In the driven of big data, social computing and information security is undergoing rapid development and beginning to cross. This paper describes a key-policy attribute-based signcryption scheme which has less computa...In the driven of big data, social computing and information security is undergoing rapid development and beginning to cross. This paper describes a key-policy attribute-based signcryption scheme which has less computation costs than existing similar schemes by utilizing secure outsourcing of scientific computation in cloud computing and eliminates overhead for users, the ciphertext is short, compact, the correctness of transformation algorithm is verifiable. The decrease of ciphertext is 17 %. Additionally, new scheme remits the key escrow problem and is proven selective security in the standard model, it could be verified publicly, applied in mobile devices.展开更多
Federated learning combines with fog computing to transform data sharing into model sharing,which solves the issues of data isolation and privacy disclosure in fog computing.However,existing studies focus on centraliz...Federated learning combines with fog computing to transform data sharing into model sharing,which solves the issues of data isolation and privacy disclosure in fog computing.However,existing studies focus on centralized single-layer aggregation federated learning architecture,which lack the consideration of cross-domain and asynchronous robustness of federated learning,and rarely integrate verification mechanisms from the perspective of incentives.To address the above challenges,we propose a Blockchain and Signcryption enabled Asynchronous Federated Learning(BSAFL)framework based on dual aggregation for cross-domain scenarios.In particular,we first design two types of signcryption schemes to secure the interaction and access control of collaborative learning between domains.Second,we construct a differential privacy approach that adaptively adjusts privacy budgets to ensure data privacy and local models'availability of intra-domain user.Furthermore,we propose an asynchronous aggregation solution that incorporates consensus verification and elastic participation using blockchain.Finally,security analysis demonstrates the security and privacy effectiveness of BSAFL,and the evaluation on real datasets further validates the high model accuracy and performance of BSAFL.展开更多
Attribute-Based Signature(ABS)is a powerful cryptographic primitive that enables fine-grained access control in distributed systems.However,its high computational cost makes it unsuitable for resource-constrained envi...Attribute-Based Signature(ABS)is a powerful cryptographic primitive that enables fine-grained access control in distributed systems.However,its high computational cost makes it unsuitable for resource-constrained environments,and traditional monotonic access structures are inadequate for handling increasingly complex access policies.In this paper,we propose a novel smart contract-assisted ABS(SC-ABS)algorithm that supports nonmonotonic access structures,aiming to reduce client computing overhead while providingmore expressive and flexible access control.The SC-ABS scheme extends the monotonic access structure by introducing the concept of negative attributes,allowing for more complex and dynamic access policies.By utilizing smart contracts,the algorithmsupports distributed trusted assisted computation,and the computation code is transparent and auditable.Importantly,this design allows information about user attributes to be deployed on smart contracts for computation,both reducing the risk of privacy abuse by semi-honest servers and preventing malicious users from attribute concealment to forge signatures.We prove that SC-ABS satisfies unforgeability and anonymity under a random oracle model,and test the scheme’s cost.Comparedwith existing schemes,this scheme has higher efficiency in client signature and authentication.This scheme reduces the computing burden of users,and the design of smart contracts improves the security of aided computing further,solves the problem of attribute concealment,and expresses a more flexible access structure.The solution enables permission control applications in resource-constrained distributed scenarios,such as the Internet of Things(IoT)and distributed version control systems,where data security and flexible access control are critical.展开更多
Attribute-based encryption(ABE)is a cryptographic framework that provides flexible access control by allowing encryption based on user attributes.ABE is widely applied in cloud storage,file sharing,e-Health,and digita...Attribute-based encryption(ABE)is a cryptographic framework that provides flexible access control by allowing encryption based on user attributes.ABE is widely applied in cloud storage,file sharing,e-Health,and digital rightsmanagement.ABE schemes rely on hard cryptographic assumptions such as pairings and others(pairingfree)to ensure their security against external and internal attacks.Internal attacks are carried out by authorized users who misuse their access to compromise security with potentially malicious intent.One common internal attack is the attribute collusion attack,in which users with different attribute keys collaborate to decrypt data they could not individually access.This paper focuses on the ciphertext-policy ABE(CP-ABE),a type of ABE where ciphertexts are produced with access policies.Our firstwork is to carry out the attribute collusion attack against several existing pairingfree CP-ABE schemes.As a main contribution,we introduce a novel attack,termed the anonymous key-leakage attack,concerning the context in which users could anonymously publish their secret keys associated with certain attributes on public platforms without the risk of detection.This kind of internal attack has not been defined or investigated in the literature.We then show that several prominent pairing-based CP-ABE schemes are vulnerable to this attack.We believe that this work will contribute to helping the community evaluate suitable CP-ABE schemes for secure deployment in real-life applications.展开更多
