The multi-keyword sorted searchable encryption is a practical and secure data processing technique.However,most of the existing schemes require each data owner to calculate and store the Inverse Document Frequency(IDF...The multi-keyword sorted searchable encryption is a practical and secure data processing technique.However,most of the existing schemes require each data owner to calculate and store the Inverse Document Frequency(IDF)value,and then dynamically summarize them into a global IDF value.This not only hinders efficient sharing of massive data but also may cause privacy disclosure.Additionally,using a cloud server as storage and computing center can compromise file integrity and create a single point of failure.To address these challenges,our proposal leverages the complex interactive environment and massive data scenarios of the supply chain to introduce a fast and accurate multi-keyword search scheme based on blockchain technology.Specifically,encrypted files are first stored in an Interplanetary File System(IPFS),while secure indexes are stored in a blockchain to eliminate single points of failure.Moreover,we employ homomorphic encryption algorithms to design a blockchain-based index tree that enables dynamic adaptive calculation of IDF values,dynamic update of indexes,and multi-keyword sorting search capabilities.Notably,we have specifically designed a two-round sorting search mode called“Match Sort+Score Sort”for achieving fast and accurate searching performance.Furthermore,fair payment contracts have been implemented on the blockchain to incentivize data sharing activities.Through rigorous safety analysis and comprehensive performance evaluation tests,our scheme has been proven effective as well as practical.展开更多
With the continuous growth of exponential data in IoT,it is usually chosen to outsource data to the cloud server.However,cloud servers are usually provided by third parties,and there is a risk of privacy leakage.Encry...With the continuous growth of exponential data in IoT,it is usually chosen to outsource data to the cloud server.However,cloud servers are usually provided by third parties,and there is a risk of privacy leakage.Encrypting data can ensure its security,but at the same time,it loses the retrieval function of IoT data.Searchable Encryption(SE)can achieve direct retrieval based on ciphertext data.The traditional searchable encryption scheme has the problems of imperfect function,low retrieval efficiency,inaccurate retrieval results,and centralized cloud servers being vulnerable and untrustworthy.This paper proposes an Efficient searchable encryption scheme supporting fuzzy multi-keyword ranking search on the blockchain.The blockchain and IPFS are used to store the index and encrypted files in a distributed manner respectively.The tamper resistance of the distributed ledger ensures the authenticity of the data.The data retrieval work is performed by the smart contract to ensure the reliability of the data retrieval.The Local Sensitive Hash(LSH)function is combined with the Bloom Filter(BF)to realize the fuzzy multi-keyword retrieval function.In addition,to measure the correlation between keywords and files,a new weighted statistical algorithm combining RegionalWeight Score(RWS)and Term Frequency–Inverse Document Frequency(TF-IDF)is proposed to rank the search results.The balanced binary tree is introduced to establish the index structure,and the index binary tree traversal strategy suitable for this scheme is constructed to optimize the index structure and improve the retrieval efficiency.The experimental results show that the scheme is safe and effective in practical applications.展开更多
Data privacy leakage has always been a critical concern in cloud-based Internet of Things(IoT)systems.Dynamic Symmetric Searchable Encryption(DSSE)with forward and backward privacy aims to address this issue by enabli...Data privacy leakage has always been a critical concern in cloud-based Internet of Things(IoT)systems.Dynamic Symmetric Searchable Encryption(DSSE)with forward and backward privacy aims to address this issue by enabling updates and retrievals of ciphertext on untrusted cloud server while ensuring data privacy.However,previous research on DSSE mostly focused on single keyword search,which limits its practical application in cloud-based IoT systems.Recently,Patranabis(NDSS 2021)[1]proposed a groundbreaking DSSE scheme for conjunctive keyword search.However,this scheme fails to effectively handle deletion operations in certain circumstances,resulting in inaccurate query results.Additionally,the scheme introduces unnecessary search overhead.To overcome these problems,we present CKSE,an efficient conjunctive keyword DSSE scheme.Our scheme improves the oblivious shared computation protocol used in the scheme of Patranabis,thus enabling a more comprehensive deletion functionality.Furthermore,we introduce a state chain structure to reduce the search overhead.Through security analysis and experimental evaluation,we demonstrate that our CKSE achieves more comprehensive deletion functionality while maintaining comparable search performance and security,compared to the oblivious dynamic cross-tags protocol of Patranabis.The combination of comprehensive functionality,high efficiency,and security makes our CKSE an ideal choice for deployment in cloud-based IoT systems.展开更多
Traditional email systems can only achieve one-way communication,which means only the receiver is allowed to search for emails on the email server.In this paper,we propose a blockchain-based certificateless bidirectio...Traditional email systems can only achieve one-way communication,which means only the receiver is allowed to search for emails on the email server.In this paper,we propose a blockchain-based certificateless bidirectional authenticated searchable encryption model for a cloud email system named certificateless authenticated bidirectional searchable encryption(CL-BSE)by combining the storage function of cloud server with the communication function of email server.In the new model,not only can the data receiver search for the relevant content by generating its own trapdoor,but the data owner also can retrieve the content in the same way.Meanwhile,there are dual authentication functions in our model.First,during encryption,the data owner uses the private key to authenticate their identity,ensuring that only legal owner can generate the keyword ciphertext.Second,the blockchain verifies the data owner’s identity by the received ciphertext,allowing only authorized members to store their data in the server and avoiding unnecessary storage space consumption.We obtain a formal definition of CL-BSE and formulate a specific scheme from the new system model.Then the security of the scheme is analyzed based on the formalized security model.The results demonstrate that the scheme achieves multikeyword ciphertext indistinguishability andmulti-keyword trapdoor privacy against any adversary simultaneously.In addition,performance evaluation shows that the new scheme has higher computational and communication efficiency by comparing it with some existing ones.展开更多
The Internet of Medical Things(IoMT)is an application of the Internet of Things(IoT)in the medical field.It is a cutting-edge technique that connects medical sensors and their applications to healthcare systems,which ...The Internet of Medical Things(IoMT)is an application of the Internet of Things(IoT)in the medical field.It is a cutting-edge technique that connects medical sensors and their applications to healthcare systems,which is essential in smart healthcare.However,Personal Health Records(PHRs)are normally kept in public cloud servers controlled by IoMT service providers,so privacy and security incidents may be frequent.Fortunately,Searchable Encryption(SE),which can be used to execute queries on encrypted data,can address the issue above.Nevertheless,most existing SE schemes cannot solve the vector dominance threshold problem.In response to this,we present a SE scheme called Vector Dominance with Threshold Searchable Encryption(VDTSE)in this study.We use a Lagrangian polynomial technique and convert the vector dominance threshold problem into a constraint that the number of two equal-length vectors’corresponding bits excluding wildcards is not less than a threshold t.Then,we solve the problem using the proposed technique modified in Hidden Vector Encryption(HVE).This technique makes the trapdoor size linear to the number of attributes and thus much smaller than that of other similar SE schemes.A rigorous experimental analysis of a specific application for privacy-preserving diabetes demonstrates the feasibility of the proposed VDTSE scheme.展开更多
