The dissociation between data management and data ownership makes it difficult to protect data security and privacy in cloud storage systems.Traditional encryption technologies are not suitable for data protection in ...The dissociation between data management and data ownership makes it difficult to protect data security and privacy in cloud storage systems.Traditional encryption technologies are not suitable for data protection in cloud storage systems.A novel multi-authority proxy re-encryption mechanism based on ciphertext-policy attribute-based encryption(MPRE-CPABE) is proposed for cloud storage systems.MPRE-CPABE requires data owner to split each file into two blocks,one big block and one small block.The small block is used to encrypt the big one as the private key,and then the encrypted big block will be uploaded to the cloud storage system.Even if the uploaded big block of file is stolen,illegal users cannot get the complete information of the file easily.Ciphertext-policy attribute-based encryption(CPABE)is always criticized for its heavy overload and insecure issues when distributing keys or revoking user's access right.MPRE-CPABE applies CPABE to the multi-authority cloud storage system,and solves the above issues.The weighted access structure(WAS) is proposed to support a variety of fine-grained threshold access control policy in multi-authority environments,and reduce the computational cost of key distribution.Meanwhile,MPRE-CPABE uses proxy re-encryption to reduce the computational cost of access revocation.Experiments are implemented on platforms of Ubuntu and CloudSim.Experimental results show that MPRE-CPABE can greatly reduce the computational cost of the generation of key components and the revocation of user's access right.MPRE-CPABE is also proved secure under the security model of decisional bilinear Diffie-Hellman(DBDH).展开更多
Cloud storage and edge computing are utilized to address the storage and computational challenges arising from the exponential data growth in IoT.However,data privacy is potentially risky when data is outsourced to cl...Cloud storage and edge computing are utilized to address the storage and computational challenges arising from the exponential data growth in IoT.However,data privacy is potentially risky when data is outsourced to cloud servers or edge services.While data encryption ensures data confidentiality,it can impede data sharing and retrieval.Attribute-based searchable encryption(ABSE)is proposed as an effective technique for enhancing data security and privacy.Nevertheless,ABSE has its limitations,such as single attribute authorization failure,privacy leakage during the search process,and high decryption overhead.This paper presents a novel approach called the blockchain-assisted efficientmulti-authority attribute-based searchable encryption scheme(BEM-ABSE)for cloudedge collaboration scenarios to address these issues.BEM-ABSE leverages a consortium blockchain to replace the central authentication center for global public parameter management.It incorporates smart contracts to facilitate reliable and fair ciphertext keyword search and decryption result verification.To minimize the computing burden on resource-constrained devices,BEM-ABSE adopts an online/offline hybrid mechanism during the encryption process and a verifiable edge-assisted decryption mechanism.This ensures both low computation cost and reliable ciphertext.Security analysis conducted under the random oracle model demonstrates that BEM-ABSE is resistant to indistinguishable chosen keyword attacks(IND-CKA)and indistinguishable chosen plaintext attacks(INDCPA).Theoretical analysis and simulation results confirm that BEM-ABSE significantly improves computational efficiency compared to existing solutions.展开更多
Currently, there still lacks an efficient methodology to revoke user's ability to decrypt ciphertext in broadcast encryption with the uncertain number of ciphertext recipients. To solve this problem, here, we present...Currently, there still lacks an efficient methodology to revoke user's ability to decrypt ciphertext in broadcast encryption with the uncertain number of ciphertext recipients. To solve this problem, here, we present a dynamic broadcast encryption scheme with the following properties: First, the length of the ciphertext has a linear relationship with the number of revocable users, but it has no association with the total number of ciphertext recipients. Sec- ond, the scheme also works when users dynamically join. Espe- cially, compared with methods published up to date, our scheme is more efficient with a large number of ciphertext recipients. Third, the broadcaster can revoke user's ability to decrypt ciphertext if necessary. Fourth, the private key of users is composed of three elements in Elliptic curve group of prime order. Last, if q-Deci- sional Multi-Exponent Bilinear Diffie-Hellman assumption holds, our scheme is secure in the standard model when a polynomial time adversary selectively attacks it.展开更多
