Xiaofeng Xu,Li Xiong,Jinfei Liu

DOI: https://doi.org/10.1145/2699026.2699121

2015-01-01

Abstract:Database fragmentation is a promising approach that can be used in combination with encryption to achieve secure data outsourcing which allows clients to securely outsource their data to remote untrusted server(s) while enabling query support using the outsourced data. Given a set of confidentiality constraints, it vertically partitions the database into fragments such that the set of attributes in each constraint do not appear together in any one fragment. The optimal fragmentation problem is to find a fragmentation with minimum cost for query support. In this paper, we propose an efficient graph search based approach which obtains near optimal fragmentation. We model the fragmentation search space as a graph and propose efficient search algorithms on the graph. We present static and dynamic search strategies as well as a novel level-wise graph expansion technique which dramatically reduces the search time. Extensive experiments showed that our method significantly outperforms other state-of-the-art methods.

Xiao-yu Zhao,Gang Cheng,Dan Zhang,Xiao-hong Wang,Guang-chang Dong

DOI: https://doi.org/10.1631/jzus.2004.0803

2004-01-01

Abstract:Pure position permutation image encryption algorithms, commonly used as image encryption investigated in this work are unfortunately frail under known-text attack. In view of the weakness of pure position permutation algorithm, we put forward an effective decryption algorithm for all pure-position permutation algorithms. First, a summary of the pure position permutation image encryption algorithms is given by introducing the concept of ergodic matrices. Then, by using probability theory and algebraic principles, the decryption probability of pure-position permutation algorithms is verified theoretically; and then, by defining the operation system of fuzzy ergodic matrices, we improve a specific decryption algorithm. Finally, some simulation results are shown.

Han Qiu

DOI: https://doi.org/10.48550/arXiv.1803.04880

2018-03-13

Cryptography and Security

Abstract:In this thesis, a completely revisited data protection scheme based on selective encryption is presented. First, this new scheme is agnostic in term of data format, second it has a parallel architecture using GPGPU allowing performance to be at least comparable to full encryption algorithms. Bitmap, as a special uncompressed multimedia format, is addressed as a first use case. Discrete Cosine Transform (DCT) is the first transformation for splitting fragments, getting data protection, and storing data separately on local device and cloud servers. This work has largely improved the previous published ones for bitmap protection by providing new designs and practical experimentations. General purpose graphic processing unit (GPGPU) is exploited as an accelerator to guarantee the efficiency of the calculation compared with traditional full encryption algorithms. Then, an agnostic selective encryption based on lossless Discrete Wavelet Transform (DWT) is presented. This design, with practical experimentations on different hardware configurations, provides strong level of protection and good performance at the same time plus flexible storage dispersion schemes. Therefore, our agnostic data protection and transmission solution combining fragmentation, encryption, and dispersion is made available for a wide range of end-user applications. Also a complete set of security analysis are deployed to test the level of provided protection.

Katarzyna Kapusta,Gerard Memmi,Hassan Noura

DOI: https://doi.org/10.48550/arXiv.1705.09872

2017-05-28

Abstract:The family of Information Dispersal Algorithms is applied to distributed systems for secure and reliable storage and transmission. In comparison with perfect secret sharing it achieves a significantly smaller memory overhead and better performance, but provides only incremental confidentiality. Therefore, even if it is not possible to explicitly reconstruct data from less than the required amount of fragments, it is still possible to deduce some information about the nature of data by looking at preserved data patterns inside a fragment. The idea behind this paper is to provide a lightweight data fragmentation scheme, that would combine the space efficiency and simplicity that could be find in Information Dispersal Algorithms with a computational level of data confidentiality.

Cryptography and Security

Gerard Memmi,Katarzyna Kapusta,Patrick Lambein,Han Qiu

DOI: https://doi.org/10.48550/arXiv.1512.02951

2017-02-13

Abstract:Hardening data protection using multiple methods rather than 'just' encryption is of paramount importance when considering continuous and powerful attacks in order to observe, steal, alter, or even destroy private and confidential <a class="link-external link-http" href="http://information.Our" rel="external noopener nofollow">this http URL</a> purpose is to look at cost effective data protection by way of combining fragmentation, encryption, and dispersion over several physical machines. This involves deriving general schemes to protect data everywhere throughout a network of machines where they are being processed, transmitted, and stored during their entire life cycle. This is being enabled by a number of parallel and distributed architectures using various set of cores or machines ranging from General Purpose GPUs to multiple clouds. In this report, we first present a general and conceptual description of what should be a fragmentation, encryption, and dispersion system (FEDS) including a number of high level requirements such systems ought to meet. Then, we focus on two kind of fragmentation. First, a selective separation of information in two fragments a public one and a private one. We describe a family of processes and address not only the question of performance but also the questions of memory occupation, integrity or quality of the restitution of the information, and of course we conclude with an analysis of the level of security provided by our algorithms. Then, we analyze works first on general dispersion systems in a bit wise manner without data structure consideration; second on fragmentation of information considering data defined along an object oriented data structure or along a record structure to be stored in a relational database.

