Haorui Du,Jianhua Chen,Ming Chen,Cong Peng,Debiao He

DOI: https://doi.org/10.1155/2022/2336685

2022-10-21

Wireless Communications and Mobile Computing

Abstract:Outsourcing data to cloud services is a good solution for users with limited computing resources. Privacy and confidentiality of data is jeopardized when data is transferred and shared in the cloud. The development of searchable cryptography offers the possibility to solve these problems. Symmetric searchable encryption (SSE) is popular among researchers because it is efficient and secure. SSE often requires the data sender and data receiver to use the same key to generate key ciphertext and trapdoor, which will obviously cause the problem of key management. Searchable encryption based on public key can simplify the key management problem. A public key encryption scheme with keyword search (PEKS) allows multiple senders to encrypt keywords under the receiver's public key. It is vulnerable to keyword guessing attacks (KGA) due to the small size of the keywords. The proposal of public key authenticated encryption with keyword search (PAEKS) is mainly to resist inside keyword guessing attacks. The previous security models do not involve the indistinguishability of the same keywords ( w 0 × × = w 1 ), which brings the user's search pattern easy to leak. The essential reason is that the trapdoor generation algorithm is deterministic. At the same time, most of the existing schemes use bilinear pair design, which greatly reduces the efficiency of the scheme. To address these problems, the paper introduces an improved PAEKS model. We design a lightweight public key authentication encryption scheme based on the Diffie-Hellman protocol. Then, we prove the ciphertext indistinguishability security and trapdoor indistinguishability security of the scheme in the improved security model. Finally, the paper demonstrates its comparable security and computational efficiency by comparing it with previous PAEKS schemes. Meanwhile, we conduct an experimental evaluation based on the cryptographic library. Experimental results show that the computational overhead of our scheme compared with the ciphertext generation algorithm, trapdoor generation algorithm and test algorithm of other schemes Our scheme reduces 274, 158 and 60 times, respectively.

computer science, information systems,telecommunications,engineering, electrical & electronic

Qiong Huang,Peisen Huang,Hongbo Li,Jianye Huang,Hongyuan Lin

DOI: https://doi.org/10.1016/j.sysarc.2023.102839

IF: 5.836

2023-01-01

Journal of Systems Architecture

Abstract:To realize ciphertext retrieval without decryption in the public key settings, Boneh et al. in 2004 proposed a cryptographic primitive named Public-key Encryption with Keyword Search (PEKS) and proposed the first PEKS scheme. Following Boneh et al.’s work, various PEKS schemes were proposed; however, most schemes are vulnerable to inside keyword guessing attacks (IKGA). Huang and Li proposed a new primitive named Public-key Authenticated Encryption with Keyword Search (PAEKS) in 2017, which resists the IKGA in the setting of only one test server. Their main idea to resist IKGA is to require the data sender to authenticate the ciphertext while encrypting a keyword. However, in the era of big data, as the number of encrypted files increases, huge storage overhead and heavy retrieval costs become problems in PAEKS. In this paper, we proposed a new PAEKS scheme that costs low storage space and supports fast search. We introduced the ciphertext deduplication into PAEKS to reduce storage space and leveraged the inverted index to accelerate the retrieval process. We simulated the proposed scheme and several related schemes with a desktop computer. The experiment results show that our proposed scheme is of lower storage overhead and higher retrieval efficiency compared with related schemes.

Danial Shiraly,Ziba Eslami,Nasrollah Pakniat

DOI: https://doi.org/10.1016/j.sysarc.2024.103183

IF: 5.836

2024-05-25

Journal of Systems Architecture

Abstract:The advent of cloud computing has made cloud server outsourcing increasingly popular among data owners. However, the storage of sensitive data on cloud servers engenders serious challenges for the security and privacy of data. Public Key Authenticated Encryption with Keyword Search (PAEKS) is an effective method that protects information confidentiality and supports keyword searches. Identity-Based Authenticated Encryption with Keyword Search (IBAEKS) is a PAEKS variant in identity-based settings, designed for solving the intractable certificate management problem. To the best of our knowledge, only two IBAEKS schemes exist in the literature, both presented with weak security models that make them vulnerable against what is known as Fully Chosen Keyword attacks. Moreover, the existing IBAEKS schemes are based on the time-consuming bilinear pairing operation, leading to a significant increase in computational cost. To overcome these issues, in this paper, we first propose an enhanced security model for IBAEKS and compare it with existing models. We then prove that the existing IBAEKS schemes are not secure in our enhanced model. We also propose an efficient pairing-free dIBAEKS scheme and prove that it is secure under the enhanced security model. Finally, we compare our proposed scheme with related constructions to indicate its overall superiority.

