Elhabob Rashad,Zhao Yanan,Eltayieb Nabeil,Abdelgader Abdeldime M. S.,Xiong Hu

DOI: https://doi.org/10.1007/s10586-019-02979-1

2019-01-01

Cluster Computing

Abstract:The rising popularity of cloud computing is now widely adopted by many industries including resource-restricted data owners, i.e., with the smart sensors in the Internet of things (IoT) to store their data in the cloud. Considering the untrusted nature of cloud server, the data collected by smart sensors should be encrypted before offloading them to the cloud. This unfortunately raises a concern on how to perform search functionality on encrypted data in the cloud. To tackle this challenge, an identity-based encryption scheme with authorized equivalence test (IBE-AET) is proposed in this paper to achieve simultaneously encryption and search functionality over outsourced data in cloud-assisted IoT. In IBE-AET, an authorized cloud server is allowed to carry out the equivalence test of two messages encrypted using the same identity as well as also those messages encrypted in different identities. In addition, the authorization mechanism in IBE-AET is versatile such that it enables a user to delegate the testing capability to the cloud server in a fine-grained manner. In the random oracle model, the proposed IBE-AET is formally proved to be equivalent to the bilinear Diffie–Hellman (BDH) assumption. The practicability of the suggested scheme is demonstrated by both the theoretic analysis and experimentsimulation.

Nyamsuren Vaanchig,Zhiguang Qin,Batjargal Ragchaasuren

DOI: https://doi.org/10.1002/ett.3896

IF: 3.6

2020-01-01

Transactions on Emerging Telecommunications Technologies

Abstract:With the rapid rise of connected vehicles on the road, there is an exponential growth in vehicle‐related data (vehicle‐data) generated and accumulated by connected vehicles. Taking advantage of cloud computing, enabling a vehicle‐data sharing system can make various services based on vehicle‐data available. However, the untrusted nature of the cloud server raises a challenge on how to balance privacy and functionality over the vehicle‐data outsourced to the vehicle‐data sharing system. Identity‐based encryption with equality test (IBEET) is a viable solution to this challenge as it not only ensures data privacy but also enables searchable functionality over the encrypted data while dealing with the certificate management issue that exists in public key encryption with equality test (PKEET). However, the existing IBEET schemes are unable to be applicable into the vehicle‐data sharing in cloud computing due to the fact that they did not consider the consequences of unexpected exposure of trapdoors given to cloud server and different levels of computing capabilities of the system entities. Therefore, this article introduces the notion of secure‐channel‐free IBEET (SCF‐IBEET) scheme and presents a generic construction of the SCF‐IBEET scheme by addressing the above‐mentioned issues simultaneously. The proposed SCF‐IBEET construction achieves one‐wayness under chosen‐identity and chosen‐ciphertext attacks, indistinguishability under chosen‐identity and chosen‐ciphertext attacks, and trapdoor anonymity securities with respect to five different types of adversaries. Furthermore, the security comparison and efficiency analysis indicate that the proposed construction is reasonable with regard to security and viable in terms of efficiency to be applied to practical scenarios as vehicle‐data sharing in cloud computing.

Sha Ma,Zhiqing Ye,Qiong Huang,Chengyu Jiang

DOI: https://doi.org/10.1016/j.ins.2024.120099

IF: 8.1

2024-01-13

Information Sciences

Abstract:Text similarity measures have become increasingly pivotal in text-related research and applications, encompassing tasks such as information retrieval, text classification, document clustering. Unveiling the equality relationship between encrypted words is fundamental for ensuring privacy-preserving text similarity. Identity-based encryption with equality test (IBEET) emerges as a promising solution for computing similarity over encrypted data in cloud environment. However, prevalent IBEET schemes often lack control over the lifespan of trapdoors, potentially leading to misuse and unauthorized disclosure of users' privacy. In this paper, we introduce a novel primitive known as controllable forward secure identity-based encryption with equality test (CFS-IBEET), designed to support both permanent trapdoor and temporary trapdoor. We present a concrete CFS-IBEET scheme based on bilinear pairing and conduct a comprehensive security analysis against two types of adversaries in random oracle model. The comprehensive performance evaluation shows that our CFS-IBEET scheme offers significant advantages of high efficiency of encryption, decryption, trapdoor generation and test algorithms as well as the guarantee of controllable forward security, showcasing its applicability for collaborative filtering recommendation system in E-commerce age.

