Pub Date : 2026-02-03DOI: 10.1109/TCC.2026.3659933
Zhenrui He;Wenlong Tian;Zhixiong Xie;Dewen Zeng;Jianfeng Lu;Zhiyong Xu;Weijun Xiao;Yaping Wan
With the rapid growth of data, redundancy among different users in cloud environments has become increasingly prominent. Detecting and removing these redundant parts can effectively improve storage efficiency. But these processes may dramatically degrade the system performance, especially when dealing with similar data. Although deduplication and delta compression are common data reduction techniques, their high overhead can outweigh the benefits. As a result, users often cannot determine in advance whether compression is worthwhile for their datasets. Some approaches have attempted to solve this, but each has important limitations. Danny Harnik et al. proposed a sampling-based deduplication estimation method using linear programming, which efficiently estimates redundancy from exact duplicates. However, it fails to capture redundancy arising from similar data, thus underestimating the full compression potential. To address this limitation, we propose Smart-to-Compress, a predictive compression decision framework. We introduce the Super Feature Frequency Histogram (SFH) to capture redundancy among similar data. Combined with the Duplication Frequency Histogram (DFH), our method estimates the overall Data Reduction Ratio (DRR) without scanning the entire dataset. Furthermore, we design a game-theoretic decision model to weigh compression benefits against predicted costs, providing users with guidance on whether compression should be applied. Experiments on real-world datasets show that our method accurately predicts compression value, reduces unnecessary overhead, and offers reliable decision-making support for users.
随着数据的快速增长,云环境中不同用户之间的冗余问题日益突出。对这些冗余部件进行检测和剔除,可以有效提高存储效率。但是,这些进程可能会极大地降低系统性能,特别是在处理类似数据时。虽然重复数据删除和增量压缩是常见的数据缩减技术,但它们的高开销可能超过其好处。因此,用户通常无法事先确定压缩数据集是否值得。一些方法试图解决这个问题,但每种方法都有重要的局限性。Danny Harnik等人提出了一种基于抽样的重复数据删除估计方法,该方法利用线性规划有效地估计精确重复数据的冗余度。然而,它无法捕获类似数据产生的冗余,从而低估了全部压缩潜力。为了解决这一限制,我们提出了一种预测压缩决策框架Smart-to-Compress。我们引入了超特征频率直方图(superfeature Frequency Histogram, SFH)来捕获相似数据之间的冗余。结合重复频率直方图(DFH),我们的方法在不扫描整个数据集的情况下估计整体数据减少比(DRR)。此外,我们设计了一个博弈论决策模型来权衡压缩收益与预测成本,为用户提供是否应该使用压缩的指导。在实际数据集上的实验表明,该方法能够准确预测压缩值,减少不必要的开销,为用户提供可靠的决策支持。
{"title":"Smart-to-Compress: A Predictive and Game-Theoretic Framework for Data Reduction Decisions","authors":"Zhenrui He;Wenlong Tian;Zhixiong Xie;Dewen Zeng;Jianfeng Lu;Zhiyong Xu;Weijun Xiao;Yaping Wan","doi":"10.1109/TCC.2026.3659933","DOIUrl":"https://doi.org/10.1109/TCC.2026.3659933","url":null,"abstract":"With the rapid growth of data, redundancy among different users in cloud environments has become increasingly prominent. Detecting and removing these redundant parts can effectively improve storage efficiency. But these processes may dramatically degrade the system performance, especially when dealing with similar data. Although deduplication and delta compression are common data reduction techniques, their high overhead can outweigh the benefits. As a result, users often cannot determine in advance whether compression is worthwhile for their datasets. Some approaches have attempted to solve this, but each has important limitations. Danny Harnik et al. proposed a sampling-based deduplication estimation method using linear programming, which efficiently estimates redundancy from exact duplicates. However, it fails to capture redundancy arising from similar data, thus underestimating the full compression potential. To address this limitation, we propose Smart-to-Compress, a predictive compression decision framework. We introduce the Super Feature Frequency Histogram (SFH) to capture redundancy among similar data. Combined with the Duplication Frequency Histogram (DFH), our method estimates the overall Data Reduction Ratio (DRR) without scanning the entire dataset. Furthermore, we design a game-theoretic decision model to weigh compression benefits against predicted costs, providing users with guidance on whether compression should be applied. Experiments on real-world datasets show that our method accurately predicts compression value, reduces unnecessary overhead, and offers reliable decision-making support for users.","PeriodicalId":13202,"journal":{"name":"IEEE Transactions on Cloud Computing","volume":"14 1","pages":"406-418"},"PeriodicalIF":5.0,"publicationDate":"2026-02-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"147375017","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2026-01-28DOI: 10.1109/TCC.2026.3658767