The concept of sharing of personal health data over cloud storage in a healthcare-cyber physical system has become popular in recent times as it improves access quality.The privacy of health data can only be preserved...The concept of sharing of personal health data over cloud storage in a healthcare-cyber physical system has become popular in recent times as it improves access quality.The privacy of health data can only be preserved by keeping it in an encrypted form,but it affects usability and flexibility in terms of effective search.Attribute-based searchable encryption(ABSE)has proven its worth by providing fine-grained searching capabilities in the shared cloud storage.However,it is not practical to apply this scheme to the devices with limited resources and storage capacity because a typical ABSE involves serious computations.In a healthcare cloud-based cyber-physical system(CCPS),the data is often collected by resource-constraint devices;therefore,here also,we cannot directly apply ABSE schemes.In the proposed work,the inherent computational cost of the ABSE scheme is managed by executing the computationally intensive tasks of a typical ABSE scheme on the blockchain network.Thus,it makes the proposed scheme suitable for online storage and retrieval of personal health data in a typical CCPS.With the assistance of blockchain technology,the proposed scheme offers two main benefits.First,it is free from a trusted authority,which makes it genuinely decentralized and free from a single point of failure.Second,it is computationally efficient because the computational load is now distributed among the consensus nodes in the blockchain network.Specifically,the task of initializing the system,which is considered the most computationally intensive,and the task of partial search token generation,which is considered as the most frequent operation,is now the responsibility of the consensus nodes.This eliminates the need of the trusted authority and reduces the burden of data users,respectively.Further,in comparison to existing decentralized fine-grained searchable encryption schemes,the proposed scheme has achieved a significant reduction in storage and computational cost for the secret key associated with users.It has been verified both theoretically and practically in the performance analysis section.展开更多
With the in-depth application of new technologies such as big data in education fields,the storage and sharing model of student education records data still faces many challenges in terms of privacy protection and eff...With the in-depth application of new technologies such as big data in education fields,the storage and sharing model of student education records data still faces many challenges in terms of privacy protection and efficient transmission.In this paper,we propose a data security storage and sharing scheme based on consortium blockchain,which is a credible search scheme without verification.In our scheme,the implementation of data security storage is using the blockchain and storage server together.In detail,the smart contract provides protection for data keywords,the storage server stores data after data masking,and the blockchain ensures the traceability of query transactions.The need for precise privacy data is achieved by constructing a dictionary.Cryptographic techniques such as AES and RSA are used for encrypted storage of data,keywords,and digital signatures.Security analysis and performance evaluation shows that the availability,high efficiency,and privacy-preserving can be achieved.Meanwhile,this scheme has better robustness compared to other educational records data sharing models.展开更多
To save the local storage,users store the data on the cloud server who offers convenient internet services.To guarantee the data privacy,users encrypt the data before uploading them into the cloud server.Since encrypt...To save the local storage,users store the data on the cloud server who offers convenient internet services.To guarantee the data privacy,users encrypt the data before uploading them into the cloud server.Since encryption can reduce the data availability,public-key encryption with keyword search(PEKS)is developed to achieve the retrieval of the encrypted data without decrypting them.However,most PEKS schemes cannot resist quantum computing attack,because the corresponding hardness assumptions are some number theory problems that can be solved efficiently under quantum computers.Besides,the traditional PEKS schemes have an inherent security issue that they cannot resist inside keywords guessing attack(KGA).In this attack,a malicious server can guess the keywords encapsulated in the search token by computing the ciphertext of keywords exhaustively and performing the test between the token and the ciphertext of keywords.In the paper,we propose a lattice-based PEKS scheme that can resist quantum computing attacks.To resist inside KGA,this scheme adopts a lattice-based signature technique into the encryption of keywords to prevent the malicious server from forging a valid ciphertext.Finally,some simulation experiments are conducted to demonstrate the performance of the proposed scheme and some comparison results are further shown with respect to other searchable schemes.展开更多
With the development of big data and cloud computing technology,more and more users choose to store data on cloud servers,which brings much convenience to their management and use of data,and also the risk of data lea...With the development of big data and cloud computing technology,more and more users choose to store data on cloud servers,which brings much convenience to their management and use of data,and also the risk of data leakage.A common method to prevent data leakage is to encrypt the data before uploading it,but the traditional encryption method is often not conducive to data sharing and querying.In this paper,a new kind of Attribute-Based Encryption(ABE)scheme,which is called the Sub-String Searchable ABE(SSS-ABE)scheme,is proposed for the sharing and querying of the encrypted data.In the SSS-ABE scheme,the data owner encrypts the data under an access structure,and only the data user who satisfies the access structure can query and decrypt it.The data user can make a substring query on the whole ciphertext without setting keywords in advance.In addition,the outsourcing method is also introduced to reduce the local computation of the decryption process so that the outsourcing SSS-ABE scheme can be applied to IoT devices.展开更多
Despite the benefits of EHRs (Electronic Health Records), there is a growing concern over the risks of privacy exposure associated with the technologies of EHR storing and transmission. To deal with this problem, a ti...Despite the benefits of EHRs (Electronic Health Records), there is a growing concern over the risks of privacy exposure associated with the technologies of EHR storing and transmission. To deal with this problem, a timeaware searchable encryption with designated server is proposed in this paper. It is based on Boneh's public key encryption with keyword search and Rivest's timed-release cryptology. Our construction has three features: the user cannot issue a keyword search query successfully unless the search falls into the specific time range;only the authorized user can generate a valid trapdoor;only the designated server can execute the search. Applying our scheme in a multi-user environment, the number of the keyword ciphertexts would not increase linearly with the number of the authorized users. The security and performance analysis shows that our proposed scheme is securer and more efficient than the existing similar schemes.展开更多