computer science, information systems

Abdelrhman Hassan,Rashad Elhabob,Nabeil Eltayieb,Yong Wang

DOI: https://doi.org/10.1002/ett.4361

IF: 3.6

2021-01-01

Transactions on Emerging Telecommunications Technologies

Abstract:The widespread adoption of social network applications and smart mobile devices has yielded a massive amount of data transmitted through the networks. Fortunately, social network service providers offer a wide range of storage capacity and data management functionality. Accordingly, the data can be uploaded to the social servers for processing and then accessible elsewhere. Nevertheless, considering the untrusted nature of the social servers, it becomes crucial to protect the data before uploading it to the server. Unfortunately, encryption incurs another severe problem in providing search functionality on encrypted data stored on the server. In addition, most of the existing solutions are inefficient to deploy on mobile devices due to the limited resources and computing capabilities. To address this issue, we propose an authorized equality test on identity‐based cryptosystem (AET‐IBC) scheme in this article. The scheme allows the server to test if two different ciphertexts encapsulate the same message. Besides, it supports different authorization methods to enhance the privacy. Furthermore, based on the random oracle model, we prove the security of the proposed scheme to be equivalent to the modified bilinear Diffie‐Hellman intractable assumption. Finally, the efficiency analysis shows that the AET‐IBC scheme is practicable and convenient for mobile social networking applications.

Jingwei Lu,Hongbo Li,Jianye Huang,Sha Ma,Man Ho Allen Au,Qiong Huang

DOI: https://doi.org/10.1016/j.csi.2023.103759

IF: 3.721

2024-01-01

Computer Standards & Interfaces

Abstract:It is tricky to determine whether two ciphertexts contain the same message when the messages are encrypted with different public keys. public key encryption with equality test (PKEET) addresses this problem without decryption. By integrating PKEET with identity-based encryption, identity-based encryption with equality test (IBEET) simplifies the certificate management in PKEET. In this paper, we first propose an IBEET scheme that can resist offline message recovery attacks (OMRA) and requires neither the dual-tester setting nor the group mechanism. With the help of some mathematical assumptions, we demonstrate the security of our scheme. Experiment results reveal that our scheme is efficient. From the perspective of usability, we explain why our scheme is more appropriate to be applied in healthcare social Apps than other OMRA-resistant schemes.

Zheng Qu,Saru Kumari,Mohammad S. Obaidat,Bander A. Alzahrani,Hu Xiong

DOI: https://doi.org/10.1109/jbhi.2023.3321939

IF: 7.7

2024-01-01

IEEE Journal of Biomedical and Health Informatics

Abstract:The emerging Internet of Things (IoTs) and cloud technologies spark dramatic growth in efficiency and productivity for the conventional e-health sector. However, the extensive applications of the communication network also expose the sensitive medical data to the unprecedented cyber threats. To protect the data privacy in IoTs-based e-health cloud environments, we propose an adaptively secure data sharing scheme with traceability and equality test (T-ABEET). The T-ABEET not only allows flexible access control to the massive data but also provides the functionality of traitor tracing to identity the users who leak their decryption keys. Meanwhile, through carrying out the equality test, the target ciphertext can be retrieved efficiently without revealing anything about the plaintext. Particularly, distinct from previous traceable ABE works, the tracing cost in our T-ABEET scheme keeps constant even with the increasing number of users. Also, by introducing the multi-authority mechanism, our T-ABEET can avoid the inherent key escrow problem of ABE. Furthermore, our T-ABEET is demonstrated adaptively secure under subgroup decision assumption. Finally, performance comparison reveals that our T-ABEET has superior practicality, efficiency, and security in cloud-enabled e-health systems.