A basic procedure for transforming readable data into encoded forms is encryption, which ensures security when the right decryption keys are used. Hadoop is susceptible to possible cyber-attacks because it lacks built...A basic procedure for transforming readable data into encoded forms is encryption, which ensures security when the right decryption keys are used. Hadoop is susceptible to possible cyber-attacks because it lacks built-in security measures, even though it can effectively handle and store enormous datasets using the Hadoop Distributed File System (HDFS). The increasing number of data breaches emphasizes how urgently creative encryption techniques are needed in cloud-based big data settings. This paper presents Adaptive Attribute-Based Honey Encryption (AABHE), a state-of-the-art technique that combines honey encryption with Ciphertext-Policy Attribute-Based Encryption (CP-ABE) to provide improved data security. Even if intercepted, AABHE makes sure that sensitive data cannot be accessed by unauthorized parties. With a focus on protecting huge files in HDFS, the suggested approach achieves 98% security robustness and 95% encryption efficiency, outperforming other encryption methods including Ciphertext-Policy Attribute-Based Encryption (CP-ABE), Key-Policy Attribute-Based Encryption (KB-ABE), and Advanced Encryption Standard combined with Attribute-Based Encryption (AES+ABE). By fixing Hadoop’s security flaws, AABHE fortifies its protections against data breaches and enhances Hadoop’s dependability as a platform for processing and storing massive amounts of data.展开更多
The rapid progression of the Internet of Things(IoT)technology enables its application across various sectors.However,IoT devices typically acquire inadequate computing power and user interfaces,making them susceptibl...The rapid progression of the Internet of Things(IoT)technology enables its application across various sectors.However,IoT devices typically acquire inadequate computing power and user interfaces,making them susceptible to security threats.One significant risk to cloud networks is Distributed Denial-of-Service(DoS)attacks,where attackers aim to overcome a target system with excessive data and requests.Among these,low-rate DoS(LR-DoS)attacks present a particular challenge to detection.By sending bursts of attacks at irregular intervals,LR-DoS significantly degrades the targeted system’s Quality of Service(QoS).The low-rate nature of these attacks confuses their detection,as they frequently trigger congestion control mechanisms,leading to significant instability in IoT systems.Therefore,to detect the LR-DoS attack,an innovative deep-learning model has been developed for this research work.The standard dataset is utilized to collect the required data.Further,the deep feature extraction process is executed using the Residual Autoencoder with Sparse Attention(ResAE-SA),which helps derive the significant feature required for detection.Ultimately,the Adaptive Dense Recurrent Neural Network(ADRNN)is implemented to detect LR-DoS effectively.To enhance the detection process,the parameters present in the ADRNN are optimized using the Renovated Random Attribute-based Fennec Fox Optimization(RRA-FFA).The proposed optimization reduces the False Discovery Rate and False Positive Rate,maximizing the Matthews Correlation Coefficient from 23,70.8,76.2,84.28 in Dataset 1 and 70.28,73.8,74.1,82.6 in Dataset 2 on EPC-ADRNN,DPO-ADRNN,GTO-ADRNN,FFA-ADRNN respectively to 95.8 on Dataset 1 and 91.7 on Dataset 2 in proposed model.At batch size 4,the accuracy of the designed RRA-FFA-ADRNN model progressed by 9.2%to GTO-ADRNN,11.6%to EFC-ADRNN,10.9%to DPO-ADRNN,and 4%to FFA-ADRNN for Dataset 1.The accuracy of the proposed RRA-FFA-ADRNN is boosted by 12.9%,9.09%,11.6%,and 10.9%over FFCNN,SVM,RNN,and DRNN,using Dataset 2,showing a better improvement in accuracy with that of the proposed RRA-FFA-ADRNN model with 95.7%using Dataset 1 and 94.1%with Dataset 2,which is better than the existing baseline models.展开更多
An attribute-based generalized signcryption scheme based on bilinear pairing has been proposed. By changing attributes, encryption-only mode, signature-only mode, and signcryption mode can be switch adaptively. It sho...An attribute-based generalized signcryption scheme based on bilinear pairing has been proposed. By changing attributes, encryption-only mode, signature-only mode, and signcryption mode can be switch adaptively. It shows that the scheme achieves the semantic security under the decisional bilinear Diffie- Hellman assumption and achieves the unforgeability under the computational Diffie-Hellman assumption. It is more efficient than traditional way and can be used to secure the big data in networks.展开更多
Ciphertext-policy attribute-based encryption(CP-ABE) is widely employed for secure data sharing and access control. However, its dependence on a single authority introduces security and performance challenges. Despite...Ciphertext-policy attribute-based encryption(CP-ABE) is widely employed for secure data sharing and access control. However, its dependence on a single authority introduces security and performance challenges. Despite the existence of multi-authority CPABE approaches, persistent issues such as single points of failure and high computation cost on the user side remain. This study proposes a novel solution named blockchain-based and decentralized attribute-based encryption(BDAE) for data sharing. BDAE enhances traditional scheme by integrating blockchain and distributed key generation technology. The scheme employs an(n, t) threshold secret sharing algorithm, coupled with the Pedersen verifiable secret sharing method, for attribute key generation. This combination ensures key credibility,facilitates joint attribute management, and addresses single bottleneck and key verification issues. Integrated into a blockchain system, the scheme utilizes smart contracts for fine-grained access control and outsourced computing. Blockchain's decentralization and access logs make data sharing tamper-resistant and auditable. Moreover, simulation comparisons demonstrate that the scheme effectively reduces decryption overhead on the user side, meeting practical application requirements.展开更多
Cloud-based services have powerful storage functions and can provide accurate computation.However,the question of how to guarantee cloud-based services access control and achieve data sharing security has always been ...Cloud-based services have powerful storage functions and can provide accurate computation.However,the question of how to guarantee cloud-based services access control and achieve data sharing security has always been a research highlight.Although the attribute-based proxy re-encryption(ABPRE)schemes based on number theory can solve this problem,it is still difficult to resist quantum attacks and have limited expression capabilities.To address these issues,we present a novel linear secret sharing schemes(LSSS)matrix-based ABPRE scheme with the fine-grained policy on the lattice in the research.Additionally,to detect the activities of illegal proxies,homomorphic signature(HS)technology is introduced to realize the verifiability of re-encryption.Moreover,the non-interactivity,unidirectionality,proxy transparency,multi-use,and anti-quantum attack characteristics of our system are all advantageous.Besides,it can efficiently prevent the loss of processing power brought on by repetitive authorisation and can enable precise and safe data sharing in the cloud.Furthermore,under the standard model,the proposed learning with errors(LWE)-based scheme was proven to be IND-sCPA secure.展开更多