Yuling Luo;Qiuhui Li;Shunsheng Zhang;Junxiu Liu;Sheng Qin;Qiang Fu;Zhen Min
Side-Channel Attacks (SCAs) now require more side-channel traces for successful execution, which places more stringent requirements on the storage capacity and computational ability of the devices on which SCAs are based. To reduce the storage and computational pressure on the local device where SCAs are performed on collected leakage traces from an attacking device, this paper proposes a secure cloud outsourcing protocol to perform Principal Component Analysis (PCA) dimensionality reduction on the side-channel traces. Secure cloud outsourcing is applied for the computationally intensive matrix multiplication and eigenvalue decomposition of the PCA process. The proposed protocol has been proven to balance privacy, efficiency, and correctness. Through experiments on CW and Grizzly datasets, it shows that 1) Correlation Power Analysis (CPA) with PCA effectively mitigates noise, improving the probability of a successful CPA; 2) Cloud-based PCA significantly reduces the computational complexity of local devices; 3) Template Attacks (TAs) are performed on leakage trace data using cloud-based PCA, client-based PCA, Linear Discriminant Analysis (LDA) and Independent Component Analysis (ICA). The attack results of cloud-based and client-based PCA are basically identical, and they achieve lower Guessing-Entropy (GE) than ICA. Both theoretical analysis and experimental results demonstrate the feasibility and advantages of this protocol.
{"title":"Side Channel Attacks on Resource-Constrained Devices Enabled Through Secure Cloud Outsourcing","authors":"Yuling Luo;Qiuhui Li;Shunsheng Zhang;Junxiu Liu;Sheng Qin;Qiang Fu;Zhen Min","doi":"10.1109/TCC.2026.3658767","DOIUrl":"https://doi.org/10.1109/TCC.2026.3658767","url":null,"abstract":"Side-Channel Attacks (SCAs) now require more side-channel traces for successful execution, which places more stringent requirements on the storage capacity and computational ability of the devices on which SCAs are based. To reduce the storage and computational pressure on the local device where SCAs are performed on collected leakage traces from an attacking device, this paper proposes a secure cloud outsourcing protocol to perform Principal Component Analysis (PCA) dimensionality reduction on the side-channel traces. Secure cloud outsourcing is applied for the computationally intensive matrix multiplication and eigenvalue decomposition of the PCA process. The proposed protocol has been proven to balance privacy, efficiency, and correctness. Through experiments on CW and Grizzly datasets, it shows that 1) Correlation Power Analysis (CPA) with PCA effectively mitigates noise, improving the probability of a successful CPA; 2) Cloud-based PCA significantly reduces the computational complexity of local devices; 3) Template Attacks (TAs) are performed on leakage trace data using cloud-based PCA, client-based PCA, Linear Discriminant Analysis (LDA) and Independent Component Analysis (ICA). The attack results of cloud-based and client-based PCA are basically identical, and they achieve lower Guessing-Entropy (GE) than ICA. Both theoretical analysis and experimental results demonstrate the feasibility and advantages of this protocol.","PeriodicalId":13202,"journal":{"name":"IEEE Transactions on Cloud Computing","volume":"14 1","pages":"393-405"},"PeriodicalIF":5.0,"publicationDate":"2026-01-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"147375018","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2026-01-12DOI: 10.1109/TCC.2026.3651561
Y. Sreenivasa Rao
Most recently, Wang et al. proposed (in IEEE TCC, doi: 10.1109/TCC.2024.3461732) a lightweight privacy-preserving ciphertext retrieval scheme based on edge computing (termed as LPCR) by combining ciphertext policy attribute-based encryption and searchable encryption techniques. The authors claimed that LPCR can achieve the security of chosen plaintext attack (CPA) and chosen keyword attack (CKA), and resist collusion attack. However, by presenting a concrete plaintext recovery attack (PRA), we demonstrate that every decryption key has the ability to decrypt any user’s ciphertext and get the plaintext document encrypted in it. Next, using PRA, we illustrate that LPCR is vulnerable to CPA, CKA and collusion attacks.