Zhen Yan,Xijun Lin,Xiaoshuai Zhang,Jianliang Xu,Haipeng Qu

DOI: https://doi.org/10.3390/e26010074

IF: 2.738

2024-01-16

Entropy

Abstract:The identity-based encryption with equality test (IBEET) has become a hot research topic in cloud computing as it provides an equality test for ciphertexts generated under different identities while preserving the confidentiality. Subsequently, for the sake of the confidentiality and authenticity of the data, the identity-based signcryption with equality test (IBSC-ET) has been put forward. Nevertheless, the existing schemes do not consider the anonymity of the sender and the receiver, which leads to the potential leakage of sensitive personal information. How to ensure confidentiality, authenticity, and anonymity in the IBEET setting remains a significant challenge. In this paper, we put forward the concept of the identity-based matchmaking encryption with equality test (IBME-ET) to address this issue. We formalized the system model, the definition, and the security models of the IBME-ET and, then, put forward a concrete scheme. Furthermore, our scheme was confirmed to be secure and practical by proving its security and evaluating its performance.

physics, multidisciplinary

Hongbo Li,Qiong Huang,Sha Ma,Jian Shen,Willy Susilo

DOI: https://doi.org/10.1109/access.2019.2899680

IF: 3.9

2019-01-01

IEEE Access

Abstract:With the higher rate of using cloud storage, protecting data privacy becomes an important issue. The most effective solution is to encrypt data before uploading to the cloud. However, how to efficiently search over data encrypted with different keys is still an open problem. To address this problem, we introduce a new notion of the identity-based encryption with equality test supporting flexible authorization (IBEET-FA). It supports the test of whether two ciphertexts encrypted under the different keys encapsulate the same message, and in the meanwhile supports fine-grained authorization of the test. Based on the equality test on ciphertexts, there is a direct way to support an authorized user to search over ciphertexts of different users, which accelerates secret data sharing among a group of users. Besides, IBEET-FA does not suffer from the complex key management problem of its counterpart in the traditional public key infrastructure. We propose a concrete construction of IBEET-FA and prove it to be securely based on simple mathematical assumptions. The experimental results show that our IBEET-FA scheme is efficient and can satisfy various types of search over encrypted data.

Rashad Elhabob,Nabeil Eltayieb,Hu Xiong,Saru Kumari

DOI: https://doi.org/10.1109/jiot.2024.3466958

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:The emergence of the COVID-Omicron XBB variant has intensified the need for Wireless Body Area Networks (WBANs) in telemedicine, underscoring their critical role in remote patient monitoring and demanding robust security solutions to protect health data and patient privacy. To address this need, we introduce the Equality Test on Identity-Based Encryption with Cryptographic Reverse Firewalls (ET-IBE-CRF). This protocol allows the medical server in a telemedicine system to execute the equality test on encrypted data and retrieve the result without knowing any relevant information about the ciphertext. By incorporating cryptographic reverse firewalls (CRFs), the ET-IBE-CRF protocol effectively counters Offline message recovery attacks (OMRA) and algorithm substitution attacks (ASAs) without requiring secure communication channels. Our evaluation indicates that ET-IBE-CRF not only meets the strict requirements for confidentiality and privacy in telemedicine applications, but also maintains high efficiency. This makes it well-suited for high-performance telemedicine systems.

Yuanhao Wang,Yuzhao Cui,Qiong Huang,Hongbo Li,Jianye Huang,Guomin Yang

DOI: https://doi.org/10.1109/ACCESS.2020.2973459

IF: 3.9

2020-01-01

IEEE Access

Abstract:Sensitive data would be encrypted before uploading to the cloud due to the privacy issue. However, how to compare the encrypted data efficiently becomes a problem. Public Key Encryption with Equality Test (PKEET) provides an efficient way to check whether two ciphertexts (of possibly different users) contain the same message without decryption. As an enhanced variant, Attribute-based Encryption with Equality Test (ABEET) provides a flexible mechanism of authorization on the equality test. Most of the existing ABEET schemes are only proved to be secure in the random oracle model. Their security, however, would not be guaranteed if random oracles are replaced with real-life hash functions. In this work, we propose a construction of CP-ABEET scheme and prove its security based on some reasonable assumptions in the standard model. We then show how to modify the scheme to outsource complex computations in decryption and equality test to a third-party server in order to support thin clients.

