Khudran Alzhrani,Ethan M. Rudd,Terrance E. Boult,C. Edward Chow

DOI: https://doi.org/10.48550/arXiv.1610.06856

2016-10-22

Abstract:In recent years, traditional cybersecurity safeguards have proven ineffective against insider threats. Famous cases of sensitive information leaks caused by insiders, including the WikiLeaks release of diplomatic cables and the Edward Snowden incident, have greatly harmed the U.S. government's relationship with other governments and with its own citizens. Data Leak Prevention (DLP) is a solution for detecting and preventing information leaks from within an organization's network. However, state-of-art DLP detection models are only able to detect very limited types of sensitive information, and research in the field has been hindered due to the lack of available sensitive texts. Many researchers have focused on document-based detection with artificially labeled "confidential documents" for which security labels are assigned to the entire document, when in reality only a portion of the document is sensitive. This type of whole-document based security labeling increases the chances of preventing authorized users from accessing non-sensitive information within sensitive documents. In this paper, we introduce Automated Classification Enabled by Security Similarity (ACESS), a new and innovative detection model that penetrates the complexity of big text security classification/detection. To analyze the ACESS system, we constructed a novel dataset, containing formerly classified paragraphs from diplomatic cables made public by the WikiLeaks organization. To our knowledge this paper is the first to analyze a dataset that contains actual formerly sensitive information annotated at paragraph granularity.

Cryptography and Security,Artificial Intelligence,Computation and Language,Computers and Society

Miaomiao Wang,Lanlan Rui,Siya Xu,Zhipeng Gao,Huiyong Liu,Shaoyong Guo

DOI: https://doi.org/10.1016/j.comnet.2023.110045

IF: 5.493

2023-09-29

Computer Networks

Abstract:Searchable encryption technology provides a solution for the trusted sharing of sensitive data. A large amount of encrypted data stored in data sharing servers can support keyword search without exposing data privacy, which has attracted more and more scholars' attentions and researches. However, some multi-keyword searchable encryption schemes that deal with multi-semantic data still have security problems or low efficiency. To improve the security and efficiency of trusted sharing of sensitive data, we propose a multi-keyword searchable encryption scheme. The scheme designs a sensitive data sharing architecture based on blockchain technology, and the tamper-proof of distributed ledgers ensures the authenticity of encrypted data and indexes, as well as the supervision of sharing behaviors. On this basis, we improved the inverted index structure to achieve efficient multi-keyword searchable encryption while avoiding keyword-pair result pattern leakage. Our proposed scheme has passed formal security analysis, and simulation results show that the multi-keyword searchable encryption scheme is efficient.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Mamta Dabra,Shivani Sharma,Sachin Kumar,Hong Min

DOI: https://doi.org/10.1038/s41598-024-56112-3

IF: 4.6

2024-03-06

Scientific Reports

Abstract:We present a temporary keyword search over sensitive and confidential health data in a cloud environment. The cloud constitutes a semi-trusted domain, making it necessary for data owners to secure their data before outsourcing it through techniques like encryption. Attribute-based keyword search techniques tend to perform a search operation using a search token generated by an authorized user. These search tokens can lead to serious privacy threats, as they can extract all ciphertexts that may have been generated along with their keyword. Therefore, restricting search tokens to extract ciphertexts generated within a time interval is a more promising solution. In this paper, we present a novel ciphertext policy fine-grained temporary keyword that prevents the misuse of these search tokens. Further, it mitigates the risk of insider threats within healthcare organizations by limiting the window of opportunity for unauthorized access to minimum. To assess the security, our proposed scheme is formally proven to be secure against Selectively Chosen Keyword Attacks in the generic bilinear group model. Additionally, we demonstrate that the encryption algorithm's complexity is linear in relation to the number of attributes. Our scheme's significance and practicality are revealed by the performance evaluation.

multidisciplinary sciences

Devin Reich,Ariel Todoki,Rafael Dowsley,Martine De Cock,Anderson C. A. Nascimento