computer science, software engineering, hardware & architecture

Run Xie,Chanlian He,Yu He,Chunxiang Xu,Kun Liu

DOI: https://doi.org/10.1007/978-3-319-69605-8_17

2016-01-01

Abstract:With networking became prevalent, the amount of data to be stored and managed on networked servers rapidly increases. Meanwhile, with the improvement of awareness of data privacy, the user’s sensitive data is usually encrypted before uploading them to the cloud server. The searchable public-key encryption provides an efficient mechanism to achieve data retrieval in encrypted storage. Therefore, it is a critical technique on promoting secure and efficient cloud storage. Unfortunately, only few the existing schemes are secure to resist outside keyword guessing attacks. In this paper, we propose two efficient searchable public-key encryption schemes with a designated tester (dPEKS). One is a basic dPEKS, where the dPEKS ciphertext indistinguishability is proved without the random oracle. Meanwhile, the basic scheme is secure to resist the outside KGA since it satisfies the property of trapdoor indistinguishability. Comparing with the existing dPEKS schemes which use expensive pairing computation, our scheme is more efficient since we only need multi-exponentiation. Another is an enhanced dPEKS scheme. With the sender’s identity is kept secret from server, this scheme can provide stronger security.

Haorui Du,Jianhua Chen,Fei Lin,Cong Peng,Debiao He

DOI: https://doi.org/10.1155/2022/2309834

IF: 1.968

2022-01-01

Security and Communication Networks

Abstract:Cloud computing can provide users with sufficient computing resources, storage, and bandwidth to meet their needs. Data security and privacy protection are among the new threats faced by users. Searchable encryption is the combination of search technology and encryption technology. Searchable encryption can upload the user’s data to the cloud server after special encryption, and can realize the function of retrieving according to keywords. Comparatively to symmetric searchable encryption (SSE), public key searchable encryption (PEKS) simplifies key management greatly. However, most existing public key authenticated encryption with keyword search (PAEKS) schemes are based bilinear pairing, making them computationally expensive. Apart from this, complex retrieval requirements and the integrity of the results had not been considered. To address these problems, we propose a blockchain-based PAEKS schemes supporting multi-keyword queries and integrity verification. In addition, we provide security proofs for the PAEKS scheme under the decisional oracle Diffie-Hellman (DODH) assumption. This scheme a scheme that requires less storage and computational power than other schemes of the same kind.

Hongbo Li,Qiong Huang,Jianye Huang,Willy Susilo

DOI: https://doi.org/10.1109/tifs.2022.3224308

IF: 7.231

2023-01-01

IEEE Transactions on Information Forensics and Security

Abstract:To improve the quality of medical care and reduce unnecessary medical errors, electronic medical records (EMRs) are widely applied in hospital information systems. However, rapidly increasing EMRs bring heavy storage burden to hospitals. Professional data management service provided by cloud server can save the hospital local storage, and meanwhile, realize EMRs sharing among external researchers. However, the risk of leaking information of patients discourages hospitals to outsource patients’ EMRs to the remote cloud server. In this paper, a secure and efficient cloud storing and sharing method can be achieved by applying the proposed public key authenticated encryption with ciphertext update and keyword search (PAUKS). The proposed PAUKS scheme enables EMRs to be encrypted and queried without decryption, and is secure against inside keyword guessing attacks. Compared with the recently proposed PAEKS in literature, the PAUKS scheme enjoys smaller computation and communication overheads. The required number of trapdoors per query is constant in PAUKS scheme, instead of the linearly expanding as the number of senders increases in PAEKS. Furthermore, an inverted index can be built safely in PAUKS scheme to accelerate the query procedure. Experiment results show that our PAUKS scheme owns a comparable running overhead, but enjoys a higher query efficiency after ciphertexts update.