With the rapid advancement of cloud computing technology,reversible data hiding algorithms in encrypted images(RDH-EI)have developed into an important field of study concentrated on safeguarding privacy in distributed...With the rapid advancement of cloud computing technology,reversible data hiding algorithms in encrypted images(RDH-EI)have developed into an important field of study concentrated on safeguarding privacy in distributed cloud environments.However,existing algorithms often suffer from low embedding capacities and are inadequate for complex data access scenarios.To address these challenges,this paper proposes a novel reversible data hiding algorithm in encrypted images based on adaptive median edge detection(AMED)and ciphertext-policy attributebased encryption(CP-ABE).This proposed algorithm enhances the conventional median edge detection(MED)by incorporating dynamic variables to improve pixel prediction accuracy.The carrier image is subsequently reconstructed using the Huffman coding technique.Encrypted image generation is then achieved by encrypting the image based on system user attributes and data access rights,with the hierarchical embedding of the group’s secret data seamlessly integrated during the encryption process using the CP-ABE scheme.Ultimately,the encrypted image is transmitted to the data hider,enabling independent embedding of the secret data and resulting in the creation of the marked encrypted image.This approach allows only the receiver to extract the authorized group’s secret data,thereby enabling fine-grained,controlled access.Test results indicate that,in contrast to current algorithms,the method introduced here considerably improves the embedding rate while preserving lossless image recovery.Specifically,the average maximum embedding rates for the(3,4)-threshold and(6,6)-threshold schemes reach 5.7853 bits per pixel(bpp)and 7.7781 bpp,respectively,across the BOSSbase,BOW-2,and USD databases.Furthermore,the algorithm facilitates permission-granting and joint-decryption capabilities.Additionally,this paper conducts a comprehensive examination of the algorithm’s robustness using metrics such as image correlation,information entropy,and number of pixel change rate(NPCR),confirming its high level of security.Overall,the algorithm can be applied in a multi-user and multi-level cloud service environment to realize the secure storage of carrier images and secret data.展开更多
Ring signcryption enables a user to send a message confidentially and authentically to a specific receiver in an anonymous way.One of the main reasons for the slow adoption of identity-based cryptography is the inhere...Ring signcryption enables a user to send a message confidentially and authentically to a specific receiver in an anonymous way.One of the main reasons for the slow adoption of identity-based cryptography is the inherent key escrow problem.In this paper a new certificateless ring signcryption scheme from pairings is presented.It is escrow free in that no KGC is able to decrypt ciphertexts itself.We then formally prove the security of the new scheme in the random oracle model IND-CCA2 and EUF-CMA.展开更多
Signcryption is a cryptographic primitive that performs signature and encryption simultaneously, at lower computational costs and communication overheads than the signature-then- encryption approach. In this paper, we...Signcryption is a cryptographic primitive that performs signature and encryption simultaneously, at lower computational costs and communication overheads than the signature-then- encryption approach. In this paper, we propose an efficient multi-recipient signcryption scheme based on the bilinear pairings, which broadcasts a message to multiple users in a secure and authenticated manner. We prove its semantic security and unforgeability under the Gap Diffie-Hellman problem assumption in the random oracle model. The proposed scheme is more efficient than re-signcrypting a message n times using a signcryption scheme in terms of computational costs and communication overheads.展开更多
Signcryption is a cryptographic primitive that performs encryption and signature in a single logical step more efficiently than sign-then-encrypt approach. Till now, various kinds of signcryption schemes have been pro...Signcryption is a cryptographic primitive that performs encryption and signature in a single logical step more efficiently than sign-then-encrypt approach. Till now, various kinds of signcryption schemes have been proposed. Among them, the requirement of signcrypter's privacy protection is needful in some practical applications. In this paper, a new identity-based anonymous signcryption scheme from hilinear pairings, which is the organic combination of identity-based ring signature and encryption scheme, is proposed. The proposed scheme is indistinguishable against the chosen ciphertext attack under the Decisional Bilinear Diffie-Hellman assumption in the random oracle model. Its unforgeability relies on the computational Diffieellman problem. Compared with the previous schemes, the new scheme is more efficient in computation.展开更多
Signcryption, which was introduced by ZHEN~ is a cryptographic primitive that fulfils the functions of both digital signature and encryption and guarantees confidentiality, integrity and non-repudiation in a more effi...Signcryption, which was introduced by ZHEN~ is a cryptographic primitive that fulfils the functions of both digital signature and encryption and guarantees confidentiality, integrity and non-repudiation in a more effi- cient way. Certificateless signcryption and pro- xy signcryption in identity-based cryptography were proposed for different applications. Most of these schemes are constructed by bilinear pairings from elliptic curves. However, some schemes were recently presented without pai- rings. In this paper, we present a certificateless proxy identity-based signcryption scheme with- out bilinear pairings, which is efficient and secure.展开更多
