This paper proposes an identity-based encryption scheme with the help of bilinear pairings, where the identity information of a user functions as the user's public key. The advantage of an identity-based public key s...This paper proposes an identity-based encryption scheme with the help of bilinear pairings, where the identity information of a user functions as the user's public key. The advantage of an identity-based public key system is that it can avoid public key certificates and certificate management. Our identity-based encryption scheme enjoys short ciphertexts and provable security against chosen-ciphertext attack (CCA).展开更多
For leakage-resilient ciphertext-policy attribute-based encryption (CP-ABE) at present, the size of the ciphertexts in most of them relies on the number of attributes. How to overcome this shortcoming is a challenge...For leakage-resilient ciphertext-policy attribute-based encryption (CP-ABE) at present, the size of the ciphertexts in most of them relies on the number of attributes. How to overcome this shortcoming is a challenge problem. Based on the Goldreich-Levin theorem and dual system encryption, an efficient CP-ABE scheme with constant size ciphertexts is proposed in this paper. It can tolerate leakage on master secret key and attribute-based secret keys with auxiliary inputs. Furthermore, the proposed scheme can be realized as resilience against continual leakage if keys are periodically updated. Under some static assumptions instead of other strong assumptions, the introduced scheme achieves adaptively security in the standard model.展开更多
Attribute-based broadcast encryption(ABBE) under continual auxiliary leakage-resilient(CALR) model can enhance the security of the shared data in broadcasting system since CALR model brings the possibility of new leak...Attribute-based broadcast encryption(ABBE) under continual auxiliary leakage-resilient(CALR) model can enhance the security of the shared data in broadcasting system since CALR model brings the possibility of new leakage-resilient(LR) guarantees. However, there are many shortcomings in the existing works, such as relying on the strong assumptions, low computational efficiency and large size of ciphertexts, etc. How to solve the trade-off between security and efficiency is a challenging problem at present. To solve these problems, this paper gives an ABBE scheme resisting continual auxiliary leakage(CAL) attack. ABBE scheme achieves constant size ciphertexts, and the computational complexity of decryption only depends on the number of receivers instead of the maximum number of receivers of the system. Additionally, it achieves adaptive security in the standard model where the security is reduced to the general subgroup decision(GSD) assumptions(or called static assumptions in the subgroup). Furthermore, it can tolerate leakage on the master secret key and private key with continual auxiliary inputs. Performance analysis shows that the proposed scheme is more efficient and practical than the available schemes.展开更多
Ciphertext data retrieval in cloud databases suffers from some critical limitations,such as inadequate security measures,disorganized key management practices,and insufficient retrieval access control capabilities.To ...Ciphertext data retrieval in cloud databases suffers from some critical limitations,such as inadequate security measures,disorganized key management practices,and insufficient retrieval access control capabilities.To address these problems,this paper proposes an enhanced Fully Homomorphic Encryption(FHE)algorithm based on an improved DGHV algorithm,coupled with an optimized ciphertext retrieval scheme.Our specific contributions are outlined as follows:First,we employ an authorization code to verify the user’s retrieval authority and perform hierarchical access control on cloud storage data.Second,a triple-key encryption mechanism,which separates the data encryption key,retrieval authorization key,and retrieval key,is designed.Different keys are provided to different entities to run corresponding system functions.The key separation architecture proves particularly advantageous in multi-verifier coexistence scenarios,environments involving untrusted third-party retrieval services.Finally,the enhanced DGHV-based retrieval mechanism extends conventional functionality by enabling multi-keyword queries with similarity-ranked results,thereby significantly improving both the functionality and usability of the FHE system.展开更多
Tag key encapsulation mechanism (Tag-KEM)/data encapsulation mechanism (DEM) is a hybrid framework proposed in 2005. Tag-t(EM is one of its parts by using public-key encryption (PKE) technique to encapsulate a ...Tag key encapsulation mechanism (Tag-KEM)/data encapsulation mechanism (DEM) is a hybrid framework proposed in 2005. Tag-t(EM is one of its parts by using public-key encryption (PKE) technique to encapsulate a symmetric key. In hybrid encryptions, the long-raessage PKE is not desired due to its slow operation. A general method is presented for constructing Tag-KEM schemes with short-message PKEs. The chosen ciphertext security is proved in the random oracle model. In the method, the treatment of the tag part brings no additional ciphertext redundancy. Among all the methods for constructing Tag-KEM, the method is the first one without any validity checking on the tag part, thus showing that the Tag-KEM/DEM framework is superior to KEM+DEM one.展开更多
Security insurance is a paramount cloud services issue in the most recent decade. Therefore, Mapreduce which is a programming framework for preparing and creating huge data collections should be optimized and securely...Security insurance is a paramount cloud services issue in the most recent decade. Therefore, Mapreduce which is a programming framework for preparing and creating huge data collections should be optimized and securely implemented. But, conventional operations on ciphertexts were not relevant. So there is a foremost need to enable particular sorts of calculations to be done on encrypted data and additionally optimize data processing at the Map stage. Thereby schemes like (DGHV) and (Gen 10) are presented to address data privacy issue. However private encryption key (DGHV) or key’s parameters (Gen 10) are sent to untrusted cloud server which compromise the information security insurance. Therefore, in this paper we propose an optimized homomorphic scheme (Op_FHE_SHCR) which speed up ciphertext (Rc) retrieval and addresses metadata dynamics and authentication through our secure Anonymiser agent. Additionally for the efficiency of our proposed scheme regarding computation cost and security investigation, we utilize a scalar homomorphic approach instead of applying a blinding probabilistic and polynomial-time calculation which is computationally expensive. Doing as such, we apply an optimized ternary search tries (TST) algorithm in our metadata repository which utilizes Merkle hash tree structure to manage metadata authentication and dynamics.展开更多