Z. H. E. JIANG,K. A. ZHANG,L. I. A. N. G. L. I. A. N. G. WANG,J. I. A. N. T. I. N. G. NING

DOI: https://doi.org/10.1093/comjnl/bxac075

2023-01-01

Abstract:Public key encryption with keyword search is a promising primitive which enables search over encrypted data in secure data outsourcing services. In traditional construction, the associated keywords may be recovered from a given trapdoor by a malicious server through keyword guessing attacks. Therefore, the notion of public-key authenticated encryption with keyword search (PAEKS) was introduced, where a sender encrypts (and authenticates) the keywords using a receiver's public key and its secret key. In this paper, we consider the forward security for PAEKS and introduce a new primitive: forward secure public-key authenticated encryption with keyword search (FS-PAEKS), which captures the information leakage risk from previously issued queries due to the updates on the outsourced data. Technically, we embed a non-interactively agreed key into the cipher-keyword generation algorithm, and bind the cipher-keyword and the trapdoor with a set converted from algorithm-generation time. Finally, we present an efficient FS-PAEKS scheme supporting conjunctive query, and prove its forward security against chosen keyword attacks and keyword guessing attacks. To illustrate practical performance, we implement our FS-PAEKS and related PAEKS schemes based on Enron dataset in real cloud environment.

Jinguo Li,Mi Wen,Chunhua Gu,Hongwei Li

DOI: https://doi.org/10.1109/icc.2016.7511324

2016-01-01

Abstract:To preserve privacy, sensitive data in cloud computing needs to be encrypted before outsourcing, which obstacles data utilization based on plaintext search. Thus there spring up several secure schemes which enable encrypted cloud-data search. However, these single-cloud-supported search schemes would suffer from service failure, inefficient application, and privacy problem when they are applied to the multi-cloud applications. In this paper, we propose a Privacy-preserving Similarity Search scheme termed PSS. We exploit the n-grams method and counting bloom filters to define and compute the keyword-order. Based on this order, all indexing elements could be organized in a Chord-ring to support multi-cloud similarity search with high efficiency. Moreover, we extend the prefix technique to obtain strong privacy protection. Finally, a proof for the non-adaptive semantic security and the chosen-keyword attack resistance of PSS is given. Extensive experiments on real-world dataset further confirm the high efficacy and efficiency of PSS scheme.

Jingwei Lu,Hongbo Li,Jianye Huang,Sha Ma,Man Ho Allen Au,Qiong Huang

DOI: https://doi.org/10.3390/info14030142

2023-01-01

Information

Abstract:Transforming data into ciphertexts and storing them in the cloud database is a secure way to simplify data management. Public key encryption with keyword search (PEKS) is an important cryptographic primitive as it provides the ability to search for the desired files among ciphertexts. As a variant of PEKS, certificateless public key authenticated encryption with keyword search (CLPAEKS) not only simplifies certificate management but also could resist keyword guessing attacks (KGA). In this paper, we analyze the security models of two recent CLPAEKS schemes and find that they ignore the threat that, upon capturing two trapdoors, the adversary could directly compare them and distinguish whether they are generated using the same keyword. To cope with this threat, we propose an improved security model and define the notion of strong trapdoor indistinguishability. We then propose a new CLPAEKS scheme and prove it to be secure under the improved security model based on the intractability of the DBDH problem and the DDH problem in the targeted bilinear group.

Run Xie,Chunxiang Xu,Chanlian He,Xiaojun Zhang

DOI: https://doi.org/10.1504/ijwgs.2018.088357

2017-01-01

International Journal of Web and Grid Services

Abstract:With the improvement of awareness of data privacy, the user's sensitive data are usually encrypted before uploading them to cloud. Searchable encryption is a critical technique on promoting secure and efficient cloud storage. In particular, publickey encryption with keyword search (PEKS) provides an elegant approach to achieve data retrieval in encrypted storage. All existing searchable publickey encryption schemes only provide the security based on classical cryptography hardness assumption. With the development of quantum computers, these schemes will be insecure. Based on the lattice hardness assumptions, we propose a new searchable publickey encryption scheme with a designated tester (dPEKS). Our scheme has advantages: First, our scheme is the first searchable publickey encryption scheme that is considered to be secure even if quantum computers are ever developed. Second, our scheme achieves the trapdoor indistinguishability. The trapdoor indistinguishability implies the security against outside offline keyword guessing attacks (KGAs). Last, our scheme can achieve the trapdoor anonymity for server.