Internet of Medical Things(IoMT)enabled e-healthcare has the potential to greately improve conventional healthcare services significantly.However,security and privacy become major issues of IoMT because of the restric...Internet of Medical Things(IoMT)enabled e-healthcare has the potential to greately improve conventional healthcare services significantly.However,security and privacy become major issues of IoMT because of the restricted processing abilities,storage,and energy constraints of the sensors.Therefore,it leads to infeasibility of developing traditional cryptographic solutions to the IoMT sensors.In order to ensure security on sensitive medical data,effective encryption and authentication techniques need to be designed to assure security of the patients and healthcare service providers.In this view,this study designs an effective metaheuristic optimization based encryption with user authentication(EMOE-UA)technique for IoMT environment.This work proposes an EMOE-UA technique aims to accomplish mutual authentication for addressing the security issues and reducing the computational complexity.Moreover,the EMOE-UA technique employs optimal multikey homomorphic encryption(OMKHE)technique to encrypt the IoMT data.Furthermore,the improved social spider optimization algorithm(ISSOA)was employed for the optimal multikey generation of the MKHE technique.The experimental result analysis of the EMOE-UA technique takes place using benchmark data and the results are examined under various aspects.The simulation results reported the considerably better performance of the EMOE-UA technique over the existing techniques.展开更多
An optical encryption scheme based on a ghost imaging system with disordered speckles is proposed to obtain a higher security with a small key. In the scheme, Alice produces the random speckle patterns and obtains the...An optical encryption scheme based on a ghost imaging system with disordered speckles is proposed to obtain a higher security with a small key. In the scheme, Alice produces the random speckle patterns and obtains the detection results with the help of a computational ghost imaging(CGI) system. Then Alice permutes the order of the random speckle patterns and shares the permutation sequence as a secure key to the authorized users. With the secure key, Bob could recover the object with the principle of the CGI system, whereas, the unauthorized users could not obtain any information of the object. The numerical simulations and experimental results show that the proposed scheme is feasible with a small key, simultaneously,it has a higher security. When the eavesdropping ratio(ER) is less than 40%, the eavesdropper cannot acquire any useful information. Meanwhile, the authorized users could recover completely with the secure key.展开更多
Searchable Encryption(SE)enables data owners to search remotely stored ciphertexts selectively.A practical model that is closest to real life should be able to handle search queries with multiple keywords and multiple...Searchable Encryption(SE)enables data owners to search remotely stored ciphertexts selectively.A practical model that is closest to real life should be able to handle search queries with multiple keywords and multiple data owners/users,and even return the top-k most relevant search results when requested.We refer to a model that satisfies all of the conditions a 3-multi ranked search model.However,SE schemes that have been proposed to date use fully trusted trapdoor generation centers,and several methods assume a secure connection between the data users and a trapdoor generation center.That is,they assume the trapdoor generation center is the only entity that can learn the information regarding queried keywords,but it will never attempt to use it in any other manner than that requested,which is impractical in real life.In this study,to enhance the security,we propose a new 3-multi ranked SE scheme that satisfies all conditions without these security assumptions.The proposed scheme uses randomized keywords to protect the interested keywords of users from both outside adversaries and the honest-but-curious trapdoor generation center,thereby preventing attackers from determining whether two different queries include the same keyword.Moreover,we develop a method for managing multiple encrypted keywords from every data owner,each encrypted with a different key.Our evaluation demonstrates that,despite the trade-off overhead that results from the weaker security assumption,the proposed scheme achieves reasonable performance compared to extant schemes,which implies that our scheme is practical and closest to real life.展开更多