In most existing CP-ABE schemes, there is only one authority in the system and all the public keys and private keys are issued by this authority, which incurs ciphertext size and computation costs in the encryption an...In most existing CP-ABE schemes, there is only one authority in the system and all the public keys and private keys are issued by this authority, which incurs ciphertext size and computation costs in the encryption and decryption operations that depend at least linearly on the number of attributes involved in the access policy. We propose an efficient multi-authority CP-ABE scheme in which the authorities need not interact to generate public information during the system initialization phase. Our scheme has constant ciphertext length and a constant number of pairing computations. Our scheme can be proven CPA-secure in random oracle model under the decision q-BDHE assumption. When user's attributes revocation occurs, the scheme transfers most re-encryption work to the cloud service provider, reducing the data owner's computational cost on the premise of security. Finally the analysis and simulation result show that the schemes proposed in this thesis ensure the privacy and secure access of sensitive data stored in the cloud server, and be able to cope with the dynamic changes of users' access privileges in large-scale systems. Besides, the multi-authority ABE eliminates the key escrow problem, achieves the length of ciphertext optimization and enhances the effi ciency of the encryption and decryption operations.展开更多
Public key encryption scheme with keyword search (PEKS) enables us to search the encrypted data in a cloud server with a keyword, and no one can obtain any infor- mation about the encrypted data without the trapdoor...Public key encryption scheme with keyword search (PEKS) enables us to search the encrypted data in a cloud server with a keyword, and no one can obtain any infor- mation about the encrypted data without the trapdoor corresponding to the keyword. The PEKS is useful to keep the management of large data storages secure such as those in a cloud. In this paper, to protect against quantum computer attacks, we present a lattice-based identity-based encryption scheme with key- word search. We have proved that our scheme can achieve ciphertext indistinguishability in the random oracle model, and our scheme can also achieve trapdoor security. In particular, our scheme can designate a unique tester to test and return the search results, therefore it does not need a secure channel. To the best of our knowledge, our scheme is the first iden- tity-based encryption scheme with keyword search from lattice assumption.展开更多
In order to guarantee the user's privacy and the integrity of data when retrieving ciphertext in an untrusted cloud environment, an improved ciphertext retrieval scheme was proposed based on full homomorphic encry...In order to guarantee the user's privacy and the integrity of data when retrieving ciphertext in an untrusted cloud environment, an improved ciphertext retrieval scheme was proposed based on full homomorphic encryption. This scheme can encrypt two bits one time and improve the efficiency of retrieval. Moreover, it has small key space and reduces the storage space. Meanwhile, the homomorphic property of this scheme was proved in detail. The experimental results and comparisons show that the proposed scheme is characterized by increased security, high efficiency and low cost.展开更多
Due to its characteristics distribution and virtualization, cloud storage also brings new security problems. User's data is stored in the cloud, which separated the ownership from management. How to ensure the securi...Due to its characteristics distribution and virtualization, cloud storage also brings new security problems. User's data is stored in the cloud, which separated the ownership from management. How to ensure the security of cloud data, how to increase data availability and how to improve user privacy perception are the key issues of cloud storage research, especially when the cloud service provider is not completely trusted. In this paper, a cloud storage ciphertext retrieval scheme based on AES and homomorphic encryption is presented. This ciphertext retrieval scheme will not only conceal the user retrieval information, but also prevent the cloud from obtaining user access pattern such as read-write mode, and access frequency, thereby ensuring the safety of the ciphertext retrieval and user privacy. The results of simulation analysis show that the performance of this ciphertext retrieval scheme requires less overhead than other schemes on the same security level.展开更多
To give concurrent consideration both the efficiency and the security(intensity of intractable problem) in the standard model,a chosen ciphertext secure identity-based broadcast encryption is proposed.Against the chos...To give concurrent consideration both the efficiency and the security(intensity of intractable problem) in the standard model,a chosen ciphertext secure identity-based broadcast encryption is proposed.Against the chosen ciphertext security model,by using identity(ID) sequence and adding additional information in ciphertext,the self-adaptive chosen identity security(the full security) and the chosen ciphertext security are gained simultaneously.The reduction of scheme's security is the decisional bilinear Diffie-Hellman(BDH) intractable assumption,and the proof of security shows that the proposed scheme is indistinguishable against adaptive chosen ciphertext attacks in the standard model under the decisional BDH intractable assumption.So the security level is improved,and it is suitable for higher security environment.展开更多
