Strong security in public key cryptography is not enongh; the encryption has to be achieved in an efficient way. OAEP or SAEP is only suitable for special applications (e. g. key transport), and securely transportin...Strong security in public key cryptography is not enongh; the encryption has to be achieved in an efficient way. OAEP or SAEP is only suitable for special applications (e. g. key transport), and securely transporting message of any length is a challenge. Motivated by the hybrid encryption, we present a practical approach to achieve the (adaptively) chosen eiphertext security. The time cost of encryption/decryption of proposed scheme is similar to OAEP and the bandwidth of message recovery is 92% for standard security parameter, while RSA-OAEP is 84%. The scheme is also provably secure against adaptively chosen ciphertext attacks in the random oracle model. We conclude that the approach is practical in more extensive application.展开更多
To describe the design approaches of IND-CCA2 (adaptive chosen ciphertext attack) secure public key encryption schemes systematically, the gaps between different kinds of intractable problems and IND-CCA2 security a...To describe the design approaches of IND-CCA2 (adaptive chosen ciphertext attack) secure public key encryption schemes systematically, the gaps between different kinds of intractable problems and IND-CCA2 security are studied. This paper points out that the construction of IND-CCA2 secure schemes is essentially to bridge these gaps. These gaps are categorized, analyzed and measured. Finally the methods to bridge these gaps are described. This explains the existing design approaches and gives an intuition about the difficulty of designing IND-CCA2 secure public key encryption schemes based on different types of assumptions.展开更多
To give concurrent consideration both the efficiency and the security(intensity of intractable problem) in the standard model,a chosen ciphertext secure identity-based broadcast encryption is proposed.Against the chos...To give concurrent consideration both the efficiency and the security(intensity of intractable problem) in the standard model,a chosen ciphertext secure identity-based broadcast encryption is proposed.Against the chosen ciphertext security model,by using identity(ID) sequence and adding additional information in ciphertext,the self-adaptive chosen identity security(the full security) and the chosen ciphertext security are gained simultaneously.The reduction of scheme's security is the decisional bilinear Diffie-Hellman(BDH) intractable assumption,and the proof of security shows that the proposed scheme is indistinguishable against adaptive chosen ciphertext attacks in the standard model under the decisional BDH intractable assumption.So the security level is improved,and it is suitable for higher security environment.展开更多
Searchable Encryption(SE)enables data owners to search remotely stored ciphertexts selectively.A practical model that is closest to real life should be able to handle search queries with multiple keywords and multiple...Searchable Encryption(SE)enables data owners to search remotely stored ciphertexts selectively.A practical model that is closest to real life should be able to handle search queries with multiple keywords and multiple data owners/users,and even return the top-k most relevant search results when requested.We refer to a model that satisfies all of the conditions a 3-multi ranked search model.However,SE schemes that have been proposed to date use fully trusted trapdoor generation centers,and several methods assume a secure connection between the data users and a trapdoor generation center.That is,they assume the trapdoor generation center is the only entity that can learn the information regarding queried keywords,but it will never attempt to use it in any other manner than that requested,which is impractical in real life.In this study,to enhance the security,we propose a new 3-multi ranked SE scheme that satisfies all conditions without these security assumptions.The proposed scheme uses randomized keywords to protect the interested keywords of users from both outside adversaries and the honest-but-curious trapdoor generation center,thereby preventing attackers from determining whether two different queries include the same keyword.Moreover,we develop a method for managing multiple encrypted keywords from every data owner,each encrypted with a different key.Our evaluation demonstrates that,despite the trade-off overhead that results from the weaker security assumption,the proposed scheme achieves reasonable performance compared to extant schemes,which implies that our scheme is practical and closest to real life.展开更多