Efficient multi-keyword fuzzy search over encrypted data is a desirable technology for data outsourcing in cloud storage.However,the current searchable encryption solutions still have deficiencies in search efficiency...Efficient multi-keyword fuzzy search over encrypted data is a desirable technology for data outsourcing in cloud storage.However,the current searchable encryption solutions still have deficiencies in search efficiency,accuracy and multiple data owner support.In this paper,we propose an encrypted data searching scheme that can support multiple keywords fuzzy search with order preserving(PMS).First,a new spelling correction algorithm-(Possibility-Levenshtein based Spelling Correction)is proposed to correct user input errors,so that fuzzy keywords input can be supported.Second,Paillier encryption is introduced to calculate encrypted relevance score of multiple keywords for order preserving.Then,a queue-based query method is also applied in this scheme to break the linkability between the query keywords and search results and protect the access pattern.Our proposed scheme achieves fuzzy matching without expanding the index table or sacrificing computational efficiency.The theoretical analysis and experiment results show that our scheme is secure,accurate,error-tolerant and very efficient.展开更多
With the rapid development of wireless communication technology,the Internet of Things is playing an increasingly important role in our everyday.The amount of data generated by sensor devices is increasing as a large ...With the rapid development of wireless communication technology,the Internet of Things is playing an increasingly important role in our everyday.The amount of data generated by sensor devices is increasing as a large number of connectable devices are deployed in many fields,including the medical,agricultural,and industrial areas.Uploading data to the cloud solves the problem of data overhead but results in privacy issues.Therefore,the question of how to manage the privacy of uploading data and make it available to be interconnected between devices is a crucial issue.In this paper,we propose a scheme that supports real-time authentication with conjunctive keyword detection(RA-CKD),this scheme can realize the interconnection of encrypted data between devices while ensuring some measure of privacy for both encrypted data and detection tokens.Through authentication technology,connected devices can both authenticate each other’s identity and prevent malicious adversaries from interfering with device interconnection.Finally,we prove that our scheme can resist inside keyword guessing attack through rigorous security reduction.The experiment shows that the efficiency of RA-CKD is good enough to be practical.展开更多
Searchable encryption technology makes it convenient to search encrypted data with keywords for people.A data owner shared his data with other users on the cloud server.For security,it is necessary for him to build a ...Searchable encryption technology makes it convenient to search encrypted data with keywords for people.A data owner shared his data with other users on the cloud server.For security,it is necessary for him to build a fine-grained and flexible access control mechanism.The main idea of this paper is to let the owner classify his data and then authorizes others according to categories.The cloud server maintains a permission matrix,which will be used to verify whether a trapdoor is valid or not.In this way we can achieve access control and narrow the search range at the same time.We prove that our scheme can achieve index and trapdoor indistinguishability under chosen keywords attack security in the random oracles.展开更多
With the increasing popularity of cloud storage,data security on the cloud has become increasingly visible.Searchable encryption has the ability to realize the privacy protection and security of data in the cloud.Howe...With the increasing popularity of cloud storage,data security on the cloud has become increasingly visible.Searchable encryption has the ability to realize the privacy protection and security of data in the cloud.However,with the continuous development of quantum computing,the standard Public-key Encryption with Keyword Search(PEKS)scheme cannot resist quantumbased keyword guessing attacks.Further,the credibility of the server also poses a significant threat to the security of the retrieval process.This paper proposes a searchable encryption scheme based on lattice cryptography using blockchain to address the above problems.Firstly,we design a lattice-based encryption primitive to resist quantum keyword guessing attacks.Moreover,blockchain is to decentralize the cloud storage platform’s jurisdiction of data.It also ensures that the traceability of keyword retrieval process and maintains the credibility of search result,which malicious platforms are prevented as much as possible from deliberately sending wrong search results.Last but not least,through security analysis,our proposed scheme satisfies the credibility and unforgeability of the keyword ciphertext.The comprehensive performance evaluates that our scheme has certain advantages in terms of efficiency compared with others.展开更多
To solve the problem that the existing ciphertext domain image retrieval system is challenging to balance security,retrieval efficiency,and retrieval accuracy.This research suggests a searchable encryption and deep ha...To solve the problem that the existing ciphertext domain image retrieval system is challenging to balance security,retrieval efficiency,and retrieval accuracy.This research suggests a searchable encryption and deep hashing-based secure image retrieval technique that extracts more expressive image features and constructs a secure,searchable encryption scheme.First,a deep learning framework based on residual network and transfer learn-ing model is designed to extract more representative image deep features.Secondly,the central similarity is used to quantify and construct the deep hash sequence of features.The Paillier homomorphic encryption encrypts the deep hash sequence to build a high-security and low-complexity searchable index.Finally,according to the additive homomorphic property of Paillier homomorphic encryption,a similarity measurement method suitable for com-puting in the retrieval system’s security is ensured by the encrypted domain.The experimental results,which were obtained on Web Image Database from the National University of Singapore(NUS-WIDE),Microsoft Common Objects in Context(MS COCO),and ImageNet data sets,demonstrate the system’s robust security and precise retrieval,the proposed scheme can achieve efficient image retrieval without revealing user privacy.The retrieval accuracy is improved by at least 37%compared to traditional hashing schemes.At the same time,the retrieval time is saved by at least 9.7%compared to the latest deep hashing schemes.展开更多
Many enterprises and personals are inclining to outsource their data to public clouds, but security and privacy are two critical problems cannot be ignored. The door of cloud provider may be broken, and the data may a...Many enterprises and personals are inclining to outsource their data to public clouds, but security and privacy are two critical problems cannot be ignored. The door of cloud provider may be broken, and the data may also be dug into by providers to find valuable information. In this paper, a secure and efficient storage file (SES FS) system is proposed to distribute files in several clouds and allows users to search the files securely and efficiently. In the proposed system, keywords were transformed into integers and secretly shared in a defined finite field, then the shares were mapped to random numbers in specified random domain in each cloud. Files were encrypted with distinct secret key and scattered within different clouds. Information about keyword/file was secretly shared among cloud providers. Legal users can search in the clouds to find correct encrypted files and reconstruct corresponding secret key. No adversary can find or detect the real file information even they can collude all the servers. Manipulation on shares by one or more clouds can be detected with high probability. The system can also detect malicious servers through introduced virtual points. One interesting property for the scheme is that new keywords can be added easily, which is difficult and usually not efficient for many searchable symmetric encryption systems. Detailed experimental result shows, with tolerable uploading delay, the scheme exhibits excellent performance on data retrieving aspect.展开更多