Recently,there has been a sudden shift from using traditional office applications to the collaborative cloud-based office suite such as Microsoft Office 365.Such cloud-based systems allow users to work together on the...Recently,there has been a sudden shift from using traditional office applications to the collaborative cloud-based office suite such as Microsoft Office 365.Such cloud-based systems allow users to work together on the same docu-ment stored in a cloud server at once,by which users can effectively collaborate with each other.However,there are security concerns unsolved in using cloud col-laboration.One of the major concerns is the security of data stored in cloud ser-vers,which comes from the fact that data that multiple users are working together cannot be stored in encrypted form because of the dynamic characteristic of cloud collaboration.In this paper,we propose a novel mode of operation,DL-ECB,for AES by which we can modify,insert,and delete the ciphertext based on changes in plaintext.Therefore,we can use encrypted data in collaborative cloud-based platforms.To demonstrate that the DL-ECB mode can preserve the confidential-ity,integrity,and auditability of data used in collaborative cloud systems from adversaries,we implement and evaluate the prototype of the DL-ECB mode.展开更多
With the increasing interconnection of computer networks and sophistication of cyber-attacks, Cryptography is one way to make sure that confidentiality, authentication, integrity, availability, and identification of d...With the increasing interconnection of computer networks and sophistication of cyber-attacks, Cryptography is one way to make sure that confidentiality, authentication, integrity, availability, and identification of data user can be maintained as well as security and privacy of data provided to the user. Symmetric key cryptography is a part of the cryptographic technique which ensures high security and confidentiality of data transmitted through the communication channel using a common key for both encryption and decryption. In this paper I have analyzed comparative encryption algorithms in performance, three most useful algorithms: Data Encryption Standard (DES), Triple DES (3DES) also known as Triple Data Encryption Algorithm (TDEA), and Advanced Encryption Standard (AES). They have been analyzed on their ability to secure data, time taken to encrypt data and throughput the algorithm requires. The performance of different algorithms differs according to the inputs.展开更多
Many symmetric and asymmetric encryption algorithms have been developed in cloud computing to transmit data in a secure form.Cloud cryptography is a data encryption mechanism that consists of different steps and preve...Many symmetric and asymmetric encryption algorithms have been developed in cloud computing to transmit data in a secure form.Cloud cryptography is a data encryption mechanism that consists of different steps and prevents the attacker from misusing the data.This paper has developed an efficient algorithm to protect the data from invaders and secure the data from misuse.If this algorithm is applied to the cloud network,the attacker will not be able to access the data.To encrypt the data,the values of the bytes have been obtained by converting the plain text to ASCII.A key has been generated using the Non-Deterministic Bit Generator(NRBG)mechanism,and the key is XNORed with plain text bits,and then Bit toggling has been implemented.After that,an efficient matrix cipher encryption algorithm has been developed,and this algorithm has been applied to this text.The capability of this algorithm is that with its help,a key has been obtained from the plain text,and only by using this key can the data be decrypted in the first steps.A plain text key will never be used for another plain text.The data has been secured by implementing different mechanisms in both stages,and after that,a ciphertext has been obtained.At the end of the article,the latest technique will be compared with different techniques.There will be a discussion on how the present technique is better than all the other techniques;then,the conclusion will be drawn based on comparative analysis.展开更多
A novel broadcast encryption scheme for group communication scenarios in distributed networks is presented. In the scheme, anyone is allowed to encrypt a message and distribute it to a designated group. Each member in...A novel broadcast encryption scheme for group communication scenarios in distributed networks is presented. In the scheme, anyone is allowed to encrypt a message and distribute it to a designated group. Each member in the designated group has the ability to independently decrypt a ciphertext. In contrast to traditional broadcast encryption, all the valid receivers in the proposed scheme compose the designated group. To take advantage of this property, a tab for the group is set and the matching private key for each member is generated. In addition, before decrypting a ciphertext, anyone in the scheme can verify the ciphertext, to ensure that the ciphertext is correct. This property is very important for large-scale group communication, as the gateway can filter incorrect ciphertext and alleviate the receiver's workload. Finally, a proof in the random oracle model is given, to show that the proposed scheme is secure against the adaptively chosen ciphertext attack.展开更多
The Internet of Things(IoT)has allowed for significant advancements in applications not only in the home,business,and environment,but also in factory automation.Industrial Internet of Things(IIoT)brings all of the ben...The Internet of Things(IoT)has allowed for significant advancements in applications not only in the home,business,and environment,but also in factory automation.Industrial Internet of Things(IIoT)brings all of the benefits of the IoT to industrial contexts,allowing for a wide range of applications ranging from remote sensing and actuation to decentralization and autonomy.The expansion of the IoT has been set by serious security threats and obstacles,and one of the most pressing security concerns is the secure exchange of IoT data and fine-grained access control.A privacypreserving multi-dimensional secure query technique for fog-enhanced IIoT was proposed in light of the fact that most existing range query schemes for fog-enhanced IoT cannot provide both multi-dimensional query and privacy protection.The query matrix was then decomposed using auxiliary vectors,and the auxiliary vectorwas then processed usingBGNhomomorphic encryption to create a query trapdoor.Finally,the query trapdoor may be matched to its sensor data using the homomorphic computation used by an IoT device terminal.With the application of particular auxiliary vectors,the spatial complexity might be efficiently decreased.The homomorphic encryption property might ensure the security of sensor data and safeguard the privacy of the user’s inquiry mode.The results of the experiments reveal that the computing and communication expenses are modest.展开更多
