Qian Wang,Chengzhe Lai,Rongxing Lu,Dong Zheng

DOI: https://doi.org/10.1109/tcc.2021.3120110

IF: 5.697

2021-01-01

IEEE Transactions on Cloud Computing

Abstract:Outsourcing medical data to healthcare cloud has become a popular trend. Since medical data of patients contain sensitive personal information, they should be encrypted before outsourcing. However, information retrieval methods based on plaintext cannot be directly applied to encrypted data. In this article, we present a new cryptographic primitive named conjunctive keyword search with secure channel free and autonomous path delegation function (AP-SCF-PECKS), which can be applied in scenarios where patients want to search for and autonomous delegate their private medical information without revealing their private key. Particularly, the proposed solution allows patients to set up multi-hop delegation path with their preferences, and the delegated doctors in the path can search for and access the patient’s private medical information with priority from high to low. Patients can ensure that authorized doctors are always trustworthy, and unauthorized users cannot obtain the private medical information of patients. Moreover, the scheme supports the conjunctive keyword search, secure channel free, and is secure against chosen keyword attack, chosen ciphertext attack, and keyword guessing attack. The security of proposed scheme has been formally proved in the standard model. Finally, the performance evaluations demonstrate that the overhead of proposed scheme are modest for healthcare cloud scenarios.

computer science, information systems, theory & methods

Shufen Niu,Fei Yu,Mi Song,Song Han,Caifen Wang

DOI: https://doi.org/10.1007/s00500-022-07292-5

Abstract:Searchable encryption allows data users to search for encrypted files by keywords without restriction. However, electronic health record (EHR) contains sensitive information, and data users should search for and share EHR with restriction. If data users are not restricted when EHR is searched and shared, there is a high risk that EHR will be misused and reveal large amounts of private patient information. This paper proposes a specified keywords search scheme for EHR sharing based on searchable encryption and proxy re-encryption to address this problem. In the scheme, the data user searches with the keywords specified by the doctor and obtains EHR from the medical cloud. Proxy re-encryption is used to implement the sharing of EHR and privacy preservation securely. The security proof demonstrates that our scheme is secure against chosen keyword attack. Furthermore, the experimental results show that the scheme achieves computational efficiency.

Haijiang Wang,Jianting Ning,Xinyi Huang,Guiyi Wei,Geong Sen Poh,Ximeng Liu

DOI: https://doi.org/10.1109/tdsc.2019.2916569

2019-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:E-Healthcare systems are increasingly popular due to the introduction of wearable healthcare devices and sensors. Personal health records (PHRs) are collected by these devices and stored in a remote cloud. Due to privacy concern, these records should not be accessible by any unauthorized party, and the cloud providers should not be able to learn any information from the stored records. To address the above issues, one promising solution is to employ attribute based encryption (ABE) for fine-grained access control and searchable encryption for keyword search on encrypted data. However, most of existing ABE schemes leak the privacy of access policy which may also contain sensitive information. On the other hand, for users' devices with limited computing power and bandwidth, the mechanism should enable them to be able to search the PHRs efficiently. Unfortunately, most existing works on ABE do not support efficient keyword search on encrypted data. In this work, we propose an efficient hidden policy ABE scheme with keyword search. Our scheme enables efficient keyword search with constant computational overhead and constant storage overhead. Moreover, we enhance the recipient's privacy which hides the access policy. As of independent interest, we present a trapdoor malleability attack and demonstrate that some of previous schemes may suffer from such attack.

Chang Xu,Ruijuan Wang,Liehuang Zhu,Chuan Zhang,Rongxing Lu,Kashif Sharif

DOI: https://doi.org/10.48550/arXiv.2203.13662

2022-03-25

Cryptography and Security

Abstract:Searchable symmetric encryption (SSE) supports keyword search over outsourced symmetrically encrypted data. Dynamic searchable symmetric encryption (DSSE), a variant of SSE, further enables data updating. Most DSSE works with conjunctive keyword search primarily consider forward and backward privacy. Ideally, the server should only learn the result sets involving all keywords in the conjunction. However, existing schemes suffer from keyword pair result pattern (KPRP) leakage, revealing the partial result sets containing two of query keywords. We propose the first DSSE scheme to address aforementioned concerns that achieves strong privacy-preserving conjunctive keyword search. Specifically, our scheme can maintain forward and backward privacy and eliminate KPRP leakage, offering a higher level of security. The search complexity scales with the number of documents stored in the database in several existing schemes. However, the complexity of our scheme scales with the update frequency of the least frequent keyword in the conjunction, which is much smaller than the size of the entire database. Besides, we devise a least frequent keyword acquisition protocol to reduce frequent interactions between clients. Finally, we analyze the security of our scheme and evaluate its performance theoretically and experimentally. The results show that our scheme has strong privacy preservation and efficiency.