The Internet of Things(IoT)has allowed for significant advancements in applications not only in the home,business,and environment,but also in factory automation.Industrial Internet of Things(IIoT)brings all of the ben...The Internet of Things(IoT)has allowed for significant advancements in applications not only in the home,business,and environment,but also in factory automation.Industrial Internet of Things(IIoT)brings all of the benefits of the IoT to industrial contexts,allowing for a wide range of applications ranging from remote sensing and actuation to decentralization and autonomy.The expansion of the IoT has been set by serious security threats and obstacles,and one of the most pressing security concerns is the secure exchange of IoT data and fine-grained access control.A privacypreserving multi-dimensional secure query technique for fog-enhanced IIoT was proposed in light of the fact that most existing range query schemes for fog-enhanced IoT cannot provide both multi-dimensional query and privacy protection.The query matrix was then decomposed using auxiliary vectors,and the auxiliary vectorwas then processed usingBGNhomomorphic encryption to create a query trapdoor.Finally,the query trapdoor may be matched to its sensor data using the homomorphic computation used by an IoT device terminal.With the application of particular auxiliary vectors,the spatial complexity might be efficiently decreased.The homomorphic encryption property might ensure the security of sensor data and safeguard the privacy of the user’s inquiry mode.The results of the experiments reveal that the computing and communication expenses are modest.展开更多
As the use of cloud storage for various services increases,the amount of private personal information along with data stored in the cloud storage is also increasing.To remotely use the data stored on the cloud storage...As the use of cloud storage for various services increases,the amount of private personal information along with data stored in the cloud storage is also increasing.To remotely use the data stored on the cloud storage,the data to be stored needs to be encrypted for this reason.Since“searchable encryption”is enable to search on the encrypted data without any decryption,it is one of convenient solutions for secure data management.A public key encryption with keyword search(for short,PEKS)is one of searchable encryptions.Abdalla et al.firstly defined IND-CCA security for PEKS to enhance it’s security and proposed consistent IND-CCA secure PEKS based on the“robust”ANO-CCA secure identity-based encryption(IBE).In this paper,we propose two generic constructions of consistent IND-CCA secure PEKS combining(1)a hierarchical identity based encryption(for short,HIBE)and a signature scheme or(2)a HIBE,an encapsulation,and a message authentication code(for short,MAC)scheme.Our generic constructions identify that HIBE requires the security of a signature or a MAC as well as the weaker“ANO-CPA security(resp.,IND-CPA security)”of HIBE than“ANOCCA security(resp.,IND-CCA security)”of IBE required in for achieving IND-CCA secure(resp.,consistent)PEKS.Finally,we prove that our generic constructions satisfy IND-CCA security and consistency under the security models.展开更多
In our today’s life, it is obvious that cloud computing is one of the new and most important innovations in the field of information technology which constitutes the ground for speeding up the development in great si...In our today’s life, it is obvious that cloud computing is one of the new and most important innovations in the field of information technology which constitutes the ground for speeding up the development in great size storage of data as well as the processing and distribution of data on the largest scale. In other words, the most important interests of any data owner nowadays are related to all of the security as well as the privacy of data, especially in the case of outsourcing private data on a cloud server publicly which has not been one of the well-trusted and reliable domains. With the aim of avoiding any leakage or disclosure of information, we will encrypt any information important or confidential prior to being uploaded to the server and this may lead to an obstacle which encounters any attempt to support any efficient keyword query to be and ranked with matching results on such encrypted data. Recent researches conducted in this area have focused on a single keyword query with no proper ranking scheme in hand. In this paper, we will propose a new model called Secure Model for Preserving Privacy Over Encrypted Cloud Computing (SPEC) to improve the performance of cloud computing and to safeguard privacy of data in comparison to the results of previous researches in regard to accuracy, privacy, security, key generation, storage capacity as well as trapdoor, index generation, index encryption, index update, and finally files retrieval depending on access frequency.展开更多
