Internet of Things(IoT)interconnects devices via network protocols to enable intelligent sensing and control.Resource-constrained IoT devices rely on cloud servers for data storage and processing.However,this cloudass...Internet of Things(IoT)interconnects devices via network protocols to enable intelligent sensing and control.Resource-constrained IoT devices rely on cloud servers for data storage and processing.However,this cloudassisted architecture faces two critical challenges:the untrusted cloud services and the separation of data ownership from control.Although Attribute-based Searchable Encryption(ABSE)provides fine-grained access control and keyword search over encrypted data,existing schemes lack of error tolerance in exact multi-keyword matching.In this paper,we proposed an attribute-based multi-keyword fuzzy searchable encryption with forward ciphertext search(FCS-ABMSE)scheme that avoids computationally expensive bilinear pairing operations on the IoT device side.The scheme supportsmulti-keyword fuzzy search without requiring explicit keyword fields,thereby significantly enhancing error tolerance in search operations.It further incorporates forward-secure ciphertext search to mitigate trapdoor abuse,as well as offline encryption and verifiable outsourced decryption to minimize user-side computational costs.Formal security analysis proved that the FCS-ABMSE scheme meets both indistinguishability of ciphertext under the chosen keyword attacks(IND-CKA)and the indistinguishability of ciphertext under the chosen plaintext attacks(IND-CPA).In addition,we constructed an enhanced variant based on type-3 pairings.Results demonstrated that the proposed scheme outperforms existing ABSE approaches in terms of functionalities,computational cost,and communication cost.展开更多
Nowadays,vast and rapidly growing information acts as digital records of social activities and is widely collected and stored as economic assets.To reduce the difficulty and local data management’s cost significantly...Nowadays,vast and rapidly growing information acts as digital records of social activities and is widely collected and stored as economic assets.To reduce the difficulty and local data management’s cost significantly,cloud storage services provide a highly available,highperformance,and low-cost solution for user data hosting,enabling remote access,backup,and sharing of data stored by the cloud.However,this service model is not without security risks,including user privacy exposure,low trustworthiness of data,and unauthorized access.To address these concerns,attribute-based encryption(ABE)schemes allow for the implementation of fine-grained access policies while ensure the confidentiality and availability of data stored under the cloud environment.The issues of collusion among authorities,excessive decryption computation overhead,and high complexity in attribute revocation have aroused many researchers’attention,and many works have emerged.However,expanding the functionality of ABE schemes to satisfy multiple requirements and improving existing functionality of ABE schemes are still urgent problems to be solved.Motivated by these problems,here we propose a novel multi-functional multi-authority ABE scheme that incorporates functional features such as multi-authority key generation,outsourced decryption,malicious user tracking,flexible attribute revocation,and real-time policy updates,thereby providing fine-grained access control as well as confidentiality for data stored under cloud environments.Similar to prior works,we have analyzed the static security,forward security,and resistance to collusion attacks of our proposed scheme for completeness.Storage and computational efficiency evaluation shows that our proposed scheme achieves lower storage costs and computational overhead compared to existing schemes with similar functionalities.展开更多
With the development of big data and cloud computing technology,more and more users choose to store data on cloud servers,which brings much convenience to their management and use of data,and also the risk of data lea...With the development of big data and cloud computing technology,more and more users choose to store data on cloud servers,which brings much convenience to their management and use of data,and also the risk of data leakage.A common method to prevent data leakage is to encrypt the data before uploading it,but the traditional encryption method is often not conducive to data sharing and querying.In this paper,a new kind of Attribute-Based Encryption(ABE)scheme,which is called the Sub-String Searchable ABE(SSS-ABE)scheme,is proposed for the sharing and querying of the encrypted data.In the SSS-ABE scheme,the data owner encrypts the data under an access structure,and only the data user who satisfies the access structure can query and decrypt it.The data user can make a substring query on the whole ciphertext without setting keywords in advance.In addition,the outsourcing method is also introduced to reduce the local computation of the decryption process so that the outsourcing SSS-ABE scheme can be applied to IoT devices.展开更多
文摘Internet of Things(IoT)interconnects devices via network protocols to enable intelligent sensing and control.Resource-constrained IoT devices rely on cloud servers for data storage and processing.However,this cloudassisted architecture faces two critical challenges:the untrusted cloud services and the separation of data ownership from control.Although Attribute-based Searchable Encryption(ABSE)provides fine-grained access control and keyword search over encrypted data,existing schemes lack of error tolerance in exact multi-keyword matching.In this paper,we proposed an attribute-based multi-keyword fuzzy searchable encryption with forward ciphertext search(FCS-ABMSE)scheme that avoids computationally expensive bilinear pairing operations on the IoT device side.The scheme supportsmulti-keyword fuzzy search without requiring explicit keyword fields,thereby significantly enhancing error tolerance in search operations.It further incorporates forward-secure ciphertext search to mitigate trapdoor abuse,as well as offline encryption and verifiable outsourced decryption to minimize user-side computational costs.Formal security analysis proved that the FCS-ABMSE scheme meets both indistinguishability of ciphertext under the chosen keyword attacks(IND-CKA)and the indistinguishability of ciphertext under the chosen plaintext attacks(IND-CPA).In addition,we constructed an enhanced variant based on type-3 pairings.Results demonstrated that the proposed scheme outperforms existing ABSE approaches in terms of functionalities,computational cost,and communication cost.
