Preserving user query privacy in cloud-based security services

Yen Chung Chen*, Yu-Sung Wu, Wen-Guey Tzeng

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

2 Scopus citations


Cloud-based security services become popular in protection against security attacks for resourceconstrained end-user devices. With abundant hardware at the cloud and strong support by security professionals, cloud-based security services can provide better protection than traditional security monitoring agents. However, security services usually involve the inspection of private system states or user behavior, which should not be disclosed to an untrusted entity, such as a cloud service provider. Maintaining end-user privacy and allowing security services to work on the cloud seem contradictory. In this paper, we present a framework for building privacy-preserving cloud-based security services. The framework consists of an architecture for building cloud-based security services and a technique, called private signature filtering, to preserve end-user privacy. The framework supports security monitoring signatures whose correspondence with end-user device queries can be established through conjunction of keywords and numeric value ranges. The framework also allows a trusted middle layer to do a part of the security monitoring computation for the end-user device to reduce the computation overhead on the end-user device. We implement two prototype systems for the cloud-based network intrusion service and the cloudbased malicious URL detection service, to verify effectiveness of our design. The experimental results show that the framework can indeed ensure end-user privacy with acceptable performance overhead in a practical cloud-based security service setting.

Original languageEnglish
Pages (from-to)997-1024
Number of pages28
JournalJournal of Computer Security
Issue number6
StatePublished - 1 Jan 2014


  • Cloud computing
  • Mobile device
  • Privacy-preserving
  • Private signature filtering

Fingerprint Dive into the research topics of 'Preserving user query privacy in cloud-based security services'. Together they form a unique fingerprint.

Cite this