Weina Niu,Zhongliu Zhuo,Xiaosong Zhang,Xiaojiang Du,Guowu Yang,Mohsen Guizani

DOI: https://doi.org/10.1109/tvt.2019.2894290

IF: 6.8

2019-01-01

IEEE Transactions on Vehicular Technology

Abstract:In recent years, malware with strong concealment uses encrypted protocol to evade detection. Thus, encrypted traffic identification can help security analysts to be more effective in narrowing down those encrypted network traffic. Existing methods are protocol independent, such as statistical-based and machine-learning- based approaches. Statistical-based approaches, however, are confined to payload length and machine-learning-based approaches have a low recognition rate for encrypted traffic using undisclosed protocols. In this paper, we proposed a heuristic statistical testing (HST) approach that combines both statistics and machine learning and has been proved to alleviate their respective deficiencies. We manually selected four randomness tests to extract small payload features for machine learning to improve real-time performances. We also proposed a simple handshake skipping method called HST-R to increase the classification accuracy. We compared our approach with other identification approaches on a testing dataset consisting of traffic that uses two known, two undisclosed, and one custom cryptographic protocols. Experimental results showed that HST-R performs better than other traditional coding-based, entropy-based, and ML-based approaches. We also showed that our handshake skipping method could generalize better for unknown cryptographic protocols. Finally, we also conducted experimental comparisons among different classification algorithms. The results showed that C4.5, with our method, has the highest identification accuracy for secure sockets layer and secure shell traffic.

Nanjing University,Wang Ming,Zhong Hong,Zhong Sheng

DOI: https://doi.org/10.1007/s11704-020-9396-2

IF: 2.6688

2021-01-01

Frontiers of Computer Science

Abstract:1 Introduction With the rapid development of cloud computing,more and more data are stored in cloud servers as cyphertexts for stor-age[1,2].However,it faces enormous challenges regarding ci-phertext analysis.For example,in the cloud medical services,authorized medical institutions(AMIs)need analyze medical records to figure out gender and age information on patients with the same disease.On account of privacy protection for pa-tients,hospitals should encrypt each medical record,and upload the ciphertext to the cloud server,followed by the application of public key encryption with equality test(PKEET)[3,4]to get the encrypted medical records with the same disease.However,frequent operations of equality testing will result in off-line key-word guessing attacks(KGAs)[5],thus making insider attack-ers snatch users'confidential information because the keyword space of diseases is far smaller than key space.

Anish Singh Shekhawat,Fabio Di Troia,Mark Stamp

DOI: https://doi.org/10.48550/arXiv.2312.04596

2023-12-06

Abstract:In recent years there has been a dramatic increase in the number of malware attacks that use encrypted HTTP traffic for self-propagation or communication. Antivirus software and firewalls typically will not have access to encryption keys, and therefore direct detection of malicious encrypted data is unlikely to succeed. However, previous work has shown that traffic analysis can provide indications of malicious intent, even in cases where the underlying data remains encrypted. In this paper, we apply three machine learning techniques to the problem of distinguishing malicious encrypted HTTP traffic from benign encrypted traffic and obtain results comparable to previous work. We then consider the problem of feature analysis in some detail. Previous work has often relied on human expertise to determine the most useful and informative features in this problem domain. We demonstrate that such feature-related information can be obtained directly from machine learning models themselves. We argue that such a machine learning based approach to feature analysis is preferable, as it is more reliable, and we can, for example, uncover relatively unintuitive interactions between features.

Cryptography and Security,Machine Learning

Luming Yang,Shaojing Fu,Yongjun Wang,Kaitai Liang,Fan Mo,Bo Liu

DOI: https://doi.org/10.1093/comjnl/bxac008

2022-03-07

The Computer Journal

Abstract:Abstract Traffic encrypted technology enables Internet users to protect their data secrecy, but it also brings a challenge to malicious package detection. To tackle this issue, researchers have investigated into encrypted traffic analysis (ETA) in recent years. Existing works, however, only focus on the accuracy of malicious flow identification. Using ETA as a technical black box, they pay little attention to the internal details and explanation of models. In this paper, we, for the first time, introduce interpretable machine learning into ETA. We aim to provide a reasonable explanation for detection results, so as to enable one to understand and further trust network security analysts. We develop a complete analysis framework, named DEV-ETA (detection, explanation and verification of ETA). DEV-ETA applies post hoc interpretation methods to explain the detection results and verify the explanation using the joint distribution of support features on the dataset. We run thorough experiments to explain the detection result using three popular explanation approaches, namely SHAP, LIME and MSS, and we verify the explanation via the feature distribution plot. The experimental results show that our design can interpret the detection result of ETA model instead of just simply treating the model as a black box.