DOI: https://doi.org/10.48550/arXiv.1906.02325

2019-06-05

Cryptography and Security

Abstract:Classification of personal text messages has many useful applications in surveillance, e-commerce, and mental health care, to name a few. Giving applications access to personal texts can easily lead to (un)intentional privacy violations. We propose the first privacy-preserving solution for text classification that is provably secure. Our method, which is based on Secure Multiparty Computation (SMC), encompasses both feature extraction from texts, and subsequent classification with logistic regression and tree ensembles. We prove that when using our secure text classification method, the application does not learn anything about the text, and the author of the text does not learn anything about the text classification model used by the application beyond what is given by the classification result itself. We perform end-to-end experiments with an application for detecting hate speech against women and immigrants, demonstrating excellent runtime results without loss of accuracy.

Garima Verma,Soumen Kanrar

DOI: https://doi.org/10.1007/s11277-024-10947-1

IF: 2.017

2024-04-03

Wireless Personal Communications

Abstract:Due to the drawbacks of the many-to-many search model for accessing digital records in institutional settings like offices, hospitals, and government agencies, the paper proposes a searchable attribute-based cryptosystem scheme that uses the concept of blockchain technology that provides for authentication and self-validation, and can be applied to secure digital document sharing systems. By keeping the ciphertext document on the cloud, the index on the blockchain, and the smart contract handling the searching of documents, it helps lighten the cloud's computing load. Data integrity and privacy are also guaranteed by this technique, as is the veracity of the findings supplied by the cloud server. The strategy may be used to get rid of redundant information and save space in cloud storage. The concealment of access policy also ensures the privacy of its users. The security study demonstrates that the suggested system protects the privacy of user information and the secrecy of digital document data against adaptively chosen-keyword attacks. Experiments and analysis of performance show that the suggested technique improves upon previous approaches in terms of securing indexes, token generation, efficiency of searching, and verification of results; as a consequence, it is better suited for search situations where a many-to-many search approach is required. It allows for secure and efficient collaboration on electronic documents between departments and external parties.

telecommunications

Mohammed Raouf Senouci,Ilyas Benkhaddra,Abdelkader Senouci,Fagen Li

DOI: https://doi.org/10.1007/s11235-024-01121-w

2024-03-22

Telecommunication Systems

Abstract:Nowadays, users often opt to encrypt their sensitive data before outsourcing it to the cloud. While this encryption ensures data privacy, it compromises the search functionality. Public key encryption with keyword search (PEKS) has been posited as a potential solution to this challenge. However, many PEKS schemes are either inefficient or vulnerable to various types of attacks, such as inside keyword guessing attacks, outside keyword guessing attacks, etc. In response, we introduce a sustainable certificateless authenticated encryption system with a keyword search scheme. To the best of our knowledge, this proposed scheme is the first to consider multi-trapdoor indistinguishability within the certificateless primitive. Furthermore, our in-depth security analysis indicates that our scheme effectively protects against both online and offline keyword guessing attacksAdditionally, it ensures semantic security by offering both ciphertext indistinguishability and multi-trapdoor indistinguishability. Performance analysis results also suggest that our scheme is efficient and superior to existing alternatives.

telecommunications

Xin Liu,Ruxue Wang,Dan Luo,Gang Xu,Xiubo Chen,Neal Xiong,Xiaomeng Liu

DOI: https://doi.org/10.3390/electronics12163491

IF: 2.9

2023-08-18

Electronics

Abstract:With the development of deep learning, the demand for similarity matching between texts in text classification is becoming increasingly high. How to match texts quickly under the premise of keeping private information secure has become a research hotspot. However, most existing protocols currently have full set limitations, and the applicability of these methods is limited when the data size is large and scattered. Therefore, this paper applies the secure vector calculation method for text similarity matching in the case of data without any complete set constraints, and it designs a secure computation protocol of text similarity (SCTS) based on the semi-honest model. At the same time, elliptic-curve cryptography technology is used to greatly improve the execution efficiency of the protocol. In addition, we also analyzed the possibility of the malicious behavior of participants in the semi-honest-model protocol, and further designed an SCTS protocol suitable for the malicious model using the cut-and-choose and zero-knowledge-proof methods. By proposing a security mechanism, this protocol aims to provide a reliable and secure computing solution that can effectively prevent malicious attacks and interference. Finally, through the analysis of the efficiencies of the existing protocols, the efficiencies of the protocols under the malicious model are further verified, and the practical value for text classification in deep learning is demonstrated.