To reduce the size of certificate chains and the ciphertext size in secure routing protocols, a General Aggregate Signcryption Scheme (GASC) is presented. In GASC, an identity-based signcryption algorithm and an aggre...To reduce the size of certificate chains and the ciphertext size in secure routing protocols, a General Aggregate Signcryption Scheme (GASC) is presented. In GASC, an identity-based signcryption algorithm and an aggregate signature algorithm are combined in a practical and secure manner to form the general aggregate signcryption scheme's schema and concept, and a new secure, efficiently general aggregate signcryption scheme, which allows the aggregation of n distinct signcryptions by n distinct users on n distinct messages, is proposed. First, the correction of the GASC scheme is analyzed. Then, we formally prove the security of GASC in the random oracle models IND-CCA2 and EUF-CMA under the DBDHP assumption and the DLP assumption, respectively. The results show that the GASC scheme is not only secure against any probabilistic polynomial-time IND-GASC-CCA2 and EUF-GASC-CMA adversary in the random oracle models but also efficient in pairing ê computations. In addition, the GASC scheme gives an effective remedy to the key escrow problem, which is an inherent issue in IBC by splitting the private key into two parts, and reduces the communication complexity by eliminating the interaction among the senders (signers) before the signcryption generation.展开更多
In this paper, we point out that Libert and Quisquater’s signcryption scheme cannot provide public verifiability. Then we present a new identity based signcryption scheme using quadratic residue and pairings over ell...In this paper, we point out that Libert and Quisquater’s signcryption scheme cannot provide public verifiability. Then we present a new identity based signcryption scheme using quadratic residue and pairings over elliptic curves. It combines the functionalities of both public verifiability and forward security at the same time. Under the Bilinear Diffie-Hellman and quadratic residue assumption, we describe the new scheme that is more secure and can be some-what more efficient than Libert and Quisquater’s one.展开更多
In a blind signcryption, besides the functions of digital signature and encryption algorithm for authentication and confidentiality, a user can delegates another user's capability with the anonymity of the participan...In a blind signcryption, besides the functions of digital signature and encryption algorithm for authentication and confidentiality, a user can delegates another user's capability with the anonymity of the participants guaranteed. Some blind signcryptions were proposed but without a blind signcryption with public public verifiability. In this paper, verifiability that is proved to be efficient and secure is proposed. Through the security analysis, we proved that the scheme can offer confidentiality, integrity, unforgeability, non-repudiation and public verifiability. The coming research direction is also summarized.展开更多
We show that the Zhang-Yang-Zhu-Zhang identity-based authenticatable ring signcryption scheme is not secure against chosen plaintext attacks.Furthermore, we propose an improved scheme that remedies the weakness of the...We show that the Zhang-Yang-Zhu-Zhang identity-based authenticatable ring signcryption scheme is not secure against chosen plaintext attacks.Furthermore, we propose an improved scheme that remedies the weakness of the Zhang-Yang-Zhu-Zhang scheme.The improved scheme has shorter ciphertext size than the Zhang-Yang-Zhu-Zhang scheme.We then prove that the improved scheme satisfies confidentiality, unforgeability, anonymity and authenticatability.展开更多
With the development of quantum computer, multivariate public key cryptography withstanding quantum attack has became one of the research focus. The existed signcryption schemes from discrete logarithm and bilinear pa...With the development of quantum computer, multivariate public key cryptography withstanding quantum attack has became one of the research focus. The existed signcryption schemes from discrete logarithm and bilinear paring are facing the serious threats. Based on multivariate public key cryptography, a new certificateless multi-receiver hybrid signcryption scheme has been proposed. The proposal reduced the cipher text and could handle arbitrary length messages by employing randomness reusing and hybrid encryption, as well as keeping security. In the random oracle model, the scheme's confidentiality could withstand the IND-CCA2 adversary and its unforgeability could withstand the UF-CMA adversary under the hardness of multivariat quadratic (MQ) problem and isomorphism of polynomials (IP) assumption. It has less computation overhead and higher transmission efficiency than others. It reduced 33% cipher data compared with the existed similar scheme.展开更多
The emerging edge computing technology for the Internet of Things has been playing an important role in our daily life. It is promising to utilize a multi-receiver signcryption scheme to protect the transmission data ...The emerging edge computing technology for the Internet of Things has been playing an important role in our daily life. It is promising to utilize a multi-receiver signcryption scheme to protect the transmission data when an edge device broadcasts its sensing data to many different end devices at a time.There are several things to consider when we design a signcryption scheme. First existing schemes need to maintain a secure channel to generate the user private key, which may increase economic costs. Second the system private key of those schemes is kept secret by a single key generation center(KGC), and the single point of failure of KGC may compromise the whole system. For this, we propose a multi-receiver multimessage signcryption scheme without the secure channel. Firstly the scheme allows KGC to send secrets through the public channel, which reduces maintenance costs. Secondly, to eliminate the single point of failure, the scheme utilizes multiple KGCs to manage the system private key, and updates the secret of each KGC periodically to resist advanced persistent threat attacks. We demonstrate that the proposed scheme can achieve expected security properties. Performance analysis shows that it is with shorter ciphertext length and higher efficiency.展开更多
基金This work is supported by National Natural Science Foundation of China (61572521, 61272492), Natural Science Basic Research Plan in Shaanxi Province of China (2015JM6353) and Foundation Funding Research Project of Engineering University of Chinese Armed Police Force (WJY201523).
