Cloud storage and edge computing are utilized to address the storage and computational challenges arising from the exponential data growth in IoT.However,data privacy is potentially risky when data is outsourced to cl...Cloud storage and edge computing are utilized to address the storage and computational challenges arising from the exponential data growth in IoT.However,data privacy is potentially risky when data is outsourced to cloud servers or edge services.While data encryption ensures data confidentiality,it can impede data sharing and retrieval.Attribute-based searchable encryption(ABSE)is proposed as an effective technique for enhancing data security and privacy.Nevertheless,ABSE has its limitations,such as single attribute authorization failure,privacy leakage during the search process,and high decryption overhead.This paper presents a novel approach called the blockchain-assisted efficientmulti-authority attribute-based searchable encryption scheme(BEM-ABSE)for cloudedge collaboration scenarios to address these issues.BEM-ABSE leverages a consortium blockchain to replace the central authentication center for global public parameter management.It incorporates smart contracts to facilitate reliable and fair ciphertext keyword search and decryption result verification.To minimize the computing burden on resource-constrained devices,BEM-ABSE adopts an online/offline hybrid mechanism during the encryption process and a verifiable edge-assisted decryption mechanism.This ensures both low computation cost and reliable ciphertext.Security analysis conducted under the random oracle model demonstrates that BEM-ABSE is resistant to indistinguishable chosen keyword attacks(IND-CKA)and indistinguishable chosen plaintext attacks(INDCPA).Theoretical analysis and simulation results confirm that BEM-ABSE significantly improves computational efficiency compared to existing solutions.展开更多
A basic procedure for transforming readable data into encoded forms is encryption, which ensures security when the right decryption keys are used. Hadoop is susceptible to possible cyber-attacks because it lacks built...A basic procedure for transforming readable data into encoded forms is encryption, which ensures security when the right decryption keys are used. Hadoop is susceptible to possible cyber-attacks because it lacks built-in security measures, even though it can effectively handle and store enormous datasets using the Hadoop Distributed File System (HDFS). The increasing number of data breaches emphasizes how urgently creative encryption techniques are needed in cloud-based big data settings. This paper presents Adaptive Attribute-Based Honey Encryption (AABHE), a state-of-the-art technique that combines honey encryption with Ciphertext-Policy Attribute-Based Encryption (CP-ABE) to provide improved data security. Even if intercepted, AABHE makes sure that sensitive data cannot be accessed by unauthorized parties. With a focus on protecting huge files in HDFS, the suggested approach achieves 98% security robustness and 95% encryption efficiency, outperforming other encryption methods including Ciphertext-Policy Attribute-Based Encryption (CP-ABE), Key-Policy Attribute-Based Encryption (KB-ABE), and Advanced Encryption Standard combined with Attribute-Based Encryption (AES+ABE). By fixing Hadoop’s security flaws, AABHE fortifies its protections against data breaches and enhances Hadoop’s dependability as a platform for processing and storing massive amounts of data.展开更多
With the continuous growth of exponential data in IoT,it is usually chosen to outsource data to the cloud server.However,cloud servers are usually provided by third parties,and there is a risk of privacy leakage.Encry...With the continuous growth of exponential data in IoT,it is usually chosen to outsource data to the cloud server.However,cloud servers are usually provided by third parties,and there is a risk of privacy leakage.Encrypting data can ensure its security,but at the same time,it loses the retrieval function of IoT data.Searchable Encryption(SE)can achieve direct retrieval based on ciphertext data.The traditional searchable encryption scheme has the problems of imperfect function,low retrieval efficiency,inaccurate retrieval results,and centralized cloud servers being vulnerable and untrustworthy.This paper proposes an Efficient searchable encryption scheme supporting fuzzy multi-keyword ranking search on the blockchain.The blockchain and IPFS are used to store the index and encrypted files in a distributed manner respectively.The tamper resistance of the distributed ledger ensures the authenticity of the data.The data retrieval work is performed by the smart contract to ensure the reliability of the data retrieval.The Local Sensitive Hash(LSH)function is combined with the Bloom Filter(BF)to realize the fuzzy multi-keyword retrieval function.In addition,to measure the correlation between keywords and files,a new weighted statistical algorithm combining RegionalWeight Score(RWS)and Term Frequency–Inverse Document Frequency(TF-IDF)is proposed to rank the search results.The balanced binary tree is introduced to establish the index structure,and the index binary tree traversal strategy suitable for this scheme is constructed to optimize the index structure and improve the retrieval efficiency.The experimental results show that the scheme is safe and effective in practical applications.展开更多
Attribute-based encryption(ABE)is a cryptographic framework that provides flexible access control by allowing encryption based on user attributes.ABE is widely applied in cloud storage,file sharing,e-Health,and digita...Attribute-based encryption(ABE)is a cryptographic framework that provides flexible access control by allowing encryption based on user attributes.ABE is widely applied in cloud storage,file sharing,e-Health,and digital rightsmanagement.ABE schemes rely on hard cryptographic assumptions such as pairings and others(pairingfree)to ensure their security against external and internal attacks.Internal attacks are carried out by authorized users who misuse their access to compromise security with potentially malicious intent.One common internal attack is the attribute collusion attack,in which users with different attribute keys collaborate to decrypt data they could not individually access.This paper focuses on the ciphertext-policy ABE(CP-ABE),a type of ABE where ciphertexts are produced with access policies.Our firstwork is to carry out the attribute collusion attack against several existing pairingfree CP-ABE schemes.As a main contribution,we introduce a novel attack,termed the anonymous key-leakage attack,concerning the context in which users could anonymously publish their secret keys associated with certain attributes on public platforms without the risk of detection.This kind of internal attack has not been defined or investigated in the literature.We then show that several prominent pairing-based CP-ABE schemes are vulnerable to this attack.We believe that this work will contribute to helping the community evaluate suitable CP-ABE schemes for secure deployment in real-life applications.展开更多