Big data cloud platforms provide users with on-demand configurable computing,storage resources to users,thus involving a large amount of user data.However,most of the data is processed and stored in plaintext,resultin...Big data cloud platforms provide users with on-demand configurable computing,storage resources to users,thus involving a large amount of user data.However,most of the data is processed and stored in plaintext,resulting in data leakage.At the same time,simple encrypted storage ensures the confidentiality of the cloud data,but has the following problems:if the encrypted data is downloaded to the client and then decrypted,the search efficiency will be low.If the encrypted data is decrypted and searched on the server side,the security will be reduced.Data availability is finally reduced,and indiscriminate protection measures make the risk of data leakage uncontrollable.To solve the problems,based on searchable encryption and key derivation,a cipher search system is designed in this paper considering both data security and availability,and the use of a search encryption algorithm that supports dynamic update is listed.Moreover,the system structure has the advantage of adapting different searchable encryption algorithm.In particular,a user-centered key derivation mechanism is designed to realize file-level fine-grained encryption.Finally,extensive experiment and analysis show that the scheme greatly improves the data security of big data platform.展开更多
Searchable encryption(SE)enables data users to securely search encrypted data stored in untrusted cloud servers.However,most SE schemes allow for leakages of access and search patterns to maximize efficiency and funct...Searchable encryption(SE)enables data users to securely search encrypted data stored in untrusted cloud servers.However,most SE schemes allow for leakages of access and search patterns to maximize efficiency and functionality.Recent attacks have shown that adversaries can recover query keywords with prior knowledge of the database by exploiting these leakages.Unfortunately,the existing schemes that protect access and search patterns result in frequent communications and high computational costs.Furthermore,complex calculation processes also raise challenges for verifying search results.To address these concerns,we first design an efficient conjunctive SE scheme with search and access pattern privacy using private set intersection.In the proposed scheme,we utilize random numbers to obfuscate the values of polynomials and randomly divide the results into two parts,which simplifies the search process,improves search efficiency,and eliminates the need for time-consuming ciphertext multiplication operations.We also extend this scheme to support search result verifiability.Specifically,by embedding a random number as the root of the return polynomial,we achieve verifiability of search results.Furthermore,we prove the security of both schemes employing the simulation-based method.Finally,we implement the schemes in a real database and thorough performance analyses demonstrate their efficiency.展开更多
With the popularity of the media cloud computing industry,individuals and organizations outsource image computation and storage to the media cloud server to reduce the storage burden.Media images usually contain a lar...With the popularity of the media cloud computing industry,individuals and organizations outsource image computation and storage to the media cloud server to reduce the storage burden.Media images usually contain a large amount of private information.To prevent disclosure of privacy of the image owners,media images are encrypted before uploading to the server.However,this operation will greatly limit the utilization of the image for the user,such as content-based image retrieval.We propose an efficient similarity query algorithm with access control based on Bkd-tree in this paper,in which a searchable encryption scheme is designed for similarity image retrieval,and the encrypted image is used to extract image features by a pre-trained CNN model.The Bkd-tree is utilized to generate an index tree for the image features to speed up retrieval and make it faster than linear indexing.Finally,the security performances of the proposed scheme is analyzed and the performance of this scheme is evaluated by experiments.The results show that the security of the image content and image features can be ensured,and it has a shorter retrieval time and higher retrieval efficiency.展开更多
Data outsourcing has become an industry trend with the popularity of cloud computing.How to search data securely and efficiently has received unprecedented attention.Dynamic Searchable Symmetric Encryption(DSSE)is an ...Data outsourcing has become an industry trend with the popularity of cloud computing.How to search data securely and efficiently has received unprecedented attention.Dynamic Searchable Symmetric Encryption(DSSE)is an effective method to solve this problem,which supports file updates and keyword-based searches over encrypted data.Unfortunately,most existing DSSE schemes have privacy leakages during the addition and deletion phases,thus proposing the concepts of forward and backward privacy.At present,some secure DSSE schemes with forward and backward privacy have been proposed,but most of these DSSE schemes only achieve single-keyword query in the single-client setting,which seriously limits the application in practice.To solve this problem,we propose a multi-client and multikeyword searchable symmetric encryption scheme with forward and backward privacy(MMKFB).Our scheme focuses on the multi-keyword threshold queries in the multi-client setting,which is a new pattern of multi-keyword search realized with the help of additive homomorphism.And performance analysis and experiments demonstrate that our scheme is more practical for use in small and medium size databases.Especially when a large number of files are updated at once,our scheme has advantages over some existing DSSE schemes in terms of computational efficiency and client storage overhead.展开更多
文摘The multi-keyword sorted searchable encryption is a practical and secure data processing technique.However,most of the existing schemes require each data owner to calculate and store the Inverse Document Frequency(IDF)value,and then dynamically summarize them into a global IDF value.This not only hinders efficient sharing of massive data but also may cause privacy disclosure.Additionally,using a cloud server as storage and computing center can compromise file integrity and create a single point of failure.To address these challenges,our proposal leverages the complex interactive environment and massive data scenarios of the supply chain to introduce a fast and accurate multi-keyword search scheme based on blockchain technology.Specifically,encrypted files are first stored in an Interplanetary File System(IPFS),while secure indexes are stored in a blockchain to eliminate single points of failure.Moreover,we employ homomorphic encryption algorithms to design a blockchain-based index tree that enables dynamic adaptive calculation of IDF values,dynamic update of indexes,and multi-keyword sorting search capabilities.Notably,we have specifically designed a two-round sorting search mode called“Match Sort+Score Sort”for achieving fast and accurate searching performance.Furthermore,fair payment contracts have been implemented on the blockchain to incentivize data sharing activities.Through rigorous safety analysis and comprehensive performance evaluation tests,our scheme has been proven effective as well as practical.