The cloud allows clients to store and share data.Depending on the user’s needs,it is imperative to design an effective access control plan to share the information only with approved users.The user loses control of t...The cloud allows clients to store and share data.Depending on the user’s needs,it is imperative to design an effective access control plan to share the information only with approved users.The user loses control of their data when the data is outsourced to the cloud.Therefore,access control mechanisms will become a significant challenging problem.The Ciphertext-Policy Attribute-Based Encryption(CP-ABE)is an essential solution in which the user can control data access.CP-ABE encrypts the data under a limited access policy after the user sets some access policies.The user can decrypt the data if they satisfy the limited access policy.Although CP-ABE is an effective access control program,the privacy of the policy might be compromised by the attackers.Namely,the attackers can gather important information from plain text policy.To address this issue,the SHA-512 algorithm is presented to create a hash code for the user’s attributes in this paper.Depending on the created hash codes,an access policy will be formed.It leads to protecting the access policy against attacks.The effectiveness of the proposed scheme is assessed based on decryption time,private key generation time,ciphertext generation time,and data verification time.展开更多
Strong security in public key cryptography is not enongh; the encryption has to be achieved in an efficient way. OAEP or SAEP is only suitable for special applications (e. g. key transport), and securely transportin...Strong security in public key cryptography is not enongh; the encryption has to be achieved in an efficient way. OAEP or SAEP is only suitable for special applications (e. g. key transport), and securely transporting message of any length is a challenge. Motivated by the hybrid encryption, we present a practical approach to achieve the (adaptively) chosen eiphertext security. The time cost of encryption/decryption of proposed scheme is similar to OAEP and the bandwidth of message recovery is 92% for standard security parameter, while RSA-OAEP is 84%. The scheme is also provably secure against adaptively chosen ciphertext attacks in the random oracle model. We conclude that the approach is practical in more extensive application.展开更多
Currently,data security mainly relies on password(PW)or system channel key(SKCH)to encrypt data before they are sent,no matter whether in broadband networks,the 5th generation(5G)mobile communications,satellite commun...Currently,data security mainly relies on password(PW)or system channel key(SKCH)to encrypt data before they are sent,no matter whether in broadband networks,the 5th generation(5G)mobile communications,satellite communications,and so on.In these environments,a fixed password or channel key(e.g.,PW/SKCH)is often adopted to encrypt different data,resulting in security risks since thisPW/SKCH may be solved after hackers collect a huge amount of encrypted data.Actually,the most popularly used security mechanism Advanced Encryption Standard(AES)has its own problems,e.g.,several rounds have been solved.On the other hand,if data protected by the same PW/SKCH at different time points can derive different data encryption parameters,the system’s security level will be then greatly enhanced.Therefore,in this study,a security scheme,named Wrapping Encryption Based on Double Randomness Mechanism(WEBDR),is proposed by integrating a password key(or a system channel key)and an Initialization Vector(IV)to generate an Initial Encryption Key(IEK).Also,an Accumulated Shifting Substitution(ASS)function and a three-dimensional encryption method are adopted to produce a set of keys.Two randomness encryption mechanisms are developed.The first generates system sub-keys and calculates the length of the first pseudo-random numbers by employing IEK for providing subsequent encryption/decryption.The second produces a random encryption key and a sequence of internal feedback codes and computes the length of the second pseudo-random numbers for encrypting delivered messages.A wrapped mechanism is further utilized to pack a ciphertext file so that a wrapped ciphertext file,rather than the ciphertext,will be produced and then transmitted to its destination.The findings are as follows.Our theoretic analyses and simulations demonstrate that the security of the WEBDR in cloud communication has achieved its practical security.Also,AES requires 176 times exclusive OR(XOR)operations for both encryption and decryption,while the WEBDR consumes only 3 operations.That is why the WEBDR is 6.7∼7.09 times faster than the AES,thus more suitable for replacing the AES to protect data transmitted between a cloud system and its users.展开更多
As the use of cloud storage for various services increases,the amount of private personal information along with data stored in the cloud storage is also increasing.To remotely use the data stored on the cloud storage...As the use of cloud storage for various services increases,the amount of private personal information along with data stored in the cloud storage is also increasing.To remotely use the data stored on the cloud storage,the data to be stored needs to be encrypted for this reason.Since“searchable encryption”is enable to search on the encrypted data without any decryption,it is one of convenient solutions for secure data management.A public key encryption with keyword search(for short,PEKS)is one of searchable encryptions.Abdalla et al.firstly defined IND-CCA security for PEKS to enhance it’s security and proposed consistent IND-CCA secure PEKS based on the“robust”ANO-CCA secure identity-based encryption(IBE).In this paper,we propose two generic constructions of consistent IND-CCA secure PEKS combining(1)a hierarchical identity based encryption(for short,HIBE)and a signature scheme or(2)a HIBE,an encapsulation,and a message authentication code(for short,MAC)scheme.Our generic constructions identify that HIBE requires the security of a signature or a MAC as well as the weaker“ANO-CPA security(resp.,IND-CPA security)”of HIBE than“ANOCCA security(resp.,IND-CCA security)”of IBE required in for achieving IND-CCA secure(resp.,consistent)PEKS.Finally,we prove that our generic constructions satisfy IND-CCA security and consistency under the security models.展开更多
基金the National Natural Science Foundation of China(Nos.60673077,60873229)
文摘This paper proposes an identity-based encryption scheme with the help of bilinear pairings, where the identity information of a user functions as the user's public key. The advantage of an identity-based public key system is that it can avoid public key certificates and certificate management. Our identity-based encryption scheme enjoys short ciphertexts and provable security against chosen-ciphertext attack (CCA).
