Panagiotis Grontas,Aris Pagourtzis,Alexandros Zacharakis,Bingsheng Zhang

2018-01-01

Abstract:In this work, we propose a first version of an e-voting scheme that achieves end-to-end verifiability, everlasting privacy and efficient coercion resistance in the JCJ setting. Everlasting privacy is achieved assuming an anonymous channel, without resorting to dedicated channels between the election authorities to exchange private data. In addition, the proposed scheme achieves coercion resistance under standard JCJ assumptions. As a core building block of our scheme, we also propose a new primitive called publicly auditable conditional blind signature (PACBS), where a client receives a token from the signing server after interaction; the token is a valid signature only if a certain condition holds and the validity of the signature can only be checked by a designated verifier. We utilize this primitive to blindly mark votes under coercion in an auditable manner.

Dom Nasrabadi

2024-10-14

Abstract:We introduce JurEE, an ensemble of efficient, encoder-only transformer models designed to strengthen safeguards in AI-User interactions within LLM-based systems. Unlike existing LLM-as-Judge methods, which often struggle with generalization across risk taxonomies and only provide textual outputs, JurEE offers probabilistic risk estimates across a wide range of prevalent risks. Our approach leverages diverse data sources and employs progressive synthetic data generation techniques, including LLM-assisted augmentation, to enhance model robustness and performance. We create an in-house benchmark comprising of other reputable benchmarks such as the OpenAI Moderation Dataset and ToxicChat, where we find JurEE significantly outperforms baseline models, demonstrating superior accuracy, speed, and cost-efficiency. This makes it particularly suitable for applications requiring stringent content moderation, such as customer-facing chatbots. The encoder-ensemble's modular design allows users to set tailored risk thresholds, enhancing its versatility across various safety-related applications. JurEE's collective decision-making process, where each specialized encoder model contributes to the final output, not only improves predictive accuracy but also enhances interpretability. This approach provides a more efficient, performant, and economical alternative to traditional LLMs for large-scale implementations requiring robust content moderation.

Machine Learning,Artificial Intelligence

Harold Abelson,Ross Anderson,Steven M Bellovin,Josh Benaloh,Matt Blaze,Jon Callas,Whitfield Diffie,Susan Landau,Peter G Neumann,Ronald L Rivest,Jeffrey I Schiller,Bruce Schneier,Vanessa Teague,Carmela Troncoso

DOI: https://doi.org/10.1093/cybsec/tyad020

2024-01-01

Journal of Cyber Security

Abstract:Abstract Our increasing reliance on digital technology for personal, economic, and government affairs has made it essential to secure the communications and devices of private citizens, businesses, and governments. This has led to pervasive use of cryptography across society. Despite its evident advantages, law enforcement and national security agencies have argued that the spread of cryptography has hindered access to evidence and intelligence. Some in industry and government now advocate a new technology to access targeted data: client-side scanning (CSS). Instead of weakening encryption or providing law enforcement with backdoor keys to decrypt communications, CSS would enable on-device analysis of data in the clear. If targeted information were detected, its existence and, potentially, its source would be revealed to the agencies; otherwise, little or no information would leave the client device. Its proponents claim that CSS is a solution to the encryption versus public safety debate: it offers privacy—in the sense of unimpeded end-to-end encryption—and the ability to successfully investigate serious crime. In this paper, we argue that CSS neither guarantees efficacious crime prevention nor prevents surveillance. Indeed, the effect is the opposite. CSS by its nature creates serious security and privacy risks for all society, while the assistance it can provide for law enforcement is at best problematic. There are multiple ways in which CSS can fail, can be evaded, and can be abused.

Matthew Green,Gabriel Kaptchuk,Gijs Van Laer

DOI: https://doi.org/10.1007/978-3-030-77883-5_19

2021-01-01

Abstract:The increasing deployment of end-to-end encrypted communications services has ignited a debate between technology firms and law enforcement agencies over the need for lawful access to encrypted communications. Unfortunately, existing solutions to this problem suffer from serious technical risks, such as the possibility of operator abuse and theft of escrow key material. In this work we investigate the problem of constructing law enforcement access systems that mitigate the possibility of unauthorized surveillance. We first define a set of desirable properties for an abuse-resistant law enforcement access system (ARLEAS), and motivate each of these properties. We then formalize these definitions in the Universal Composability (UC) framework, and present two main constructions that realize this definition. The first construction enables prospective access, allowing surveillance only if encryption occurs after a warrant has been issued and activated. The second, more powerful construction, allows retrospective access to communications that occurred prior to a warrant’s issuance. To illustrate the technical challenge of constructing the latter type of protocol, we conclude by investigating the minimal assumptions required to realize these systems.