基金funded by the Jilin Provincial Department of Education Scientific Research Project(Project No.JJKH20250872KJ).
文摘With the continuous growth of exponential data in IoT,it is usually chosen to outsource data to the cloud server.However,cloud servers are usually provided by third parties,and there is a risk of privacy leakage.Encrypting data can ensure its security,but at the same time,it loses the retrieval function of IoT data.Searchable Encryption(SE)can achieve direct retrieval based on ciphertext data.The traditional searchable encryption scheme has the problems of imperfect function,low retrieval efficiency,inaccurate retrieval results,and centralized cloud servers being vulnerable and untrustworthy.This paper proposes an Efficient searchable encryption scheme supporting fuzzy multi-keyword ranking search on the blockchain.The blockchain and IPFS are used to store the index and encrypted files in a distributed manner respectively.The tamper resistance of the distributed ledger ensures the authenticity of the data.The data retrieval work is performed by the smart contract to ensure the reliability of the data retrieval.The Local Sensitive Hash(LSH)function is combined with the Bloom Filter(BF)to realize the fuzzy multi-keyword retrieval function.In addition,to measure the correlation between keywords and files,a new weighted statistical algorithm combining RegionalWeight Score(RWS)and Term Frequency–Inverse Document Frequency(TF-IDF)is proposed to rank the search results.The balanced binary tree is introduced to establish the index structure,and the index binary tree traversal strategy suitable for this scheme is constructed to optimize the index structure and improve the retrieval efficiency.The experimental results show that the scheme is safe and effective in practical applications.
基金supported in part by the Major Science and Technology Projects in Yunnan Province(202202AD080013)King Khalid University for funding this work through Large Group Project under grant number RGP.2/373/45.
文摘Data privacy leakage has always been a critical concern in cloud-based Internet of Things(IoT)systems.Dynamic Symmetric Searchable Encryption(DSSE)with forward and backward privacy aims to address this issue by enabling updates and retrievals of ciphertext on untrusted cloud server while ensuring data privacy.However,previous research on DSSE mostly focused on single keyword search,which limits its practical application in cloud-based IoT systems.Recently,Patranabis(NDSS 2021)[1]proposed a groundbreaking DSSE scheme for conjunctive keyword search.However,this scheme fails to effectively handle deletion operations in certain circumstances,resulting in inaccurate query results.Additionally,the scheme introduces unnecessary search overhead.To overcome these problems,we present CKSE,an efficient conjunctive keyword DSSE scheme.Our scheme improves the oblivious shared computation protocol used in the scheme of Patranabis,thus enabling a more comprehensive deletion functionality.Furthermore,we introduce a state chain structure to reduce the search overhead.Through security analysis and experimental evaluation,we demonstrate that our CKSE achieves more comprehensive deletion functionality while maintaining comparable search performance and security,compared to the oblivious dynamic cross-tags protocol of Patranabis.The combination of comprehensive functionality,high efficiency,and security makes our CKSE an ideal choice for deployment in cloud-based IoT systems.
基金supported by the National Natural Science Foundation of China(Nos.62172337,62241207)Key Project of GansuNatural Science Foundation(No.23JRRA685).
文摘Traditional email systems can only achieve one-way communication,which means only the receiver is allowed to search for emails on the email server.In this paper,we propose a blockchain-based certificateless bidirectional authenticated searchable encryption model for a cloud email system named certificateless authenticated bidirectional searchable encryption(CL-BSE)by combining the storage function of cloud server with the communication function of email server.In the new model,not only can the data receiver search for the relevant content by generating its own trapdoor,but the data owner also can retrieve the content in the same way.Meanwhile,there are dual authentication functions in our model.First,during encryption,the data owner uses the private key to authenticate their identity,ensuring that only legal owner can generate the keyword ciphertext.Second,the blockchain verifies the data owner’s identity by the received ciphertext,allowing only authorized members to store their data in the server and avoiding unnecessary storage space consumption.We obtain a formal definition of CL-BSE and formulate a specific scheme from the new system model.Then the security of the scheme is analyzed based on the formalized security model.The results demonstrate that the scheme achieves multikeyword ciphertext indistinguishability andmulti-keyword trapdoor privacy against any adversary simultaneously.In addition,performance evaluation shows that the new scheme has higher computational and communication efficiency by comparing it with some existing ones.
基金supported in part by the National Natural Science Foundation of China under Grant Nos.61872289 and 62172266in part by the Henan Key Laboratory of Network Cryptography Technology LNCT2020-A07the Guangxi Key Laboratory of Trusted Software under Grant No.KX202308.
文摘The Internet of Medical Things(IoMT)is an application of the Internet of Things(IoT)in the medical field.It is a cutting-edge technique that connects medical sensors and their applications to healthcare systems,which is essential in smart healthcare.However,Personal Health Records(PHRs)are normally kept in public cloud servers controlled by IoMT service providers,so privacy and security incidents may be frequent.Fortunately,Searchable Encryption(SE),which can be used to execute queries on encrypted data,can address the issue above.Nevertheless,most existing SE schemes cannot solve the vector dominance threshold problem.In response to this,we present a SE scheme called Vector Dominance with Threshold Searchable Encryption(VDTSE)in this study.We use a Lagrangian polynomial technique and convert the vector dominance threshold problem into a constraint that the number of two equal-length vectors’corresponding bits excluding wildcards is not less than a threshold t.Then,we solve the problem using the proposed technique modified in Hidden Vector Encryption(HVE).This technique makes the trapdoor size linear to the number of attributes and thus much smaller than that of other similar SE schemes.A rigorous experimental analysis of a specific application for privacy-preserving diabetes demonstrates the feasibility of the proposed VDTSE scheme.