基金supported in part by the Nature Science Foundation of China (61472307, 61402112, 61100165, 61100231)Natural Science Basic Research Plan in Shaanxi Province of China (2016JM6004)
文摘For leakage-resilient ciphertext-policy attribute-based encryption (CP-ABE) at present, the size of the ciphertexts in most of them relies on the number of attributes. How to overcome this shortcoming is a challenge problem. Based on the Goldreich-Levin theorem and dual system encryption, an efficient CP-ABE scheme with constant size ciphertexts is proposed in this paper. It can tolerate leakage on master secret key and attribute-based secret keys with auxiliary inputs. Furthermore, the proposed scheme can be realized as resilience against continual leakage if keys are periodically updated. Under some static assumptions instead of other strong assumptions, the introduced scheme achieves adaptively security in the standard model.
基金supported by the National Cryptography Development Fund ( MMJJ20180209)。
文摘Attribute-based broadcast encryption(ABBE) under continual auxiliary leakage-resilient(CALR) model can enhance the security of the shared data in broadcasting system since CALR model brings the possibility of new leakage-resilient(LR) guarantees. However, there are many shortcomings in the existing works, such as relying on the strong assumptions, low computational efficiency and large size of ciphertexts, etc. How to solve the trade-off between security and efficiency is a challenging problem at present. To solve these problems, this paper gives an ABBE scheme resisting continual auxiliary leakage(CAL) attack. ABBE scheme achieves constant size ciphertexts, and the computational complexity of decryption only depends on the number of receivers instead of the maximum number of receivers of the system. Additionally, it achieves adaptive security in the standard model where the security is reduced to the general subgroup decision(GSD) assumptions(or called static assumptions in the subgroup). Furthermore, it can tolerate leakage on the master secret key and private key with continual auxiliary inputs. Performance analysis shows that the proposed scheme is more efficient and practical than the available schemes.
基金supported by the Innovation Program for Quantum Science and technology(2021ZD0301300)supported by the Fundamental Research Funds for the Central Universities(Nos.3282024046,3282024052,3282024058,3282023017).
文摘Ciphertext data retrieval in cloud databases suffers from some critical limitations,such as inadequate security measures,disorganized key management practices,and insufficient retrieval access control capabilities.To address these problems,this paper proposes an enhanced Fully Homomorphic Encryption(FHE)algorithm based on an improved DGHV algorithm,coupled with an optimized ciphertext retrieval scheme.Our specific contributions are outlined as follows:First,we employ an authorization code to verify the user’s retrieval authority and perform hierarchical access control on cloud storage data.Second,a triple-key encryption mechanism,which separates the data encryption key,retrieval authorization key,and retrieval key,is designed.Different keys are provided to different entities to run corresponding system functions.The key separation architecture proves particularly advantageous in multi-verifier coexistence scenarios,environments involving untrusted third-party retrieval services.Finally,the enhanced DGHV-based retrieval mechanism extends conventional functionality by enabling multi-keyword queries with similarity-ranked results,thereby significantly improving both the functionality and usability of the FHE system.
基金Supported by the National Natural Science Foundation of China(60603010,60970120)~~
文摘Tag key encapsulation mechanism (Tag-KEM)/data encapsulation mechanism (DEM) is a hybrid framework proposed in 2005. Tag-t(EM is one of its parts by using public-key encryption (PKE) technique to encapsulate a symmetric key. In hybrid encryptions, the long-raessage PKE is not desired due to its slow operation. A general method is presented for constructing Tag-KEM schemes with short-message PKEs. The chosen ciphertext security is proved in the random oracle model. In the method, the treatment of the tag part brings no additional ciphertext redundancy. Among all the methods for constructing Tag-KEM, the method is the first one without any validity checking on the tag part, thus showing that the Tag-KEM/DEM framework is superior to KEM+DEM one.
