisited.
In this talk, I will present our research efforts in data security and privacy in cloud computing, which aim at returning full control over outsourced data to their owners through cryptographic approaches. The first part introduces a scalable and owner-centric secure data sharing scheme, where owners can cryptographically enforce fine-grained data access control on any untrusted server by specifying access policies based on attributes of the data itself and authorized users, which is achieved by adapting a new cryptographic primitive called attribute-based encryption. The second part gives an overview of our other research projects, including secure integrity auditing of shared outsourced data (without physically possessing a copy of the data), and privacy-preserving searches over encrypted cloud data (without letting the cloud learn both the data contents and search keywords). Finally, I will outline future research directions on secure computation outsourcing, big data security and privacy, and secure cyber-physical systems.