engineering, electrical & electronic,computer science, information systems,physics, applied

Kai Gao,Ji-Hwei Horng,Ching-Chun Chang,Chin-Chen Chang

DOI: https://doi.org/10.3390/electronics13214216

IF: 2.9

2024-10-28

Electronics

Abstract:The proliferation of Internet of Things (IoT) devices has introduced significant security challenges, including weak authentication, insufficient data protection, and firmware vulnerabilities. To address these issues, we propose a linguistic secret sharing scheme tailored for IoT applications. This scheme leverages neural networks to embed private data within texts transmitted by IoT devices, using an ambiguous token selection algorithm that maintains the textual integrity of the cover messages. Our approach eliminates the need to share additional information for accurate data extraction while also enhancing security through a secret sharing mechanism. Experimental results demonstrate that the proposed scheme achieves approximately 50% accuracy in detecting steganographic text across two steganalysis networks. Additionally, the generated steganographic text preserves the semantic information of the cover text, evidenced by a BERT score of 0.948. This indicates that the proposed scheme performs well in terms of security.

engineering, electrical & electronic,computer science, information systems,physics, applied

Dincy R. Arikkat,Mert Cihangiroglu,Mauro Conti,Rafidha Rehiman K. A.,Serena Nicolazzo,Antonino Nocera,Vinod P

2024-06-20

Abstract:The rise of IT-dependent operations in modern organizations has heightened their vulnerability to cyberattacks. As a growing number of organizations include smart, interconnected devices in their systems to automate their processes, the attack surface becomes much bigger, and the complexity and frequency of attacks pose a significant threat. Consequently, organizations have been compelled to seek innovative approaches to mitigate the menaces inherent in their infrastructure. In response, considerable research efforts have been directed towards creating effective solutions for sharing Cyber Threat Intelligence (CTI). Current information-sharing methods lack privacy safeguards, leaving organizations vulnerable to leaks of both proprietary and confidential data. To tackle this problem, we designed a novel framework called SeCTIS (Secure Cyber Threat Intelligence Sharing), integrating Swarm Learning and Blockchain technologies to enable businesses to collaborate, preserving the privacy of their CTI data. Moreover, our approach provides a way to assess the data and model quality, and the trustworthiness of all the participants leveraging some validators through Zero Knowledge Proofs. An extensive experimental campaign demonstrates our framework's correctness and performance, and the detailed attack model discusses its robustness against attacks in the context of data and model quality.

Cryptography and Security

Mustafa A. Al Sibahee,Songfeng Lu,Zaid Ameen Abduljabbar,Erasmus (Xin Liu),Yanli Ran,Ahmed Abdulelah Jasim Al-ashoor,Mohammed Abdulridha Hussain,Zaid Alaa Hussien

DOI: https://doi.org/10.1109/icspcc50002.2020.9259519

2020-01-01

Abstract:Document integrity and origin for E2E S2S in IoTcloud have recently received considerable attention because of their importance in the real-world fields. Maintaining integrity could protect decisions made based on these message/image documents. Authentication and integrity solutions have been conducted to recognise or protect any modification in the exchange of documents between E2E S2S (smart-to-smart). However, none of the proposed schemes appear to be sufficiently designed as a secure scheme to prevent known attacks or applicable to smart devices. We propose a robust scheme that aims to protect the integrity of documents for each users session by integrating HMAC-SHA-256, handwritten feature extraction using a local binary pattern, one-time random pixel sequence based on RC4 to randomly hide authentication codes using LSB. The proposed scheme can provide users with one-time bio-key, robust message anonymity and a disappearing authentication code that does not draw the attention of eavesdroppers. Thus, the scheme improves the data integrity for a users messages/image documents, phase key agreement, bio-key management and a one-time message/image document code for each users session. The concept of stego-anonymity is also introduced to provide additional security to cover a hashed value. Finally, security analysis and experimental results demonstrate and prove the invulnerability and efficiency of the proposed scheme.