Data privacy leakage has always been a critical concern in cloud-based Internet of Things(IoT)systems.Dynamic Symmetric Searchable Encryption(DSSE)with forward and backward privacy aims to address this issue by enabli...Data privacy leakage has always been a critical concern in cloud-based Internet of Things(IoT)systems.Dynamic Symmetric Searchable Encryption(DSSE)with forward and backward privacy aims to address this issue by enabling updates and retrievals of ciphertext on untrusted cloud server while ensuring data privacy.However,previous research on DSSE mostly focused on single keyword search,which limits its practical application in cloud-based IoT systems.Recently,Patranabis(NDSS 2021)[1]proposed a groundbreaking DSSE scheme for conjunctive keyword search.However,this scheme fails to effectively handle deletion operations in certain circumstances,resulting in inaccurate query results.Additionally,the scheme introduces unnecessary search overhead.To overcome these problems,we present CKSE,an efficient conjunctive keyword DSSE scheme.Our scheme improves the oblivious shared computation protocol used in the scheme of Patranabis,thus enabling a more comprehensive deletion functionality.Furthermore,we introduce a state chain structure to reduce the search overhead.Through security analysis and experimental evaluation,we demonstrate that our CKSE achieves more comprehensive deletion functionality while maintaining comparable search performance and security,compared to the oblivious dynamic cross-tags protocol of Patranabis.The combination of comprehensive functionality,high efficiency,and security makes our CKSE an ideal choice for deployment in cloud-based IoT systems.展开更多
With the development of big data and cloud computing technology,more and more users choose to store data on cloud servers,which brings much convenience to their management and use of data,and also the risk of data lea...With the development of big data and cloud computing technology,more and more users choose to store data on cloud servers,which brings much convenience to their management and use of data,and also the risk of data leakage.A common method to prevent data leakage is to encrypt the data before uploading it,but the traditional encryption method is often not conducive to data sharing and querying.In this paper,a new kind of Attribute-Based Encryption(ABE)scheme,which is called the Sub-String Searchable ABE(SSS-ABE)scheme,is proposed for the sharing and querying of the encrypted data.In the SSS-ABE scheme,the data owner encrypts the data under an access structure,and only the data user who satisfies the access structure can query and decrypt it.The data user can make a substring query on the whole ciphertext without setting keywords in advance.In addition,the outsourcing method is also introduced to reduce the local computation of the decryption process so that the outsourcing SSS-ABE scheme can be applied to IoT devices.展开更多
Ciphertext-policy attribute-based encryption(CP-ABE) is widely employed for secure data sharing and access control. However, its dependence on a single authority introduces security and performance challenges. Despite...Ciphertext-policy attribute-based encryption(CP-ABE) is widely employed for secure data sharing and access control. However, its dependence on a single authority introduces security and performance challenges. Despite the existence of multi-authority CPABE approaches, persistent issues such as single points of failure and high computation cost on the user side remain. This study proposes a novel solution named blockchain-based and decentralized attribute-based encryption(BDAE) for data sharing. BDAE enhances traditional scheme by integrating blockchain and distributed key generation technology. The scheme employs an(n, t) threshold secret sharing algorithm, coupled with the Pedersen verifiable secret sharing method, for attribute key generation. This combination ensures key credibility,facilitates joint attribute management, and addresses single bottleneck and key verification issues. Integrated into a blockchain system, the scheme utilizes smart contracts for fine-grained access control and outsourced computing. Blockchain's decentralization and access logs make data sharing tamper-resistant and auditable. Moreover, simulation comparisons demonstrate that the scheme effectively reduces decryption overhead on the user side, meeting practical application requirements.展开更多
Traditional email systems can only achieve one-way communication,which means only the receiver is allowed to search for emails on the email server.In this paper,we propose a blockchain-based certificateless bidirectio...Traditional email systems can only achieve one-way communication,which means only the receiver is allowed to search for emails on the email server.In this paper,we propose a blockchain-based certificateless bidirectional authenticated searchable encryption model for a cloud email system named certificateless authenticated bidirectional searchable encryption(CL-BSE)by combining the storage function of cloud server with the communication function of email server.In the new model,not only can the data receiver search for the relevant content by generating its own trapdoor,but the data owner also can retrieve the content in the same way.Meanwhile,there are dual authentication functions in our model.First,during encryption,the data owner uses the private key to authenticate their identity,ensuring that only legal owner can generate the keyword ciphertext.Second,the blockchain verifies the data owner’s identity by the received ciphertext,allowing only authorized members to store their data in the server and avoiding unnecessary storage space consumption.We obtain a formal definition of CL-BSE and formulate a specific scheme from the new system model.Then the security of the scheme is analyzed based on the formalized security model.The results demonstrate that the scheme achieves multikeyword ciphertext indistinguishability andmulti-keyword trapdoor privacy against any adversary simultaneously.In addition,performance evaluation shows that the new scheme has higher computational and communication efficiency by comparing it with some existing ones.展开更多
With the rapid advancement of cloud computing technology,reversible data hiding algorithms in encrypted images(RDH-EI)have developed into an important field of study concentrated on safeguarding privacy in distributed...With the rapid advancement of cloud computing technology,reversible data hiding algorithms in encrypted images(RDH-EI)have developed into an important field of study concentrated on safeguarding privacy in distributed cloud environments.However,existing algorithms often suffer from low embedding capacities and are inadequate for complex data access scenarios.To address these challenges,this paper proposes a novel reversible data hiding algorithm in encrypted images based on adaptive median edge detection(AMED)and ciphertext-policy attributebased encryption(CP-ABE).This proposed algorithm enhances the conventional median edge detection(MED)by incorporating dynamic variables to improve pixel prediction accuracy.The carrier image is subsequently reconstructed using the Huffman coding technique.Encrypted image generation is then achieved by encrypting the image based on system user attributes and data access rights,with the hierarchical embedding of the group’s secret data seamlessly integrated during the encryption process using the CP-ABE scheme.Ultimately,the encrypted image is transmitted to the data hider,enabling independent embedding of the secret data and resulting in the creation of the marked encrypted image.This approach allows only the receiver to extract the authorized group’s secret data,thereby enabling fine-grained,controlled access.Test results indicate that,in contrast to current algorithms,the method introduced here considerably improves the embedding rate while preserving lossless image recovery.Specifically,the average maximum embedding rates for the(3,4)-threshold and(6,6)-threshold schemes reach 5.7853 bits per pixel(bpp)and 7.7781 bpp,respectively,across the BOSSbase,BOW-2,and USD databases.Furthermore,the algorithm facilitates permission-granting and joint-decryption capabilities.Additionally,this paper conducts a comprehensive examination of the algorithm’s robustness using metrics such as image correlation,information entropy,and number of pixel change rate(NPCR),confirming its high level of security.Overall,the algorithm can be applied in a multi-user and multi-level cloud service environment to realize the secure storage of carrier images and secret data.展开更多