{"title":"Security Weaknesses of a Lightweight Privacy-Preserving Edge Computing Based Ciphertext Retrieval Scheme","authors":"Y. Sreenivasa Rao","doi":"10.1109/TCC.2026.3651561","DOIUrl":"https://doi.org/10.1109/TCC.2026.3651561","url":null,"abstract":"Most recently, Wang et al. proposed (in IEEE TCC, doi: 10.1109/TCC.2024.3461732) a lightweight privacy-preserving ciphertext retrieval scheme based on edge computing (termed as LPCR) by combining ciphertext policy attribute-based encryption and searchable encryption techniques. The authors claimed that LPCR can achieve the security of chosen plaintext attack (CPA) and chosen keyword attack (CKA), and resist collusion attack. However, by presenting a concrete plaintext recovery attack (PRA), we demonstrate that every decryption key has the ability to decrypt any user’s ciphertext and get the plaintext document encrypted in it. Next, using PRA, we illustrate that LPCR is vulnerable to CPA, CKA and collusion attacks.","PeriodicalId":13202,"journal":{"name":"IEEE Transactions on Cloud Computing","volume":"14 1","pages":"391-392"},"PeriodicalIF":5.0,"publicationDate":"2026-01-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"147375016","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-12-09DOI: 10.1109/TCC.2025.3642240
Fan Ding;Houxiang Wang
Scheduling workflows with complex dependencies under dynamic resource availability in heterogeneous clouds remains highly challenging. Static and heuristic methods often fail to adapt to workload and resource changes, resulting in higher makespan, lower utilization, and increased cost. We propose GDST-PPO, a graph-based dynamic scheduling framework that encodes workflow DAGs with a GNN, models temporal and resource contexts via a Transformer with sparse attention, and optimizes decisions using PPO with a multi-objective reward. We perform extensive experiments on five benchmark workflows under realistic heterogeneous cloud settings. Across six baselines, GDST-PPO achieves up to 10.3% lower makespan, 18.1% higher resource utilization, and an 11.4% gain in overall score. In absolute terms, it attains a makespan of 7,168,820 s, resource utilization of 39.55%, and an overall score of 6.62 on our benchmark, demonstrating efficient, flexible, and cost-effective cloud workflow management.