Venkata Bhikshapathi Chenam,Suneeth Yadav Tummala,Syed Taqi Ali

DOI: https://doi.org/10.1007/s12083-023-01618-2

IF: 3.488

2024-02-09

Peer-to-Peer Networking and Applications

Abstract:Public Key Encryption with Keyword Search (PEKS) is a promising cryptographic primitive that allows searching over encrypted data in secure data outsourcing services. Initially, several PEKS schemes were developed for conjunctive keyword search, but they relied on certain assumptions regarding keyword fields. To address this limitation, an Efficient Public-Key Encryption with Field-free Conjunctive Keyword Search (PEFCK) scheme was introduced in 2015. PEFCK enables conjunctive keyword search without any specific ordering of the keywords. However, PEFCK is vulnerable to keyword guessing attacks (KGA), which compromise its security. To overcome the KGA vulnerability, we propose a new scheme called Public Key Authenticated Encryption with Field-free Subset Conjunctive and Disjunctive Keyword Search (PAEFSCDKS), which leverages the mathematical concept of Lagrange Polynomials. This scheme incorporates three key features: 1) Sender Authentication: The sender encrypts the keywords using both the receiver's public key and its private key, ensuring sender authenticity and integrity. 2) Secure Channel-free: Unlike traditional approaches, our scheme does not require a secure channel to transfer data from the receiver to the cloud server. This eliminates the need for additional secure communication overhead. 3) Subset Conjunctive and Disjunctive Keyword Search: The receiver can perform queries that involve both subset conjunctive and disjunctive keywords, enabling more flexible and powerful searches. Furthermore, we demonstrate that our proposed scheme achieves provable security under index indistinguishability and trapdoor indistinguishability against both internal and external adversaries. Finally, through performance analysis, we show that our proposed scheme outperforms similar PEKS schemes in terms of both theoretical and experimental evaluations.

computer science, information systems,telecommunications

Guiquan Yang,Sha Ma,Hongbo Li,Husheng Yang,Qiong Huang

DOI: https://doi.org/10.1007/978-981-97-0942-7_15

2024-01-01

Abstract:To efficiently and securely search encrypted files in cloud storage, Boneh et al. proposed the notion of Public Key Encryption with Keyword Search(PEKS) in 2004. However, original PEKS is susceptible to internal keyword guessing attacks(KGA) launched by server due to the limited keyword space. To resist this attack, Huang and Li introduced the notion of Public Key Authenticated Encryption with Keyword Search (PAEKS), which effectively resists KGA from server by additional authentication between the sender and receiver before encryption. Since both the sender and receiver can generate a common authentication key, a curious sender can use the authentication key to launch KGA, resulting in easily guessing keyword from a given trapdoor. To address this issue, we propose an improved security model for PAEKS that captures both offline KGA and online KGA launched by the curious sender. Then, we present a concrete Stronger Security Public Key Authenticated Encryption with Multi-keyword Search (S-PAEMKS) scheme, which not only supports multi-keyword search but also successfully counters KGA from curious senders. Finally, the experimental results show that our scheme achieves remarkable efficiency in the encryption phase and comparable efficiency in the trapdoor and testing phases.

Yunhong Zhou,Na Li,Yanmei Tian,Dezhi An,Licheng Wang

DOI: https://doi.org/10.3390/e22040421

2020-04-08

Abstract:With the popularization of cloud computing, many business and individuals prefer to outsource their data to cloud in encrypted form to protect data confidentiality. However, how to search over encrypted data becomes a concern for users. To address this issue, searchable encryption is a novel cryptographic primitive that enables user to search queries over encrypted data stored on an untrusted server while guaranteeing the privacy of the data. Public key encryption with keyword search (PEKS) has received a lot of attention as an important branch. In this paper, we focus on the development of PEKS in cloud by providing a comprehensive research survey. From a technological viewpoint, the existing PEKS schemes can be classified into several variants: PEKS based on public key infrastructure, PEKS based on identity-based encryption, PEKS based on attribute-based encryption, PEKS based on predicate encryption, PEKS based on certificateless encryption, and PEKS supporting proxy re-encryption. Moreover, we propose some potential applications and valuable future research directions in PEKS.