The Internet of Medical Things(IoMT)is an application of the Internet of Things(IoT)in the medical field.It is a cutting-edge technique that connects medical sensors and their applications to healthcare systems,which ...The Internet of Medical Things(IoMT)is an application of the Internet of Things(IoT)in the medical field.It is a cutting-edge technique that connects medical sensors and their applications to healthcare systems,which is essential in smart healthcare.However,Personal Health Records(PHRs)are normally kept in public cloud servers controlled by IoMT service providers,so privacy and security incidents may be frequent.Fortunately,Searchable Encryption(SE),which can be used to execute queries on encrypted data,can address the issue above.Nevertheless,most existing SE schemes cannot solve the vector dominance threshold problem.In response to this,we present a SE scheme called Vector Dominance with Threshold Searchable Encryption(VDTSE)in this study.We use a Lagrangian polynomial technique and convert the vector dominance threshold problem into a constraint that the number of two equal-length vectors’corresponding bits excluding wildcards is not less than a threshold t.Then,we solve the problem using the proposed technique modified in Hidden Vector Encryption(HVE).This technique makes the trapdoor size linear to the number of attributes and thus much smaller than that of other similar SE schemes.A rigorous experimental analysis of a specific application for privacy-preserving diabetes demonstrates the feasibility of the proposed VDTSE scheme.展开更多
The multi-keyword sorted searchable encryption is a practical and secure data processing technique.However,most of the existing schemes require each data owner to calculate and store the Inverse Document Frequency(IDF...The multi-keyword sorted searchable encryption is a practical and secure data processing technique.However,most of the existing schemes require each data owner to calculate and store the Inverse Document Frequency(IDF)value,and then dynamically summarize them into a global IDF value.This not only hinders efficient sharing of massive data but also may cause privacy disclosure.Additionally,using a cloud server as storage and computing center can compromise file integrity and create a single point of failure.To address these challenges,our proposal leverages the complex interactive environment and massive data scenarios of the supply chain to introduce a fast and accurate multi-keyword search scheme based on blockchain technology.Specifically,encrypted files are first stored in an Interplanetary File System(IPFS),while secure indexes are stored in a blockchain to eliminate single points of failure.Moreover,we employ homomorphic encryption algorithms to design a blockchain-based index tree that enables dynamic adaptive calculation of IDF values,dynamic update of indexes,and multi-keyword sorting search capabilities.Notably,we have specifically designed a two-round sorting search mode called“Match Sort+Score Sort”for achieving fast and accurate searching performance.Furthermore,fair payment contracts have been implemented on the blockchain to incentivize data sharing activities.Through rigorous safety analysis and comprehensive performance evaluation tests,our scheme has been proven effective as well as practical.展开更多
The concept of sharing of personal health data over cloud storage in a healthcare-cyber physical system has become popular in recent times as it improves access quality.The privacy of health data can only be preserved...The concept of sharing of personal health data over cloud storage in a healthcare-cyber physical system has become popular in recent times as it improves access quality.The privacy of health data can only be preserved by keeping it in an encrypted form,but it affects usability and flexibility in terms of effective search.Attribute-based searchable encryption(ABSE)has proven its worth by providing fine-grained searching capabilities in the shared cloud storage.However,it is not practical to apply this scheme to the devices with limited resources and storage capacity because a typical ABSE involves serious computations.In a healthcare cloud-based cyber-physical system(CCPS),the data is often collected by resource-constraint devices;therefore,here also,we cannot directly apply ABSE schemes.In the proposed work,the inherent computational cost of the ABSE scheme is managed by executing the computationally intensive tasks of a typical ABSE scheme on the blockchain network.Thus,it makes the proposed scheme suitable for online storage and retrieval of personal health data in a typical CCPS.With the assistance of blockchain technology,the proposed scheme offers two main benefits.First,it is free from a trusted authority,which makes it genuinely decentralized and free from a single point of failure.Second,it is computationally efficient because the computational load is now distributed among the consensus nodes in the blockchain network.Specifically,the task of initializing the system,which is considered the most computationally intensive,and the task of partial search token generation,which is considered as the most frequent operation,is now the responsibility of the consensus nodes.This eliminates the need of the trusted authority and reduces the burden of data users,respectively.Further,in comparison to existing decentralized fine-grained searchable encryption schemes,the proposed scheme has achieved a significant reduction in storage and computational cost for the secret key associated with users.It has been verified both theoretically and practically in the performance analysis section.展开更多
With the in-depth application of new technologies such as big data in education fields,the storage and sharing model of student education records data still faces many challenges in terms of privacy protection and eff...With the in-depth application of new technologies such as big data in education fields,the storage and sharing model of student education records data still faces many challenges in terms of privacy protection and efficient transmission.In this paper,we propose a data security storage and sharing scheme based on consortium blockchain,which is a credible search scheme without verification.In our scheme,the implementation of data security storage is using the blockchain and storage server together.In detail,the smart contract provides protection for data keywords,the storage server stores data after data masking,and the blockchain ensures the traceability of query transactions.The need for precise privacy data is achieved by constructing a dictionary.Cryptographic techniques such as AES and RSA are used for encrypted storage of data,keywords,and digital signatures.Security analysis and performance evaluation shows that the availability,high efficiency,and privacy-preserving can be achieved.Meanwhile,this scheme has better robustness compared to other educational records data sharing models.展开更多
Distributed information systems require complex access control which depends upon attributes of protected data and access policies.Traditionally,to enforce the access control,a file server is used to store all data an...Distributed information systems require complex access control which depends upon attributes of protected data and access policies.Traditionally,to enforce the access control,a file server is used to store all data and act as a reference to check the user.Apparently,the drawback of this system is that the security is based on the file server and the data are stored in plaintext.Attribute-based encryption(ABE) is introduced first by Sahai and Waters and can enable an access control mechanism over encrypted data by specifying the users’ attributes. According to this mechanism,even though the file server is compromised,we can still keep the security of the data. Besides the access control,user may be deprived of the ability in some situation,for example paying TV.More previous ABE constructions are proven secure in the selective model of security that attacker must announce the target he intends to attack before seeing the public parameters.And few of previous ABE constructions realize revocation of the users’ key.This paper presents an ABE scheme that supports revocation and has full security in adaptive model.We adapt the dual system encryption technique recently introduced by Waters to ABE to realize full security.展开更多