{"title":"Real-Time Adaptive Workflow Scheduling With Graph Learning and Transformer-Driven Reinforcement in Heterogeneous Clouds","authors":"Fan Ding;Houxiang Wang","doi":"10.1109/TCC.2025.3642240","DOIUrl":"https://doi.org/10.1109/TCC.2025.3642240","url":null,"abstract":"Scheduling workflows with complex dependencies under dynamic resource availability in heterogeneous clouds remains highly challenging. Static and heuristic methods often fail to adapt to workload and resource changes, resulting in higher makespan, lower utilization, and increased cost. We propose GDST-PPO, a graph-based dynamic scheduling framework that encodes workflow DAGs with a GNN, models temporal and resource contexts via a Transformer with sparse attention, and optimizes decisions using PPO with a multi-objective reward. We perform extensive experiments on five benchmark workflows under realistic heterogeneous cloud settings. Across six baselines, GDST-PPO achieves up to 10.3% lower makespan, 18.1% higher resource utilization, and an 11.4% gain in overall score. In absolute terms, it attains a makespan of 7,168,820 s, resource utilization of 39.55%, and an overall score of 6.62 on our benchmark, demonstrating efficient, flexible, and cost-effective cloud workflow management.","PeriodicalId":13202,"journal":{"name":"IEEE Transactions on Cloud Computing","volume":"14 1","pages":"376-390"},"PeriodicalIF":5.0,"publicationDate":"2025-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"147375014","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-12-01DOI: 10.1109/TCC.2025.3639073
Abdullah Lakhan;Tor-Morten Grønli;Ahmet Soylu;Ghulam Muhammad;Qurat-ul-ain Mastoi;Huaming Wu
These days, satellite remote sensing data is employed for different drone applications. The main goal is to provide imaginary information about electromagnetic locations and patterns, along with insights into geolocations on Earth. The Internet of Drone Things (IoDT) exploits remote sensing data to deliver medicine from source to destination. However, many existing medicine delivery systems based on drones need longer execution times and more efficiency in delivering medicine to the right destinations. This paper presents transfer learning, which empowers a spatiotemporal remote sensing data training system for medicine delivery in edge cloud networks based on IoDT applications. The objective is to deliver the medicine to the original destination with the highest score and process all drone tasks based on their given deadlines. We present the offloading spatiotemporal training and scheduling (OSPTS) algorithm methodology that completes the data collection process and medicine delivery in different locations. Therefore, we solve the problem as a combinatorial problem and find the optimal solution based on searching and convolutional neural networks (CNN). Transfer learning and convolutional neural networks are sub-schemes of the OSPTS that train the remote sensing data on edge nodes and point clouds for optimal medicine delivery. Simulation results show that the OSPTS obtained the highest score for medicine delivery in the correct position with less processing time than existing systems.
{"title":"Transfer Learning-Enabled System for Drone Medicine Delivery Based on Spatio-Temporal Remote Sensing Data in Edge Cloud Networks","authors":"Abdullah Lakhan;Tor-Morten Grønli;Ahmet Soylu;Ghulam Muhammad;Qurat-ul-ain Mastoi;Huaming Wu","doi":"10.1109/TCC.2025.3639073","DOIUrl":"https://doi.org/10.1109/TCC.2025.3639073","url":null,"abstract":"These days, satellite remote sensing data is employed for different drone applications. The main goal is to provide imaginary information about electromagnetic locations and patterns, along with insights into geolocations on Earth. The Internet of Drone Things (IoDT) exploits remote sensing data to deliver medicine from source to destination. However, many existing medicine delivery systems based on drones need longer execution times and more efficiency in delivering medicine to the right destinations. This paper presents transfer learning, which empowers a spatiotemporal remote sensing data training system for medicine delivery in edge cloud networks based on IoDT applications. The objective is to deliver the medicine to the original destination with the highest score and process all drone tasks based on their given deadlines. We present the offloading spatiotemporal training and scheduling (OSPTS) algorithm methodology that completes the data collection process and medicine delivery in different locations. Therefore, we solve the problem as a combinatorial problem and find the optimal solution based on searching and convolutional neural networks (CNN). Transfer learning and convolutional neural networks are sub-schemes of the OSPTS that train the remote sensing data on edge nodes and point clouds for optimal medicine delivery. Simulation results show that the OSPTS obtained the highest score for medicine delivery in the correct position with less processing time than existing systems.","PeriodicalId":13202,"journal":{"name":"IEEE Transactions on Cloud Computing","volume":"14 1","pages":"419-431"},"PeriodicalIF":5.0,"publicationDate":"2025-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"147375015","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-10-22DOI: 10.1109/TCC.2025.3624031
Jian Jiang;Qianmu Li;Pengchuan Wang;Yunhuai Liu
In the rapidly evolving landscape of cloud-edge computing, efficient resource scheduling across Kubernetes clusters is essential for optimizing microservice deployment. Traditional scheduling methods, e.g., heuristic and meta-heuristic algorithms, often struggle with the dynamic and heterogeneous nature of cloud-edge environments, relying on fixed parameters and lacking adaptability. We propose and implement DRKC, a novel deep reinforcement learning-based approach that addresses these challenges by improving resource utilization and balancing workloads. We model the scheduling problem as a Markov decision process, enabling DRKC to automatically learn optimal scheduling policies from real-time system data without relying on predefined heuristics. The work synthesizes state information from multiple clusters, using multidimensional resource awareness to effectively respond to changing conditions. We evaluate our performance in three Kubernetes clusters with thirteen nodes and ninety-six test applications with different resource requirements. Experimental results validate the effectiveness of DRKC in enhancing overall resource efficiency and achieving superior load balancing across cloud-edge environments.