Fan Zhang,Philip Daian,Iddo Bentov

2018-01-01

Abstract:Conventional (M,N )-threshold signature schemes leave users with a painful choice. SettingM = N offers maximum resistance to key compromise. With this choice, though, loss of a single key renders the signing capability unavailable, creating paralysis in systems that use signatures for access control. Lower M improves availability, but at the expense of security. For example, a (3, 3)-multisignature cryptocurrency wallet experiences access-control paralysis upon loss of a single key, but a (2, 3)-multisig allows any two players to collude and steal funds from the third. In this paper, we introduce techniques that address this impasse by making general cryptographic access structures dynamic. Our schemes permit, e.g., a (3, 3)-multisig, to be downgraded to a (2, 3)multisig if a player goes missing. This downgrading is secure in the sense that it occurs only if a player is provably unavailable. Our main tool is what we call a Paralysis Proof, evidence that players, i.e., key holders, are unavailable or incapacitated. Using Paralysis Proofs, we show how to construct a Dynamic Access Structure System, which can securely and flexibly update target access structures without a trusted third party such as a system administrator. We present DASS constructions that combine a trust anchor (a trusted execution environment or smart contract) with a censorshipresistant channel in the form of a blockchain. We offer a formal framework for specifying DASS policies, and define and show how to achieve critical security and usability properties (safety, liveness, and paralysis-freeness) in a DASS. Paralysis Proofs can help address pervasive key-management challenges in many different settings. We present DASS schemes for three important example use cases: recovery of cryptocurrency funds should players become unavailable, returning funds to users when cryptocurrency custodians fail, and remediating critical smartcontract failures such as frozen funds. We report on practical implementations for Bitcoin and Ethereum.

Fan Liu,Yue Feng,Zhao Xu,Lixin Su,Xinyu Ma,Dawei Yin,Hao Liu

2024-10-18

Abstract:Despite advancements in enhancing LLM safety against jailbreak attacks, evaluating LLM defenses remains a challenge, with current methods often lacking explainability and generalization to complex scenarios, leading to incomplete assessments (e.g., direct judgment without reasoning, low F1 score of GPT-4 in complex cases, bias in multilingual scenarios). To address this, we present JAILJUDGE, a comprehensive benchmark featuring diverse risk scenarios, including synthetic, adversarial, in-the-wild, and multilingual prompts, along with high-quality human-annotated datasets. The JAILJUDGE dataset includes over 35k+ instruction-tune data with reasoning explainability and JAILJUDGETEST, a 4.5k+ labeled set for risk scenarios, and a 6k+ multilingual set across ten languages. To enhance evaluation with explicit reasoning, we propose the JailJudge MultiAgent framework, which enables explainable, fine-grained scoring (1 to 10). This framework supports the construction of instruction-tuning ground truth and facilitates the development of JAILJUDGE Guard, an end-to-end judge model that provides reasoning and eliminates API costs. Additionally, we introduce JailBoost, an attacker-agnostic attack enhancer, and GuardShield, a moderation defense, both leveraging JAILJUDGE Guard. Our experiments demonstrate the state-of-the-art performance of JailJudge methods (JailJudge MultiAgent, JAILJUDGE Guard) across diverse models (e.g., GPT-4, Llama-Guard) and zero-shot scenarios. JailBoost and GuardShield significantly improve jailbreak attack and defense tasks under zero-shot settings, with JailBoost enhancing performance by 29.24% and GuardShield reducing defense ASR from 40.46% to 0.15%.

Computation and Language,Artificial Intelligence

Witold Zontek

DOI: https://doi.org/10.1163/15718174-bja10055

2024-07-24

European Journal of Crime, Criminal Law and Criminal Justice

Abstract:Abstract Whether we realize it or not, our smartphones/tablets store an extremely rich amount of information about ourselves, our daily activities, secrets, preferences, and plans. To talk about professional or purely private matters, we use communicators. For this data, modern technology gives us a sense of security. We are reassured by encryption based on alphanumeric codes. But remembering passwords that are too complex is inconvenient. That’s why we often use biometric security - fingerprint readers or facial recognition. Not only for the unlocking of the device, but also for the effective use of many applications (e.g. mobile banking). But evidence of a crime could be a file, document, photo or conversation stored only on our device. Our crime. If law enforcement demands that we unlock the device, what should we do? Looking at modern legal solutions in this area, the international standard of not incriminating oneself is clear - we cannot be forced to reveal information stored only in memory (e.g. passcode). However, when it comes to whether we are required to place our thumb on a reader or look into a Face id camera, the law is silent or extremely inconsistent. Paradoxically, the technology that makes our data more secure seems to have the opposite effect of diminishing our fundamental rights as potential suspects. The most troubling threads in this area will be addressed in this paper. Where do we stand? What’s next for our fair trial rights?