To save the local storage,users store the data on the cloud server who offers convenient internet services.To guarantee the data privacy,users encrypt the data before uploading them into the cloud server.Since encrypt...To save the local storage,users store the data on the cloud server who offers convenient internet services.To guarantee the data privacy,users encrypt the data before uploading them into the cloud server.Since encryption can reduce the data availability,public-key encryption with keyword search(PEKS)is developed to achieve the retrieval of the encrypted data without decrypting them.However,most PEKS schemes cannot resist quantum computing attack,because the corresponding hardness assumptions are some number theory problems that can be solved efficiently under quantum computers.Besides,the traditional PEKS schemes have an inherent security issue that they cannot resist inside keywords guessing attack(KGA).In this attack,a malicious server can guess the keywords encapsulated in the search token by computing the ciphertext of keywords exhaustively and performing the test between the token and the ciphertext of keywords.In the paper,we propose a lattice-based PEKS scheme that can resist quantum computing attacks.To resist inside KGA,this scheme adopts a lattice-based signature technique into the encryption of keywords to prevent the malicious server from forging a valid ciphertext.Finally,some simulation experiments are conducted to demonstrate the performance of the proposed scheme and some comparison results are further shown with respect to other searchable schemes.展开更多
Cloud manufacturing is one of the three key technologies that enable intelligent manufacturing.This paper presents a novel attribute-based encryption(ABE)approach for computer-aided design(CAD)assembly models to effec...Cloud manufacturing is one of the three key technologies that enable intelligent manufacturing.This paper presents a novel attribute-based encryption(ABE)approach for computer-aided design(CAD)assembly models to effectively support hierarchical access control,integrity verification,and deformation protection for co-design scenarios in cloud manufacturing.An assembly hierarchy access tree(AHAT)is designed as the hierarchical access structure.Attribute-related ciphertext elements,which are contained in an assembly ciphertext(ACT)file,are adapted for content keys decryption instead of CAD component files.We modify the original Merkle tree(MT)and reconstruct an assembly MT.The proposed ABE framework has the ability to combine the deformation protection method with a content privacy of CAD models.The proposed encryption scheme is demonstrated to be secure under the standard assumption.Experimental simulation on typical CAD assembly models demonstrates that the proposed approach is feasible in applications.展开更多
According to the relation of an attribute set and its subset,the author presents a hierarchical attribute-based encryption scheme in which a secret key is associated with an attribute set.A user can delegate the priva...According to the relation of an attribute set and its subset,the author presents a hierarchical attribute-based encryption scheme in which a secret key is associated with an attribute set.A user can delegate the private key corresponding to any subset of an attribute set while he has the private key corresponding to the attribute set.Moreover,the size of the ciphertext is constant,but the size of private key is linear with the order of the attribute set in the hierarchical attribute-based encryption scheme.Lastly,we can also prove that this encryption scheme meets the security of IND-sSETCPA in the standard model.展开更多
In this paper, we present the first ciphertext-policy attribute-based encryption (CP-ABE) scheme for polynomial-size general circuits based on bilinear maps which is more suitable for practical use and more efficien...In this paper, we present the first ciphertext-policy attribute-based encryption (CP-ABE) scheme for polynomial-size general circuits based on bilinear maps which is more suitable for practical use and more efficient than multilinear maps. Our scheme uses a top-down secret sharing and FANOUT gate to resist the "backtracking attack" which is the main barrier expending access tree to general circuit. In the standard model, selective security of our scheme is proved. Comparing with current scheme for general circuits from bilinear maps, our work is more efficient.展开更多
Efficient multi-keyword fuzzy search over encrypted data is a desirable technology for data outsourcing in cloud storage.However,the current searchable encryption solutions still have deficiencies in search efficiency...Efficient multi-keyword fuzzy search over encrypted data is a desirable technology for data outsourcing in cloud storage.However,the current searchable encryption solutions still have deficiencies in search efficiency,accuracy and multiple data owner support.In this paper,we propose an encrypted data searching scheme that can support multiple keywords fuzzy search with order preserving(PMS).First,a new spelling correction algorithm-(Possibility-Levenshtein based Spelling Correction)is proposed to correct user input errors,so that fuzzy keywords input can be supported.Second,Paillier encryption is introduced to calculate encrypted relevance score of multiple keywords for order preserving.Then,a queue-based query method is also applied in this scheme to break the linkability between the query keywords and search results and protect the access pattern.Our proposed scheme achieves fuzzy matching without expanding the index table or sacrificing computational efficiency.The theoretical analysis and experiment results show that our scheme is secure,accurate,error-tolerant and very efficient.展开更多
Despite the benefits of EHRs (Electronic Health Records), there is a growing concern over the risks of privacy exposure associated with the technologies of EHR storing and transmission. To deal with this problem, a ti...Despite the benefits of EHRs (Electronic Health Records), there is a growing concern over the risks of privacy exposure associated with the technologies of EHR storing and transmission. To deal with this problem, a timeaware searchable encryption with designated server is proposed in this paper. It is based on Boneh's public key encryption with keyword search and Rivest's timed-release cryptology. Our construction has three features: the user cannot issue a keyword search query successfully unless the search falls into the specific time range;only the authorized user can generate a valid trapdoor;only the designated server can execute the search. Applying our scheme in a multi-user environment, the number of the keyword ciphertexts would not increase linearly with the number of the authorized users. The security and performance analysis shows that our proposed scheme is securer and more efficient than the existing similar schemes.展开更多
基金supported by the National Natural Science Foundation of China(Nos.62162018,61972412)the Natural Science Foundation of Guangxi(No.2019GXNSFGA245004)+1 种基金the Guilin Science and Technology Project(20210226-1)the Innovation Project of Guangxi Graduate Education(No.YCSW2022296).