文摘Security insurance is a paramount cloud services issue in the most recent decade. Therefore, Mapreduce which is a programming framework for preparing and creating huge data collections should be optimized and securely implemented. But, conventional operations on ciphertexts were not relevant. So there is a foremost need to enable particular sorts of calculations to be done on encrypted data and additionally optimize data processing at the Map stage. Thereby schemes like (DGHV) and (Gen 10) are presented to address data privacy issue. However private encryption key (DGHV) or key’s parameters (Gen 10) are sent to untrusted cloud server which compromise the information security insurance. Therefore, in this paper we propose an optimized homomorphic scheme (Op_FHE_SHCR) which speed up ciphertext (Rc) retrieval and addresses metadata dynamics and authentication through our secure Anonymiser agent. Additionally for the efficiency of our proposed scheme regarding computation cost and security investigation, we utilize a scalar homomorphic approach instead of applying a blinding probabilistic and polynomial-time calculation which is computationally expensive. Doing as such, we apply an optimized ternary search tries (TST) algorithm in our metadata repository which utilizes Merkle hash tree structure to manage metadata authentication and dynamics.
基金supported by National Natural Science Foundation of China under Grant No.60873231Natural Science Foundation of Jiangsu Province under Grant No.BK2009426+1 种基金Major State Basic Research Development Program of China under Grant No.2011CB302903Key University Science Research Project of Jiangsu Province under Grant No.11KJA520002
文摘In most existing CP-ABE schemes, there is only one authority in the system and all the public keys and private keys are issued by this authority, which incurs ciphertext size and computation costs in the encryption and decryption operations that depend at least linearly on the number of attributes involved in the access policy. We propose an efficient multi-authority CP-ABE scheme in which the authorities need not interact to generate public information during the system initialization phase. Our scheme has constant ciphertext length and a constant number of pairing computations. Our scheme can be proven CPA-secure in random oracle model under the decision q-BDHE assumption. When user's attributes revocation occurs, the scheme transfers most re-encryption work to the cloud service provider, reducing the data owner's computational cost on the premise of security. Finally the analysis and simulation result show that the schemes proposed in this thesis ensure the privacy and secure access of sensitive data stored in the cloud server, and be able to cope with the dynamic changes of users' access privileges in large-scale systems. Besides, the multi-authority ABE eliminates the key escrow problem, achieves the length of ciphertext optimization and enhances the effi ciency of the encryption and decryption operations.
基金supported by the National Natural Science Foundation of China (No.61370203)China Postdoctoral Science Foundation Funded Project (No.2017M623008)+1 种基金Scientific Research Starting Project of SWPU (No.2017QHZ023)State Scholarship Foundation of China Scholarship Council (No.201708515149)
文摘Public key encryption scheme with keyword search (PEKS) enables us to search the encrypted data in a cloud server with a keyword, and no one can obtain any infor- mation about the encrypted data without the trapdoor corresponding to the keyword. The PEKS is useful to keep the management of large data storages secure such as those in a cloud. In this paper, to protect against quantum computer attacks, we present a lattice-based identity-based encryption scheme with key- word search. We have proved that our scheme can achieve ciphertext indistinguishability in the random oracle model, and our scheme can also achieve trapdoor security. In particular, our scheme can designate a unique tester to test and return the search results, therefore it does not need a secure channel. To the best of our knowledge, our scheme is the first iden- tity-based encryption scheme with keyword search from lattice assumption.
基金Supported by the Research Program of Chongqing Education Commission(JK15012027,JK1601225)the Chongqing Research Program of Basic Research and Frontier Technology(cstc2017jcyjBX0008)+1 种基金the Graduate Student Research and Innovation Foundation of Chongqing(CYB17026)the Basic Applied Research Program of Qinghai Province(2019-ZJ-7099)
文摘In order to guarantee the user's privacy and the integrity of data when retrieving ciphertext in an untrusted cloud environment, an improved ciphertext retrieval scheme was proposed based on full homomorphic encryption. This scheme can encrypt two bits one time and improve the efficiency of retrieval. Moreover, it has small key space and reduces the storage space. Meanwhile, the homomorphic property of this scheme was proved in detail. The experimental results and comparisons show that the proposed scheme is characterized by increased security, high efficiency and low cost.
基金the National Natural Science Foundation of China under Grant,the Fundamental Research Funds for the Central Universities under Grant No.FRF-TP-14-046A2
文摘Due to its characteristics distribution and virtualization, cloud storage also brings new security problems. User's data is stored in the cloud, which separated the ownership from management. How to ensure the security of cloud data, how to increase data availability and how to improve user privacy perception are the key issues of cloud storage research, especially when the cloud service provider is not completely trusted. In this paper, a cloud storage ciphertext retrieval scheme based on AES and homomorphic encryption is presented. This ciphertext retrieval scheme will not only conceal the user retrieval information, but also prevent the cloud from obtaining user access pattern such as read-write mode, and access frequency, thereby ensuring the safety of the ciphertext retrieval and user privacy. The results of simulation analysis show that the performance of this ciphertext retrieval scheme requires less overhead than other schemes on the same security level.
基金the National Natural Science Foundation of China (No.60970119)the National Basic Research Program (973) of China (No.2007CB311201)
文摘To give concurrent consideration both the efficiency and the security(intensity of intractable problem) in the standard model,a chosen ciphertext secure identity-based broadcast encryption is proposed.Against the chosen ciphertext security model,by using identity(ID) sequence and adding additional information in ciphertext,the self-adaptive chosen identity security(the full security) and the chosen ciphertext security are gained simultaneously.The reduction of scheme's security is the decisional bilinear Diffie-Hellman(BDH) intractable assumption,and the proof of security shows that the proposed scheme is indistinguishable against adaptive chosen ciphertext attacks in the standard model under the decisional BDH intractable assumption.So the security level is improved,and it is suitable for higher security environment.