Hancheng Gao,Haiping Huang,Lingyan Xue,Fu Xiao,Qi Li

DOI: https://doi.org/10.1109/jiot.2023.3279893

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:The integration of Internet of Things (IoT) with cloud-edge computing in cyber-physical systems has revolutionized the way healthcare enterprises manage electronic health records (EHRs). With more healthcare enterprises outsourcing encrypted EHRs to the cloud, searchable encryption is utilized to retrieve encrypted data, especially attribute-based searchable encryption (ABSE) can achieve fine-grained access control. However, ABSE usually requires a lot of computation, which imposes a serious burden on resource-limited devices. Moreover, ensuring fairness in data access is crucial in the healthcare domain, where both data users and owners may have conflicting interests. In order to overcome these problems, this paper proposes a searchable encryption scheme with fine-grained access control for cloud-based EHRs sharing assisted by blockchain. It transfers computing tasks to edge servers and enables users to control who has access to their EHRs. The adoption of blockchain and smart contracts guarantees data integrity and transaction fairness. Moreover, a consensus algorithm is designed for the higher efficiency of the proposed scheme. Finally, security analysis proves the proposed scheme resists adaptive chosen keyword attacks (CKA). Performance analysis further confirms it has more functionalities and is efficient for smart healthcare.

computer science, information systems,telecommunications,engineering, electrical & electronic

Li Xu,Chi-Yao Weng,Lun-Pin Yuan,Mu-En Wu,Raylin Tso,Hung-Min Sun

DOI: https://doi.org/10.1007/s11227-015-1515-8

2015-01-01

Abstract:Cloud storage is one of the most important applications in our daily lives. User can store their own data into cloud storage and remotely access the saved data. Owing to the social media develops, users can share the digital files to other users, leading to the amount of data growing rapidly and searching abilities necessarily. In the some cases, servers cannot avoid data leakage even if the server provides complete access control. The encrypted data is a best way to resolve this problem but it may eliminate original structure and searching may become impossible. Applying searchable encryption for each receiver may produce messy duplication and occupy the quota of cloud storage from each receiver. User requires keeping their shared documents belonging up to date which are compared with the latest version. To this aim, we thus propose a sharable ID-based encryption with keyword search in cloud computing environment, which enables users to search in data owners’ shared storage while preserving privacy of data. For the performance analysis, we demonstrate the compared resultant with others ID-based or ID-relative encryption. In addition to that, we show the formal proof to verify the security of our proposed.

Hua Zhang,Shaohua Zhao,Ziqing Guo,Qiaoyan Wen,Wenmin Li,Fei Gao

DOI: https://doi.org/10.1109/tcc.2021.3092358

IF: 5.697

2021-01-01

IEEE Transactions on Cloud Computing

Abstract:Searchable encryption (SE) is a powerful technology that enables keyword-based search over encrypted data becomes possible. However, most SE schemes focus on exact keyword search which can not tolerate misspellings and typos. Existing fuzzy keyword search schemes only support fuzzy search within a limited similarity threshold $d$d, the storage cost will grow exponentially or the precision of search results will greatly decrease as $d$d increases. Moreover, the current fuzzy keyword ranked search schemes consider only the keyword weight, and disregard the influence of keyword morphology similarity on the ranking. In this article, we propose a scalable fuzzy keyword ranked search scheme over encrypted data under hybrid clouds architecture. We use the edit distance to measure the similarity of keywords and design an edit distance algorithm over encrypted data, in which our scheme achieves fuzzy keyword search for any similarity threshold $d$d with a constant storage size and accurate search results. Furthermore, we design a two-factor ranking function combining keyword weight with keyword morphology similarity, which is utilized to rank the search results and enhance system usability. Extensive experiments are performed to demonstrate the trade-off of efficiency and security of the proposed scheme.