Cryptography and Security

Siu-Kei Au Yeung,Shuyuan Zhu,Bing Zeng

DOI: https://doi.org/10.1109/lsp.2009.2026109

2009-01-01

IEEE Signal Processing Letters

Abstract:In this letter, we propose a novel video encryption technique that is used to achieve partial encryption where an annoying video can still be reconstructed even without the security key. In contrast to the existing methods where the encryption usually takes place at the entropy-coding stage or the bit-stream level, our proposed scheme embeds the encryption at the transform stage during the encoding process. To this end, we develop a number of new unitary transforms that are demonstrated to be equally efficient as the well-known DCT and thus used as alternates to DCT during the encoding process. Partial encryption is achieved through alternately applying these transforms to individual blocks according to a pre-designed secret key. Analysis on the security level of this partial encryption scheme is carried out against various common attacks and some experimental results based on H.264/AVC are presented.

Zhe Liu,Mee Loong Yang,Wei Qi Yan

DOI: https://doi.org/10.1109/ivcnz.2017.8402486

2017-01-01

Abstract:In this paper, we propose an improved image encryption algorithm based on double random phase encoding (DRPE). Our contribution is the design of a new algorithm which uses Discrete Cosine Transform (DCT) to replace Discrete Fourier Transform (DFT) so as to avoid operations on complex numbers. We use a logistic map to generate random matrices instead of random phase masks in the traditional DRPE so as to decrease the number of secret keys. We tested the algorithm using five types of attacks. The results indicate that the improved algorithm overcomes weaknesses of traditional scrambling methods and it has shown strong resilience against statistical attacks. An advantage of this algorithm is that it is convenient to verify whether the encrypted images have been tampered with.

Xiuli Chai,Xiuhui Chen,Yakun Ma,Fang Zuo,Zhihua Gan,Yushu Zhang

DOI: https://doi.org/10.1631/FITEE.2200498

2023-01-01

Abstract:With the substantial increase in image transmission, the demand for image security is increasing. Noise-like images can be obtained by conventional encryption schemes, and although the security of the images can be guaranteed, the noise-like images cannot be directly previewed and retrieved. Based on the rank-then-encipher method, some researchers have designed a three-pixel exact thumbnail preserving encryption (TPE2) scheme, which can be applied to balance the security and availability of images, but this scheme has low encryption efficiency. In this paper, we introduce an efficient exact thumbnail preserving encryption scheme. First, blocking and bit-plane decomposition operations are performed on the plaintext image. The zigzag scrambling model is used to change the bit positions in the lower four bit planes. Subsequently, an operation is devised to permute the higher four bit planes, which is an extended application of the hidden Markov model. Finally, according to the difference in bit weights in each bit plane, a bit-level weighted diffusion rule is established to generate an encrypted image and still maintain the same sum of pixels within the block. Simulation results show that the proposed scheme improves the encryption efficiency and can guarantee the availability of images while protecting their privacy.

Zhi-Yan Zhao,Peng Zeng

DOI: https://doi.org/10.1109/access.2021.3092945

IF: 3.9

2021-01-01

IEEE Access

Abstract:Public key encryption with equality test (PKEET for short) is a new cryptographic primitive which allows a proxy to check whether two ciphertexts encrypted under different public keys are of the same plaintext. PKEET has become a prospective candidate for various application scenarios, such as data management on encrypted databases, personal health record systems, spam filtering in encrypted email systems. In this paper, we propose an efficient all-or-nothing public key encryption scheme with authenticated equality test (AoN-PKEAET for short). In comparison with the existing PKEET schemes, the proposed scheme provides a new feature of ciphertext authentication before the plaintext equality test. It ensures that no misjudgement occurs when testing the equality between ciphertexts. Specially, the $mathsf {Test}$ algorithm in the proposed scheme first authenticates the compared ciphertexts and the equality test is fulfilled only if the ciphertexts are authenticated as valid. With this new feature, the $mathsf {Test}$ algorithm cannot output 0 (which means that the encrypted messages are different) when the two input ciphertexts are of an identical message, or it cannot output 1 (which means that the encrypted messages are identical) when the two input ciphertexts are of different messages. Under a redefined security model for AoN-PKEAET, we give the detailed security proof of the proposed scheme.