computer science, information systems, theory & methods, software engineering, hardware & architecture

Karary university,Xiong Hu,Arab East Colleges for Graduate Studies,Ramadan Mohammed,Qin Zhiguang

DOI: https://doi.org/10.1007/s11276-020-02462-5

IF: 2.701

2020-01-01

Wireless Networks

Abstract:With the rapid popularity and wide adoption of cloud storage, providing privacy-preserving by protecting sensitive information becomes a matter of grave concern. The most effective and sensible way to address this issue is to encrypt the data before uploading it to the cloud. However, to search over encrypted data with different keys is still an open problem when it comes to the deployment of emerging technologies such as healthcare applications and e-marketplace systems. To address these issues, in this paper, we proposed a secure and efficient public-key encryption with an equality test technique that supports anonymous authorization, abbreviated as (PKEET-AA). Our proposed scheme allows a specific user to identify who can perform the equality test process among various cloud servers without compromising sensitive information. It also provides an anonymous approach to search for some statistical information about specific identical encrypted records in several databases. Moreover, we prove that our proposed PKEET-AA scheme is one-way secure against chosen-ciphertext attack (OW-CCA) and undistinguishable against adaptive chosen ciphertext attack (IND-CCA) in the random oracle model. Thus, to provide authorization/multi-authorization anonymity under the Decisional Diffie–Hellman assumption.

Ruoxu Zhao,Dawu Gu,Juanru Li,Yuanyuan Zhang

DOI: https://doi.org/10.1007/978-3-319-12087-4_7

2014-01-01

Abstract:Encryption is increasingly used in network communications, especially by malicious software (malware) to hide its malicious activities and protect itself from being detected or analyzed. Understanding malware's encryption schemes helps researchers better analyze its network protocol, and then derive the internal structure of the malware. However, current techniques of encrypted protocol analysis have a lot of limitations. For example, they usually require the encryption part being separated from message processing which is hardly satisfied in today's malware, and they cannot provide detailed information about the encryption parameter such as the algorithm used and its secret key. Therefore, these techniques cannot fulfill the needs of today's malware analysis.In this paper, we propose a novel and enhanced approach to automatically detect and analyze encryption and encoding functions within network applications. Utilizing dynamic taint analysis and data pattern analysis, we are able to detect encryption, encoding and checksum routines within the normal processing of protocol messages without prior knowledge of the protocol, and provide detailed information about its encryption scheme, including the algorithms used, secret keys, ciphertext and plaintext. We can also detect private or custom encryption routines made by malware authors, which can be used as signature of the malware. We evaluate our method with several malware samples to demonstrate its effectiveness.

Siyue Dong,Zhen Zhao,Baocang Wang,Wen Gao,Shanshan Zhang

DOI: https://doi.org/10.3390/electronics13071256

IF: 2.9

2024-03-29

Electronics

Abstract:Public key encryption with equality test (PKEET) is a cryptographic primitive that enables a tester to determine whether two ciphertexts encrypted with same or different public keys have been generated from the same message without decryption. Previous studies extended PKEET to public key encryption with designated-position fuzzy equality test (PKE-DFET), enabling testers to verify whether plaintexts corresponding to two ciphertexts are equal while ignoring specific bits at designated positions. In this work, we have filled the research gap in the identity-based encryption (IBE) cryptosystems for this primitive. Furthermore, although our authorization method is the all-or-nothing (AoN) type, it overcomes the shortcomings present in the majority of AoN-type authorization schemes. In our scheme, equality tests can only be performed between a ciphertext and a given plaintext. Specifically, even if a tester acquires multiple AoN-type authorizations, it cannot conduct unpermitted equality tests between users. This significantly reduces the risk of user privacy leaks when handling sensitive information in certain scenarios, while still retaining the flexible and simple characteristics of AoN-type authorizations. We use the Chinese national cryptography standard SM9-IBE algorithm to provide the concrete construction of our scheme, enhancing the usability and security of our scheme, while making deployment more convenient. Finally, we prove that our scheme achieves F-OW-ID-CCA security when the adversary has the trapdoor of the challenge ciphertext, and achieves IND-ID-CCA security when the adversary does not have the trapdoor of the challenge ciphertext.