Ciphertext-policy attribute-based encryption(CP-ABE) is widely employed for secure data sharing and access control. However, its dependence on a single authority introduces security and performance challenges. Despite...Ciphertext-policy attribute-based encryption(CP-ABE) is widely employed for secure data sharing and access control. However, its dependence on a single authority introduces security and performance challenges. Despite the existence of multi-authority CPABE approaches, persistent issues such as single points of failure and high computation cost on the user side remain. This study proposes a novel solution named blockchain-based and decentralized attribute-based encryption(BDAE) for data sharing. BDAE enhances traditional scheme by integrating blockchain and distributed key generation technology. The scheme employs an(n, t) threshold secret sharing algorithm, coupled with the Pedersen verifiable secret sharing method, for attribute key generation. This combination ensures key credibility,facilitates joint attribute management, and addresses single bottleneck and key verification issues. Integrated into a blockchain system, the scheme utilizes smart contracts for fine-grained access control and outsourced computing. Blockchain's decentralization and access logs make data sharing tamper-resistant and auditable. Moreover, simulation comparisons demonstrate that the scheme effectively reduces decryption overhead on the user side, meeting practical application requirements.展开更多
To share data securely with secure attribute revocation,anti-collusion,and dynamic user management in the 5G device-to-device(D2D)environment,a novel dynamic anti-collusion ciphertext policy attribute-based encryption...To share data securely with secure attribute revocation,anti-collusion,and dynamic user management in the 5G device-to-device(D2D)environment,a novel dynamic anti-collusion ciphertext policy attribute-based encryption(NDA-CP-ABE)scheme in the 5G D2D environment is proposed.On the basis of the ciphertext policy attribute-based encryption algorithm,fine-grained access control and secure attribute revocation are realized,and the confidentiality of data is guaranteed.A polynomial function is adopted in the ciphertext generation phase to realize dynamic user management.A random number is used to prevent a collusion attack among the legitimate user equipment(UE),revoked UE,and external network attackers.Finally,on the basis of the Diffie-Hellman problem,the NDA-CP-ABE scheme is formally proved,and the simulation performances are compared with those of similar schemes.The results show that data can be securely shared through a D2D channel with secure attribute revocation,anti-collusion,and dynamic user management.Moreover,compared with similar schemes,the NDA-CP-ABE scheme has higher efficiency in encryption,decryption,and storage.展开更多
Blockchain has been widely used in many fields because it can solve the problem of information asymmetry and enable users who do not trust each other to collaborate without the participation of third-party intermediar...Blockchain has been widely used in many fields because it can solve the problem of information asymmetry and enable users who do not trust each other to collaborate without the participation of third-party intermediaries.Existing blockchain access control schemes usually use attribute-based encryption,but most of them adopt traditional single-attribute authority for attribute authorization,which has the problem that the authority is overburdened and must be fully credible.This paper proposes a blockchain access control scheme based on multiauthority attribute-based encryption by improving the existing blockchain privacy protection method.Autonomous identity management is performed through the blockchain to complete the initialization of user identity and the issuance of attribute certificates.Attribute authorities are selected using the reputation proof consensusmechanism.The distributed key generation protocol is used to generate keys,and the linear secret sharing scheme is improved.The hierarchical relationship of the access structure is used to encrypt and access control the private data that need to be uploaded to the blockchain.According to the comparison with other blockchain access control schemes,the scheme proposed in this paper has been improved in terms of security and efficiency.展开更多