computer science, information systems, theory & methods

Yinbin Miao,Feng Li,Xinghua Li,Zhiquan Liu,Jianting Ning,Hongwei Li,Kim-Kwang Raymond Choo,Robert H. Deng

DOI: https://doi.org/10.1109/tmc.2023.3277702

IF: 6.075

2024-01-01

IEEE Transactions on Mobile Computing

Abstract:Electronic health (e-health) systems may outsource data such as patient e-health records to mobile cloud servers for efficiency gains (e.g., minimizing local storage and computation costs). However, such a move may result in privacy implications in the presence of semi-honest cloud servers. Searchable Encryption (SE) can potentially facilitate privacy-preserving searches based on keywords for encrypted data stored in the mobile cloud, but most existing SE solutions do not support temporal access control (i.e., a mechanism that grants access permissions to users for specified time ranges). Hence, in this paper we design a time-controllable keyword search scheme by using an attribute-based comparable access control. This allows users to match indexes encrypted at specified time intervals. Then, we improve the basic framework to support efficient user revocation using secret sharing. We then formally prove the security of our proposed frameworks against chosen-keyword attack and key collusion attack, as well as achieving keyword secrecy. We also evaluate the performance of our proposed approach using a real-world dataset to demonstrate their practical utility.

Wei-Ting Lu,Wei Wu,Shih-Ya Lin,Min-Chi Tseng,Hung-Min Sun

DOI: https://doi.org/10.1007/978-3-319-46298-1_19

2016-01-01

Abstract:Nowadays the cloud security becomes a significant issue: while the single user keyword search on encrypted data has been proposed, encrypting files before uploading scarifies the advantage of the convenience of sharing data with others on the cloud. We design a searchable encryption for the multi-user case. We combine the advantage of efficiency of the symmetric encryption with authentication of the asymmetric encryption to provide a secure and efficient system of shareable keyword search on encrypted data.

Hongjian Yin,Yiming Zhao,Lei Zhang,Baojun Qiao,Wenbo Chen,Huaqing Wang

DOI: https://doi.org/10.1016/j.sysarc.2024.103081

IF: 5.836

2024-03-01

Journal of Systems Architecture

Abstract:In this paper, we address the secure sharing of sensitive healthcare data in blockchain-based healthcare. As a form of sensitive information, healthcare data is often encrypted before being uploaded to cloud servers. Extensive research has been conducted on Attribute-Based Searchable Encryption (ABSE) to achieve fine-grained searchability of encrypted sensitive healthcare data. However, the existing ABSE schemes rely on a single authoritative center for managing the master key, resulting in a single point of failure. Additionally, there has been limited research focusing on the privacy concerns of user identity during the key generation process. To tackle these challenges, we propose a novel decentralized ciphertext-policy attribute-based encryption (DCP-ABSE) scheme. In this scheme, the master key is jointly managed by all attribute nodes on the blockchain. This ensures the smooth operation of the system even if some nodes are compromised. In addition, the user’s private key fragments are generated through interactions with all attribute nodes, in this process, the user’s identity information is not disclosed to attribute nodes. In addition, we prove that the proposed scheme is secure against chosen keyword attacks and chosen plaintext attacks under the Decisional Bilinear Diffie–Hellman assumption. The performance evaluation shows that the proposed scheme has high efficiency.

computer science, software engineering, hardware & architecture

Jianting Ning,Xinyi Huang,Geong Sen Poh,Jiaming Yuan,Yingjiu Li,Jian Weng,Robert H. Deng

DOI: https://doi.org/10.1145/3460120.3484540

2021-01-01

Abstract:Searchable Encryption (SE) enables private queries on encrypted documents. Most existing SE schemes focus on constructing industrial-ready, practical solutions at the expense of information leakages that are considered acceptable. In particular, ShadowCrypt utilizes a cryptographic approach named ''efficiently deployable, efficiently searchable encryption'' (EDESE) that reveals the encrypted dataset and the query tokens among other information. However, recent attacks showed that such leakages can be exploited to (partially) recover the underlying keywords of query tokens under certain assumptions on the attacker's background knowledge. We continue this line of work by presenting LEAP, a new leakage-abuse attack on EDESE schemes that can accurately recover the underlying keywords of query tokens based on partially known documents and the L2 leakage as per defined by Cash et al. (CCS '15). As an auxiliary function, our attack supports document recovery in the similar setting. To the best of our knowledge, this is the first attack on EDESE schemes that achieves keyword recovery and document recovery without error based on partially known documents and L2 leakage. We conduct extensive experiments to demonstrate the effectiveness of our attack by varying levels of attacker's background knowledge.