{"title":"DRKC: Deep Reinforcement Learning Enhanced Microservice Scheduling on Kubernetes Clusters in Cloud-Edge Environment","authors":"Jian Jiang;Qianmu Li;Pengchuan Wang;Yunhuai Liu","doi":"10.1109/TCC.2025.3624031","DOIUrl":"https://doi.org/10.1109/TCC.2025.3624031","url":null,"abstract":"In the rapidly evolving landscape of cloud-edge computing, efficient resource scheduling across Kubernetes clusters is essential for optimizing microservice deployment. Traditional scheduling methods, e.g., heuristic and meta-heuristic algorithms, often struggle with the dynamic and heterogeneous nature of cloud-edge environments, relying on fixed parameters and lacking adaptability. We propose and implement DRKC, a novel deep reinforcement learning-based approach that addresses these challenges by improving resource utilization and balancing workloads. We model the scheduling problem as a Markov decision process, enabling DRKC to automatically learn optimal scheduling policies from real-time system data without relying on predefined heuristics. The work synthesizes state information from multiple clusters, using multidimensional resource awareness to effectively respond to changing conditions. We evaluate our performance in three Kubernetes clusters with thirteen nodes and ninety-six test applications with different resource requirements. Experimental results validate the effectiveness of DRKC in enhancing overall resource efficiency and achieving superior load balancing across cloud-edge environments.","PeriodicalId":13202,"journal":{"name":"IEEE Transactions on Cloud Computing","volume":"13 4","pages":"1472-1486"},"PeriodicalIF":5.0,"publicationDate":"2025-10-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145674862","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-10-14DOI: 10.1109/TCC.2025.3621432
Xi Liu;Jun Liu;Weidong Li
We consider the edge-vehicle computing system (EVCS), where the combination of edge computing and vehicle computing takes respective advantages to provide various services. We address the problem of computation offloading in EVSC, where the computing tasks and the sensing tasks with limited budgets are offloaded to edge servers and vehicles. The resource-sharing model is proposed, where sensing resources of one vehicle are shared by multiple tasks. We consider the vehicle hierarchy, where vehicles with different equipment accuracy are classified into different hierarchies. A sensing task has different values and different demands for different hierarchies. A budget-feasible mechanism based on the clock auction is proposed. We show our proposed mechanism is strategy-proof and group strategy-proof, this drives the system into an equilibrium. In addition, the proposed mechanism achieves individual rationality, budget balance, and consumer sovereignty. The proposed mechanism consists of two algorithms that are based on the idea of dominant resource and iteration to improve resource utilization and reduce costs. Furthermore, the approximate ratios of the two allocation algorithms are analyzed. Experimental results demonstrate that the proposed mechanism achieves the near-optimal value and brings higher utility for participants.