In the digital age, the global character of the Internet has significantly improved our daily lives by providing access to large amounts of knowledge and allowing for seamless connections. However, this enormously int...In the digital age, the global character of the Internet has significantly improved our daily lives by providing access to large amounts of knowledge and allowing for seamless connections. However, this enormously interconnected world is not without its risks. Malicious URLs are a powerful menace, masquerading as legitimate links while holding the intent to hack computer systems or steal sensitive personal information. As the sophistication and frequency of cyberattacks increase, identifying bad URLs has emerged as a critical aspect of cybersecurity. This study presents a new approach that enables the average end-user to check URL safety using Microsoft Excel. Using the powerful VirusTotal API for URL inspections, this study creates an Excel add-in that integrates Python and Excel to deliver a seamless, user-friendly interface. Furthermore, the study improves Excel’s capabilities by allowing users to encrypt and decrypt text communications directly in the spreadsheet. Users may easily encrypt their conversations by simply typing a key and the required text into predefined cells, enhancing their personal cybersecurity with a layer of cryptographic secrecy. This strategy democratizes access to advanced cybersecurity solutions, making attentive digital integrity a feature rather than a daunting burden.展开更多
格上属性基加密具有抗量子攻击的特性,并且将访问控制策略嵌入密文或者密钥,可实现属性的细粒度访问控制。但是由于属性基加密固有的弱点,相同属性的用户可能会泄露密钥。为避免密钥泄露,属性基加密方案需实现追踪并撤销特定用户解密权...格上属性基加密具有抗量子攻击的特性,并且将访问控制策略嵌入密文或者密钥,可实现属性的细粒度访问控制。但是由于属性基加密固有的弱点,相同属性的用户可能会泄露密钥。为避免密钥泄露,属性基加密方案需实现追踪并撤销特定用户解密权限的功能。然而,非法用户仍可能通过收集大量密文数据,试图恢复过去会话的密钥。为有效抵御这种攻击,方案必须实现前向安全。针对当前格密码领域的需求与挑战,提出基于判定性误差学习问题(Decisional Learning with Error,DLWE)可证明安全的格上具有多功能的属性基加密(Multi-functional Attribute based Encryption from Lattices)方案。使用完全二叉树追踪解密密钥中与用户相关的身份矩阵(即完全二叉树叶子节点的值),以便追踪恶意用户;引入用户撤销机制,允许属性权威在不重新为用户生成密钥的情况下,及时且有效地撤销用户的权限;采用标签穿刺的方法,确保即使当前密钥泄漏,过去密文仍然保持安全,实现前向安全。此外,由于格上采样算法的不确定性,目前格上的属性基加密实验难以实现,因此通过理论分析验证所提方案的安全性和正确性。该方案不仅优化了空间存储效率,还弥补了格密码中属性基加密方案功能单一导致的不足。展开更多
基金supported by the National Natural Science Foundation of China(6120200461472192)+1 种基金the Special Fund for Fast Sharing of Science Paper in Net Era by CSTD(2013116)the Natural Science Fund of Higher Education of Jiangsu Province(14KJB520014)
文摘The dissociation between data management and data ownership makes it difficult to protect data security and privacy in cloud storage systems.Traditional encryption technologies are not suitable for data protection in cloud storage systems.A novel multi-authority proxy re-encryption mechanism based on ciphertext-policy attribute-based encryption(MPRE-CPABE) is proposed for cloud storage systems.MPRE-CPABE requires data owner to split each file into two blocks,one big block and one small block.The small block is used to encrypt the big one as the private key,and then the encrypted big block will be uploaded to the cloud storage system.Even if the uploaded big block of file is stolen,illegal users cannot get the complete information of the file easily.Ciphertext-policy attribute-based encryption(CPABE)is always criticized for its heavy overload and insecure issues when distributing keys or revoking user's access right.MPRE-CPABE applies CPABE to the multi-authority cloud storage system,and solves the above issues.The weighted access structure(WAS) is proposed to support a variety of fine-grained threshold access control policy in multi-authority environments,and reduce the computational cost of key distribution.Meanwhile,MPRE-CPABE uses proxy re-encryption to reduce the computational cost of access revocation.Experiments are implemented on platforms of Ubuntu and CloudSim.Experimental results show that MPRE-CPABE can greatly reduce the computational cost of the generation of key components and the revocation of user's access right.MPRE-CPABE is also proved secure under the security model of decisional bilinear Diffie-Hellman(DBDH).
基金supported by the National Natural Science Foundation of China(Nos.62162018,61972412)the Natural Science Foundation of Guangxi(No.2019GXNSFGA245004)+1 种基金the Guilin Science and Technology Project(20210226-1)the Innovation Project of Guangxi Graduate Education(No.YCSW2022296).