computer science, information systems,telecommunications,engineering, electrical & electronic

Xuyang Chang,Shaowei Jiang,Liming Yang,xinrui Zhan,Shicong Liu,Daoyu Li,Yan Ren,Zhen Gao,Guoan Zheng,Jun Zhang,Liheng Bian

DOI: https://doi.org/10.21203/rs.3.rs-2924284/v1

2023-01-01

Abstract:Abstract Optical encryption is an emerging technique that uses optical systems to securely encode and decode information for data transmission. In this study, we present an integrated optical encryption platform that consists of a scattering-augmented ptychographic encryption system, a transmission-efficient compressive sampling strategy, and a high-capacity decryption algorithm based on a hybrid model-data driven approach. Our encryption system leverages random light scattering as a physical unclonable function, enabling the encoding of complex object wavefronts with high optical throughput. In contrast to traditional encoders that offer insecure pseudo-randomness, the light scattering process ensures true randomness in the reported platform. To optimize transmission efficiency, we implement a compressive sampling strategy that reduces data transmission volume by at least one order of magnitude. Moreover, we devise a decryption algorithm that merges model-driven optimization with data-driven deep learning, effectively addressing the highly underdetermined retrieval task and providing robust decryption against various measurement noise and communication interference. The efficacy of our system is corroborated by an integrated optical prototype capable of encrypting ten million of pixels within minutes. Communication experiments confirm the resilience of our decryption algorithm, which retrieves high-fidelity results even under extreme transmission conditions characterized by a 20% bit error rate. Our innovative encryption technique presents a comprehensive solution for high-capacity data transmission, fortified by scattering-augmented security.

YongHong Yu,Wenyang Bai

2010-01-01

Journal of Computational Information Systems

Abstract:Advances in networking technologies and the continued growth of the internet have triggered a new trend towards outsourcing data management and information technology needs to external service providers. Technical considerations and many significant commercial and legal regulations demand that privacy guarantees be provided whenever sensitive information is stored, processed, or communicated to external parties. It is therefore crucial to design solutions able to respond to this demand with a clear integration strategy for existing applications and a consideration of the performance impact of the protection measures. In this paper, we propose a solution to enforce data privacy over outsourced database services. The approach starts from a flexible definition of privacy constraints on a relational schema, applies encryption on information in parsimonious way and mostly relies on attribute fragmentation to protect sensitive information. Based on the approximation algorithm for the minimal encryption attribute fragmentation, assisting by detecting quasi-identifier automatically, the approach allow storing the outsourced data on a single database server and minimizing the amount of data represented in encrypted format. Based on the decomposition of SQL queries, the approach allows executing queries over encrypted outsourced database efficiently. The theoretical analysis and experimental results show that our new model can provide efficient data privacy protection and query processing. © 2010 Binary Information Press.

Chaohui Du,Guoqiang Bai

DOI: https://doi.org/10.1109/TrustCom.2014.128

2014-01-01

Abstract:Data encryption is the primary method to protect embedded devices in the hostile environment. The security of the traditional data encryption algorithms relies on keeping the keys secret and they always require a lot of arithmetic and logical computations, which may be not suitable for area critical or power critical embedded devices. At TrustCom 2013, Hou et al. Proposed to use a physical unclonable function (PUF) to build a novel physically-embedded data encryption (PEDE) for embedded devices. The PEDE is lightweight since all it does is xor-ing the plaintext with the output of a PUF. As the PUF is unique and unclonable, only the original physical device can decrypt the cipher text. Without possessing the original PEDE device, adversaries could not determine anything about the plaintext even if both the secret key and the cipher text are available to them. In this paper, we show that the existing PEDE architecture is sensitive to environmental variations, which leads to the fact that the decrypted plaintext does not equal to the original plaintext. Besides the lack of reliability, we also show that the existing PEDE architecture is vulnerable to known-plaintext attack and modeling attack. To address these issues, we propose a secure and robust PEDE architecture.