In this paper, we present the first ciphertext-policy attribute-based encryption (CP-ABE) scheme for polynomial-size general circuits based on bilinear maps which is more suitable for practical use and more efficien...In this paper, we present the first ciphertext-policy attribute-based encryption (CP-ABE) scheme for polynomial-size general circuits based on bilinear maps which is more suitable for practical use and more efficient than multilinear maps. Our scheme uses a top-down secret sharing and FANOUT gate to resist the "backtracking attack" which is the main barrier expending access tree to general circuit. In the standard model, selective security of our scheme is proved. Comparing with current scheme for general circuits from bilinear maps, our work is more efficient.展开更多
The rapid development of personal health records(PHR)systems enables an individual to collect,create,store and share his PHR to authorized entities.Health care systems within the smart city environment require a patie...The rapid development of personal health records(PHR)systems enables an individual to collect,create,store and share his PHR to authorized entities.Health care systems within the smart city environment require a patient to share his PRH data with a multitude of institutions’repositories located in the cloud.The cloud computing paradigm cannot meet such a massive transformative healthcare systems due to drawbacks including network latency,scalability and bandwidth.Fog computing relieves the load of conventional cloud computing by availing intermediate fog nodes between the end users and the remote servers.Assuming a massive demand of PHR data within a ubiquitous smart city,we propose a secure and fog assisted framework for PHR systems to address security,access control and privacy concerns.Built under a fog-based architecture,the proposed framework makes use of efficient key exchange protocol coupled with ciphertext attribute based encryption(CP-ABE)to guarantee confidentiality and fine-grained access control within the system respectively.We also make use of digital signature combined with CP-ABE to ensure the system authentication and users privacy.We provide the analysis of the proposed framework in terms of security and performance.展开更多
针对未知安全协议的格式解析方法是当前信息安全技术中亟待解决的关键问题.现有基于网络报文流量信息的方法仅考虑报文载荷中的明文信息,不适用于包含大量密文信息的安全协议.针对该问题,提出一种新的面向未知安全协议的格式解析方法(se...针对未知安全协议的格式解析方法是当前信息安全技术中亟待解决的关键问题.现有基于网络报文流量信息的方法仅考虑报文载荷中的明文信息,不适用于包含大量密文信息的安全协议.针对该问题,提出一种新的面向未知安全协议的格式解析方法(security protocols format parsing approach,SPFPA).SPFPA首次利用序列模式挖掘方法层次化、序列化提取协议的关键词序列特征,为明文信息格式解析提供一种新的解决思路,并在此基础上给出查找协议密文长度域的启发式规则,进而利用密文数据的随机性特征确定密文域.实验结果表明,该方法在不借助任何主机运行特征的基础上,仅依靠网络报文数据即能够有效解析未知安全协议的不变域、可变域、密文长度域及相应的密文域,并具有较高的准确率.展开更多
基金Supported by the National Natural Science Foun-dation of China (60403027)
文摘Strong security in public key cryptography is not enongh; the encryption has to be achieved in an efficient way. OAEP or SAEP is only suitable for special applications (e. g. key transport), and securely transporting message of any length is a challenge. Motivated by the hybrid encryption, we present a practical approach to achieve the (adaptively) chosen eiphertext security. The time cost of encryption/decryption of proposed scheme is similar to OAEP and the bandwidth of message recovery is 92% for standard security parameter, while RSA-OAEP is 84%. The scheme is also provably secure against adaptively chosen ciphertext attacks in the random oracle model. We conclude that the approach is practical in more extensive application.
基金the National Natural Science Foundation of China(Nos.60573032,60773092,90604036)
文摘To describe the design approaches of IND-CCA2 (adaptive chosen ciphertext attack) secure public key encryption schemes systematically, the gaps between different kinds of intractable problems and IND-CCA2 security are studied. This paper points out that the construction of IND-CCA2 secure schemes is essentially to bridge these gaps. These gaps are categorized, analyzed and measured. Finally the methods to bridge these gaps are described. This explains the existing design approaches and gives an intuition about the difficulty of designing IND-CCA2 secure public key encryption schemes based on different types of assumptions.
基金the National Natural Science Foundation of China (No.60970119)the National Basic Research Program (973) of China (No.2007CB311201)
文摘To give concurrent consideration both the efficiency and the security(intensity of intractable problem) in the standard model,a chosen ciphertext secure identity-based broadcast encryption is proposed.Against the chosen ciphertext security model,by using identity(ID) sequence and adding additional information in ciphertext,the self-adaptive chosen identity security(the full security) and the chosen ciphertext security are gained simultaneously.The reduction of scheme's security is the decisional bilinear Diffie-Hellman(BDH) intractable assumption,and the proof of security shows that the proposed scheme is indistinguishable against adaptive chosen ciphertext attacks in the standard model under the decisional BDH intractable assumption.So the security level is improved,and it is suitable for higher security environment.