文摘Cloud storage and edge computing are utilized to address the storage and computational challenges arising from the exponential data growth in IoT.However,data privacy is potentially risky when data is outsourced to cloud servers or edge services.While data encryption ensures data confidentiality,it can impede data sharing and retrieval.Attribute-based searchable encryption(ABSE)is proposed as an effective technique for enhancing data security and privacy.Nevertheless,ABSE has its limitations,such as single attribute authorization failure,privacy leakage during the search process,and high decryption overhead.This paper presents a novel approach called the blockchain-assisted efficientmulti-authority attribute-based searchable encryption scheme(BEM-ABSE)for cloudedge collaboration scenarios to address these issues.BEM-ABSE leverages a consortium blockchain to replace the central authentication center for global public parameter management.It incorporates smart contracts to facilitate reliable and fair ciphertext keyword search and decryption result verification.To minimize the computing burden on resource-constrained devices,BEM-ABSE adopts an online/offline hybrid mechanism during the encryption process and a verifiable edge-assisted decryption mechanism.This ensures both low computation cost and reliable ciphertext.Security analysis conducted under the random oracle model demonstrates that BEM-ABSE is resistant to indistinguishable chosen keyword attacks(IND-CKA)and indistinguishable chosen plaintext attacks(INDCPA).Theoretical analysis and simulation results confirm that BEM-ABSE significantly improves computational efficiency compared to existing solutions.
基金Supported by the National Natural Science Foundation of China(6090317560703048)+1 种基金the Natural Science Foundation of Hubei Province(2009CBD3072008CDB352)
文摘Currently, there still lacks an efficient methodology to revoke user's ability to decrypt ciphertext in broadcast encryption with the uncertain number of ciphertext recipients. To solve this problem, here, we present a dynamic broadcast encryption scheme with the following properties: First, the length of the ciphertext has a linear relationship with the number of revocable users, but it has no association with the total number of ciphertext recipients. Sec- ond, the scheme also works when users dynamically join. Espe- cially, compared with methods published up to date, our scheme is more efficient with a large number of ciphertext recipients. Third, the broadcaster can revoke user's ability to decrypt ciphertext if necessary. Fourth, the private key of users is composed of three elements in Elliptic curve group of prime order. Last, if q-Deci- sional Multi-Exponent Bilinear Diffie-Hellman assumption holds, our scheme is secure in the standard model when a polynomial time adversary selectively attacks it.
基金funded by Dirección General de Investigaciones of Universidad Santiago de Cali under call No.01-2021.
文摘Internet of Medical Things(IoMT)enabled e-healthcare has the potential to greately improve conventional healthcare services significantly.However,security and privacy become major issues of IoMT because of the restricted processing abilities,storage,and energy constraints of the sensors.Therefore,it leads to infeasibility of developing traditional cryptographic solutions to the IoMT sensors.In order to ensure security on sensitive medical data,effective encryption and authentication techniques need to be designed to assure security of the patients and healthcare service providers.In this view,this study designs an effective metaheuristic optimization based encryption with user authentication(EMOE-UA)technique for IoMT environment.This work proposes an EMOE-UA technique aims to accomplish mutual authentication for addressing the security issues and reducing the computational complexity.Moreover,the EMOE-UA technique employs optimal multikey homomorphic encryption(OMKHE)technique to encrypt the IoMT data.Furthermore,the improved social spider optimization algorithm(ISSOA)was employed for the optimal multikey generation of the MKHE technique.The experimental result analysis of the EMOE-UA technique takes place using benchmark data and the results are examined under various aspects.The simulation results reported the considerably better performance of the EMOE-UA technique over the existing techniques.