Wei-Ting Lu,Wei Wu,Shih-Ya Lin,Min-Chi Tseng,Hung-Min Sun

DOI: https://doi.org/10.1007/978-3-319-46298-1_19

2016-01-01

Abstract:Nowadays the cloud security becomes a significant issue: while the single user keyword search on encrypted data has been proposed, encrypting files before uploading scarifies the advantage of the convenience of sharing data with others on the cloud. We design a searchable encryption for the multi-user case. We combine the advantage of efficiency of the symmetric encryption with authentication of the asymmetric encryption to provide a secure and efficient system of shareable keyword search on encrypted data.

P. Punitha,Lakshmana Kumar,S. Revathi,R. Premalatha,R. S. Aiswarya

DOI: https://doi.org/10.1142/s0218843024500011

2024-03-19

International Journal of Cooperative Information Systems

Abstract:International Journal of Cooperative Information Systems, Ahead of Print. As with IoT devices, cloud computation increases its applicability to other areas that use the information and puts it in a commonplace that is necessary for computing and analysis. These devices need the cloud to store and retrieve data since they are unable to store and process data on their own. Cloud computing offers a variety of services to consumers, including IaaS, PaaS, and SaaS. The usage of cloud resources for data storage that may be accessible by all users associated with cloud computing is a key disadvantage of cloud computing. Without disclosing the data's contents, the usage of Public Key Encryptions with Keyword Search (PEKS) secures publicly encrypted keys against third-party search capabilities that are not trustworthy. PEKs provide a security risk every time Interior Keywords Guessing Attacks (IKGA) are discovered in the system since an unauthorized service estimates the keywords in the trapdoor. This issue can be resolved using various methodologies such as the Certificateless Fleshed Public Key Authenticated Encryption of Keyword Search (CL-HPAEKS), which also uses Altered Elliptic Curve Cryptography (MECC), and the Mutation Centred Flower Pollinations Algorithm (CM-FPA), which uses optimization in keys to be improving the algorithm's performance. The system's security is achieved by adding a Message Fragments 5 (MD5) scramble mechanism. The proposed system achieves system security of 96%, and it takes less time to implement than earlier encryption methods.

computer science, information systems

P. L. Sharma,Shalini Gupta,Himanshu Monga,Anand Nayyar,Kritika Gupta,Arun Kumar Sharma

DOI: https://doi.org/10.1007/s11042-024-19377-4

IF: 2.577

2024-05-23

Multimedia Tools and Applications

Abstract:Elliptic curve cryptography has emerged as a potent tool for safeguarding data communications. This research paper addresses the problem of traditional text encryption methods relying on shared code tables between senders and receivers. This reliance not only adds complexity but also increases the risk of security breaches and requires significant communication overhead. In the present paper, we introduce TEXCEL, an innovative, efficient and authenticated text encryption scheme. TEXCEL begins with a pioneering method for crafting a customized permuted ASCII table elevating cryptographic security by leveraging elliptic curve coordinates as keys. These coordinates serve as seeds for a random number generator ensuring reproducibility. Here, the technique used to map the characters of the message to a point on elliptic curve eliminates the traditional approach of sharing a code table between sender and receiver, thus reducing communication overhead. TEXCEL undergoes a thorough security analysis, including NIST evaluation, key and plaintext sensitivity, and resilience against common attacks like known-ciphertext, known-plaintext, chosen-plaintext, and chosen-ciphertext. To test and validate the proposed methodology, experimental results present that TEXCEL demonstrates plaintext sensitivity exceeding 98%, high randomness, and a robust key space. Additionally, encryption and decryption of a 5000-character text takes only 0.027 s and 0.007 s respectively, with a cipher size of 9.8 KB, ensuring both security and efficiency. Furthermore, as compared with the existing schemes, TEXCEL shows enhanced resilience against modern cryptanalysis and outperforms existing schemes with a 53.50% improvement in encryption time, 94.86% in decryption time, 53.31% in cipher data size and better plaintext sensitivity. These findings justify the suitability of TEXCEL for secure text communication in diverse real-time applications.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Lanxiang Chen,Zhenchao Chen,Kim-Kwang Raymond Choo,Chin-Chen Chang,Hung-Min Sun