engineering, electrical & electronic,computer science, information systems,physics, applied

Rashad Elhabob,Yanan Zhao,Iva Sella,Hu Xiong

DOI: https://doi.org/10.3837/tiis.2019.09.023

2019-01-01

KSII Transactions on Internet and Information Systems

Abstract:Cloud computing provides a broad range of services like operating systems, hardware, software and resources. Availability of these services encourages data owners to outsource their intensive computations and massive data to the cloud. However, considering the untrusted nature of cloud server, it is essential to encrypt the data before outsourcing it to the cloud. Unfortunately, this leads to a challenge when it comes to providing search functionality for encrypted data located in the cloud. To address this challenge, this paper presents a public key encryption with equality test for heterogeneous systems (PKE-ET-HS). The PKE-ET-HS scheme simulates certificateless public encryption with equality test (CLE-ET) with the identity-based encryption with equality test (IBE-ET). This scheme provides the authorized cloud server the right to actuate the equivalence of two messages having their encryptions performed under heterogeneous systems. Basing on the random oracle model, we construct the security of our proposed scheme under the bilinear Diffie-Hellman (BDH) assumption. Eventually, we evaluate the size of storage, computation complexities, and properties with other related works and illustrations indicate good performance from our scheme.

Rashad Elhabob,Mazin Taha,Hu Xiong,Muhammad Khurram Khan,Saru Kumari,Pradeep Chaudhary

DOI: https://doi.org/10.1016/j.compeleceng.2024.109140

IF: 4.152

2024-01-01

Computers & Electrical Engineering

Abstract:In the domain of the Internet of Vehicles (IoV), the integration of intelligent devices for traffic data collection is pivotal, with data storage occurring in cloud-assisted IoV systems. Despite its importance, this raises trust concerns regarding cloud servers, necessitating the use of encryption. However, encrypted data search remains a complex challenge. To address this, alongside issues of certificate management, key escrow, and pairing computation, we propose a novel solution: free-pairing certificateless public key encryption with equality test (CL-PKE-ET). This protocol empowers cloud systems to compare encrypted data and establish equality, retrieving results without accessing the sensitive information within the encrypted data. Grounded in the computational Diffie–Hellman assumption within the random oracle model, our CL-PKE-ET protocol is a significant advancement in secure data handling for IoV. Comparative analysis with leading-edge schemes demonstrates our method’s superior performance. This positions our CL-PKE-ET protocol as an ideal fit for the evolving IoV landscape, offering a robust solution to contemporary IoV security challenges.

Rashad Elhabob,Nabeil Eltayieb,Hu Xiong,Fazlullah Khan,Ali Kashif Bashir,Saru Kumari,Ryan Alturki,Sachin Kumar

DOI: https://doi.org/10.1109/TCE.2024.3405496

2024-01-01

IEEE Transactions on Consumer Electronics

Abstract:The rise of e-commerce and the adoption of cloud servers have revolutionized retail by providing greater convenience and selection to online shoppers. However, personalizing the customer experience also poses important challenges regarding privacy, security, and trust. To tackle this issue, the public key encryption with equality test (PKEET) is employed. Customer experiences are securely transmitted to the cloud server in an encrypted manner. Consequently, the cloud server is authorized to carry out an equality test on the encrypted data and retrieval without revealing private details. Edward Snowden’s disclosures underscored the risk of capable adversaries infiltrating user devices and surreptitiously accessing private information via covert backdoors. To tackle this, cryptographic reverse firewalls (CRFs) were proposed. However, applying CRF techniques to PKEET for securing personalization and contextualization in e-commerce has yet to be realized. Thus, this work introduces a novel equality test public key encryption with cryptographic reverse firewalls (ET-PKE-CRF) approach. The performance evaluation demonstrates that the ET-PKE-CRF scheme substantially enhances efficiency in terms of communication and computation, outperforming current advanced solutions.