基金Project supported by the National Natural Science Foundation of China(Grant Nos.61475075 and 61271238)the Open Research Fund of Key Lab of Broadband Wireless Communication and Sensor Network Technology,Ministry of Education,China(Grant No.NYKL2015011)
文摘An optical encryption scheme based on a ghost imaging system with disordered speckles is proposed to obtain a higher security with a small key. In the scheme, Alice produces the random speckle patterns and obtains the detection results with the help of a computational ghost imaging(CGI) system. Then Alice permutes the order of the random speckle patterns and shares the permutation sequence as a secure key to the authorized users. With the secure key, Bob could recover the object with the principle of the CGI system, whereas, the unauthorized users could not obtain any information of the object. The numerical simulations and experimental results show that the proposed scheme is feasible with a small key, simultaneously,it has a higher security. When the eavesdropping ratio(ER) is less than 40%, the eavesdropper cannot acquire any useful information. Meanwhile, the authorized users could recover completely with the secure key.
基金supported by the MSIT(Ministry of Science,ICT),Korea,under the High-Potential Individuals Global Training Program)(2021-0-01547-001)supervised by the IITP(Institute for Information&Communications Technology Planning&Evaluation)the National Research Foundation of Korea(NRF)grant funded by the Ministry of Science and ICT(NRF-2022R1A2C2007255).
文摘Searchable Encryption(SE)enables data owners to search remotely stored ciphertexts selectively.A practical model that is closest to real life should be able to handle search queries with multiple keywords and multiple data owners/users,and even return the top-k most relevant search results when requested.We refer to a model that satisfies all of the conditions a 3-multi ranked search model.However,SE schemes that have been proposed to date use fully trusted trapdoor generation centers,and several methods assume a secure connection between the data users and a trapdoor generation center.That is,they assume the trapdoor generation center is the only entity that can learn the information regarding queried keywords,but it will never attempt to use it in any other manner than that requested,which is impractical in real life.In this study,to enhance the security,we propose a new 3-multi ranked SE scheme that satisfies all conditions without these security assumptions.The proposed scheme uses randomized keywords to protect the interested keywords of users from both outside adversaries and the honest-but-curious trapdoor generation center,thereby preventing attackers from determining whether two different queries include the same keyword.Moreover,we develop a method for managing multiple encrypted keywords from every data owner,each encrypted with a different key.Our evaluation demonstrates that,despite the trade-off overhead that results from the weaker security assumption,the proposed scheme achieves reasonable performance compared to extant schemes,which implies that our scheme is practical and closest to real life.
文摘Ciphertext-policy attribute-based encryption(CP-ABE) is widely employed for secure data sharing and access control. However, its dependence on a single authority introduces security and performance challenges. Despite the existence of multi-authority CPABE approaches, persistent issues such as single points of failure and high computation cost on the user side remain. This study proposes a novel solution named blockchain-based and decentralized attribute-based encryption(BDAE) for data sharing. BDAE enhances traditional scheme by integrating blockchain and distributed key generation technology. The scheme employs an(n, t) threshold secret sharing algorithm, coupled with the Pedersen verifiable secret sharing method, for attribute key generation. This combination ensures key credibility,facilitates joint attribute management, and addresses single bottleneck and key verification issues. Integrated into a blockchain system, the scheme utilizes smart contracts for fine-grained access control and outsourced computing. Blockchain's decentralization and access logs make data sharing tamper-resistant and auditable. Moreover, simulation comparisons demonstrate that the scheme effectively reduces decryption overhead on the user side, meeting practical application requirements.
基金The National Natural Science Foundation of China(No.61372103)the Natural Science Foundation of Jiangsu Province(No.SBK2020020282)+1 种基金the Program of Key Laboratory of Information Network Security of the Ministry of Public Security(No.C19607)the Program of Key Laboratory of Computer Network Technology of Jiangsu Province.
文摘To share data securely with secure attribute revocation,anti-collusion,and dynamic user management in the 5G device-to-device(D2D)environment,a novel dynamic anti-collusion ciphertext policy attribute-based encryption(NDA-CP-ABE)scheme in the 5G D2D environment is proposed.On the basis of the ciphertext policy attribute-based encryption algorithm,fine-grained access control and secure attribute revocation are realized,and the confidentiality of data is guaranteed.A polynomial function is adopted in the ciphertext generation phase to realize dynamic user management.A random number is used to prevent a collusion attack among the legitimate user equipment(UE),revoked UE,and external network attackers.Finally,on the basis of the Diffie-Hellman problem,the NDA-CP-ABE scheme is formally proved,and the simulation performances are compared with those of similar schemes.The results show that data can be securely shared through a D2D channel with secure attribute revocation,anti-collusion,and dynamic user management.Moreover,compared with similar schemes,the NDA-CP-ABE scheme has higher efficiency in encryption,decryption,and storage.