文摘In the driven of big data, social computing and information security is undergoing rapid development and beginning to cross. This paper describes a key-policy attribute-based signcryption scheme which has less computation costs than existing similar schemes by utilizing secure outsourcing of scientific computation in cloud computing and eliminates overhead for users, the ciphertext is short, compact, the correctness of transformation algorithm is verifiable. The decrease of ciphertext is 17 %. Additionally, new scheme remits the key escrow problem and is proven selective security in the standard model, it could be verified publicly, applied in mobile devices.
基金supported in part by the National Key Research and Development Program of China under Grant No.2021YFB3101100in part by the National Natural Science Foundation of China under Grant 62272123,62272102,62272124+2 种基金in part by the Project of High-level Innovative Talents of Guizhou Province under Grant[2020]6008in part by the Science and Technology Program of Guizhou Province under Grant No.[2020]5017,No.[2022]065in part by the Guangxi Key Laboratory of Cryptography and Information Security under Grant GCIS202105。
文摘Federated learning combines with fog computing to transform data sharing into model sharing,which solves the issues of data isolation and privacy disclosure in fog computing.However,existing studies focus on centralized single-layer aggregation federated learning architecture,which lack the consideration of cross-domain and asynchronous robustness of federated learning,and rarely integrate verification mechanisms from the perspective of incentives.To address the above challenges,we propose a Blockchain and Signcryption enabled Asynchronous Federated Learning(BSAFL)framework based on dual aggregation for cross-domain scenarios.In particular,we first design two types of signcryption schemes to secure the interaction and access control of collaborative learning between domains.Second,we construct a differential privacy approach that adaptively adjusts privacy budgets to ensure data privacy and local models'availability of intra-domain user.Furthermore,we propose an asynchronous aggregation solution that incorporates consensus verification and elastic participation using blockchain.Finally,security analysis demonstrates the security and privacy effectiveness of BSAFL,and the evaluation on real datasets further validates the high model accuracy and performance of BSAFL.
基金supported by National Natural Science Foundation of China.
文摘Attribute-Based Signature(ABS)is a powerful cryptographic primitive that enables fine-grained access control in distributed systems.However,its high computational cost makes it unsuitable for resource-constrained environments,and traditional monotonic access structures are inadequate for handling increasingly complex access policies.In this paper,we propose a novel smart contract-assisted ABS(SC-ABS)algorithm that supports nonmonotonic access structures,aiming to reduce client computing overhead while providingmore expressive and flexible access control.The SC-ABS scheme extends the monotonic access structure by introducing the concept of negative attributes,allowing for more complex and dynamic access policies.By utilizing smart contracts,the algorithmsupports distributed trusted assisted computation,and the computation code is transparent and auditable.Importantly,this design allows information about user attributes to be deployed on smart contracts for computation,both reducing the risk of privacy abuse by semi-honest servers and preventing malicious users from attribute concealment to forge signatures.We prove that SC-ABS satisfies unforgeability and anonymity under a random oracle model,and test the scheme’s cost.Comparedwith existing schemes,this scheme has higher efficiency in client signature and authentication.This scheme reduces the computing burden of users,and the design of smart contracts improves the security of aided computing further,solves the problem of attribute concealment,and expresses a more flexible access structure.The solution enables permission control applications in resource-constrained distributed scenarios,such as the Internet of Things(IoT)and distributed version control systems,where data security and flexible access control are critical.
文摘Attribute-based encryption(ABE)is a cryptographic framework that provides flexible access control by allowing encryption based on user attributes.ABE is widely applied in cloud storage,file sharing,e-Health,and digital rightsmanagement.ABE schemes rely on hard cryptographic assumptions such as pairings and others(pairingfree)to ensure their security against external and internal attacks.Internal attacks are carried out by authorized users who misuse their access to compromise security with potentially malicious intent.One common internal attack is the attribute collusion attack,in which users with different attribute keys collaborate to decrypt data they could not individually access.This paper focuses on the ciphertext-policy ABE(CP-ABE),a type of ABE where ciphertexts are produced with access policies.Our firstwork is to carry out the attribute collusion attack against several existing pairingfree CP-ABE schemes.As a main contribution,we introduce a novel attack,termed the anonymous key-leakage attack,concerning the context in which users could anonymously publish their secret keys associated with certain attributes on public platforms without the risk of detection.This kind of internal attack has not been defined or investigated in the literature.We then show that several prominent pairing-based CP-ABE schemes are vulnerable to this attack.We believe that this work will contribute to helping the community evaluate suitable CP-ABE schemes for secure deployment in real-life applications.
基金funded by Princess Nourah bint Abdulrahman UniversityResearchers Supporting Project number (PNURSP2024R408), Princess Nourah bint AbdulrahmanUniversity, Riyadh, Saudi Arabia.