基金This work was supported in part by the Mid-Career Researcher and Basic Science Research Program through the National Research Foundation of Korea(NRF)funded by the Ministry of Science and ICT(MSIT)Future Planning under Grant NRF2020R1A2C2014336 and Grant NRF2021R1F1A105611511.
文摘Recently,there has been a sudden shift from using traditional office applications to the collaborative cloud-based office suite such as Microsoft Office 365.Such cloud-based systems allow users to work together on the same docu-ment stored in a cloud server at once,by which users can effectively collaborate with each other.However,there are security concerns unsolved in using cloud col-laboration.One of the major concerns is the security of data stored in cloud ser-vers,which comes from the fact that data that multiple users are working together cannot be stored in encrypted form because of the dynamic characteristic of cloud collaboration.In this paper,we propose a novel mode of operation,DL-ECB,for AES by which we can modify,insert,and delete the ciphertext based on changes in plaintext.Therefore,we can use encrypted data in collaborative cloud-based platforms.To demonstrate that the DL-ECB mode can preserve the confidential-ity,integrity,and auditability of data used in collaborative cloud systems from adversaries,we implement and evaluate the prototype of the DL-ECB mode.
文摘With the increasing interconnection of computer networks and sophistication of cyber-attacks, Cryptography is one way to make sure that confidentiality, authentication, integrity, availability, and identification of data user can be maintained as well as security and privacy of data provided to the user. Symmetric key cryptography is a part of the cryptographic technique which ensures high security and confidentiality of data transmitted through the communication channel using a common key for both encryption and decryption. In this paper I have analyzed comparative encryption algorithms in performance, three most useful algorithms: Data Encryption Standard (DES), Triple DES (3DES) also known as Triple Data Encryption Algorithm (TDEA), and Advanced Encryption Standard (AES). They have been analyzed on their ability to secure data, time taken to encrypt data and throughput the algorithm requires. The performance of different algorithms differs according to the inputs.
文摘Many symmetric and asymmetric encryption algorithms have been developed in cloud computing to transmit data in a secure form.Cloud cryptography is a data encryption mechanism that consists of different steps and prevents the attacker from misusing the data.This paper has developed an efficient algorithm to protect the data from invaders and secure the data from misuse.If this algorithm is applied to the cloud network,the attacker will not be able to access the data.To encrypt the data,the values of the bytes have been obtained by converting the plain text to ASCII.A key has been generated using the Non-Deterministic Bit Generator(NRBG)mechanism,and the key is XNORed with plain text bits,and then Bit toggling has been implemented.After that,an efficient matrix cipher encryption algorithm has been developed,and this algorithm has been applied to this text.The capability of this algorithm is that with its help,a key has been obtained from the plain text,and only by using this key can the data be decrypted in the first steps.A plain text key will never be used for another plain text.The data has been secured by implementing different mechanisms in both stages,and after that,a ciphertext has been obtained.At the end of the article,the latest technique will be compared with different techniques.There will be a discussion on how the present technique is better than all the other techniques;then,the conclusion will be drawn based on comparative analysis.
文摘A novel broadcast encryption scheme for group communication scenarios in distributed networks is presented. In the scheme, anyone is allowed to encrypt a message and distribute it to a designated group. Each member in the designated group has the ability to independently decrypt a ciphertext. In contrast to traditional broadcast encryption, all the valid receivers in the proposed scheme compose the designated group. To take advantage of this property, a tab for the group is set and the matching private key for each member is generated. In addition, before decrypting a ciphertext, anyone in the scheme can verify the ciphertext, to ensure that the ciphertext is correct. This property is very important for large-scale group communication, as the gateway can filter incorrect ciphertext and alleviate the receiver's workload. Finally, a proof in the random oracle model is given, to show that the proposed scheme is secure against the adaptively chosen ciphertext attack.
基金This study was supported by the Institute for Information&Communications Technology Planning&Evaluation(IITP)grant funded by theKorean government(MSIT)(No.2019-0-01343,Training Key Talents in Industrial Convergence Security).
文摘The Internet of Things(IoT)has allowed for significant advancements in applications not only in the home,business,and environment,but also in factory automation.Industrial Internet of Things(IIoT)brings all of the benefits of the IoT to industrial contexts,allowing for a wide range of applications ranging from remote sensing and actuation to decentralization and autonomy.The expansion of the IoT has been set by serious security threats and obstacles,and one of the most pressing security concerns is the secure exchange of IoT data and fine-grained access control.A privacypreserving multi-dimensional secure query technique for fog-enhanced IIoT was proposed in light of the fact that most existing range query schemes for fog-enhanced IoT cannot provide both multi-dimensional query and privacy protection.The query matrix was then decomposed using auxiliary vectors,and the auxiliary vectorwas then processed usingBGNhomomorphic encryption to create a query trapdoor.Finally,the query trapdoor may be matched to its sensor data using the homomorphic computation used by an IoT device terminal.With the application of particular auxiliary vectors,the spatial complexity might be efficiently decreased.The homomorphic encryption property might ensure the security of sensor data and safeguard the privacy of the user’s inquiry mode.The results of the experiments reveal that the computing and communication expenses are modest.