基金supported by the MSIT(Ministry of Science,ICT),Korea,under the High-Potential Individuals Global Training Program)(2021-0-01547-001)supervised by the IITP(Institute for Information&Communications Technology Planning&Evaluation)the National Research Foundation of Korea(NRF)grant funded by the Ministry of Science and ICT(NRF-2022R1A2C2007255).
文摘Searchable Encryption(SE)enables data owners to search remotely stored ciphertexts selectively.A practical model that is closest to real life should be able to handle search queries with multiple keywords and multiple data owners/users,and even return the top-k most relevant search results when requested.We refer to a model that satisfies all of the conditions a 3-multi ranked search model.However,SE schemes that have been proposed to date use fully trusted trapdoor generation centers,and several methods assume a secure connection between the data users and a trapdoor generation center.That is,they assume the trapdoor generation center is the only entity that can learn the information regarding queried keywords,but it will never attempt to use it in any other manner than that requested,which is impractical in real life.In this study,to enhance the security,we propose a new 3-multi ranked SE scheme that satisfies all conditions without these security assumptions.The proposed scheme uses randomized keywords to protect the interested keywords of users from both outside adversaries and the honest-but-curious trapdoor generation center,thereby preventing attackers from determining whether two different queries include the same keyword.Moreover,we develop a method for managing multiple encrypted keywords from every data owner,each encrypted with a different key.Our evaluation demonstrates that,despite the trade-off overhead that results from the weaker security assumption,the proposed scheme achieves reasonable performance compared to extant schemes,which implies that our scheme is practical and closest to real life.
基金This study was supported by the Institute for Information&Communications Technology Planning&Evaluation(IITP)grant funded by theKorean government(MSIT)(No.2019-0-01343,Training Key Talents in Industrial Convergence Security).
文摘The Internet of Things(IoT)has allowed for significant advancements in applications not only in the home,business,and environment,but also in factory automation.Industrial Internet of Things(IIoT)brings all of the benefits of the IoT to industrial contexts,allowing for a wide range of applications ranging from remote sensing and actuation to decentralization and autonomy.The expansion of the IoT has been set by serious security threats and obstacles,and one of the most pressing security concerns is the secure exchange of IoT data and fine-grained access control.A privacypreserving multi-dimensional secure query technique for fog-enhanced IIoT was proposed in light of the fact that most existing range query schemes for fog-enhanced IoT cannot provide both multi-dimensional query and privacy protection.The query matrix was then decomposed using auxiliary vectors,and the auxiliary vectorwas then processed usingBGNhomomorphic encryption to create a query trapdoor.Finally,the query trapdoor may be matched to its sensor data using the homomorphic computation used by an IoT device terminal.With the application of particular auxiliary vectors,the spatial complexity might be efficiently decreased.The homomorphic encryption property might ensure the security of sensor data and safeguard the privacy of the user’s inquiry mode.The results of the experiments reveal that the computing and communication expenses are modest.
文摘As the use of cloud storage for various services increases,the amount of private personal information along with data stored in the cloud storage is also increasing.To remotely use the data stored on the cloud storage,the data to be stored needs to be encrypted for this reason.Since“searchable encryption”is enable to search on the encrypted data without any decryption,it is one of convenient solutions for secure data management.A public key encryption with keyword search(for short,PEKS)is one of searchable encryptions.Abdalla et al.firstly defined IND-CCA security for PEKS to enhance it’s security and proposed consistent IND-CCA secure PEKS based on the“robust”ANO-CCA secure identity-based encryption(IBE).In this paper,we propose two generic constructions of consistent IND-CCA secure PEKS combining(1)a hierarchical identity based encryption(for short,HIBE)and a signature scheme or(2)a HIBE,an encapsulation,and a message authentication code(for short,MAC)scheme.Our generic constructions identify that HIBE requires the security of a signature or a MAC as well as the weaker“ANO-CPA security(resp.,IND-CPA security)”of HIBE than“ANOCCA security(resp.,IND-CCA security)”of IBE required in for achieving IND-CCA secure(resp.,consistent)PEKS.Finally,we prove that our generic constructions satisfy IND-CCA security and consistency under the security models.