Jiaming Yuan,Yingjiu Li,Jianting Ning,Robert H. Deng

DOI: https://doi.org/10.1007/978-3-031-21280-2_34

2022-01-01

Abstract:Searchable encryption is an essential component of cryptography, which allows users to search for keywords and retrieve records from an encrypted database at cloud storage while ensuring the confidentiality of users' queries. While most existing research on searchable encryption focuses on the single domain setting, we propose the first Multi-Domain, Easily-Deployable, Efficiently-Searchable Encryption (M-EDESE) system that allows users to query keywords cross domains with high efficiency and preserved privacy without additional cooperation from the cloud storage. In the multi-domain setting, a user who belongs to a domain can query keywords from another domain under an inter-domain partnership. Any party can participate in the M-EDESE system as a domain without global coordination other than agreeing on an initial set of global reference parameters. Each domain maintains a set of users and acts as an individual multiple-user searchable encryption system while maintaining its own database. M-EDESE enables easy deployment without any requirement for cloud storage setup, thus it is compatible with the existing cloud storage platform. In addition, the M-EDESE system facilitates instant user revocation within each domain and instant partner revocation across domains. We provide a concrete construction of M-EDESE and security proofs on query privacy, unforgeability, and revocability. We also conduct a rigorous experimental evaluation of the performance of M-EDESE in a real-world setting, showing that M-EDESE is highly efficient for querying an open-sourced database.

Shahzaib Tahir,Liutauras Steponkus,Sushmita Ruj,Muttukrishnan Rajarajan,Ali Sajjad

DOI: https://doi.org/10.1016/j.future.2018.05.048

IF: 7.307

2018-01-01

Future Generation Computer Systems

Abstract:Searchable Encryption (SE) allows a client to search over large amounts of encrypted data outsourced to the Cloud. Although, this helps to maintain the confidentiality of the outsourced data but achieving privacy is a difficult and resource intensive task. With the increase in the query effectiveness, i.e., by shifting from single keyword SE to multi-keyword SE there is a notable drop in the efficiency. This motivates to make use of the advances in the multi-core architectures and multiple threads where the search can be delegated across different threads to perform search in a parallel fashion. The proposed scheme is based on probabilistic trapdoors that are formed by making use of the property of modular inverses. The use of probabilistic trapdoors helps resist distinguishability attacks. The rigorous security analysis helps us to appreciate the advantage of having a probabilistic trapdoor. Furthermore, to validate the performance of the proposed scheme, it is implemented and deployed onto the British Telecommunication’s Public Cloud offering and tested over a real speech corpus. The implementation is also extended to anticipate the performance gain by using the multi-core architecture that helps to maintain the lightweight property of the scheme.

Boshen Shan,Yuanzhi Yao,Weihai Li,Xiaodong Zuo,Nenghai Yu

DOI: https://doi.org/10.1109/trustcom56396.2022.00189

2022-01-01

Abstract:Due to the increasing popularity of cloud computing and privacy preservation concerns, sensitive data should be encrypted before outsourcing to the cloud and data utilization becomes a challenging issue. Searchable encryption (SE) is a promising technique to address this problem. Most existing searchable encryption schemes only support accurate keyword but fuzzy keyword search schemes are appreciated in practice. Moreover, in some application scenarios like the video on demand systems, data owners only hope to give the access of their data to those who have payed but authenticated user identity may often change. Therefore, dynamic user attribute updating should be considered. To solve about issues, we propose a fuzzy secure keyword search scheme over encrypted cloud data with dynamic fine-grained access control. We design a novel fuzzy keyword index to retrieve corresponding documents. To reduce the computation cost, the cloud server selects most relevant top-k documents and return them to the data users. The ciphertextpolicy attribute based encryption (CP-ABE) technique is introduced to implement fine-grained access control. Meanwhile, the basic CP-ABE is improved to meet the practical need of user attribute updating. Extensive security and performance analysis demonstrates that our proposed scheme is highly efficient and can satisfy the security requirements for fuzzy keyword search over encrypted cloud data.