文摘The concept of sharing of personal health data over cloud storage in a healthcare-cyber physical system has become popular in recent times as it improves access quality.The privacy of health data can only be preserved by keeping it in an encrypted form,but it affects usability and flexibility in terms of effective search.Attribute-based searchable encryption(ABSE)has proven its worth by providing fine-grained searching capabilities in the shared cloud storage.However,it is not practical to apply this scheme to the devices with limited resources and storage capacity because a typical ABSE involves serious computations.In a healthcare cloud-based cyber-physical system(CCPS),the data is often collected by resource-constraint devices;therefore,here also,we cannot directly apply ABSE schemes.In the proposed work,the inherent computational cost of the ABSE scheme is managed by executing the computationally intensive tasks of a typical ABSE scheme on the blockchain network.Thus,it makes the proposed scheme suitable for online storage and retrieval of personal health data in a typical CCPS.With the assistance of blockchain technology,the proposed scheme offers two main benefits.First,it is free from a trusted authority,which makes it genuinely decentralized and free from a single point of failure.Second,it is computationally efficient because the computational load is now distributed among the consensus nodes in the blockchain network.Specifically,the task of initializing the system,which is considered the most computationally intensive,and the task of partial search token generation,which is considered as the most frequent operation,is now the responsibility of the consensus nodes.This eliminates the need of the trusted authority and reduces the burden of data users,respectively.Further,in comparison to existing decentralized fine-grained searchable encryption schemes,the proposed scheme has achieved a significant reduction in storage and computational cost for the secret key associated with users.It has been verified both theoretically and practically in the performance analysis section.
基金The research work was supported by the National Key Research and Development Plan in China(Grant No.2020YFB1005500)Key Project Plan of Blockchain in Ministry of Education of the People’s Republic of China(Grant No.2020KJ010802)Natural Science Foundation of Beijing Municipality(Grant No.M21034).
文摘With the in-depth application of new technologies such as big data in education fields,the storage and sharing model of student education records data still faces many challenges in terms of privacy protection and efficient transmission.In this paper,we propose a data security storage and sharing scheme based on consortium blockchain,which is a credible search scheme without verification.In our scheme,the implementation of data security storage is using the blockchain and storage server together.In detail,the smart contract provides protection for data keywords,the storage server stores data after data masking,and the blockchain ensures the traceability of query transactions.The need for precise privacy data is achieved by constructing a dictionary.Cryptographic techniques such as AES and RSA are used for encrypted storage of data,keywords,and digital signatures.Security analysis and performance evaluation shows that the availability,high efficiency,and privacy-preserving can be achieved.Meanwhile,this scheme has better robustness compared to other educational records data sharing models.
基金The authors would like to thank the support from Fundamental Research Funds for the Central Universities(No.30918012204)The authors also gratefully acknowledge the helpful comments and suggestions of other researchers,which has improved the presentation.
文摘To save the local storage,users store the data on the cloud server who offers convenient internet services.To guarantee the data privacy,users encrypt the data before uploading them into the cloud server.Since encryption can reduce the data availability,public-key encryption with keyword search(PEKS)is developed to achieve the retrieval of the encrypted data without decrypting them.However,most PEKS schemes cannot resist quantum computing attack,because the corresponding hardness assumptions are some number theory problems that can be solved efficiently under quantum computers.Besides,the traditional PEKS schemes have an inherent security issue that they cannot resist inside keywords guessing attack(KGA).In this attack,a malicious server can guess the keywords encapsulated in the search token by computing the ciphertext of keywords exhaustively and performing the test between the token and the ciphertext of keywords.In the paper,we propose a lattice-based PEKS scheme that can resist quantum computing attacks.To resist inside KGA,this scheme adopts a lattice-based signature technique into the encryption of keywords to prevent the malicious server from forging a valid ciphertext.Finally,some simulation experiments are conducted to demonstrate the performance of the proposed scheme and some comparison results are further shown with respect to other searchable schemes.
基金This work is supported by the National Natural Science Foundation of China(No.62071280,No.61602287)the Major Scientific and Technological Innovation Project of Shandong Province(No.2020CXGC010115)the Guangxi Key Laboratory of Cryptography and Information Security(GCIS201901).
文摘With the development of big data and cloud computing technology,more and more users choose to store data on cloud servers,which brings much convenience to their management and use of data,and also the risk of data leakage.A common method to prevent data leakage is to encrypt the data before uploading it,but the traditional encryption method is often not conducive to data sharing and querying.In this paper,a new kind of Attribute-Based Encryption(ABE)scheme,which is called the Sub-String Searchable ABE(SSS-ABE)scheme,is proposed for the sharing and querying of the encrypted data.In the SSS-ABE scheme,the data owner encrypts the data under an access structure,and only the data user who satisfies the access structure can query and decrypt it.The data user can make a substring query on the whole ciphertext without setting keywords in advance.In addition,the outsourcing method is also introduced to reduce the local computation of the decryption process so that the outsourcing SSS-ABE scheme can be applied to IoT devices.
基金This study was jointly supported by the National Natural Science Foundation of China (No. 61702067, No. 61472464)the Natural Science Foundation of Shangdong Province, China (No. ZR2015FL024).
文摘Despite the benefits of EHRs (Electronic Health Records), there is a growing concern over the risks of privacy exposure associated with the technologies of EHR storing and transmission. To deal with this problem, a timeaware searchable encryption with designated server is proposed in this paper. It is based on Boneh's public key encryption with keyword search and Rivest's timed-release cryptology. Our construction has three features: the user cannot issue a keyword search query successfully unless the search falls into the specific time range;only the authorized user can generate a valid trapdoor;only the designated server can execute the search. Applying our scheme in a multi-user environment, the number of the keyword ciphertexts would not increase linearly with the number of the authorized users. The security and performance analysis shows that our proposed scheme is securer and more efficient than the existing similar schemes.