Peiming Xu,Shaohua Tang,Peng Xu,Qianhong Wu,Honggang Hu,Willy Susilo

DOI: https://doi.org/10.1109/tsc.2019.2903502

IF: 11.019

2021-01-01

IEEE Transactions on Services Computing

Abstract:With the outbreak of e-mail message leakage events, such as the Hillary Clinton's Email Controversy, privacy and security of sensitive e-mail information have become users' primary concern. Encrypted email seems to be a viable solution for providing security, but it will greatly limit their operations. Public encryption with keyword search (PEKS) scheme is a popular technology to incorporate security protection and favorable operability functions together, which can play an important role in searching over encrypted email in a cloud server. In this paper, we propose a practical PEKS scheme named as public-key multi-keyword searchable encryption with hidden structures (PMSEHS). It could enable e-mail receivers to do the multi-keyword and boolean search in the large encrypted email database as fast as possible, without revealing more information to the cloud server. We also give comparative experiments, which demonstrate that our scheme has a higher efficiency in multi-keyword search for encrypted emails.

Yinbin Miao,Jiajia Liu,Jianfeng Ma

DOI: https://doi.org/10.1002/sec.1559

IF: 1.968

2016-01-01

Security and Communication Networks

Abstract:With the emergence of cloud storage, enabling cloud clients to securely store and efficiently retrieve ciphertext is a fundamental issue in cloud computing as data outsourcing can greatly ease heavy computation and management burden locally. Unfortunately, two challenging issues i.e., data security and privacy dramatically impede the adaption and practicability of cloud storage due to honest-but-curious cloud service provider CSP. Furthermore, data encryption mechanism seriously makes the information retrieval over ciphertext extremely difficult. Besides, dealing with single CSP is predicted to become less popular with cloud customers for fear of risks of single-point failure threats and potential malicious insiders. To this end, we propose two efficient keyword search over encrypted data in multi-cloud setting schemes which exploit Identity-Based Encryption IBE and Key-Policy Attribute-Based Encryption KP-ABE, respectively. Formal security analysis proves that our schemes can guarantee data privacy and reliability. As a further contribution, experimental results over real-world dataset show that our proposed schemes are feasible and efficient in practical applications. Copyright © 2016 John Wiley & Sons, Ltd.

Kai Zhang,Xiwen Wang,Jianting Ning,Xinyi Huang

DOI: https://doi.org/10.1109/tifs.2022.3224669

IF: 7.231

2022-12-10

IEEE Transactions on Information Forensics and Security

Abstract:Searchable encryption (SE) is a promising strategy for cloud-based file retrieval services, via structuring correspondences between files and keywords. Public key encryption with keyword search (PEKS) has been generally employed in file-sharing services, as compared to searchable symmetric encryption (SSE). However, PEKS is inherently vulnerable to keyword guessing attacks (KGA) launched by a malicious server. To resist such attacks, classic solutions are dual-server PEKS (DS-PEKS) [TIFS'2015] and server-aided PEKS (SA-PEKS) [TIFS'2016]. However, the query model in these two solutions only support single keyword search pattern, which inevitably limits their wide deployments in practice due to efficiency concern. In this work, we present DSB-SE, a new cloud-based file sharing & retrieval system that supports boolean queries while retaining KGA-resistance. Compared to DS-PEKS and SA-PEKS, the cost of documents searching in DSB-SE is 25, 000 times (resp. 6, 600 times) faster when and , where -term is the least frequent keyword in the query pattern. Technically, the performance gain derives from revisiting traditional boolean SSE by: (i) introducing a pairing-free DDH-based transformation key modular that allows a data reader's query pattern to be treated as a data writer's; (ii) employing the dual-server methodology to support boolean query with efficient validity checks. In particular, the client-to-cloud communication cost for retrieving index of a single document is bounded to , and the cost of sending a token ranges fro- . Nevertheless, DSB-SE is slightly slower than DS-PEKS (but faster than SA-PEKS) for key generation cost. Overall, the experiments show that the DSB-SE is practical and sufficient for real cloud applications, which is conducted over Enron dataset under a real-world cloud platform.