基金supported by the National Key R&D Program of China(No.2022ZD0161901)the National Natural Science Foundation of China(Grant No.62072023)+2 种基金Beijing Natural Science Foundation(Grant No.4242024)the Open Project Fund of the State Key Laboratory of Cryptology(No.MMKFKT202120)the Exploratory Optional Project Fund of the State Key Laboratory of Complex&Critical Software Environment,and the Fundamental Research Funds of Beihang University(Nos.YWF-21-BJ-J-1041,YWF-23-L-1033,etc.).
文摘Nowadays,vast and rapidly growing information acts as digital records of social activities and is widely collected and stored as economic assets.To reduce the difficulty and local data management’s cost significantly,cloud storage services provide a highly available,highperformance,and low-cost solution for user data hosting,enabling remote access,backup,and sharing of data stored by the cloud.However,this service model is not without security risks,including user privacy exposure,low trustworthiness of data,and unauthorized access.To address these concerns,attribute-based encryption(ABE)schemes allow for the implementation of fine-grained access policies while ensure the confidentiality and availability of data stored under the cloud environment.The issues of collusion among authorities,excessive decryption computation overhead,and high complexity in attribute revocation have aroused many researchers’attention,and many works have emerged.However,expanding the functionality of ABE schemes to satisfy multiple requirements and improving existing functionality of ABE schemes are still urgent problems to be solved.Motivated by these problems,here we propose a novel multi-functional multi-authority ABE scheme that incorporates functional features such as multi-authority key generation,outsourced decryption,malicious user tracking,flexible attribute revocation,and real-time policy updates,thereby providing fine-grained access control as well as confidentiality for data stored under cloud environments.Similar to prior works,we have analyzed the static security,forward security,and resistance to collusion attacks of our proposed scheme for completeness.Storage and computational efficiency evaluation shows that our proposed scheme achieves lower storage costs and computational overhead compared to existing schemes with similar functionalities.
基金This work is supported by the National Natural Science Foundation of China(No.62071280,No.61602287)the Major Scientific and Technological Innovation Project of Shandong Province(No.2020CXGC010115)the Guangxi Key Laboratory of Cryptography and Information Security(GCIS201901).
文摘With the development of big data and cloud computing technology,more and more users choose to store data on cloud servers,which brings much convenience to their management and use of data,and also the risk of data leakage.A common method to prevent data leakage is to encrypt the data before uploading it,but the traditional encryption method is often not conducive to data sharing and querying.In this paper,a new kind of Attribute-Based Encryption(ABE)scheme,which is called the Sub-String Searchable ABE(SSS-ABE)scheme,is proposed for the sharing and querying of the encrypted data.In the SSS-ABE scheme,the data owner encrypts the data under an access structure,and only the data user who satisfies the access structure can query and decrypt it.The data user can make a substring query on the whole ciphertext without setting keywords in advance.In addition,the outsourcing method is also introduced to reduce the local computation of the decryption process so that the outsourcing SSS-ABE scheme can be applied to IoT devices.