文摘In our today’s life, it is obvious that cloud computing is one of the new and most important innovations in the field of information technology which constitutes the ground for speeding up the development in great size storage of data as well as the processing and distribution of data on the largest scale. In other words, the most important interests of any data owner nowadays are related to all of the security as well as the privacy of data, especially in the case of outsourcing private data on a cloud server publicly which has not been one of the well-trusted and reliable domains. With the aim of avoiding any leakage or disclosure of information, we will encrypt any information important or confidential prior to being uploaded to the server and this may lead to an obstacle which encounters any attempt to support any efficient keyword query to be and ranked with matching results on such encrypted data. Recent researches conducted in this area have focused on a single keyword query with no proper ranking scheme in hand. In this paper, we will propose a new model called Secure Model for Preserving Privacy Over Encrypted Cloud Computing (SPEC) to improve the performance of cloud computing and to safeguard privacy of data in comparison to the results of previous researches in regard to accuracy, privacy, security, key generation, storage capacity as well as trapdoor, index generation, index encryption, index update, and finally files retrieval depending on access frequency.
基金Supported by the National Natural Science Foundation of China(61272488)Science and Technology on Information Assurance Laboratory(KJ-15-006)Fundamental and Frontier Technology Research of Henan Province(162300410192)
文摘In this paper, we present the first ciphertext-policy attribute-based encryption (CP-ABE) scheme for polynomial-size general circuits based on bilinear maps which is more suitable for practical use and more efficient than multilinear maps. Our scheme uses a top-down secret sharing and FANOUT gate to resist the "backtracking attack" which is the main barrier expending access tree to general circuit. In the standard model, selective security of our scheme is proved. Comparing with current scheme for general circuits from bilinear maps, our work is more efficient.
基金the Deanship of Scientific Research at King Saud University for funding this work through Vice Deanship of Scientific Research Chairs:Chair of Pervasive and Mobile Computing.
文摘The rapid development of personal health records(PHR)systems enables an individual to collect,create,store and share his PHR to authorized entities.Health care systems within the smart city environment require a patient to share his PRH data with a multitude of institutions’repositories located in the cloud.The cloud computing paradigm cannot meet such a massive transformative healthcare systems due to drawbacks including network latency,scalability and bandwidth.Fog computing relieves the load of conventional cloud computing by availing intermediate fog nodes between the end users and the remote servers.Assuming a massive demand of PHR data within a ubiquitous smart city,we propose a secure and fog assisted framework for PHR systems to address security,access control and privacy concerns.Built under a fog-based architecture,the proposed framework makes use of efficient key exchange protocol coupled with ciphertext attribute based encryption(CP-ABE)to guarantee confidentiality and fine-grained access control within the system respectively.We also make use of digital signature combined with CP-ABE to ensure the system authentication and users privacy.We provide the analysis of the proposed framework in terms of security and performance.
文摘针对未知安全协议的格式解析方法是当前信息安全技术中亟待解决的关键问题.现有基于网络报文流量信息的方法仅考虑报文载荷中的明文信息,不适用于包含大量密文信息的安全协议.针对该问题,提出一种新的面向未知安全协议的格式解析方法(security protocols format parsing approach,SPFPA).SPFPA首次利用序列模式挖掘方法层次化、序列化提取协议的关键词序列特征,为明文信息格式解析提供一种新的解决思路,并在此基础上给出查找协议密文长度域的启发式规则,进而利用密文数据的随机性特征确定密文域.实验结果表明,该方法在不借助任何主机运行特征的基础上,仅依靠网络报文数据即能够有效解析未知安全协议的不变域、可变域、密文长度域及相应的密文域,并具有较高的准确率.