{"title":"Budget-Feasible Clock Mechanism for Hierarchical Computation Offloading in Edge-Vehicle Collaborative Computing","authors":"Xi Liu;Jun Liu;Weidong Li","doi":"10.1109/TCC.2025.3621432","DOIUrl":"https://doi.org/10.1109/TCC.2025.3621432","url":null,"abstract":"We consider the edge-vehicle computing system (EVCS), where the combination of edge computing and vehicle computing takes respective advantages to provide various services. We address the problem of computation offloading in EVSC, where the computing tasks and the sensing tasks with limited budgets are offloaded to edge servers and vehicles. The resource-sharing model is proposed, where sensing resources of one vehicle are shared by multiple tasks. We consider the vehicle hierarchy, where vehicles with different equipment accuracy are classified into different hierarchies. A sensing task has different values and different demands for different hierarchies. A budget-feasible mechanism based on the clock auction is proposed. We show our proposed mechanism is strategy-proof and group strategy-proof, this drives the system into an equilibrium. In addition, the proposed mechanism achieves individual rationality, budget balance, and consumer sovereignty. The proposed mechanism consists of two algorithms that are based on the idea of dominant resource and iteration to improve resource utilization and reduce costs. Furthermore, the approximate ratios of the two allocation algorithms are analyzed. Experimental results demonstrate that the proposed mechanism achieves the near-optimal value and brings higher utility for participants.","PeriodicalId":13202,"journal":{"name":"IEEE Transactions on Cloud Computing","volume":"13 4","pages":"1458-1471"},"PeriodicalIF":5.0,"publicationDate":"2025-10-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145674861","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
As a crucial component of intelligent transportation systems, VANETs are essential for enhancing road safety and enabling efficient traffic management. To ensure secure communication, vehicles often use pseudonyms to protect their identity privacy. However, unconditional anonymity can hinder accountability, making it very necessary to provide conditional privacy protection for vehicles. The conditional privacy-preserving technology not only protects the identity privacy of legitimate vehicles, but also can trace the real identity of malicious vehicles. Some existing schemes lack conditional privacy protection or have large computation and communication costs, which makes them unsuitable for resource-constrained VANETs environments. Hence, we improve the current schnorr-based aggregate signature by eliminating bilinear pairing operations, optimizing the aggregation procedure for batch verification and propose a lightweight certificateless-based aggregate signature scheme (ECPP-CLAS) for VANETs. In our scheme, the aggregation enables multiple signatures to be compressed into an aggregated signature and verified simultaneously, thereby reducing communication consumption, trusted entity generates the pseudonym for the corresponding vehicle through special construction to meet the conditional privacy-preserving requirement. The security analysis and performance evaluation show that our proposed scheme can meet the expected security objectives and lightweight requirements.
{"title":"Lightweight Conditional Privacy-Preserving Scheme for VANET Communications","authors":"Xiaodong Shen;Jianchang Lai;Jinguang Han;Liquan Chen","doi":"10.1109/TCC.2025.3612092","DOIUrl":"https://doi.org/10.1109/TCC.2025.3612092","url":null,"abstract":"As a crucial component of intelligent transportation systems, VANETs are essential for enhancing road safety and enabling efficient traffic management. To ensure secure communication, vehicles often use pseudonyms to protect their identity privacy. However, unconditional anonymity can hinder accountability, making it very necessary to provide conditional privacy protection for vehicles. The conditional privacy-preserving technology not only protects the identity privacy of legitimate vehicles, but also can trace the real identity of malicious vehicles. Some existing schemes lack conditional privacy protection or have large computation and communication costs, which makes them unsuitable for resource-constrained VANETs environments. Hence, we improve the current schnorr-based aggregate signature by eliminating bilinear pairing operations, optimizing the aggregation procedure for batch verification and propose a lightweight certificateless-based aggregate signature scheme (ECPP-CLAS) for VANETs. In our scheme, the aggregation enables multiple signatures to be compressed into an aggregated signature and verified simultaneously, thereby reducing communication consumption, trusted entity generates the pseudonym for the corresponding vehicle through special construction to meet the conditional privacy-preserving requirement. The security analysis and performance evaluation show that our proposed scheme can meet the expected security objectives and lightweight requirements.","PeriodicalId":13202,"journal":{"name":"IEEE Transactions on Cloud Computing","volume":"13 4","pages":"1487-1497"},"PeriodicalIF":5.0,"publicationDate":"2025-09-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145674850","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-09-01DOI: 10.1109/TCC.2025.3604552
Keita Emura
As a variant of PEKS (Public key Encryption with Keyword Search), Zhang et al. (IEEE Transactions on Cloud Computing 2021) introduced a secure and efficient PEKS scheme called SEPSE, where servers issue a servers-derived keyword to a sender or a receiver. In this article, we show that information of keyword is revealed from trapdoor when an adversary is allowed to issue servers-derived keyword queries twice.