文摘A basic procedure for transforming readable data into encoded forms is encryption, which ensures security when the right decryption keys are used. Hadoop is susceptible to possible cyber-attacks because it lacks built-in security measures, even though it can effectively handle and store enormous datasets using the Hadoop Distributed File System (HDFS). The increasing number of data breaches emphasizes how urgently creative encryption techniques are needed in cloud-based big data settings. This paper presents Adaptive Attribute-Based Honey Encryption (AABHE), a state-of-the-art technique that combines honey encryption with Ciphertext-Policy Attribute-Based Encryption (CP-ABE) to provide improved data security. Even if intercepted, AABHE makes sure that sensitive data cannot be accessed by unauthorized parties. With a focus on protecting huge files in HDFS, the suggested approach achieves 98% security robustness and 95% encryption efficiency, outperforming other encryption methods including Ciphertext-Policy Attribute-Based Encryption (CP-ABE), Key-Policy Attribute-Based Encryption (KB-ABE), and Advanced Encryption Standard combined with Attribute-Based Encryption (AES+ABE). By fixing Hadoop’s security flaws, AABHE fortifies its protections against data breaches and enhances Hadoop’s dependability as a platform for processing and storing massive amounts of data.
基金funded by the Ministry of Higher Education Malaysia,Fundamental Research Grant Scheme(FRGS),FRGS/1/2024/ICT07/UPNM/02/1.
文摘The rapid progression of the Internet of Things(IoT)technology enables its application across various sectors.However,IoT devices typically acquire inadequate computing power and user interfaces,making them susceptible to security threats.One significant risk to cloud networks is Distributed Denial-of-Service(DoS)attacks,where attackers aim to overcome a target system with excessive data and requests.Among these,low-rate DoS(LR-DoS)attacks present a particular challenge to detection.By sending bursts of attacks at irregular intervals,LR-DoS significantly degrades the targeted system’s Quality of Service(QoS).The low-rate nature of these attacks confuses their detection,as they frequently trigger congestion control mechanisms,leading to significant instability in IoT systems.Therefore,to detect the LR-DoS attack,an innovative deep-learning model has been developed for this research work.The standard dataset is utilized to collect the required data.Further,the deep feature extraction process is executed using the Residual Autoencoder with Sparse Attention(ResAE-SA),which helps derive the significant feature required for detection.Ultimately,the Adaptive Dense Recurrent Neural Network(ADRNN)is implemented to detect LR-DoS effectively.To enhance the detection process,the parameters present in the ADRNN are optimized using the Renovated Random Attribute-based Fennec Fox Optimization(RRA-FFA).The proposed optimization reduces the False Discovery Rate and False Positive Rate,maximizing the Matthews Correlation Coefficient from 23,70.8,76.2,84.28 in Dataset 1 and 70.28,73.8,74.1,82.6 in Dataset 2 on EPC-ADRNN,DPO-ADRNN,GTO-ADRNN,FFA-ADRNN respectively to 95.8 on Dataset 1 and 91.7 on Dataset 2 in proposed model.At batch size 4,the accuracy of the designed RRA-FFA-ADRNN model progressed by 9.2%to GTO-ADRNN,11.6%to EFC-ADRNN,10.9%to DPO-ADRNN,and 4%to FFA-ADRNN for Dataset 1.The accuracy of the proposed RRA-FFA-ADRNN is boosted by 12.9%,9.09%,11.6%,and 10.9%over FFCNN,SVM,RNN,and DRNN,using Dataset 2,showing a better improvement in accuracy with that of the proposed RRA-FFA-ADRNN model with 95.7%using Dataset 1 and 94.1%with Dataset 2,which is better than the existing baseline models.
基金This work is partially supported by Natural Science Foundation of China (61103231,61272492, 61462408, 61103230), the Project funded by China Postdoctoral Science Foundation (2014M562445).
文摘An attribute-based generalized signcryption scheme based on bilinear pairing has been proposed. By changing attributes, encryption-only mode, signature-only mode, and signcryption mode can be switch adaptively. It shows that the scheme achieves the semantic security under the decisional bilinear Diffie- Hellman assumption and achieves the unforgeability under the computational Diffie-Hellman assumption. It is more efficient than traditional way and can be used to secure the big data in networks.
文摘Ciphertext-policy attribute-based encryption(CP-ABE) is widely employed for secure data sharing and access control. However, its dependence on a single authority introduces security and performance challenges. Despite the existence of multi-authority CPABE approaches, persistent issues such as single points of failure and high computation cost on the user side remain. This study proposes a novel solution named blockchain-based and decentralized attribute-based encryption(BDAE) for data sharing. BDAE enhances traditional scheme by integrating blockchain and distributed key generation technology. The scheme employs an(n, t) threshold secret sharing algorithm, coupled with the Pedersen verifiable secret sharing method, for attribute key generation. This combination ensures key credibility,facilitates joint attribute management, and addresses single bottleneck and key verification issues. Integrated into a blockchain system, the scheme utilizes smart contracts for fine-grained access control and outsourced computing. Blockchain's decentralization and access logs make data sharing tamper-resistant and auditable. Moreover, simulation comparisons demonstrate that the scheme effectively reduces decryption overhead on the user side, meeting practical application requirements.
基金The project is provided funding by the Natural Science Foundation of China(Nos.62272124,2022YFB2701400)the Science and Technology Program of Guizhou Province(No.[2020]5017)+3 种基金the Research Project of Guizhou University for Talent Introduction(No.[2020]61)the Cultivation Project of Guizhou University(No.[2019]56)the Open Fund of Key Laboratory of Advanced Manufacturing Technology,Ministry of Education,GZUAMT2021KF[01]the Postgraduate Innovation Program in Guizhou Province(No.YJSKYJJ[2021]028).
