You are on page 1of 3




Data deduplication is a technique for eliminating redundant copies of data, and has
been widely used in cloud storage to reduce storage space and upload bandwidth. However,
there is only one copy for each file stored in cloud even if such a file is owned by a huge
number of users. Furthermore, the challenge of privacy for sensitive data also arises when
they are outsourced by users to cloud. Aiming to address the above security challenges, this
project makes the first attempt to formalize the notion of distributed reliable deduplication
system. It proposed new distributed deduplication systems with higher reliability in which the
data chunks are distributed across multiple cloud servers. The security requirements of data
confidentiality and tag consistency are also achieved by introducing a deterministic secret
sharing scheme in distributed storage systems, instead of using convergent encryption as in
previous deduplication systems.



Personal health record (PHR) is an emerging patient-centric model of health

information exchange, which is often outsourced to be stored at a third party, such as cloud
providers. However, there have been wide privacy concerns as personal health information
could be exposed to those third party servers and to unauthorized parties. To assure the
patients’ control over access to their own PHRs, it is a promising method to encrypt the PHRs
before outsourcing. Yet, issues such as risks of privacy exposure, scalability in key
management, flexible access and efficient user revocation, have remained the most important
challenges toward achieving fine-grained, cryptographically enforced data access control. In
this paper, we propose a novel patient-centric framework and a suite of mechanisms for data
access control to PHRs stored in semi-trusted servers. To achieve fine-grained and scalable
data access control for PHRs, we leverage attribute based encryption (ABE) techniques to
encrypt each patient’s PHR file. Different from previous works in secure data outsourcing,
we focus on the multiple data owner scenario, and divide the users in the PHR system into
multiple security domains that greatly reduces the key management complexity for owners
and users. A high degree of patient privacy is guaranteed simultaneously by exploiting multi-
authority ABE. Our scheme also enables dynamic modification of access policies or file
attributes, supports efficient on-demand user/attribute revocation and break-glass access
under emergency scenarios. Extensive analytical and experimental results are presented
which show the security, scalability and efficiency of our proposed scheme.


Ranking fraud in the mobile App market refers to fraudulent or deceptive activities
which have a purpose of bumping up the Apps in the popularity list. Indeed, it becomes more
and more frequent for App developers to use shady means, such as inflating their Apps’ sales
or posting phony App ratings, to commit ranking fraud. While the importance of preventing
ranking fraud has been widely recognized, there is limited understanding and research in this
area. To this end, in this paper, we provide a holistic view of ranking fraud and propose a
ranking fraud detection system for mobile Apps. Specifically, we first propose to accurately
locate the ranking fraud by mining the active periods, namely leading sessions, of mobile
Apps. Such leading sessions can be leveraged for detecting the local anomaly instead of
global anomaly of App rankings. Furthermore, we investigate three types of evidences, i.e.,
ranking based evidences, rating based evidences and review based evidences, by modelling
Apps’ ranking, rating and review behaviours through statistical hypotheses tests. In addition,
we propose an optimization based aggregation method to integrate all the evidences for fraud
detection. Finally, we evaluate the proposed system with real-world App data collected from
the iOS App Store for a long time period. In the experiments, we validate the effectiveness of
the proposed system, and show the scalability of the detection algorithm as well as some
regularity of ranking fraud activities.