Zhan-Jun Wang,Hai-Ying Ma,Jin-Hua Wang

2016-01-01

Journal of information science and engineering

Abstract:Attribute-based encryption (ABE) is a promising encryption for fine-grained sharing of ciphertext based on users' attributes. One drawback of ABE is that the encryption and decryption computational costs grow with the number of attributes and the complexity of the access policy. In scenarios where mobile devices are required, it will make encryption and decryption a possible bottleneck for these applications. To largely eliminate computational overhead for mobile devices, we propose a novel attribute-based online/offline encryption with outsourcing decryption (ABOOE-OD). First, the encryption process is split into the offline and online phases. Second, we modify the key generation and decryption algorithms to handle the ciphertext, and outsource the majority of decryption to cloud servers without compromising its security. Our first ABOOE-OD scheme is proven to be secure against the chosen-plaintext attack. We present an attribute-based online/offline KEM with outsourcing decapsulation (ABOOKEM-OD), and construct a generic transformation to achieve CCA security for ABOOE-OD from any ABOOKEM-OD with one-wayness. Finally, we compare our schemes with previous schemes, and provide an implementation of our scheme. The performance measurements indicate ABOOE-OD is very suitable for mobile devices to perform the online encryption and decryption operations without significantly draining the battery.

Xingyuan Wang,Hongyu Zhao

DOI: https://doi.org/10.1007/s11042-020-08810-z

IF: 2.577

2020-03-15

Multimedia Tools and Applications

Abstract:In the image encryption algorithms, expansion of size and increase of data lead to a large amount of time consumption. To improve the efficiency, the current efforts are mainly limited to the design of streaming encryption algorithms, which do not greatly reduce encryption time and may cause security issues. Therefore, we propose a new image encryption algorithm, which based on the parallel permutation-and-diffusion (PPAD) strategy, and adopt the sub-key cross-fusion method to form the different secret keys in different rounds. The proposed algorithm significantly improves the parallelism of encryption while ensuring security, and achieves an excellent enhancement in efficiency over conventional streaming encryption algorithms. The performance evaluations prove that the proposed strategy has high security to resist common attacks and is suitable for image encryption.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Mor Weiss,Boris Rozenberg,Muhammad Barham

DOI: https://doi.org/10.48550/arXiv.1506.04113

2015-06-13

Abstract:Format Preserving Encryption (FPE) schemes encrypt a plaintext into a ciphertext while preserving its format (e.g., a valid social-security number is encrypted into a valid social-security number), thus allowing encrypted data to be stored and used in the same manner as unencrypted data. Motivated by the always-increasing use of cloud-computing and memory delegation, which require preserving both plaintext format and privacy, several FPE schemes for general formats have been previously suggested. However, current solutions are both insecure and inefficient in practice. We propose an efficient FPE scheme with optimal security. Our scheme includes an efficient method of representing general (complex) formats, and provides efficient encryption and decryption algorithms that do not require an expensive set-up. During encryption, only format-specific properties are preserved, while all message-specific properties remain hidden, thus guaranteeing data privacy. As experimental results show that in many cases large formats domains cannot be encrypted efficiently, we extend our scheme to support large formats, by imposing a user-defined bound on the maximal format size, thus obtaining a flexible security-efficiency tradeoff and the best possible security (under the size limitation).

Cryptography and Security

Xiaogang Wang,Daomu Zhao

DOI: https://doi.org/10.1364/AO.50.006645

IF: 1.9

2011-01-01

Applied Optics

Abstract:The asymmetric cryptosystem, which is based on phase-truncated Fourier transforms (PTFTs), can break the linearity of conventional systems. However, it has been proven to be vulnerable to a specific attack based on iterative Fourier transforms when the two random phase masks are used as public keys to encrypt different plaintexts. An improvement from the asymmetric cryptosystem may be taken by relocating the amplitude values in the output plane. In this paper, two different methods are adopted to realize the amplitude modulation of the output image. The first one is to extend the PTFT-based asymmetrical cryptosystem into the anamorphic fractional Fourier transform domain directly, and the second is to add an amplitude mask in the Fourier plane of the encryption scheme. Some numerical simulations are presented to prove the good performance of the proposed cryptosystems. (C) 2011 Optical Society of America