文摘Cloud storage and edge computing are utilized to address the storage and computational challenges arising from the exponential data growth in IoT.However,data privacy is potentially risky when data is outsourced to cloud servers or edge services.While data encryption ensures data confidentiality,it can impede data sharing and retrieval.Attribute-based searchable encryption(ABSE)is proposed as an effective technique for enhancing data security and privacy.Nevertheless,ABSE has its limitations,such as single attribute authorization failure,privacy leakage during the search process,and high decryption overhead.This paper presents a novel approach called the blockchain-assisted efficientmulti-authority attribute-based searchable encryption scheme(BEM-ABSE)for cloudedge collaboration scenarios to address these issues.BEM-ABSE leverages a consortium blockchain to replace the central authentication center for global public parameter management.It incorporates smart contracts to facilitate reliable and fair ciphertext keyword search and decryption result verification.To minimize the computing burden on resource-constrained devices,BEM-ABSE adopts an online/offline hybrid mechanism during the encryption process and a verifiable edge-assisted decryption mechanism.This ensures both low computation cost and reliable ciphertext.Security analysis conducted under the random oracle model demonstrates that BEM-ABSE is resistant to indistinguishable chosen keyword attacks(IND-CKA)and indistinguishable chosen plaintext attacks(INDCPA).Theoretical analysis and simulation results confirm that BEM-ABSE significantly improves computational efficiency compared to existing solutions.
基金funded by Princess Nourah bint Abdulrahman UniversityResearchers Supporting Project number (PNURSP2024R408), Princess Nourah bint AbdulrahmanUniversity, Riyadh, Saudi Arabia.
文摘A basic procedure for transforming readable data into encoded forms is encryption, which ensures security when the right decryption keys are used. Hadoop is susceptible to possible cyber-attacks because it lacks built-in security measures, even though it can effectively handle and store enormous datasets using the Hadoop Distributed File System (HDFS). The increasing number of data breaches emphasizes how urgently creative encryption techniques are needed in cloud-based big data settings. This paper presents Adaptive Attribute-Based Honey Encryption (AABHE), a state-of-the-art technique that combines honey encryption with Ciphertext-Policy Attribute-Based Encryption (CP-ABE) to provide improved data security. Even if intercepted, AABHE makes sure that sensitive data cannot be accessed by unauthorized parties. With a focus on protecting huge files in HDFS, the suggested approach achieves 98% security robustness and 95% encryption efficiency, outperforming other encryption methods including Ciphertext-Policy Attribute-Based Encryption (CP-ABE), Key-Policy Attribute-Based Encryption (KB-ABE), and Advanced Encryption Standard combined with Attribute-Based Encryption (AES+ABE). By fixing Hadoop’s security flaws, AABHE fortifies its protections against data breaches and enhances Hadoop’s dependability as a platform for processing and storing massive amounts of data.
基金funded by the Jilin Provincial Department of Education Scientific Research Project(Project No.JJKH20250872KJ).
文摘With the continuous growth of exponential data in IoT,it is usually chosen to outsource data to the cloud server.However,cloud servers are usually provided by third parties,and there is a risk of privacy leakage.Encrypting data can ensure its security,but at the same time,it loses the retrieval function of IoT data.Searchable Encryption(SE)can achieve direct retrieval based on ciphertext data.The traditional searchable encryption scheme has the problems of imperfect function,low retrieval efficiency,inaccurate retrieval results,and centralized cloud servers being vulnerable and untrustworthy.This paper proposes an Efficient searchable encryption scheme supporting fuzzy multi-keyword ranking search on the blockchain.The blockchain and IPFS are used to store the index and encrypted files in a distributed manner respectively.The tamper resistance of the distributed ledger ensures the authenticity of the data.The data retrieval work is performed by the smart contract to ensure the reliability of the data retrieval.The Local Sensitive Hash(LSH)function is combined with the Bloom Filter(BF)to realize the fuzzy multi-keyword retrieval function.In addition,to measure the correlation between keywords and files,a new weighted statistical algorithm combining RegionalWeight Score(RWS)and Term Frequency–Inverse Document Frequency(TF-IDF)is proposed to rank the search results.The balanced binary tree is introduced to establish the index structure,and the index binary tree traversal strategy suitable for this scheme is constructed to optimize the index structure and improve the retrieval efficiency.The experimental results show that the scheme is safe and effective in practical applications.
文摘Attribute-based encryption(ABE)is a cryptographic framework that provides flexible access control by allowing encryption based on user attributes.ABE is widely applied in cloud storage,file sharing,e-Health,and digital rightsmanagement.ABE schemes rely on hard cryptographic assumptions such as pairings and others(pairingfree)to ensure their security against external and internal attacks.Internal attacks are carried out by authorized users who misuse their access to compromise security with potentially malicious intent.One common internal attack is the attribute collusion attack,in which users with different attribute keys collaborate to decrypt data they could not individually access.This paper focuses on the ciphertext-policy ABE(CP-ABE),a type of ABE where ciphertexts are produced with access policies.Our firstwork is to carry out the attribute collusion attack against several existing pairingfree CP-ABE schemes.As a main contribution,we introduce a novel attack,termed the anonymous key-leakage attack,concerning the context in which users could anonymously publish their secret keys associated with certain attributes on public platforms without the risk of detection.This kind of internal attack has not been defined or investigated in the literature.We then show that several prominent pairing-based CP-ABE schemes are vulnerable to this attack.We believe that this work will contribute to helping the community evaluate suitable CP-ABE schemes for secure deployment in real-life applications.
基金supported in part by the Major Science and Technology Projects in Yunnan Province(202202AD080013)King Khalid University for funding this work through Large Group Project under grant number RGP.2/373/45.