文摘Cloud-based services have powerful storage functions and can provide accurate computation.However,the question of how to guarantee cloud-based services access control and achieve data sharing security has always been a research highlight.Although the attribute-based proxy re-encryption(ABPRE)schemes based on number theory can solve this problem,it is still difficult to resist quantum attacks and have limited expression capabilities.To address these issues,we present a novel linear secret sharing schemes(LSSS)matrix-based ABPRE scheme with the fine-grained policy on the lattice in the research.Additionally,to detect the activities of illegal proxies,homomorphic signature(HS)technology is introduced to realize the verifiability of re-encryption.Moreover,the non-interactivity,unidirectionality,proxy transparency,multi-use,and anti-quantum attack characteristics of our system are all advantageous.Besides,it can efficiently prevent the loss of processing power brought on by repetitive authorisation and can enable precise and safe data sharing in the cloud.Furthermore,under the standard model,the proposed learning with errors(LWE)-based scheme was proven to be IND-sCPA secure.
基金the National Natural Science Foundation of China(Grant Numbers 622724786210245062102451).
文摘With the rapid advancement of cloud computing technology,reversible data hiding algorithms in encrypted images(RDH-EI)have developed into an important field of study concentrated on safeguarding privacy in distributed cloud environments.However,existing algorithms often suffer from low embedding capacities and are inadequate for complex data access scenarios.To address these challenges,this paper proposes a novel reversible data hiding algorithm in encrypted images based on adaptive median edge detection(AMED)and ciphertext-policy attributebased encryption(CP-ABE).This proposed algorithm enhances the conventional median edge detection(MED)by incorporating dynamic variables to improve pixel prediction accuracy.The carrier image is subsequently reconstructed using the Huffman coding technique.Encrypted image generation is then achieved by encrypting the image based on system user attributes and data access rights,with the hierarchical embedding of the group’s secret data seamlessly integrated during the encryption process using the CP-ABE scheme.Ultimately,the encrypted image is transmitted to the data hider,enabling independent embedding of the secret data and resulting in the creation of the marked encrypted image.This approach allows only the receiver to extract the authorized group’s secret data,thereby enabling fine-grained,controlled access.Test results indicate that,in contrast to current algorithms,the method introduced here considerably improves the embedding rate while preserving lossless image recovery.Specifically,the average maximum embedding rates for the(3,4)-threshold and(6,6)-threshold schemes reach 5.7853 bits per pixel(bpp)and 7.7781 bpp,respectively,across the BOSSbase,BOW-2,and USD databases.Furthermore,the algorithm facilitates permission-granting and joint-decryption capabilities.Additionally,this paper conducts a comprehensive examination of the algorithm’s robustness using metrics such as image correlation,information entropy,and number of pixel change rate(NPCR),confirming its high level of security.Overall,the algorithm can be applied in a multi-user and multi-level cloud service environment to realize the secure storage of carrier images and secret data.
基金supported by National Key Basic Research Program of China(973 program) under Grant No. 2011CB302903National Natural Science Foundation of China under Grant No.60873231,No.61073188+1 种基金China Postdoctoral Science Foundation under Grant No.20100471355Natural Science Foundation of Jiangsu Province under Grant No. BK2009426
文摘Ring signcryption enables a user to send a message confidentially and authentically to a specific receiver in an anonymous way.One of the main reasons for the slow adoption of identity-based cryptography is the inherent key escrow problem.In this paper a new certificateless ring signcryption scheme from pairings is presented.It is escrow free in that no KGC is able to decrypt ciphertexts itself.We then formally prove the security of the new scheme in the random oracle model IND-CCA2 and EUF-CMA.
基金Supported by the National Natural Science Foundation of China (60473029)
文摘Signcryption is a cryptographic primitive that performs signature and encryption simultaneously, at lower computational costs and communication overheads than the signature-then- encryption approach. In this paper, we propose an efficient multi-recipient signcryption scheme based on the bilinear pairings, which broadcasts a message to multiple users in a secure and authenticated manner. We prove its semantic security and unforgeability under the Gap Diffie-Hellman problem assumption in the random oracle model. The proposed scheme is more efficient than re-signcrypting a message n times using a signcryption scheme in terms of computational costs and communication overheads.
基金Supported by the National Natural Science Foundation of China (60573043)the Foundation of National Laboratory for Modern Communications (9140C1107010604)Youth Science and Technology Foundation of University of Electronic Science and Technology of China
文摘Signcryption is a cryptographic primitive that performs encryption and signature in a single logical step more efficiently than sign-then-encrypt approach. Till now, various kinds of signcryption schemes have been proposed. Among them, the requirement of signcrypter's privacy protection is needful in some practical applications. In this paper, a new identity-based anonymous signcryption scheme from hilinear pairings, which is the organic combination of identity-based ring signature and encryption scheme, is proposed. The proposed scheme is indistinguishable against the chosen ciphertext attack under the Decisional Bilinear Diffie-Hellman assumption in the random oracle model. Its unforgeability relies on the computational Diffieellman problem. Compared with the previous schemes, the new scheme is more efficient in computation.
基金supported by the National Natural Science Foundation of China under Grants No.61272499,No.10990011
文摘Signcryption, which was introduced by ZHEN~ is a cryptographic primitive that fulfils the functions of both digital signature and encryption and guarantees confidentiality, integrity and non-repudiation in a more effi- cient way. Certificateless signcryption and pro- xy signcryption in identity-based cryptography were proposed for different applications. Most of these schemes are constructed by bilinear pairings from elliptic curves. However, some schemes were recently presented without pai- rings. In this paper, we present a certificateless proxy identity-based signcryption scheme with- out bilinear pairings, which is efficient and secure.