DOI: https://doi.org/10.1109/jsen.2018.2865550

IF: 4.3

2018-01-01

IEEE Sensors Journal

Abstract:Outsourcing of encrypted smart body sensor network data to the edge or the cloud is now an entrenched practice within organizations, for example to reduce cost and enhance productivity (to some extent), while ensuring data is not accessible to misbehaving cloud service providers. Although there are a large number of searchable symmetric encryption schemes designed to support searching operations on encrypted data, a fully functional and memory leakage-resilient scheme for smart body sensor network data is lacking. This security property is highly desirable as the resource-sharing environment may be prone to various kinds of memory leakage. In this paper, a memory leakage-resilient dynamic and verifiable multi-keyword ranked search scheme (MLR-DVMRS) on encrypted smart body sensor network data is proposed. As each sensor device has inherent characteristics to identify itself, this property can be used to authenticate the device. The proposed scheme utilizes physically unclonable functions and fuzzy extractors to achieve memory leakage-resilience. Meanwhile the vector space model, TF-IDF measure method, and order-preserving encryption, are used to achieve dynamic and multi-keyword ranked search functionalities. A formal security analysis is given to prove the security of MLR-DVMRS. Besides the comprehensive functionalities of MLR-DVMRS, experimental results demonstrate that the efficiency of MLR-DVMRS is superior to MRSE (a multi-keyword ranked search over encrypted cloud data scheme) for large data collection.

Adnan Gutub,Faiza Al-Shaarani,Khoulood Alharthi

DOI: https://doi.org/10.1007/s11042-024-19027-9

IF: 2.577

2024-04-21

Multimedia Tools and Applications

Abstract:In the face of malicious cyberattacks, classic security approaches like cryptography and steganography are becoming not sufficient. Secrecy are normally maintained by single party holding control over data causing it possibly being lost or revealed, with or without consciousness. Secret sharing can provide assistance unifying decisions by multi-authorized individuals distributing the target-key over several authorized participants, requested to interact for reconstructing the keys to reveal the privacy. Lately, counting-based secret sharing (CBSS) has been under focus being optimistic, as potential secret sharing scheme that is fast, intuitive, and practical. A primary limitation with this scheme is its restricted number of generated key-shares, which was deployed in the matrix-based secret sharing scheme. Unfortunately, the simple intuition behind these schemes made them prone to smart cyberattacks that can make uncovering the target-key dishonestly possible. In this paper, we demonstrate significant cyberattack weakness in the CBSS scheme, that also applies to the matrix-based scheme making them both unsafely vulnerable to selected key-shares integration. We introduce a novel algorithm that can defend this speculating existence of target-key suffering via exploring the problem deeply and advising appropriate protection procedure. The study enhances the structure secrecy to ensure that the key-shares are fully safeguarded. Our work further tests the security of the CBSS scheme protection strategy experimentations demonstrating remarked organisation robustness as well as possibility of producing sophisticated, versatile security system, to overcome breaching weaknesses of key-shares components for current ongoing developing IT utilizations.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Yinbin Miao,Wei Zheng,Xiaohua Jia,Ximeng Liu,Kim-Kwang Raymond Choo,Robert H. Deng,Robert Deng