文摘Data privacy leakage has always been a critical concern in cloud-based Internet of Things(IoT)systems.Dynamic Symmetric Searchable Encryption(DSSE)with forward and backward privacy aims to address this issue by enabling updates and retrievals of ciphertext on untrusted cloud server while ensuring data privacy.However,previous research on DSSE mostly focused on single keyword search,which limits its practical application in cloud-based IoT systems.Recently,Patranabis(NDSS 2021)[1]proposed a groundbreaking DSSE scheme for conjunctive keyword search.However,this scheme fails to effectively handle deletion operations in certain circumstances,resulting in inaccurate query results.Additionally,the scheme introduces unnecessary search overhead.To overcome these problems,we present CKSE,an efficient conjunctive keyword DSSE scheme.Our scheme improves the oblivious shared computation protocol used in the scheme of Patranabis,thus enabling a more comprehensive deletion functionality.Furthermore,we introduce a state chain structure to reduce the search overhead.Through security analysis and experimental evaluation,we demonstrate that our CKSE achieves more comprehensive deletion functionality while maintaining comparable search performance and security,compared to the oblivious dynamic cross-tags protocol of Patranabis.The combination of comprehensive functionality,high efficiency,and security makes our CKSE an ideal choice for deployment in cloud-based IoT systems.
基金This work is supported by the National Natural Science Foundation of China(No.62071280,No.61602287)the Major Scientific and Technological Innovation Project of Shandong Province(No.2020CXGC010115)the Guangxi Key Laboratory of Cryptography and Information Security(GCIS201901).
文摘With the development of big data and cloud computing technology,more and more users choose to store data on cloud servers,which brings much convenience to their management and use of data,and also the risk of data leakage.A common method to prevent data leakage is to encrypt the data before uploading it,but the traditional encryption method is often not conducive to data sharing and querying.In this paper,a new kind of Attribute-Based Encryption(ABE)scheme,which is called the Sub-String Searchable ABE(SSS-ABE)scheme,is proposed for the sharing and querying of the encrypted data.In the SSS-ABE scheme,the data owner encrypts the data under an access structure,and only the data user who satisfies the access structure can query and decrypt it.The data user can make a substring query on the whole ciphertext without setting keywords in advance.In addition,the outsourcing method is also introduced to reduce the local computation of the decryption process so that the outsourcing SSS-ABE scheme can be applied to IoT devices.
文摘Ciphertext-policy attribute-based encryption(CP-ABE) is widely employed for secure data sharing and access control. However, its dependence on a single authority introduces security and performance challenges. Despite the existence of multi-authority CPABE approaches, persistent issues such as single points of failure and high computation cost on the user side remain. This study proposes a novel solution named blockchain-based and decentralized attribute-based encryption(BDAE) for data sharing. BDAE enhances traditional scheme by integrating blockchain and distributed key generation technology. The scheme employs an(n, t) threshold secret sharing algorithm, coupled with the Pedersen verifiable secret sharing method, for attribute key generation. This combination ensures key credibility,facilitates joint attribute management, and addresses single bottleneck and key verification issues. Integrated into a blockchain system, the scheme utilizes smart contracts for fine-grained access control and outsourced computing. Blockchain's decentralization and access logs make data sharing tamper-resistant and auditable. Moreover, simulation comparisons demonstrate that the scheme effectively reduces decryption overhead on the user side, meeting practical application requirements.
基金supported by the National Natural Science Foundation of China(Nos.62172337,62241207)Key Project of GansuNatural Science Foundation(No.23JRRA685).
文摘Traditional email systems can only achieve one-way communication,which means only the receiver is allowed to search for emails on the email server.In this paper,we propose a blockchain-based certificateless bidirectional authenticated searchable encryption model for a cloud email system named certificateless authenticated bidirectional searchable encryption(CL-BSE)by combining the storage function of cloud server with the communication function of email server.In the new model,not only can the data receiver search for the relevant content by generating its own trapdoor,but the data owner also can retrieve the content in the same way.Meanwhile,there are dual authentication functions in our model.First,during encryption,the data owner uses the private key to authenticate their identity,ensuring that only legal owner can generate the keyword ciphertext.Second,the blockchain verifies the data owner’s identity by the received ciphertext,allowing only authorized members to store their data in the server and avoiding unnecessary storage space consumption.We obtain a formal definition of CL-BSE and formulate a specific scheme from the new system model.Then the security of the scheme is analyzed based on the formalized security model.The results demonstrate that the scheme achieves multikeyword ciphertext indistinguishability andmulti-keyword trapdoor privacy against any adversary simultaneously.In addition,performance evaluation shows that the new scheme has higher computational and communication efficiency by comparing it with some existing ones.
基金the National Natural Science Foundation of China(Grant Numbers 622724786210245062102451).
文摘With the rapid advancement of cloud computing technology,reversible data hiding algorithms in encrypted images(RDH-EI)have developed into an important field of study concentrated on safeguarding privacy in distributed cloud environments.However,existing algorithms often suffer from low embedding capacities and are inadequate for complex data access scenarios.To address these challenges,this paper proposes a novel reversible data hiding algorithm in encrypted images based on adaptive median edge detection(AMED)and ciphertext-policy attributebased encryption(CP-ABE).This proposed algorithm enhances the conventional median edge detection(MED)by incorporating dynamic variables to improve pixel prediction accuracy.The carrier image is subsequently reconstructed using the Huffman coding technique.Encrypted image generation is then achieved by encrypting the image based on system user attributes and data access rights,with the hierarchical embedding of the group’s secret data seamlessly integrated during the encryption process using the CP-ABE scheme.Ultimately,the encrypted image is transmitted to the data hider,enabling independent embedding of the secret data and resulting in the creation of the marked encrypted image.This approach allows only the receiver to extract the authorized group’s secret data,thereby enabling fine-grained,controlled access.Test results indicate that,in contrast to current algorithms,the method introduced here considerably improves the embedding rate while preserving lossless image recovery.Specifically,the average maximum embedding rates for the(3,4)-threshold and(6,6)-threshold schemes reach 5.7853 bits per pixel(bpp)and 7.7781 bpp,respectively,across the BOSSbase,BOW-2,and USD databases.Furthermore,the algorithm facilitates permission-granting and joint-decryption capabilities.Additionally,this paper conducts a comprehensive examination of the algorithm’s robustness using metrics such as image correlation,information entropy,and number of pixel change rate(NPCR),confirming its high level of security.Overall,the algorithm can be applied in a multi-user and multi-level cloud service environment to realize the secure storage of carrier images and secret data.