基金This work is supported by the National Natural Science Foundation of China under Grant 61402160 and 61872134Hunan Provincial Natural Science Foundation under Grant 2016JJ3043Open Funding for Universities in Hunan Province under grant 14K023.
文摘Efficient multi-keyword fuzzy search over encrypted data is a desirable technology for data outsourcing in cloud storage.However,the current searchable encryption solutions still have deficiencies in search efficiency,accuracy and multiple data owner support.In this paper,we propose an encrypted data searching scheme that can support multiple keywords fuzzy search with order preserving(PMS).First,a new spelling correction algorithm-(Possibility-Levenshtein based Spelling Correction)is proposed to correct user input errors,so that fuzzy keywords input can be supported.Second,Paillier encryption is introduced to calculate encrypted relevance score of multiple keywords for order preserving.Then,a queue-based query method is also applied in this scheme to break the linkability between the query keywords and search results and protect the access pattern.Our proposed scheme achieves fuzzy matching without expanding the index table or sacrificing computational efficiency.The theoretical analysis and experiment results show that our scheme is secure,accurate,error-tolerant and very efficient.
基金This work is supported by the National Natural Science Foundation of China(No.62072240)the National Key Research and Development Program of China(No.2020YFB1804604).
文摘With the rapid development of wireless communication technology,the Internet of Things is playing an increasingly important role in our everyday.The amount of data generated by sensor devices is increasing as a large number of connectable devices are deployed in many fields,including the medical,agricultural,and industrial areas.Uploading data to the cloud solves the problem of data overhead but results in privacy issues.Therefore,the question of how to manage the privacy of uploading data and make it available to be interconnected between devices is a crucial issue.In this paper,we propose a scheme that supports real-time authentication with conjunctive keyword detection(RA-CKD),this scheme can realize the interconnection of encrypted data between devices while ensuring some measure of privacy for both encrypted data and detection tokens.Through authentication technology,connected devices can both authenticate each other’s identity and prevent malicious adversaries from interfering with device interconnection.Finally,we prove that our scheme can resist inside keyword guessing attack through rigorous security reduction.The experiment shows that the efficiency of RA-CKD is good enough to be practical.
基金This work is partially supported by the Fundamental Research Funds for the Central Universities(No.30918012204)。
文摘Searchable encryption technology makes it convenient to search encrypted data with keywords for people.A data owner shared his data with other users on the cloud server.For security,it is necessary for him to build a fine-grained and flexible access control mechanism.The main idea of this paper is to let the owner classify his data and then authorizes others according to categories.The cloud server maintains a permission matrix,which will be used to verify whether a trapdoor is valid or not.In this way we can achieve access control and narrow the search range at the same time.We prove that our scheme can achieve index and trapdoor indistinguishability under chosen keywords attack security in the random oracles.
基金This work was supported by the Open Fund of Advanced Cryptography and System Security Key Laboratory of Sichuan Province(Grant No.SKLACSS-202101)NSFC(Grant Nos.62176273,61962009,U1936216)+3 种基金the Foundation of Guizhou Provincial Key Laboratory of Public Big Data(No.2019BDKFJJ010,2019BDKFJJ014)the Fundamental Research Funds for Beijing Municipal Commission of Education,Beijing Urban Governance Research Base of North China University of Technology,the Natural Science Foundation of Inner Mongolia(2021MS06006)Baotou Kundulun District Science and technology plan project(YF2020013)Inner Mongolia discipline inspection and supervision big data laboratory open project fund(IMDBD2020020).
文摘With the increasing popularity of cloud storage,data security on the cloud has become increasingly visible.Searchable encryption has the ability to realize the privacy protection and security of data in the cloud.However,with the continuous development of quantum computing,the standard Public-key Encryption with Keyword Search(PEKS)scheme cannot resist quantumbased keyword guessing attacks.Further,the credibility of the server also poses a significant threat to the security of the retrieval process.This paper proposes a searchable encryption scheme based on lattice cryptography using blockchain to address the above problems.Firstly,we design a lattice-based encryption primitive to resist quantum keyword guessing attacks.Moreover,blockchain is to decentralize the cloud storage platform’s jurisdiction of data.It also ensures that the traceability of keyword retrieval process and maintains the credibility of search result,which malicious platforms are prevented as much as possible from deliberately sending wrong search results.Last but not least,through security analysis,our proposed scheme satisfies the credibility and unforgeability of the keyword ciphertext.The comprehensive performance evaluates that our scheme has certain advantages in terms of efficiency compared with others.
基金supported by the National Natural Science Foundation of China(No.61862041).
文摘To solve the problem that the existing ciphertext domain image retrieval system is challenging to balance security,retrieval efficiency,and retrieval accuracy.This research suggests a searchable encryption and deep hashing-based secure image retrieval technique that extracts more expressive image features and constructs a secure,searchable encryption scheme.First,a deep learning framework based on residual network and transfer learn-ing model is designed to extract more representative image deep features.Secondly,the central similarity is used to quantify and construct the deep hash sequence of features.The Paillier homomorphic encryption encrypts the deep hash sequence to build a high-security and low-complexity searchable index.Finally,according to the additive homomorphic property of Paillier homomorphic encryption,a similarity measurement method suitable for com-puting in the retrieval system’s security is ensured by the encrypted domain.The experimental results,which were obtained on Web Image Database from the National University of Singapore(NUS-WIDE),Microsoft Common Objects in Context(MS COCO),and ImageNet data sets,demonstrate the system’s robust security and precise retrieval,the proposed scheme can achieve efficient image retrieval without revealing user privacy.The retrieval accuracy is improved by at least 37%compared to traditional hashing schemes.At the same time,the retrieval time is saved by at least 9.7%compared to the latest deep hashing schemes.
基金Demonstration on the Construction of Guangdong Survey and Geomatics Industry Technology Innovation Alliance (2017B090907030)The Demonstration of Big Data Application for Land Resource Management and Service (2015B010110006)+3 种基金Qiong Huang is supported by Guangdong Natural Science Funds for Distinguished Young Scholar (No. 2014A030306021)Guangdong Program for Special Support of Top-notch Young Professionals (No. 2015TQ01X796)Pearl River Nova Program of Guangzhou (No. 201610010037)and the National Natural Science Foundation of China (Nos. 61472146, 61672242).