DOI: https://doi.org/10.1109/tsc.2021.3140098

IF: 11.019

2022-01-01

IEEE Transactions on Services Computing

Abstract:Ranked keyword search over encrypted data has been extensively studied in cloud computing as it enables data users to find the most relevant results quickly. However, existing ranked multi-keyword search solutions cannot achieve efficient ciphertext search and dynamic updates with forward security simultaneously. To solve the above problems, we first present a basic Machine Learning-based Ranked Keyword Search (ML-RKS) scheme in the static setting by using the k-means clustering algorithm and a balanced binary tree. ML-RKS reduces the search complexity without sacrificing the search accuracy, but is still vulnerable to forward security threats when applied in the dynamic setting. Then, we propose an Enhanced ML-RKS (called ML-RKS$^{+}$+) scheme by introducing a permutation matrix. ML-RKS$^{+}$+ prevents cloud servers from making search queries over newly added files via previous tokens, thereby achieving forward security. The security analysis proves that our schemes protect the privacy of indexes, query tokens and keywords. Empirical experiments using the real-world dataset demonstrate that our schemes are efficient and feasible in practical applications.

Sajin Sasy,Ian Goldberg

DOI: https://doi.org/10.56553/popets-2024-0030

2024-01-01

Proceedings on Privacy Enhancing Technologies

Abstract:Protecting metadata of communications has been an area of active research since the dining cryptographers problem was introduced by David Chaum in 1988. The Snowden revelations from 2013 resparked research in this direction. Consequently over the last decade we have witnessed a flurry of novel systems designed to protect metadata of users' communications online. However, such systems leverage different assumptions and design choices to achieve their goal; resulting in a scattered view of the desirable properties, potential vulnerabilities, and limitations of existing metadata-protecting communication systems (MPCS). In this work we survey 31 systems targeting metadata-protected communications, and present a unified view of the current state of affairs. We provide two different taxonomies for existing MPCS, first into four different categories by the precise type of metadata protections they offer, and next into six families based on the core techniques that underlie them. By contrasting these systems we identify potential vulnerabilities, as well as subtle privacy implications of design choices of existing MPCS. Furthermore, we identify promising avenues for future research for MPCS, and desirable properties that merit more attention.

Mohammed Raouf Senouci,Abdelkader Senouci,Fagen Li

DOI: https://doi.org/10.1007/978-981-99-9331-4_29

2024-01-01

Abstract:Nowadays, users prefer to encrypt their sensitive data before outsourcing it to the cloud. although, performing the encryption assures the data privacy, but it jeopardizes the search functionality. Public key encryption with keyword search (PEKS) is a potential solution for addressing this problem. However, most PEKS schemes are either inefficient, or susceptible to some type of attack(s) (i.e. inside keyword guessing attack, outside keyword guessing attack, ...etc.). Therefore, we propose a sustainable certificateless authenticated encryption system with keyword search scheme. To the best of our knowledge, the proposed scheme considers the multi-trapdoor indistinguishability in the certificateless primitive. Moreover, a thorough security analysis shows that our scheme also guarantees the security against both online and offline keyword guessing attacks. Finally, based on the performance analysis results, we find that the suggested scheme is efficient and outperforms the other schemes.

Ajmal Mohammed,P Samundiswary

DOI: https://doi.org/10.1109/JBHI.2024.3424334

2024-07-05

Abstract:Medical records contain highly sensitive patient information. These medical records are significant for better research, diagnosis, and treatment. However, ensuring secure medical records storage is paramount to protect patient confidentiality, integrity, and privacy. Conventional methods involve encrypting and storing medical records in third-party clouds. Such storage enables convenient access and remote consultation. This cloud storage poses single-point attack risks and may lead to erroneous diagnoses and treatment. To address this, a novel (n,n)VSS scheme is proposed with data embedding, permutation ordered binary number system, tamper detection, and self-recovery mechanism. This approach enables the reconstruction of medical records even in the case of tampering. The tamper detection algorithm ensures data integrity. Simulation results demonstrate the superiority of proposed method in terms of security and reconstruction quality. Here, security analysis is done by considering attacks such as brute force, differential, and tampering attacks. Similarly, the reconstruction quality is evaluated using various human visual system parameters. The results show that the proposed technique provides a lower bit error rate ( ≈ 0), high average peak signal-to-noise ratio ( ≈ 35 dB), high structured similarity ( ≈ 1), high text embedding rate ( ≈ 0.7 BPP), and lossless reconstruction in the case of attacks.