基金supported in part by the National Natural Science Foundation of China under Grant Nos.61872289 and 62172266in part by the Henan Key Laboratory of Network Cryptography Technology LNCT2020-A07the Guangxi Key Laboratory of Trusted Software under Grant No.KX202308.
文摘The Internet of Medical Things(IoMT)is an application of the Internet of Things(IoT)in the medical field.It is a cutting-edge technique that connects medical sensors and their applications to healthcare systems,which is essential in smart healthcare.However,Personal Health Records(PHRs)are normally kept in public cloud servers controlled by IoMT service providers,so privacy and security incidents may be frequent.Fortunately,Searchable Encryption(SE),which can be used to execute queries on encrypted data,can address the issue above.Nevertheless,most existing SE schemes cannot solve the vector dominance threshold problem.In response to this,we present a SE scheme called Vector Dominance with Threshold Searchable Encryption(VDTSE)in this study.We use a Lagrangian polynomial technique and convert the vector dominance threshold problem into a constraint that the number of two equal-length vectors’corresponding bits excluding wildcards is not less than a threshold t.Then,we solve the problem using the proposed technique modified in Hidden Vector Encryption(HVE).This technique makes the trapdoor size linear to the number of attributes and thus much smaller than that of other similar SE schemes.A rigorous experimental analysis of a specific application for privacy-preserving diabetes demonstrates the feasibility of the proposed VDTSE scheme.
文摘The multi-keyword sorted searchable encryption is a practical and secure data processing technique.However,most of the existing schemes require each data owner to calculate and store the Inverse Document Frequency(IDF)value,and then dynamically summarize them into a global IDF value.This not only hinders efficient sharing of massive data but also may cause privacy disclosure.Additionally,using a cloud server as storage and computing center can compromise file integrity and create a single point of failure.To address these challenges,our proposal leverages the complex interactive environment and massive data scenarios of the supply chain to introduce a fast and accurate multi-keyword search scheme based on blockchain technology.Specifically,encrypted files are first stored in an Interplanetary File System(IPFS),while secure indexes are stored in a blockchain to eliminate single points of failure.Moreover,we employ homomorphic encryption algorithms to design a blockchain-based index tree that enables dynamic adaptive calculation of IDF values,dynamic update of indexes,and multi-keyword sorting search capabilities.Notably,we have specifically designed a two-round sorting search mode called“Match Sort+Score Sort”for achieving fast and accurate searching performance.Furthermore,fair payment contracts have been implemented on the blockchain to incentivize data sharing activities.Through rigorous safety analysis and comprehensive performance evaluation tests,our scheme has been proven effective as well as practical.
文摘The concept of sharing of personal health data over cloud storage in a healthcare-cyber physical system has become popular in recent times as it improves access quality.The privacy of health data can only be preserved by keeping it in an encrypted form,but it affects usability and flexibility in terms of effective search.Attribute-based searchable encryption(ABSE)has proven its worth by providing fine-grained searching capabilities in the shared cloud storage.However,it is not practical to apply this scheme to the devices with limited resources and storage capacity because a typical ABSE involves serious computations.In a healthcare cloud-based cyber-physical system(CCPS),the data is often collected by resource-constraint devices;therefore,here also,we cannot directly apply ABSE schemes.In the proposed work,the inherent computational cost of the ABSE scheme is managed by executing the computationally intensive tasks of a typical ABSE scheme on the blockchain network.Thus,it makes the proposed scheme suitable for online storage and retrieval of personal health data in a typical CCPS.With the assistance of blockchain technology,the proposed scheme offers two main benefits.First,it is free from a trusted authority,which makes it genuinely decentralized and free from a single point of failure.Second,it is computationally efficient because the computational load is now distributed among the consensus nodes in the blockchain network.Specifically,the task of initializing the system,which is considered the most computationally intensive,and the task of partial search token generation,which is considered as the most frequent operation,is now the responsibility of the consensus nodes.This eliminates the need of the trusted authority and reduces the burden of data users,respectively.Further,in comparison to existing decentralized fine-grained searchable encryption schemes,the proposed scheme has achieved a significant reduction in storage and computational cost for the secret key associated with users.It has been verified both theoretically and practically in the performance analysis section.
基金The research work was supported by the National Key Research and Development Plan in China(Grant No.2020YFB1005500)Key Project Plan of Blockchain in Ministry of Education of the People’s Republic of China(Grant No.2020KJ010802)Natural Science Foundation of Beijing Municipality(Grant No.M21034).
文摘With the in-depth application of new technologies such as big data in education fields,the storage and sharing model of student education records data still faces many challenges in terms of privacy protection and efficient transmission.In this paper,we propose a data security storage and sharing scheme based on consortium blockchain,which is a credible search scheme without verification.In our scheme,the implementation of data security storage is using the blockchain and storage server together.In detail,the smart contract provides protection for data keywords,the storage server stores data after data masking,and the blockchain ensures the traceability of query transactions.The need for precise privacy data is achieved by constructing a dictionary.Cryptographic techniques such as AES and RSA are used for encrypted storage of data,keywords,and digital signatures.Security analysis and performance evaluation shows that the availability,high efficiency,and privacy-preserving can be achieved.Meanwhile,this scheme has better robustness compared to other educational records data sharing models.
