Advances in networking technologies and the continued growth of the Internet have triggered a new trend towards outsourcing data management and information technology needs to external service providers. As a recent manifestation of this trend, there has been growing interest in outsourcing database services in both the commercial world and the research community. Although the outsourced database service model is emerging as an efficient replacement solution for traditional in-house database management systems, its clients, however, have to store their private data at an external service provider, who is typically not fully trusted, and so it introduces numerous security research challenges. To ensure data confidentiality, the outsourced data is usually encrypted and querying is then carried out with the support of trusted client front-ends or secure coprocessors. Despite a large number of research activities done for securing outsourced databases and removing unencrypted data from exposure to the external server and other intruders, no work has been able to radically secure outsourced databases with associated indexes during the query execution. By exploiting such indexes and with relevant available knowledge, attackers can infer confidential information from the outsourced encrypted data. This article discusses potential attacks in such situations and introduces two security protocols for outsourcing database services. The main contributions focus on solutions to the problem of data privacy/ confidentiality and user privacy. The theoretical analyses show that the proposed protocols can effectively protect outsourced data and its associated indexes as well as the clients against various sophisticated attacks.
Nowadays, biometrics-based authentication is playing a potential approach for many modern applications such as banking, homeland security etc. However, the end-users may feel uncomfortable to deploy this technology because of not well-solved accurate rate and security problems. To overcome these issues, some significant techniques have been proposed such as biometric template protection, reducing biometric extraction noise etc. Fuzzy vault is one of the most popular methods for biometric template security, which binds a secret key with biometric features and produces one kind of data, called the helper data, for recovering the secret key. Unfortunately, the major drawback of this approach is the lacking of cancellable property. Furthermore, most of the fuzzy vault schemes are performed on two biometrics modalities: fingerprints and iris. Some techniques were introduced to transform the original biometric feature to cancellable one. However, the computational cost of these proposals was quite large. In this research, the authors introduce a periodic transformation attached to fuzzy vault to produce the new cancellable scheme. Their transformation is not only simpler but also suitable for many kinds of biometrics modalities. The experiments demonstrate that this approach is practical with a little better error rate in comparison with the original biometric feature.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.