基金supported by the Emerging Interdisciplinary Project of CUFE,the National Natural Science Foundation of China (No.61906220)Ministry of Education of Humanities and Social Science project (No.19YJCZH178).
文摘Blockchain has been widely used in many fields because it can solve the problem of information asymmetry and enable users who do not trust each other to collaborate without the participation of third-party intermediaries.Existing blockchain access control schemes usually use attribute-based encryption,but most of them adopt traditional single-attribute authority for attribute authorization,which has the problem that the authority is overburdened and must be fully credible.This paper proposes a blockchain access control scheme based on multiauthority attribute-based encryption by improving the existing blockchain privacy protection method.Autonomous identity management is performed through the blockchain to complete the initialization of user identity and the issuance of attribute certificates.Attribute authorities are selected using the reputation proof consensusmechanism.The distributed key generation protocol is used to generate keys,and the linear secret sharing scheme is improved.The hierarchical relationship of the access structure is used to encrypt and access control the private data that need to be uploaded to the blockchain.According to the comparison with other blockchain access control schemes,the scheme proposed in this paper has been improved in terms of security and efficiency.
文摘In the digital age, the global character of the Internet has significantly improved our daily lives by providing access to large amounts of knowledge and allowing for seamless connections. However, this enormously interconnected world is not without its risks. Malicious URLs are a powerful menace, masquerading as legitimate links while holding the intent to hack computer systems or steal sensitive personal information. As the sophistication and frequency of cyberattacks increase, identifying bad URLs has emerged as a critical aspect of cybersecurity. This study presents a new approach that enables the average end-user to check URL safety using Microsoft Excel. Using the powerful VirusTotal API for URL inspections, this study creates an Excel add-in that integrates Python and Excel to deliver a seamless, user-friendly interface. Furthermore, the study improves Excel’s capabilities by allowing users to encrypt and decrypt text communications directly in the spreadsheet. Users may easily encrypt their conversations by simply typing a key and the required text into predefined cells, enhancing their personal cybersecurity with a layer of cryptographic secrecy. This strategy democratizes access to advanced cybersecurity solutions, making attentive digital integrity a feature rather than a daunting burden.
文摘格上属性基加密具有抗量子攻击的特性,并且将访问控制策略嵌入密文或者密钥,可实现属性的细粒度访问控制。但是由于属性基加密固有的弱点,相同属性的用户可能会泄露密钥。为避免密钥泄露,属性基加密方案需实现追踪并撤销特定用户解密权限的功能。然而,非法用户仍可能通过收集大量密文数据,试图恢复过去会话的密钥。为有效抵御这种攻击,方案必须实现前向安全。针对当前格密码领域的需求与挑战,提出基于判定性误差学习问题(Decisional Learning with Error,DLWE)可证明安全的格上具有多功能的属性基加密(Multi-functional Attribute based Encryption from Lattices)方案。使用完全二叉树追踪解密密钥中与用户相关的身份矩阵(即完全二叉树叶子节点的值),以便追踪恶意用户;引入用户撤销机制,允许属性权威在不重新为用户生成密钥的情况下,及时且有效地撤销用户的权限;采用标签穿刺的方法,确保即使当前密钥泄漏,过去密文仍然保持安全,实现前向安全。此外,由于格上采样算法的不确定性,目前格上的属性基加密实验难以实现,因此通过理论分析验证所提方案的安全性和正确性。该方案不仅优化了空间存储效率,还弥补了格密码中属性基加密方案功能单一导致的不足。