文摘The cloud allows clients to store and share data.Depending on the user’s needs,it is imperative to design an effective access control plan to share the information only with approved users.The user loses control of their data when the data is outsourced to the cloud.Therefore,access control mechanisms will become a significant challenging problem.The Ciphertext-Policy Attribute-Based Encryption(CP-ABE)is an essential solution in which the user can control data access.CP-ABE encrypts the data under a limited access policy after the user sets some access policies.The user can decrypt the data if they satisfy the limited access policy.Although CP-ABE is an effective access control program,the privacy of the policy might be compromised by the attackers.Namely,the attackers can gather important information from plain text policy.To address this issue,the SHA-512 algorithm is presented to create a hash code for the user’s attributes in this paper.Depending on the created hash codes,an access policy will be formed.It leads to protecting the access policy against attacks.The effectiveness of the proposed scheme is assessed based on decryption time,private key generation time,ciphertext generation time,and data verification time.
基金Supported by the National Natural Science Foun-dation of China (60403027)
文摘Strong security in public key cryptography is not enongh; the encryption has to be achieved in an efficient way. OAEP or SAEP is only suitable for special applications (e. g. key transport), and securely transporting message of any length is a challenge. Motivated by the hybrid encryption, we present a practical approach to achieve the (adaptively) chosen eiphertext security. The time cost of encryption/decryption of proposed scheme is similar to OAEP and the bandwidth of message recovery is 92% for standard security parameter, while RSA-OAEP is 84%. The scheme is also provably secure against adaptively chosen ciphertext attacks in the random oracle model. We conclude that the approach is practical in more extensive application.
基金supported in part by Ministry of Science and Technology(MOST),Taiwan under the Grant MOST 109-2221-E-029-017-MY2.
文摘Currently,data security mainly relies on password(PW)or system channel key(SKCH)to encrypt data before they are sent,no matter whether in broadband networks,the 5th generation(5G)mobile communications,satellite communications,and so on.In these environments,a fixed password or channel key(e.g.,PW/SKCH)is often adopted to encrypt different data,resulting in security risks since thisPW/SKCH may be solved after hackers collect a huge amount of encrypted data.Actually,the most popularly used security mechanism Advanced Encryption Standard(AES)has its own problems,e.g.,several rounds have been solved.On the other hand,if data protected by the same PW/SKCH at different time points can derive different data encryption parameters,the system’s security level will be then greatly enhanced.Therefore,in this study,a security scheme,named Wrapping Encryption Based on Double Randomness Mechanism(WEBDR),is proposed by integrating a password key(or a system channel key)and an Initialization Vector(IV)to generate an Initial Encryption Key(IEK).Also,an Accumulated Shifting Substitution(ASS)function and a three-dimensional encryption method are adopted to produce a set of keys.Two randomness encryption mechanisms are developed.The first generates system sub-keys and calculates the length of the first pseudo-random numbers by employing IEK for providing subsequent encryption/decryption.The second produces a random encryption key and a sequence of internal feedback codes and computes the length of the second pseudo-random numbers for encrypting delivered messages.A wrapped mechanism is further utilized to pack a ciphertext file so that a wrapped ciphertext file,rather than the ciphertext,will be produced and then transmitted to its destination.The findings are as follows.Our theoretic analyses and simulations demonstrate that the security of the WEBDR in cloud communication has achieved its practical security.Also,AES requires 176 times exclusive OR(XOR)operations for both encryption and decryption,while the WEBDR consumes only 3 operations.That is why the WEBDR is 6.7∼7.09 times faster than the AES,thus more suitable for replacing the AES to protect data transmitted between a cloud system and its users.
文摘As the use of cloud storage for various services increases,the amount of private personal information along with data stored in the cloud storage is also increasing.To remotely use the data stored on the cloud storage,the data to be stored needs to be encrypted for this reason.Since“searchable encryption”is enable to search on the encrypted data without any decryption,it is one of convenient solutions for secure data management.A public key encryption with keyword search(for short,PEKS)is one of searchable encryptions.Abdalla et al.firstly defined IND-CCA security for PEKS to enhance it’s security and proposed consistent IND-CCA secure PEKS based on the“robust”ANO-CCA secure identity-based encryption(IBE).In this paper,we propose two generic constructions of consistent IND-CCA secure PEKS combining(1)a hierarchical identity based encryption(for short,HIBE)and a signature scheme or(2)a HIBE,an encapsulation,and a message authentication code(for short,MAC)scheme.Our generic constructions identify that HIBE requires the security of a signature or a MAC as well as the weaker“ANO-CPA security(resp.,IND-CPA security)”of HIBE than“ANOCCA security(resp.,IND-CCA security)”of IBE required in for achieving IND-CCA secure(resp.,consistent)PEKS.Finally,we prove that our generic constructions satisfy IND-CCA security and consistency under the security models.
