Resolving a common vulnerability in secret sharing scheme–based data outsourcing schemes

Abstract: Summary Every day, the amount of generated data from different resources are increasing significantly and posing new serious challenges in terms of data storage and maintaining. As a solution, outsourcing data to a public cloud server with high storage and processing capacity sounds reasonable in comparison with storing in local data storage. Therefore, the database as a service (DaaS) paradigm has gained much popularity over the last decade since the introduction of cloud services. Storing confidential data i… Show more

“…As observed in previous works [22]- [24], potentially there are two types of attacks against secret sharing-based outsourcing schemes. The first type of attacks, called inference attacks, will be explained in detail in Section III-C1.…”

“…Gcd-based attacks were first discovered in [24] whereas compromised cloud servers are able to retrieve the distribution vector X, by recovering each of the individual reconstruction element x i based on the shares they received. It has been claimed in [24] that, subtracting any two shares that are associated with the same secret will result in a multiple of the reconstruction element x i . To see this, readers can refer to Equation ( 5) below, where (c vn * x i + v) is the share generated from the secret v for an n-th time and (c vm * x i + v) is the share for an m-th time.…”

“…One can easily see that the right hand side of Equation ( 5) is essentially a multiple of x i . The value of x i has been successfully retrieved in [24] by observing that x i turns out to be the greatest common divisor (gcd) appearing most frequently in a set of data called Med.…”

“…In other words, we only need a constant size of storage overhead while the secure partitioning approach requires an extra storage which grows linearly in the domain size of secret values (readers can recall that D v is the domain of unique values originated from data owners.). * When compared with the fake record approach [24] which tackled gcd-based attacks by introducing an additional 10% overhead, our scheme is more efficient thanks to the constant size storage overhead achieved.…”

“…The second type of attacks, termed as gcd-based attacks, will be described in Section III-C2. A gcd-based attack has been discovered by Ghasemi in the literature [24] where a countermeasure was also proposed by inserting 10% extra records as fake records in order to protect the real records. We refer to this approach as fake record approach in the later sections.…”

Secret Sharing-Based IoT Text Data Outsourcing: A Secure and Efficient Scheme

“…As observed in previous works [22]- [24], potentially there are two types of attacks against secret sharing-based outsourcing schemes. The first type of attacks, called inference attacks, will be explained in detail in Section III-C1.…”

“…Gcd-based attacks were first discovered in [24] whereas compromised cloud servers are able to retrieve the distribution vector X, by recovering each of the individual reconstruction element x i based on the shares they received. It has been claimed in [24] that, subtracting any two shares that are associated with the same secret will result in a multiple of the reconstruction element x i . To see this, readers can refer to Equation ( 5) below, where (c vn * x i + v) is the share generated from the secret v for an n-th time and (c vm * x i + v) is the share for an m-th time.…”

“…One can easily see that the right hand side of Equation ( 5) is essentially a multiple of x i . The value of x i has been successfully retrieved in [24] by observing that x i turns out to be the greatest common divisor (gcd) appearing most frequently in a set of data called Med.…”

“…In other words, we only need a constant size of storage overhead while the secure partitioning approach requires an extra storage which grows linearly in the domain size of secret values (readers can recall that D v is the domain of unique values originated from data owners.). * When compared with the fake record approach [24] which tackled gcd-based attacks by introducing an additional 10% overhead, our scheme is more efficient thanks to the constant size storage overhead achieved.…”

“…The second type of attacks, termed as gcd-based attacks, will be described in Section III-C2. A gcd-based attack has been discovered by Ghasemi in the literature [24] where a countermeasure was also proposed by inserting 10% extra records as fake records in order to protect the real records. We refer to this approach as fake record approach in the later sections.…”

Secret Sharing-Based IoT Text Data Outsourcing: A Secure and Efficient Scheme

New attacks on secret sharing-based data outsourcing: toward a resistant scheme

Secure data outsourcing based on seed-residual shares and order-shuffling encryption