Steven Ryder,Nhien-An Le-Khac

DOI: https://doi.org/10.48550/arXiv.1609.07602

2016-09-24

Abstract:With an exponentially increasing usage of cloud services, the need for forensic investigations of virtual space is equally in constantly increasing demand, which includes as a very first approach, the gaining of access to it as well as the data stored. This is an aspect that faces a number of challenges, stemming not only from the technical difficulties and peculiarities, but equally covers the interaction with an emerging line of businesses offering cloud storage and services. Beyond the forensic aspects, it also covers to an ever increasing amount the non-forensic considerations, such as the availability of logs and archives, legal and data protection considerations from a global perspective and the clashes in between, as well as the ever competing interests between law enforcement to seize evidence which is non-physical, and businesses who need to be able to continue to operate and provide their hosted services, even if law enforcement seek to collect evidence. The trend post-Snowden has been unequivocally towards default encryption, and driven by market leaders such as Apple, motivated to a large extent by the perceived demands for privacy of the consumer. The central question to be explored in this paper is to what extent this trend towards default encryption will have a negative impact on law enforcement investigations and possibilities, and will at the end attempt to provide a solution, which takes into account the needs of both law enforcement, but also of the service providers. It is hoped that the recommendations from this paper will be able to have an impact in the ability for law enforcement to continue with their investigations in an efficient manner, whilst also safeguarding the ability for business to thrive and continue to develop and offer new and innovative solutions, which do not put law enforcement at risk.

Cryptography and Security,Computers and Society

Shengshan Hu,Chengjun Cai,Qian Wang,Cong Wang,Minghui Li,Zhibo Wang,Dengpan Ye

DOI: https://doi.org/10.48550/arXiv.1909.09472

2019-09-20

Cryptography and Security

Abstract:Searchable symmetric encryption (SSE) allows the data owner to outsource an encrypted database to a remote server in a private manner while maintaining the ability for selectively search. So far, most existing solutions focus on an honest-but-curious server, while security designs against a malicious server have not drawn enough attention. A few recent works have attempted to construct verifiable SSE that enables the data owner to verify the integrity of search results. Nevertheless, these verification mechanisms are highly dependent on specific SSE schemes, and fail to support complex queries. A general verification mechanism is desired that can be applied to all SSE schemes. In this work, instead of concentrating on a central server, we explore the potential of the smart contract, an emerging blockchain-based decentralized technology, and construct decentralized SSE schemes where the data owner can receive correct search results with assurance without worrying about potential wrongdoings of a malicious server. We study both public and private blockchain environments and propose two designs with a trade-off between security and efficiency. To better support practical applications, the multi-user setting of SSE is further investigated where the data owner allows authenticated users to search keywords in shared documents. We implement prototypes of our two designs and present experiments and evaluations to demonstrate the practicability of our decentralized SSE schemes.

Glencora Borradaile,Kelsy Kretschmer,Michele Gretes,Alexandria LeClerc

DOI: https://doi.org/10.2478/popets-2021-0037

2021-04-27

Proceedings on Privacy Enhancing Technologies

Abstract:Abstract Existing end-to-end-encrypted (E2EE) email systems, mainly PGP, have long been evaluated in controlled lab settings. While these studies have exposed usability obstacles for the average user and offer design improvements, there exist users with an immediate need for private communication, who must cope with existing software and its limitations. We seek to understand whether individuals motivated by concrete privacy threats, such as those vulnerable to state surveil-lance, can overcome usability issues to adopt complex E2EE tools for long-term use. We surveyed regional activists, as surveillance of social movements is well-documented. Our study group includes individuals from 9 social movement groups in the US who had elected to participate in a workshop on using Thunder-bird+Enigmail for email encryption. These workshops tool place prior to mid-2017, via a partnership with a non-profit which supports social movement groups. Six to 40 months after their PGP email encryption training, more than half of the study participants were continuing to use PGP email encryption despite intervening widespread deployment of simple E2EE messaging apps such as Signal. We study the interplay of usability with social factors such as motivation and the risks that individuals undertake through their activism. We find that while usability is an important factor, it is not enough to explain long term use. For example, we find that riskiness of one’s activism is negatively correlated with long-term PGP use. This study represents the first long-term study, and the first in-the-wild study, of PGP email encryption adoption.

Yifei Li,Yinghui Zhang,Wei Liu,Jianting Ning,Dong Zheng

DOI: https://doi.org/10.1007/978-3-031-18067-5_4

2022-01-01

Abstract:Aiming at the problems of the existing attribute-based collaborative decryption schemes exemplified by failures in cloud storage servers and poor enthusiasm of users for collaborative decryption, a collaborative access control scheme based on incentive mechanisms is proposed. In this scheme, users are divided into different groups and only users of the same group can collaborate to decrypt. The data is encrypted with attribute-based encryption (ABE) and is uploaded to Inter-Planetary File System (IPFS), which not only ensures the confidentiality of data but also prevents malfunctions. Through the incentive mechanism of the blockchain, the user's enthusiasm of decryption is improved. Finally, the theoretical analysis shows that the scheme is secure and efficient.

Divij Handa,Zehua Zhang,Amir Saeidi,Chitta Baral

2024-10-23

Abstract:Recent advancements in the safety of Large Language Models (LLMs) have primarily focused on mitigating attacks crafted in natural language or in common encryption techniques like Base64. However, new models which often possess better reasoning capabilities, open the door to new attack vectors that were previously non-existent in older models. This seems counter-intuitive at first glance, but these advanced models can decipher more complex cryptic queries that previous models could not, making them susceptible to attacks using such prompts. To exploit this vulnerability, we propose Attacks using Custom Encryptions (ACE), a novel method to jailbreak LLMs by leveraging custom encryption schemes. We evaluate the effectiveness of ACE on four state-of-the-art LLMs, achieving Attack Success Rates (ASR) of up to 66% on close-source models and 88% on open-source models. Building upon this, we introduce Layered Attacks using Custom Encryptions (LACE), which employs multiple layers of encryption through our custom ciphers to further enhance the ASR. Our findings demonstrate that LACE significantly enhances the ability to jailbreak LLMs, increasing the ASR of GPT-4o from 40% to 78%, a 38% improvement. Our results highlight that the advanced capabilities of LLMs introduce unforeseen vulnerabilities to complex attacks. Specifically complex and layered ciphers increase the chance of jailbreaking.

Computation and Language,Artificial Intelligence

Jingjin Wu,Guoqiang Long,Canhua Wang,Jianhua Wu

DOI: https://doi.org/10.1088/1402-4896/ad195b

2023-12-28

Physica Scripta

Abstract:Abstract Recent advances in cellular mobile telecommunication field have dramatically facilitated the multi-party collaborative work in social networks. However, the privacy issues exposed by insecure network channels and semi-trusted service providers, such as underlying data analysis and mining, have also gradually aroused public concerns. In this context, a novel Multi-Party Privacy Data Encryption (MP-PDE) scheme built upon the deep learning framework is proposed. In this scheme, a four-dimensional autonomous chaotic system is initially leveraged to configurate the key-controlled cipher streams. Under the guidance of a multi-objective optimization function, the proposed encryption network manipulates the multi party private data into a cipher image with the statistical pseudo-randomness. At the recipient side, distinct participants can decrypt the matching data availing their own licensing key from the identical cipher image. Furthermore, the encryption and decryption networks are equivalent except for their network parameters. Finally, numerous experiments are conducted to verify the effectiveness and security of the proposed scheme.

physics, multidisciplinary

Haibo Jin,Andy Zhou,Joe D. Menke,Haohan Wang

2024-05-31

Abstract:Large Language Models (LLMs) are typically harmless but remain vulnerable to carefully crafted prompts known as ``jailbreaks'', which can bypass protective measures and induce harmful behavior. Recent advancements in LLMs have incorporated moderation guardrails that can filter outputs, which trigger processing errors for certain malicious questions. Existing red-teaming benchmarks often neglect to include questions that trigger moderation guardrails, making it difficult to evaluate jailbreak effectiveness. To address this issue, we introduce JAMBench, a harmful behavior benchmark designed to trigger and evaluate moderation guardrails. JAMBench involves 160 manually crafted instructions covering four major risk categories at multiple severity levels. Furthermore, we propose a jailbreak method, JAM (Jailbreak Against Moderation), designed to attack moderation guardrails using jailbreak prefixes to bypass input-level filters and a fine-tuned shadow model functionally equivalent to the guardrail model to generate cipher characters to bypass output-level filters. Our extensive experiments on four LLMs demonstrate that JAM achieves higher jailbreak success ($\sim$ $\times$ 19.88) and lower filtered-out rates ($\sim$ $\times$ 1/6) than baselines.

Cryptography and Security,Computation and Language,Computer Vision and Pattern Recognition,Machine Learning

Amiya Karmakar,Pritam Ghosh,Partha Sarathi Banerjee,Debashis De

DOI: https://doi.org/10.1007/s11042-024-18771-2

IF: 2.577

2024-03-12

Multimedia Tools and Applications

Abstract:Sustainable professional integrity is the pivoting factor for maintaining the expected ethical standard of a profession. Whereas privacy of a user becomes vulnerable due to the digital transactions performed on the web. To this end, we propose a distributed framework, Jurisprudence, that preserves a user's privacy by preventing concurrent active sessions. The proposed model enables online transactions using one-time password (BLOCK-OTP) based blockchain multi-factor authentication. It encapsulates the users details and preserves the privacy of the user by preventing the invocation of concurrent transaction sessions. We deployed the system into the Ethereum test blockchain environment and tested the framework. We envisage our model to be suitable for the detection of fraudulent and malicious activities in near future.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Li Duan,Wenyao Xu,Wei Ni,Wei Wang

DOI: https://doi.org/10.1016/j.sysarc.2023.102897

IF: 5.836

2023-05-13

Journal of Systems Architecture

Abstract:In an open Internet-of-Things (IoT) environment, cloud-device collaborative development brings more functional services to users. However, privacy disclosure risks concerning service provision and users' accessing behavior also increase. Traditional privacy protection approaches involve a centralized system with a third-party administrative server, which has the risk of single-point failures and overlooks the issue of privacy information leakage concerning users' behaviors. Blockchain is a decentralized and traceable technology that provides a reliable solution for secure access by users. This paper proposes a novel blockchain-based secure access framework (BSAF) for cloud-device service collaborations with privacy protection. Specifically, a key matrix encryption mechanism is used to protect the privacy of users' behaviors, and a fully homomorphic encryption mechanism is designed to protect the privacy of service content. Two smart contracts are designed: a request verification smart contract to verify the access rights of users, and a behavior punishment smart contract to audit users' access behaviors. Comprehensive experiments on the Ethereum blockchain network show that the proposed BSAF framework outperforms existing schemes in latency reduction and cost saving, and is more suitable for low-profile IoT devices.

computer science, software engineering, hardware & architecture

Xiwen Wang,Kai Zhang,Jinguo Li,Mi Wen,Shengmin Xu,Jianting Ning

DOI: https://doi.org/10.1093/comjnl/bxac166

2024-01-01

Abstract:Searchable asymmetric encryption (SAE) enables a client to search over a data owner's encrypted data. Nevertheless, state-of-the-art SAE schemes allow a data owner to specify access control policy for a client, while they have not considered the threat case of a malicious data owner. To address the problem, this work presents a non-interactive SAE scheme with bilateral access control: (i) allowing data owner and client to both specify policies toward the other party; (ii) allowing client to perform arbitrary boolean queries with sub-linear search complexity. Technically, we extend Cash et al.'s highly scalable SSE into an asymmetric setting and introduce the property of data owner authenticity. By refining identity-based matchmaking encryption, we formalize the syntax and security definition of our SAE with identity-based bilateral access control. Moreover, the security of the proposed SAE can be reduced to discrete logistic assumption and decisional bilinear Diffie-Hellman assumption. As an enhanced extension, we present a non-interactive multi-client SAE scheme with fuzzy identity-based bilateral access control. In addition, we implement the proposed schemes in real cloud platform and evaluate their performance on a real-world dataset. The result confirms that our SAE schemes achieve bilateral access control for both data owner and client with highly acceptable efficiency.

Nerla Jean-Louis,Yunqi Li,Yan Ji,Harjasleen Malvai,Thomas Yurek,Sylvain Bellemare,Andrew Miller

DOI: https://doi.org/10.56553/popets-2024-0035

2024-01-01

Proceedings on Privacy Enhancing Technologies

Abstract:TEE-based smart contracts are an emerging blockchain architecture, offering fully programmable privacy with better performance than alternatives like secure multiparty computation. They can also support compatibility with existing smart contract languages, such that existing (plaintext) applications can be readily ported, picking up privacy enhancements automatically. While previous analysis of TEE-based smart contracts have focused on failures of TEE itself, we asked whether other aspects might be understudied. We focused on state consistency, a concern area highlighted by Li et al., as well as new concerns including access pattern leakage and software upgrade mechanisms. We carried out a code review of a cohort of four TEE-based smart contract platforms. These include Secret Network, the first to market with in-use applications, as well as Oasis, Phala, and Obscuro, which have at least released public test networks. The first and most broadly applicable result is that access pattern leakage occurs when handling persistent contract storage. On Secret Network, its fine-grained access pattern is catastrophic for the transaction privacy of SNIP-20 tokens. If ERC-20 tokens were naively ported to Oasis they would be similarly vulnerable; the others in the cohort leak coarse-grained information at approximately the page level (4 kilobytes). Improving and characterizing this will require adopting techniques from ORAMs or encrypted databases. Second, the importance of state consistency has been underappreciated, in part because exploiting such vulnerabilities is thought to be impractical. We show they are fully practical by building a proof-of-concept tool that breaks all advertised privacy properties of SNIP-20 tokens, able to query the balance of individual accounts and the token amount of each transfer. We additionally demonstrate MEV attacks against the Sienna Swap application. As a final consequence of lacking state consistency, the developers have inadvertently introduced a decryption backdoor through their software upgrade process. We have helped the Secret developers mitigate this through a coordinated vulnerability disclosure, after which their state consistency should be roughly on par with the rest.

Jeroen Pijnenburg,Bertram Poettering

DOI: https://doi.org/10.1145/3411505.3418438

2020-11-09

Abstract:Recent work by Pijnenburg and Poettering (ESORICS'20) explores the novel cryptographic Encrypt-to-Self primitive that is dedicated to use cases of symmetric encryption where encryptor and decryptor coincide. The primitive is envisioned to be useful whenever a memory-bounded computing device is required to encrypt some data with the aim of temporarily depositing it on an untrusted storage device. While the new primitive protects the confidentiality of payloads as much as classic authenticated encryption primitives would do, it provides considerably better authenticity guarantees: Specifically, while classic solutions would completely fail in a context involving user corruptions, if an encrypt-to-self scheme is used to protect the data, all ciphertexts and messages fully remain unforgeable. To instantiate their encrypt-to-self primitive, Pijnenburg et.al propose a mode of operation of the compression function of a hash function, with a carefully designed encoding function playing the central role in the serialization of the processed message and associated data. In the present work we revisit the design of this encoding function. Without questioning its adequacy for securely accomplishing the encrypt-to-self job, we improve on it from a technical/implementational perspective by proposing modifications that alleviate certain conditions that would inevitably require implementations to disrespect memory alignment restrictions imposed by the word-wise operation of modern CPUs, ultimately leading to performance penalties. Our main contributions are thus to propose an improved encoding function, to explain why it offers better performance, and to prove that it provides as much security as its predecessor. We finally report on our open-source implementation of the encrypt-to-self primitive based on the new encoding function. For the full version of this article, see https://arxiv.org/abs/2009.02667 arXiv:2009.02667.

Jinjiang Yang,Feng Liu,Xinyi Luo,Jianan Hong,Jian Li,Kaiping Xue

DOI: https://doi.org/10.1109/globecom48099.2022.10001146

2022-01-01

Abstract:Through Searchable Symmetric Encryption (SSE), a user can make search over encrypted documents that are stored on an untrusted cloud server. Multi-client SSE schemes require that one client can search documents contributed by other clients and upload documents. Nevertheless, existing multi- client SSE schemes implement the fine-grained access control with high complexity. Although fine-grained access control adapts to complex scenarios, it is not necessary anytime and may cause heavy costs over computation in SSE schemes. Moreover, it is crucial to support documents updating and forward privacy. To combat that, we design a multi-client SSE scheme with efficient access control over dynamic encrypted documents. Specifically, we first modify Symmetric Hidden Vector Encryption (SHVE) and utilize Bloom filter to implement the access control, which reduces much of computation overhead. We then employ Oblivious Dynamic Cross-Tag (ODXT) protocol to preserve the forward privacy of our scheme. Finally, the corresponding security and experimental evaluation demonstrate both security and practicality of our scheme, respectively.