computer science, theory & methods,engineering, electrical & electronic

Pan Yang,Hongbo Li,Jianye Huang,Hao Zhang,Man Ho Allen Au,Qiong Huang

DOI: https://doi.org/10.1016/j.future.2023.03.002

IF: 7.307

2023-01-01

Future Generation Computer Systems

Abstract:Public-key Authenticated Encryption with Keyword Search (PAEKS) is a cryptographic primitive that can resist inside keyword guessing attack (KGA). However, most of the previously proposed PAEKS frameworks suffered from certificate management problem and key escrow problem. Inspired by the ideas of certificate-based cryptography, we propose a secure-channel free certificateless searchable public key authenticated encryption with keyword search (SCF-CLPAEKS) scheme which sloves the key escrow problem in identity-based cryptosystems and the cumbersome certificate problem in conventional public key cryptosystems. Our scheme achieves security against keyword guessing attacks are performed by both inside and outside adversaries. Moreover, our scheme satisfies ciphertext indistinguishability (CI), trapdoor indistinguishability (TI), and designated testability simultaneously. The comparisons indicate that our SCF-CLPAEKS scheme enjoys a better performance compared with related schemes.

Meng Wu,Xiaolei Dong,Zhenfu Cao,Jiachen Shen

DOI: https://doi.org/10.1109/icomssc45026.2018.8941948

2018-01-01

Abstract:Searchable encryption has emerged in order to maintain the balance between data privacy and convenience of keyword search. In 2017, Huang et al. introduced the notion of inside keyword guessing attack (IKGA), which means the inside adversary could try out the keyword specified by a given trapdoor by guessing offline and proposed a scheme called Public-key Authenticated Encryption with Keyword Search (HQ-PAEKS) to solve this problem. However, the search complexity of HQ-PAEKS is linear to the total number of the encrypted indexes and may be not in a position to meet the demand of practical application. This paper combines the idea of Public-key Authenticated Encryption with hidden structure and proposes a practical scheme called Public-key Authenticated Encryption with Fast Keyword Search (PAEFKS), in which the search complexity for the cloud server presents linear relation with the number of the encrypted indexes matching the trapdoor sent from the data user. In addition, it gives security analysis to show that the scheme could protect index and keyword privacy well and experiments on real-world data sets show that the scheme indeed reduces the overhead on keyword search computation in the cloud.

Yu Zhang,Songfeng Lu

DOI: https://doi.org/10.1145/2660267.2662361

2014-01-01

Abstract:A previous work proposed a method which can change a predicate encryption supporting inner product (IPE) scheme into a public key encryption with conjunctive keyword search (PECK) or public key encryption with disjunctive keyword search (PEDK) scheme. However, there are two problems in this method. The one is that the PEDK scheme based on this method has low efficiency on the time and space complexity. The other is that the PECK scheme and the PEDK scheme generated by using this approach can not be combine into one scheme which can support both conjunctive and disjunctive keyword search over encrypted data. To mitigate these concerns, we propose a method for constructing a scheme called public key encryption with conjunctive and disjunctive keyword search (PECDK), and give an instance. The comparison shows that our scheme can solve two problems mentioned above efficiently.

Xiangyu Pan,Fagen Li

DOI: https://doi.org/10.1016/j.sysarc.2021.102075

IF: 5.836

2021-01-01

Journal of Systems Architecture

Abstract:The notion of Public-key Encryption with Keyword Search (PEKS) was first proposed by Boneh et al. in 2004. However, almost all PEKS schemes cannot resist offline Keyword Guessing Attacks (KGA). To address this issue, Huang and Li introduced the notion of Public-key Authenticated Encryption with Keyword Search (PAEKS) in 2017. Recently, Qin et al. put forward a new security model named Multi-Ciphertext Indistinguishability (MCI), in which an adversary aims to distinguish two tuples of ciphertexts. They found that Huang and Li’s scheme cannot achieve MCI-security, so they proposed a new scheme which is able to achieve MCI-security. Furthermore, Qin et al. referred to another security model named Multi-Trapdoor Indistinguishability (MTI). They stated that the future work direction is to design a scheme which can achieve both MCI-security and MTI-security. In this paper, we present a new PAEKS scheme and prove that it is capable of achieving MCI-security and MTI-security simultaneously with the help of random oracles. Finally, we compare our scheme with other four related schemes using PBC library and provide experimental results. It turns out that our scheme achieves a higher security level with a little more cost.