作为PEKS (Public key Encryption with Keyword Search)的一种变体,Zhang等人(IEEE Transactions on Cloud Computing 2021)引入了一种安全高效的PEKS方案,称为SEPSE,其中服务器向发送方或接收方发出服务器派生的关键字。在本文中,我们将展示当攻击者被允许两次发出服务器派生的关键字查询时,关键字信息将从陷阱门泄露。
{"title":"Comments on “Blockchain-Assisted Public-Key Encryption With Keyword Search Against Keyword Guessing Attacks for Cloud Storage”","authors":"Keita Emura","doi":"10.1109/TCC.2025.3604552","DOIUrl":"https://doi.org/10.1109/TCC.2025.3604552","url":null,"abstract":"As a variant of PEKS (Public key Encryption with Keyword Search), Zhang et al. (IEEE Transactions on Cloud Computing 2021) introduced a secure and efficient PEKS scheme called SEPSE, where servers issue a servers-derived keyword to a sender or a receiver. In this article, we show that information of keyword is revealed from trapdoor when an adversary is allowed to issue servers-derived keyword queries twice.","PeriodicalId":13202,"journal":{"name":"IEEE Transactions on Cloud Computing","volume":"13 4","pages":"1498-1499"},"PeriodicalIF":5.0,"publicationDate":"2025-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145674863","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The rapid development of cloud computing and increasing adoption of unstructured data impose higher requirements on cloud servers to deliver advanced query capabilities tailored for protected complex data. To provide outsourced graph privacy and support the shortest path query, a cornerstone of graph computing, various graph searchable encryption (GSE) schemes have been proposed. However, those GSE schemes are only for single-user setting and barely keep forward security, limiting data sharing and value extraction. Therefore, we propose a forward-secure GSE scheme for multi-user querying the exact shortest path. Specifically, our designed encryption structure seamlessly combines the randomizable distributed key-homomorphic pseudorandom function (RDPRF) for multi-user authentication and reduces database update. We then build a dual-server architecture with secure equality test protocol for query. To our knowledge, our GSE scheme is the first to guarantee forward security without a trusted proxy and support multi-user querying the exact shortest path. We formalize leakage functions and model the dynamic multi-user GSE scheme. Formal security proof is offered under reasonable leakage. Finally, we conduct experiments on ten real-world graph datasets with different scales and exemplify the feasibility of our scheme.
{"title":"Forward-Secure Multi-User Graph Searchable Encryption for Exact Shortest Path Queries","authors":"Weixiao Wang;Qing Fan;Chuan Zhang;Cong Zuo;Liehuang Zhu","doi":"10.1109/TCC.2025.3599412","DOIUrl":"https://doi.org/10.1109/TCC.2025.3599412","url":null,"abstract":"The rapid development of cloud computing and increasing adoption of unstructured data impose higher requirements on cloud servers to deliver advanced query capabilities tailored for protected complex data. To provide outsourced graph privacy and support the shortest path query, a cornerstone of graph computing, various graph searchable encryption (GSE) schemes have been proposed. However, those GSE schemes are only for single-user setting and barely keep forward security, limiting data sharing and value extraction. Therefore, we propose a forward-secure GSE scheme for multi-user querying the exact shortest path. Specifically, our designed encryption structure seamlessly combines the randomizable distributed key-homomorphic pseudorandom function (RDPRF) for multi-user authentication and reduces database update. We then build a dual-server architecture with secure equality test protocol for query. To our knowledge, our GSE scheme is the first to guarantee forward security without a trusted proxy and support multi-user querying the exact shortest path. We formalize leakage functions and model the dynamic multi-user GSE scheme. Formal security proof is offered under reasonable leakage. Finally, we conduct experiments on ten real-world graph datasets with different scales and exemplify the feasibility of our scheme.","PeriodicalId":13202,"journal":{"name":"IEEE Transactions on Cloud Computing","volume":"13 4","pages":"1446-1457"},"PeriodicalIF":5.0,"publicationDate":"2025-08-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145729333","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: