Yuan Zhang,Chunxiang Xu,Jianbing Ni,Hongwei Li,Xuemin Sherman Shen

DOI: https://doi.org/10.1109/tcc.2019.2923222

IF: 5.697

2021-10-01

IEEE Transactions on Cloud Computing

Abstract:Cloud storage enables users to outsource data to storage servers and retrieve target data efficiently. Some of the outsourced data are very sensitive and should be prevented for any leakage. Generally, if users conventionally encrypt the data, searching is impeded. Public-key encryption with keyword search (PEKS) resolves this tension. Whereas, it is vulnerable to keyword guessing attacks (KGA), since keywords are low-entropy. In this paper, we present a secure PEKS scheme called SEPSE against KGA, where users encrypt keywords with the aid of dedicated key servers via a threshold and oblivious way. SEPSE supports key renewal to periodically replace an existing key with a new one on each key server to thwart the key compromise. Furthermore, SEPSE can efficiently resist online KGA, where each keyword request made by a user is integrated into a transaction on a public blockchain (e.g., Ethereum), which allows key servers to learn the number of keyword requests made by the user without requiring a synchronization between them for per-user rate limiting. Security analysis and performance evaluation demonstrate that SEPSE provides a stronger security guarantee compared with existing schemes, at the expense of acceptable computational costs.

computer science, information systems, theory & methods

Shuo Zhang,Qiaoyan Wen,Wenmin Li,Hua Zhang,Zhengping Jin

DOI: https://doi.org/10.3390/s20236962

IF: 3.9

2020-12-05

Sensors

Abstract:Internet of Things (IoT) and cloud computing are adopted widely in daily life and industrial production. Sensors of IoT equipment gather personal, sensitive and important data, which is stored in a cloud server. The cloud helps users to save cost and collaborate. However, the privacy of data is also at risk. Public-key encryption with keyword search (PEKS) is convenient for users to use the data without leaking privacy. In this article, we give a scheme of PEKS for a multi-user to realize the multi-keyword search at once and extend it to show a rank based on keywords match. The receiver can finish the search by himself or herself. With private cloud and server cloud, most users’ computing can be outsourced. Moreover, the PEKS can be transferred to a multi-user model in which the private cloud is used to manage receivers and outsource. The store cloud and the private cloud both obtain nothing with the keyword information. Then our IoT devices can easily run these protocols. As we do not use any pairing operations, the scheme is under more general assumptions that means the devices do not need to take on the heavy task of calculating pairing.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Xiaodong Yang,Tian Tian,Jiaqi Wang,Caifen Wang

DOI: https://doi.org/10.1007/s12083-022-01345-0

2022-07-25

Abstract:Nowadays, with the rapid development of smart health-care based on electronic health records, it remarkably supplies a promising way to alleviate the shortage of medical resources and improve medical efficiency. Meanwhile, data in electronic health records are sensitive and require protection against unauthorized access. However, most previous electronic health records sharing schemes are vulnerable to data leakage and forgery. To address these challenging problems, we propose a new electronic health record sharing scheme. We use the certificateless cryptosystem to encrypt keywords, which solves the certificate management problem and key escrow problem. The proposed scheme also supports multi-user search and the user authorization table can be used to modify access permissions of medical data users. Besides, the root values of the Merkle trees are written into the blockchain to ensure anti-tampering, integrity and traceability of search results. Moreover, a smart contract enables a fair transaction between cloud server provider and medical data users without trusted third parties. We prove that the proposed scheme is secure against the keyword guessing attack in the random oracle model. Furthermore, performance analysis demonstrates that our scheme has greater computational efficiency compared with other related schemes.

computer science, information systems,telecommunications

Suhui Liu,Jiguo Yu,Yinhao Xiao,Zhiguo Wan,Shengling Wang,Biwei Yan

DOI: https://doi.org/10.1109/jiot.2020.2993231

IF: 10.6

2020-09-01

IEEE Internet of Things Journal

Abstract:The Internet of Things (IoT) changed our lives with huge amounts of data production. Due to source-limited IoT devices, one of the best ways to process the data is cloud storage. However, a series of security and privacy issues arise, such as illegal data access, data tampering, and privacy leak. Though symmetric encryption can guarantee data confidentiality, it cannot realize fine-grained data sharing and searching. The keyword-based searchable attribute-based encryption (KSABE) can achieve data confidentiality and fine-grained access control. More importantly, it realizes a keyword-based search for data users. However, the heavy decryption computation burden and the management of massive user keys appear when implementing attribute-based encryption schemes to IoT. Therefore, this article proposes a blockchain-aided searchable attribute-based encryption (BC-SABE) with efficient revocation and decryption, where the traditional centralized server is replaced with a decentralized blockchain system being in charge of the threshold parameter generation, key management, and user revocation. All revocation tasks are done by the blockchain and it is on longer necessary for ciphertext reencryption and key update. Moreover, users utilize the coalition blockchain to generate partial tokens. Besides, the cloud server contained in our scheme not only stores the massive encrypted data but also performs search and predecryption for users who only require one exponentiation in the group ${mathbb {G}}$ to decrypt fully. Security analyses prove that our scheme realizes the security under the chosen plaintext attack and the chosen keyword attack. Simulations show that the decryption and token generation cost of our scheme are preferable.

computer science, information systems,telecommunications,engineering, electrical & electronic

Li, Liangshun

DOI: https://doi.org/10.1007/s12083-024-01795-8

IF: 3.488

2024-09-12

Peer-to-Peer Networking and Applications

Abstract:With the rapid development of medical information technology, the widespread adoption and application of electronic medical data have prompted more and more healthcare institutions to choose to store medical data in cloud servers to facilitate easier sharing. Attribute-based encryption is utilized for sharing electronic medical data to achieve fine-grained access control. However, storing access policies in plaintext can easily expose user privacy. Additionally, during the data sharing process, placing data retrieval in the cloud prevents secure and reliable searches. To address these issues, this paper proposes a blockchain-based privacy preserving and keyword-searchable scheme for medical data sharing(BPPKS). Access policies are transformed into vector-matrix form, concealing attributes within access policies to prevent the leakage of authorized user privacy information. Leveraging blockchain's transparency, tamper-resistance, and integrity verification features, smart contracts are used for retrieval and verification, enabling secure and reliable data searches while ensuring the integrity of medical data. Simultaneously, some complex decryption operations are delegated to the cloud servers, reducing the decryption load for users to a constant level. Finally, security analysis demonstrates that this scheme can withstand adaptive chosen keyword attacks (IND-CKA), and performance evaluations show higher efficiency in computation and storage aspects.

computer science, information systems,telecommunications

Garima Verma,Soumen Kanrar

DOI: https://doi.org/10.1007/s11277-024-10947-1

IF: 2.017

2024-04-03

Wireless Personal Communications

Abstract:Due to the drawbacks of the many-to-many search model for accessing digital records in institutional settings like offices, hospitals, and government agencies, the paper proposes a searchable attribute-based cryptosystem scheme that uses the concept of blockchain technology that provides for authentication and self-validation, and can be applied to secure digital document sharing systems. By keeping the ciphertext document on the cloud, the index on the blockchain, and the smart contract handling the searching of documents, it helps lighten the cloud's computing load. Data integrity and privacy are also guaranteed by this technique, as is the veracity of the findings supplied by the cloud server. The strategy may be used to get rid of redundant information and save space in cloud storage. The concealment of access policy also ensures the privacy of its users. The security study demonstrates that the suggested system protects the privacy of user information and the secrecy of digital document data against adaptively chosen-keyword attacks. Experiments and analysis of performance show that the suggested technique improves upon previous approaches in terms of securing indexes, token generation, efficiency of searching, and verification of results; as a consequence, it is better suited for search situations where a many-to-many search approach is required. It allows for secure and efficient collaboration on electronic documents between departments and external parties.

telecommunications

Liang Yan,Lina Ge,Zhe Wang,Guifen Zhang,Jingya Xu,Zheng Hu

DOI: https://doi.org/10.1186/s13677-023-00444-4

2023-04-19

Journal of Cloud Computing

Abstract:With the rapid development of cloud computing technology, how to achieve secure access to cloud data has become a current research hotspot. Attribute-based encryption technology provides the feasibility to achieve the above goal. However, most of the existing solutions have high computational and trust costs. Furthermore, the fairness of access authorization and the security of data search can be difficult to guarantee. To address these issues, we propose a novel access control scheme based on blockchain and attribute-based searchable encryption in cloud environment. The proposed scheme achieves fine-grained access control with low computation consumption by implementing proxy encryption and decryption, while supporting policy hiding and attribute revocation. The encrypted file is stored in the IPFS and the metadata ciphertext is stored on the blockchain, which ensures data integrity and confidentiality. Simultaneously, the scheme enables the secure search of ciphertext keyword in an open and transparent blockchain environment. Additionally, an audit contract is designed to constrain user access behavior to dynamically manage access authorization. Security analysis proves that our scheme is resistant to chosen-plaintext attacks and keyword-guessing attacks. Theoretical analysis and experimental results show that our scheme has high computational and storage efficiency, which is more advantageous than other schemes.

Hongbo Li,Qiong Huang,Willy Susilo

DOI: https://doi.org/10.1109/tdsc.2020.3027611

2020-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Cloud storage becomes the priority for storing and sharing data for enterprise users. Encrypting prior to uploading data to the cloud is the best way to protect business secrets, however, it hinders the convenient operations on plaintexts, such as searching over the cloud data. In addition, employees in an enterprise have multiple layer structures and a higher layer employee should have the privilege to monitor the lower layer employees' data to check if these users violate the regulation without letting the employees be aware of. Public key encryption with keyword search (PEKS) is a well-known cryptographic primitive suitable for secure cloud storage, which supports keyword search without decryption in public key encryption settings. Unfortunately, no existing PEKS scheme supports the monitoring function without authorization from the sender. To address this issue, we propose a variant of PEKS named Hierarchical Public Key Encryption with Keyword Search (HPEKS) and provide a semi-generic construction utilizing a public key tree (PKTree) and a PEKS scheme. To better suit for the enterprise secret data sharing, we build an advanced HPEKS scheme, named designated-tester decryptable hierarchical public key encryption with keyword search (dDHPEKS), which enjoys stronger security and integrates the public key and symmetric key encryptions. We prove our dDHPEKS scheme secure under the security definition in the random oracle model. Particularly, it satisfies the security against outside offline keyword guessing attacks and furthermore, enjoys the transparency property so that the sender does not need to know the internal hierarchy structure of an enterprise in order to share encrypted data to the enterprise. Theoretical evaluation and concrete experiments show that our dDHPEKS scheme has comparable running efficiency with existing PEKS schemes.

computer science, information systems, software engineering, hardware & architecture

Jiujiang Han,Ziyuan Li,Jian Liu,Huimei Wang,Ming Xian,Yuxiang Zhang,Yu Chen

DOI: https://doi.org/10.3390/electronics11162536

IF: 2.9

2022-08-14

Electronics

Abstract:Searchable encryption enables users to enjoy search services while protecting the security and privacy of their outsourced data. Blockchain-enabled searchable encryption delivers the computing processes that are executed on the server to the decentralized and transparent blockchain system, which eliminates the potential threat of malicious servers invading data. Recently, although some of the blockchain-enabled searchable encryption schemes realized that users can search freely and verify search results, unfortunately, these schemes were inefficient and costly. Motivated by this, we proposed an improved scheme that supports fine-grained access control and flexible searchable encryption. In our framework, the data owner uploads ciphertext documents and symmetric keys to cloud database and optional KMS, respectively, and manipulates the access control process and searchable encryption process through smart contracts. Finally, the experimental comparison conducted on a private Ethereum network proved the superiority of our scheme.

engineering, electrical & electronic,computer science, information systems,physics, applied

Gang Xu,Shiyuan Xu,Yibo Cao,Fan Yun,Yu Cui,Yiying Yu,Ke Xiao

DOI: https://doi.org/10.1155/2022/3368819

IF: 1.968

2022-03-29

Security and Communication Networks

Abstract:In the current E-healthcare scenarios, medical institutions are used to encrypt the information and store it in an Electronic Health Record (EHR) system in order to ensure the privacy of medical information. To realize data sharing, a Public-key Encryption with Keyword Search (PEKS) scheme is indispensable, ensuring doctors search for medical information in the state of ciphertext. However, the traditional PEKS scheme cannot resist the keyword guessing quantum computing attacks, and its security depends on the confidentiality of the secret key. In addition, classical PEKS hand over the search process to a third party, affecting the search results’ accuracy. Therefore, we proposed a postquantum Public-key Searchable Encryption scheme on Blockchain (PPSEB) for E-healthcare scenarios. Firstly, we utilized a lattice-based cryptographic primitive to ensure the security of the search process and achieve forward security to avoid key leakage of medical information. Secondly, we introduced blockchain technology to solve the problem of third-party untrustworthiness in the search process. Finally, through security analysis, we prove the correctness and forward security of the solution in the E-healthcare scenarios, and the comprehensive performance evaluation demonstrates the efficiency of our scheme compared with other existing schemes.

computer science, information systems,telecommunications

YiHua Zhou,Bin Tang,YuGuang Yang

DOI: https://doi.org/10.1002/ett.4960

IF: 3.6

2024-03-22

Transactions on Emerging Telecommunications Technologies

Abstract:Abstract Public key encryption with keyword search (PEKS) is able to enhance cloud data security. On the other hand, the existence of malicious cloud servers and untrusted central authorities, in addition the keyword space faces a low entropy, attackers often launch keyword guessing attacks (KGA), thereby leaking data privacy. Therefore, we use certificateless authentication and proxy re‐encryption technology to construct a lattice‐based verifiable PEKS scheme for Multi‐Data Users (MDU). Certificateless authentication can ensure that our scheme does not require key escrow, and proxy re‐encryption technology allows us to perform multi‐user authorization and use the verification block for data users to ensure the integrity of search results. Security research proves that, under the assumption that the learning with errors (LWE) problem is hard, the ciphertext is indistinguishable and resistant to KGA. Results from experiments show that our scheme is significantly more effective than current schemes.

telecommunications

Fanfan Shen,Lin Shi,Jun Zhang,Chao Xu,Yong Chen,Yanxiang He

DOI: https://doi.org/10.1016/j.csi.2023.103824

IF: 3.721

2023-12-21

Computer Standards & Interfaces

Abstract:The storage of electronic medical records (EMRs) is an area of extensive research, and healthcare systems often delegate this task to cloud service providers (CSP). Typically, CSP transmits the encrypted EMRs to a cloud server with a searchable encryption scheme for easy retrieval. However, the enormous power held by centralized CSP poses a potential threat to patients' personal privacy, as it can lead to unauthorized access and misuse of medical data by both CSP and data users, such as doctors. This paper proposes a blockchain-based multi-keyword searchable encryption (BMSE) electronic medical record solution. The scheme consists of two parts. On the one hand, our solution involves the integration of blockchain technology and the utilization of advanced encryption standard (AES) for symmetric data encryption. Additionally, we employ attribute-based encryption (ABE) to encrypt the search index. This approach aims to address the issue of excessive power held by centralized CSP, which can potentially result in the compromise of patients' privacy. On the other hand, we use the K-means algorithm to cluster the documents, and use the relevance score of keywords and documents as the search index to solve the problem of low efficiency of the existing multi-keyword searchable encryption schemes. Finally, we verify the safety of BMSE through safety analysis, and the experimental analysis shows that BMSE improves the search efficiency.

computer science, software engineering, hardware & architecture

Yunhong Zhou,Na Li,Yanmei Tian,Dezhi An,Licheng Wang

DOI: https://doi.org/10.3390/e22040421

2020-04-08

Abstract:With the popularization of cloud computing, many business and individuals prefer to outsource their data to cloud in encrypted form to protect data confidentiality. However, how to search over encrypted data becomes a concern for users. To address this issue, searchable encryption is a novel cryptographic primitive that enables user to search queries over encrypted data stored on an untrusted server while guaranteeing the privacy of the data. Public key encryption with keyword search (PEKS) has received a lot of attention as an important branch. In this paper, we focus on the development of PEKS in cloud by providing a comprehensive research survey. From a technological viewpoint, the existing PEKS schemes can be classified into several variants: PEKS based on public key infrastructure, PEKS based on identity-based encryption, PEKS based on attribute-based encryption, PEKS based on predicate encryption, PEKS based on certificateless encryption, and PEKS supporting proxy re-encryption. Moreover, we propose some potential applications and valuable future research directions in PEKS.

Xiaoling Yu,Chungen Xu,Bennian Dou,Yuntao Wang

DOI: https://doi.org/10.1007/s11042-020-09753-1

IF: 2.577

2020-09-19

Multimedia Tools and Applications

Abstract:Multimedia cloud storage which saves the huge storage overhead of local devices has attracted considerable attention. However, due to the lack of physical control of data, the privacy protection of data on the multimedia cloud has become one of the main concerns of users. Public-key encryption with keywords search (PEKS) is a technique that can keep the privacy and searchability of data in the cloud. In this paper, we present a PEKS with time-controlled proxy re-encryption model which allows the data owner to delegate the access right of the encrypted multimedia database to other users, to achieve the time-controlled multi-user search. Furthermore, it is designed to resist keywords guessing attack and support conjunctive keywords search. Compared with previous works which require a time server to generate a time seal for the generation of the search token, this model embeds the time information of accessing the encrypted database into public and secret key pairs of data users, which saves the managing overhead and reduces the security risks resulting from an extra server. In addition, most existing PEKS schemes were constructed based on the hardness of classical mathematical problems which can be broken by quantum computers. To address this issue, a lattice-based PEKS scheme based on the above model is proposed, which can be considered as the candidate for protecting multimedia data security in the quantum era.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Hongjian Yin,Yiming Zhao,Lei Zhang,Baojun Qiao,Wenbo Chen,Huaqing Wang

DOI: https://doi.org/10.1016/j.sysarc.2024.103081

IF: 5.836

2024-03-01

Journal of Systems Architecture

Abstract:In this paper, we address the secure sharing of sensitive healthcare data in blockchain-based healthcare. As a form of sensitive information, healthcare data is often encrypted before being uploaded to cloud servers. Extensive research has been conducted on Attribute-Based Searchable Encryption (ABSE) to achieve fine-grained searchability of encrypted sensitive healthcare data. However, the existing ABSE schemes rely on a single authoritative center for managing the master key, resulting in a single point of failure. Additionally, there has been limited research focusing on the privacy concerns of user identity during the key generation process. To tackle these challenges, we propose a novel decentralized ciphertext-policy attribute-based encryption (DCP-ABSE) scheme. In this scheme, the master key is jointly managed by all attribute nodes on the blockchain. This ensures the smooth operation of the system even if some nodes are compromised. In addition, the user’s private key fragments are generated through interactions with all attribute nodes, in this process, the user’s identity information is not disclosed to attribute nodes. In addition, we prove that the proposed scheme is secure against chosen keyword attacks and chosen plaintext attacks under the Decisional Bilinear Diffie–Hellman assumption. The performance evaluation shows that the proposed scheme has high efficiency.

computer science, software engineering, hardware & architecture

Guangjun Wu,Bingqing Zhu,Jun Li

DOI: https://doi.org/10.1109/iscc55528.2022.9912935

2022-01-01

Abstract:In recent years, electronic medical records(EMRs) sharing has played a vital role in formulating optimized treatment plans, providing data sets for researchers, and accelerating the development of biomedical science. However, This unprecedented era of technological confluence poses significant data security and privacy challenges. To solve these problems, we propose a blockchain-based multi-keyword search scheme for medical data sharing called BMKS, focusing on ensuring medical data confidentiality and realizing secure data retrieval. In BMKS, we introduce a two-level search scheme to achieve efficient and verifiable keyword searches. The introduction of the improved Bloom filter significantly improves query efficiency. In addition, we take advantage of blockchain technology to realize ciphertext search and pre-decryption, which reduces user's decryption overhead. Moreover, blockchain's transparency and tamper-preventing characteristics help record the access control process in a traceable and auditable way. The performance evaluation and security analysis show that BMKS is comprehensively safe, efficient, and practical.

Duo Zhang,Shangping Wang,Qian Zhang,Yaling Zhang

DOI: https://doi.org/10.1109/tsc.2023.3311877

IF: 11.019

2023-01-01

IEEE Transactions on Services Computing

Abstract:Cloud computing has brought great convenience to data storage and resource sharing, however, there are still concerns about data security and service quality. Attribute-based encryption (ABE) and searchable encryption (SE) are always adopted to achieve data access authorization and data retrieval on encrypted data in data sharing, respectively. But more efficient and accurate methods have been always pursued. Moreover, the spoofing attacks is another important aspect that raises concerns, especially when it comes to reliability of search results and online payments. Blockchain, an emerging technology that can be used to solve the problem of trust, has shown great application potential in finance and data sharing. Based on blockchain, we propose an attribute-based conjunctive keyword search (ABCKS) scheme with verifiability and fairness. In this paper, data privacy-preserving, fine-grained access control, and multi-keywords search can be supported simultaneously. Blockchain and smart contract are employed to facilitate the search result verification process and ensure fair payment in the trustless case. Furthermore, we reduce the user's decryption load to a constant level by performing partial decryption on the cloud side. Finally, the results of the performance evaluation indicate that our scheme has higher efficiency and security.

computer science, information systems, software engineering

Sheng Gao,Yuqi Chen,Jianming Zhu,Zhiyuan Sui,Rui Zhang,Xindi Ma

DOI: https://doi.org/10.1109/tcc.2022.3196712

IF: 5.697

2022-01-01

IEEE Transactions on Cloud Computing

Abstract:Searchable encryption (SE) has emerged as a cryptographic primitive that allows data users to search on encrypted data. Most existing SE schemes usually delegate search operations to an intermediary such as a cloud server, which would inevitably result in single-point failure, privacy leakage, and even untrustworthy results. Several blockchain-based SE schemes have been proposed to alleviate these issues; however, they suffer from some issues, such as the support for multi-keyword multi-owner model, query privacy and data storage availability. In this paper, we propose BPMS, blockchain-based privacy-preserving multi-keyword search in multi-owner setting, which supports searching over encrypted data in trustworthy, private and efficient manners. The attribute Bloom filter has been introduced into our BPMS to build indexes, which protects query privacy and improves index generation performance. To guarantee data storage availability, our BPMS leverages the advantages of IPFS (InterPlanetary File System) to store large scale of encrypted data. Security proof and comparative analysis in theory indicate that our BPMS is more secure and efficient. A series of experiments conducted on a real-world dataset further demonstrate that our BPMS is feasible in practice.

computer science, information systems, theory & methods