文摘Many enterprises and personals are inclining to outsource their data to public clouds, but security and privacy are two critical problems cannot be ignored. The door of cloud provider may be broken, and the data may also be dug into by providers to find valuable information. In this paper, a secure and efficient storage file (SES FS) system is proposed to distribute files in several clouds and allows users to search the files securely and efficiently. In the proposed system, keywords were transformed into integers and secretly shared in a defined finite field, then the shares were mapped to random numbers in specified random domain in each cloud. Files were encrypted with distinct secret key and scattered within different clouds. Information about keyword/file was secretly shared among cloud providers. Legal users can search in the clouds to find correct encrypted files and reconstruct corresponding secret key. No adversary can find or detect the real file information even they can collude all the servers. Manipulation on shares by one or more clouds can be detected with high probability. The system can also detect malicious servers through introduced virtual points. One interesting property for the scheme is that new keywords can be added easily, which is difficult and usually not efficient for many searchable symmetric encryption systems. Detailed experimental result shows, with tolerable uploading delay, the scheme exhibits excellent performance on data retrieving aspect.
基金the Sichuan Science and Technology Program(2021JDRC0077)the Sichuan Province’s Key Research and Development Plan.“Distributed Secure StorageTechnology for Massive Sensitive Data”Project(2020YFG0298)Applied Basic Research Project of Sichuan Province(No.2018JY0370).
文摘Big data cloud platforms provide users with on-demand configurable computing,storage resources to users,thus involving a large amount of user data.However,most of the data is processed and stored in plaintext,resulting in data leakage.At the same time,simple encrypted storage ensures the confidentiality of the cloud data,but has the following problems:if the encrypted data is downloaded to the client and then decrypted,the search efficiency will be low.If the encrypted data is decrypted and searched on the server side,the security will be reduced.Data availability is finally reduced,and indiscriminate protection measures make the risk of data leakage uncontrollable.To solve the problems,based on searchable encryption and key derivation,a cipher search system is designed in this paper considering both data security and availability,and the use of a search encryption algorithm that supports dynamic update is listed.Moreover,the system structure has the advantage of adapting different searchable encryption algorithm.In particular,a user-centered key derivation mechanism is designed to realize file-level fine-grained encryption.Finally,extensive experiment and analysis show that the scheme greatly improves the data security of big data platform.
基金supported by the National Key Research and Development Program of China under Grant No.2022YFB4501500 and No.2022YFB4501503the National Natural Science Foundation of China(62072369)+3 种基金The Youth Innovation Team of Shaanxi Universities(23JP160)the Shaanxi Special Support Program Youth Top-notch Talent Programthe Technology Innovation Leading Program of Shaanxi(2023-YD-CGZH-31)the China Postdoctoral Science Foundation under Grant Number 2024T170080
文摘Searchable encryption(SE)enables data users to securely search encrypted data stored in untrusted cloud servers.However,most SE schemes allow for leakages of access and search patterns to maximize efficiency and functionality.Recent attacks have shown that adversaries can recover query keywords with prior knowledge of the database by exploiting these leakages.Unfortunately,the existing schemes that protect access and search patterns result in frequent communications and high computational costs.Furthermore,complex calculation processes also raise challenges for verifying search results.To address these concerns,we first design an efficient conjunctive SE scheme with search and access pattern privacy using private set intersection.In the proposed scheme,we utilize random numbers to obfuscate the values of polynomials and randomly divide the results into two parts,which simplifies the search process,improves search efficiency,and eliminates the need for time-consuming ciphertext multiplication operations.We also extend this scheme to support search result verifiability.Specifically,by embedding a random number as the root of the return polynomial,we achieve verifiability of search results.Furthermore,we prove the security of both schemes employing the simulation-based method.Finally,we implement the schemes in a real database and thorough performance analyses demonstrate their efficiency.
基金supported by the National Key R&D Program of China(Grant No.2021YFB3100400)the State Key Laboratory of Information Security(Grant No.2022-MS-02).
文摘With the popularity of the media cloud computing industry,individuals and organizations outsource image computation and storage to the media cloud server to reduce the storage burden.Media images usually contain a large amount of private information.To prevent disclosure of privacy of the image owners,media images are encrypted before uploading to the server.However,this operation will greatly limit the utilization of the image for the user,such as content-based image retrieval.We propose an efficient similarity query algorithm with access control based on Bkd-tree in this paper,in which a searchable encryption scheme is designed for similarity image retrieval,and the encrypted image is used to extract image features by a pre-trained CNN model.The Bkd-tree is utilized to generate an index tree for the image features to speed up retrieval and make it faster than linear indexing.Finally,the security performances of the proposed scheme is analyzed and the performance of this scheme is evaluated by experiments.The results show that the security of the image content and image features can be ensured,and it has a shorter retrieval time and higher retrieval efficiency.
基金supports in part by the National Key R&D Program of China(No.2020YFA0712300)in part by the National Natural Science Foundation of China(Grant Nos.62132005 and 62172162).
文摘Data outsourcing has become an industry trend with the popularity of cloud computing.How to search data securely and efficiently has received unprecedented attention.Dynamic Searchable Symmetric Encryption(DSSE)is an effective method to solve this problem,which supports file updates and keyword-based searches over encrypted data.Unfortunately,most existing DSSE schemes have privacy leakages during the addition and deletion phases,thus proposing the concepts of forward and backward privacy.At present,some secure DSSE schemes with forward and backward privacy have been proposed,but most of these DSSE schemes only achieve single-keyword query in the single-client setting,which seriously limits the application in practice.To solve this problem,we propose a multi-client and multikeyword searchable symmetric encryption scheme with forward and backward privacy(MMKFB).Our scheme focuses on the multi-keyword threshold queries in the multi-client setting,which is a new pattern of multi-keyword search realized with the help of additive homomorphism.And performance analysis and experiments demonstrate that our scheme is more practical for use in small and medium size databases.Especially when a large number of files are updated at once,our scheme has advantages over some existing DSSE schemes in terms of computational efficiency and client storage overhead.