基金the National Natural Science Foundation of China(No.60972034)
文摘Distributed information systems require complex access control which depends upon attributes of protected data and access policies.Traditionally,to enforce the access control,a file server is used to store all data and act as a reference to check the user.Apparently,the drawback of this system is that the security is based on the file server and the data are stored in plaintext.Attribute-based encryption(ABE) is introduced first by Sahai and Waters and can enable an access control mechanism over encrypted data by specifying the users’ attributes. According to this mechanism,even though the file server is compromised,we can still keep the security of the data. Besides the access control,user may be deprived of the ability in some situation,for example paying TV.More previous ABE constructions are proven secure in the selective model of security that attacker must announce the target he intends to attack before seeing the public parameters.And few of previous ABE constructions realize revocation of the users’ key.This paper presents an ABE scheme that supports revocation and has full security in adaptive model.We adapt the dual system encryption technique recently introduced by Waters to ABE to realize full security.
基金The authors would like to thank the support from Fundamental Research Funds for the Central Universities(No.30918012204)The authors also gratefully acknowledge the helpful comments and suggestions of other researchers,which has improved the presentation.
文摘To save the local storage,users store the data on the cloud server who offers convenient internet services.To guarantee the data privacy,users encrypt the data before uploading them into the cloud server.Since encryption can reduce the data availability,public-key encryption with keyword search(PEKS)is developed to achieve the retrieval of the encrypted data without decrypting them.However,most PEKS schemes cannot resist quantum computing attack,because the corresponding hardness assumptions are some number theory problems that can be solved efficiently under quantum computers.Besides,the traditional PEKS schemes have an inherent security issue that they cannot resist inside keywords guessing attack(KGA).In this attack,a malicious server can guess the keywords encapsulated in the search token by computing the ciphertext of keywords exhaustively and performing the test between the token and the ciphertext of keywords.In the paper,we propose a lattice-based PEKS scheme that can resist quantum computing attacks.To resist inside KGA,this scheme adopts a lattice-based signature technique into the encryption of keywords to prevent the malicious server from forging a valid ciphertext.Finally,some simulation experiments are conducted to demonstrate the performance of the proposed scheme and some comparison results are further shown with respect to other searchable schemes.
基金supported by the National Natural Science Foundation of China(62072348)the Science and Technology Major Project of Hubei Province(Next-Generation AI Technologies,2019AEA170).
文摘Cloud manufacturing is one of the three key technologies that enable intelligent manufacturing.This paper presents a novel attribute-based encryption(ABE)approach for computer-aided design(CAD)assembly models to effectively support hierarchical access control,integrity verification,and deformation protection for co-design scenarios in cloud manufacturing.An assembly hierarchy access tree(AHAT)is designed as the hierarchical access structure.Attribute-related ciphertext elements,which are contained in an assembly ciphertext(ACT)file,are adapted for content keys decryption instead of CAD component files.We modify the original Merkle tree(MT)and reconstruct an assembly MT.The proposed ABE framework has the ability to combine the deformation protection method with a content privacy of CAD models.The proposed encryption scheme is demonstrated to be secure under the standard assumption.Experimental simulation on typical CAD assembly models demonstrates that the proposed approach is feasible in applications.
基金Supported by the National Natural Science Foundation of China(60903175,60703048)the Natural Science Foundation of Hubei Province(2009CBD307,2008CDB352)
文摘According to the relation of an attribute set and its subset,the author presents a hierarchical attribute-based encryption scheme in which a secret key is associated with an attribute set.A user can delegate the private key corresponding to any subset of an attribute set while he has the private key corresponding to the attribute set.Moreover,the size of the ciphertext is constant,but the size of private key is linear with the order of the attribute set in the hierarchical attribute-based encryption scheme.Lastly,we can also prove that this encryption scheme meets the security of IND-sSETCPA in the standard model.
基金Supported by the National Natural Science Foundation of China(61272488)Science and Technology on Information Assurance Laboratory(KJ-15-006)Fundamental and Frontier Technology Research of Henan Province(162300410192)
文摘In this paper, we present the first ciphertext-policy attribute-based encryption (CP-ABE) scheme for polynomial-size general circuits based on bilinear maps which is more suitable for practical use and more efficient than multilinear maps. Our scheme uses a top-down secret sharing and FANOUT gate to resist the "backtracking attack" which is the main barrier expending access tree to general circuit. In the standard model, selective security of our scheme is proved. Comparing with current scheme for general circuits from bilinear maps, our work is more efficient.
基金This work is supported by the National Natural Science Foundation of China under Grant 61402160 and 61872134Hunan Provincial Natural Science Foundation under Grant 2016JJ3043Open Funding for Universities in Hunan Province under grant 14K023.
文摘Efficient multi-keyword fuzzy search over encrypted data is a desirable technology for data outsourcing in cloud storage.However,the current searchable encryption solutions still have deficiencies in search efficiency,accuracy and multiple data owner support.In this paper,we propose an encrypted data searching scheme that can support multiple keywords fuzzy search with order preserving(PMS).First,a new spelling correction algorithm-(Possibility-Levenshtein based Spelling Correction)is proposed to correct user input errors,so that fuzzy keywords input can be supported.Second,Paillier encryption is introduced to calculate encrypted relevance score of multiple keywords for order preserving.Then,a queue-based query method is also applied in this scheme to break the linkability between the query keywords and search results and protect the access pattern.Our proposed scheme achieves fuzzy matching without expanding the index table or sacrificing computational efficiency.The theoretical analysis and experiment results show that our scheme is secure,accurate,error-tolerant and very efficient.
基金This study was jointly supported by the National Natural Science Foundation of China (No. 61702067, No. 61472464)the Natural Science Foundation of Shangdong Province, China (No. ZR2015FL024).
文摘Despite the benefits of EHRs (Electronic Health Records), there is a growing concern over the risks of privacy exposure associated with the technologies of EHR storing and transmission. To deal with this problem, a timeaware searchable encryption with designated server is proposed in this paper. It is based on Boneh's public key encryption with keyword search and Rivest's timed-release cryptology. Our construction has three features: the user cannot issue a keyword search query successfully unless the search falls into the specific time range;only the authorized user can generate a valid trapdoor;only the designated server can execute the search. Applying our scheme in a multi-user environment, the number of the keyword ciphertexts would not increase linearly with the number of the authorized users. The security and performance analysis shows that our proposed scheme is securer and more efficient than the existing similar schemes.