基金supported by the National Grand Fundamental Research 973 Program of China under Grant No.2011CB302903 the National Natural Science Foundation of China under Grants No.61073188,No.61073115+1 种基金 the Key University Science Research Project of Jiangsu Province under Grant No.11KJA520002 the Priority Academic Program Development of Jiangsu Higher Education Institutions under Grant No.yx002001
文摘To reduce the size of certificate chains and the ciphertext size in secure routing protocols, a General Aggregate Signcryption Scheme (GASC) is presented. In GASC, an identity-based signcryption algorithm and an aggregate signature algorithm are combined in a practical and secure manner to form the general aggregate signcryption scheme's schema and concept, and a new secure, efficiently general aggregate signcryption scheme, which allows the aggregation of n distinct signcryptions by n distinct users on n distinct messages, is proposed. First, the correction of the GASC scheme is analyzed. Then, we formally prove the security of GASC in the random oracle models IND-CCA2 and EUF-CMA under the DBDHP assumption and the DLP assumption, respectively. The results show that the GASC scheme is not only secure against any probabilistic polynomial-time IND-GASC-CCA2 and EUF-GASC-CMA adversary in the random oracle models but also efficient in pairing ê computations. In addition, the GASC scheme gives an effective remedy to the key escrow problem, which is an inherent issue in IBC by splitting the private key into two parts, and reduces the communication complexity by eliminating the interaction among the senders (signers) before the signcryption generation.
文摘In this paper, we point out that Libert and Quisquater’s signcryption scheme cannot provide public verifiability. Then we present a new identity based signcryption scheme using quadratic residue and pairings over elliptic curves. It combines the functionalities of both public verifiability and forward security at the same time. Under the Bilinear Diffie-Hellman and quadratic residue assumption, we describe the new scheme that is more secure and can be some-what more efficient than Libert and Quisquater’s one.
基金Supported by the Ministry of Railways Foundation of Science and Technology Development (2007X001-E)
文摘In a blind signcryption, besides the functions of digital signature and encryption algorithm for authentication and confidentiality, a user can delegates another user's capability with the anonymity of the participants guaranteed. Some blind signcryptions were proposed but without a blind signcryption with public public verifiability. In this paper, verifiability that is proved to be efficient and secure is proposed. Through the security analysis, we proved that the scheme can offer confidentiality, integrity, unforgeability, non-repudiation and public verifiability. The coming research direction is also summarized.
基金the National Natural Science Foundation of China (No. 60673075)the National High Technology Research and Development Program (863) of China (No. 2006AA01Z428)the State Key Laboratoryof Information Security,and the Youth Science and Technology Foundation of UESTC
文摘We show that the Zhang-Yang-Zhu-Zhang identity-based authenticatable ring signcryption scheme is not secure against chosen plaintext attacks.Furthermore, we propose an improved scheme that remedies the weakness of the Zhang-Yang-Zhu-Zhang scheme.The improved scheme has shorter ciphertext size than the Zhang-Yang-Zhu-Zhang scheme.We then prove that the improved scheme satisfies confidentiality, unforgeability, anonymity and authenticatability.
基金Supported by the National Natural Science Foundation of China(61103231,61103230,61272492,61202492)the Project Funded by China Postdoctoral Science Foundation and Natural Science Basic Research Plan in Shaanxi Province of China(2014JQ8358,2014JQ8307,2014JM8300)
文摘With the development of quantum computer, multivariate public key cryptography withstanding quantum attack has became one of the research focus. The existed signcryption schemes from discrete logarithm and bilinear paring are facing the serious threats. Based on multivariate public key cryptography, a new certificateless multi-receiver hybrid signcryption scheme has been proposed. The proposal reduced the cipher text and could handle arbitrary length messages by employing randomness reusing and hybrid encryption, as well as keeping security. In the random oracle model, the scheme's confidentiality could withstand the IND-CCA2 adversary and its unforgeability could withstand the UF-CMA adversary under the hardness of multivariat quadratic (MQ) problem and isomorphism of polynomials (IP) assumption. It has less computation overhead and higher transmission efficiency than others. It reduced 33% cipher data compared with the existed similar scheme.
基金supported by National Key Research and Development Program of China (2020YFB1005404)National Natural Science Foundation of China (62172010)Henan Province Higher Education Key Research Project (22A520048)。
文摘The emerging edge computing technology for the Internet of Things has been playing an important role in our daily life. It is promising to utilize a multi-receiver signcryption scheme to protect the transmission data when an edge device broadcasts its sensing data to many different end devices at a time.There are several things to consider when we design a signcryption scheme. First existing schemes need to maintain a secure channel to generate the user private key, which may increase economic costs. Second the system private key of those schemes is kept secret by a single key generation center(KGC), and the single point of failure of KGC may compromise the whole system. For this, we propose a multi-receiver multimessage signcryption scheme without the secure channel. Firstly the scheme allows KGC to send secrets through the public channel, which reduces maintenance costs. Secondly, to eliminate the single point of failure, the scheme utilizes multiple KGCs to manage the system private key, and updates the secret of each KGC periodically to resist advanced persistent threat attacks. We demonstrate that the proposed scheme can achieve expected security properties. Performance analysis shows that it is with shorter ciphertext length and higher efficiency.