Yongfei Wu,Liming Zhang,Xilin Liu,Hao Zhang

DOI: https://doi.org/10.1016/j.jfranklin.2024.01.031

IF: 4.246

2024-01-22

Journal of the Franklin Institute

Abstract:This study creatively introduces a class of adaptive Fourier decomposition (AFD) techniques into the field of image encryption, where AFD and its variants are newly developed signal decomposition methods. The novelty of this article is twofold. First, we use three different AFD techniques, including Core AFD, Unwinding AFD, and Cyclic AFD, to generate two key streams through decomposing a source image. The two key streams generated by different AFD algorithms are different and aperiodic, which can effectively improve the security of encryption algorithm. Furthermore, this work also proposes a novel encryption method that implements the confusion and diffusion operations by index-sorted mapping method and pixel swapping operation based on two generated key streams, respectively. To ensure that the image is fully scrambled, both pixel-level and bit-level permutations are performed, which employs a novel bilateral sequence diffusion method to change the image pixel distribution based on pixel swap operations. The cryptographic performance of the scheme is evaluated through various security analyses, including key sensitivity, statistical, entropy, clipping attack, and differential attack analysis. Experimental results confirm that the proposed image encryption scheme ensures a high level of security and exhibits superior performance in resisting various attacks compared with several traditional and state-of-the-art image encryption methods.

automation & control systems,engineering, electrical & electronic, multidisciplinary,mathematics, interdisciplinary applications

Willy Susilo,Dung Hoang Duong,Huy Quoc Le,Josef Pieprzyk

DOI: https://doi.org/10.48550/arXiv.2007.06353

2020-07-13

Cryptography and Security

Abstract:Puncturable encryption (PE), proposed by Green and Miers at IEEE S&P 2015, is a kind of public key encryption that allows recipients to revoke individual messages by repeatedly updating decryption keys without communicating with senders. PE is an essential tool for constructing many interesting applications, such as asynchronous messaging systems, forward-secret zero round-trip time protocols, public-key watermarking schemes and forward-secret proxy re-encryptions. This paper revisits PEs from the observation that the puncturing property can be implemented as efficiently computable functions. From this view, we propose a generic PE construction from the fully key-homomorphic encryption, augmented with a key delegation mechanism (DFKHE) from Boneh et al. at Eurocrypt 2014. We show that our PE construction enjoys the selective security under chosen plaintext attacks (that can be converted into the adaptive security with some efficiency loss) from that of DFKHE in the standard model. Basing on the framework, we obtain the first post-quantum secure PE instantiation that is based on the learning with errors problem, selective secure under chosen plaintext attacks (CPA) in the standard model. We also discuss about the ability of modification our framework to support the unbounded number of ciphertext tags inspired from the work of Brakerski and Vaikuntanathan at CRYPTO 2016.

Jun Lang,Fan Zhang

DOI: https://doi.org/10.1007/s11042-024-20176-0

IF: 2.577

2024-09-15

Multimedia Tools and Applications

Abstract:In this paper, we propose an optical image encryption scheme based on modified 3D double-phase encoding algorithm (3D-DPEA) in the gyrator transform (GT) domain, in which a plaintext is encrypted into two sparse volumetric ciphertexts under the constraints of chaos-generated binary amplitude masks (BAMs). Then, the two volumetric ciphertexts are multiplexed into the corresponding 2D ciphertexts for convenient storage and transmission. First, due to the synergistic adjustment of the two sparse volumetric ciphertexts during the iterative process, the 3D-DPEA would achieve higher recovery quality of the decrypted image with fewer iterations. In addition, because the BAMs are generated by the logistic-tent (LT) chaotic map which is closely related to the rotation angles of GT, and the LT chaotic map has several advantages such as nonlinear, pseudorandom behavior, and high sensitivity of initial conditions, the sensitivity of the secret key could be significantly improved by several orders of magnitude, reaching up to 10 −14 . As a result, the 3D-DPEA scheme not only eliminates the explicit/linear relationship between the plaintext and the ciphertext but also substantially enhances security. For decryption, the corresponding decrypted image can be achieved by recording an intensity pattern when a coherent beam crosses two sparse volumetric ciphertexts sequentially. Furthermore, BAMs wouldn't impose an additional burden on the storage and transmission of secret keys. A series of numerical simulations are performed to verify the effectiveness and security of the proposed encryption scheme.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Jeff Siu-Kei Au-Yeung,Shuyuan Zhu,Bing Zeng

DOI: https://doi.org/10.1109/ISCAS.2010.5537399

2010-01-01

Abstract:It has been demonstrated in our earlier work [1] that partial video encryption can be effectively achieved by using alternative transforms. In this paper, we modify those floating-point based transforms to integer-based counterparts so as to be compatible with the H. 264 standard. To this end, we present the design details of these integer-based transforms and their efficient implementations. To follow the H. 264 standard that combines the transform and quantization processes, we present some special handling of the necessary scaling factors and the associated quantization. Finally, we demonstrate that the derived integer transforms can achieve partial video encryption with nearly the same performance as what has been achieved with floating-point transforms.