Zhen Li,Minghao Zhao,Han Jiang,Qiuliang Xu

DOI: https://doi.org/10.1007/s12243-017-0571-x

2017-01-01

Abstract:Multi-user searchable encryption (MSE) enables authorized users to search over encrypted documents in the cloud. Generally, security problems in existing MSE schemes are solved as follows: (1) transmitting authority values and search tokens through secure channels to resist keyword guessing attack; (2) involving a trusted third party (TTP) to manage users and (3) relying on online users to distribute the decryption keys. However, these methods result in extra overhead and heavily restrict the scalability of the systems. In this paper, we propose a secure channel-free and TTP-free MSE scheme. It is secure against keyword guessing attack by introducing a designated server. And it achieves fine-grained access control to grant and revoke the privileges of users without TTP. More specifically, each document is encrypted with a unique and independent key, where the key distribution is integrated with user authorization and search procedures. We provide a concrete construction of the scheme and give formal proofs of its security in the random oracle model.

Fateh Boucenna

DOI: https://doi.org/10.48550/arXiv.2002.10294

2020-02-24

Cryptography and Security

Abstract:Companies and individuals demand more and more storage space and computing power. For this purpose, several new technologies have been designed and implemented, such as the cloud computing. This technology provides its users with storage space and computing power according to their needs in a flexible and personalized way. However, the outsourced data such as emails, electronic health records, and company reports are sensitive and confidential. Therefore, It is primordial to protect the outsourced data against possible external attacks and the cloud server itself. That is why it is highly recommended to encrypt the sensitive data before being outsourced to a remote server. To perform searches over outsourced data, it is no longer possible to exploit traditional search engines given that these data are encrypted. Consequently, lots of searchable encryption (SE) schemes have been proposed in the literature. Three major research axes of searchable encryption area have been studied in the literature. The first axis consists in ensuring the security of the search approach. Indeed, the search process should be performed without decryption any data and without causing any sensitive information leakage. The second axis consists in studying the search performance. In fact, the encrypted indexes are less efficient than the plaintext indexes, which makes the searchable encryption schemes very slow in practice. More the approach is secure, less it is efficient, thus, the challenge consists in finding the best compromise between security and performance. Finally, the third research axis consists in the quality of the returned results in terms of relevance and recall. The problem is that the encryption of the index causes the degradation of the recall and the precision. Therefore, the goal is to propose a technique that is able to obtain almost the same result obtained in the traditional search.

Guangchun Luo,Ningduo Peng,Ke Qin,Aiguo Chen

DOI: https://doi.org/10.1155/2014/153791

2014-01-01

Abstract:Searchable encryption technique enables the users to securely store and search their documents over the remote semitrusted server, which is especially suitable for protecting sensitive data in the cloud. However, various settings (based on symmetric or asymmetric encryption) and functionalities (ranked keyword query, range query, phrase query, etc.) are often realized by different methods with different searchable structures that are generally not compatible with each other, which limits the scope of application and hinders the functional extensions. We prove that asymmetric searchable structure could be converted to symmetric structure, and functions could be modeled separately apart from the core searchable structure. Based on this observation, we propose a layered searchable encryption (LSE) scheme, which provides compatibility, flexibility, and security for various settings and functionalities. In this scheme, the outputs of the core searchable component based on either symmetric or asymmetric setting are converted to some uniform mappings, which are then transmitted to loosely coupled functional components to further filter the results. In such a way, all functional components could directly support both symmetric and asymmetric settings. Based on LSE, we propose two representative and novel constructions for ranked keyword query (previously only available in symmetric scheme) and range query (previously only available in asymmetric scheme).

Chen Yan,Fuyuan Hu,Jing Chen,Weizhong Lu,Hongjie Wu,Luping Wang

DOI: https://doi.org/10.1109/ICDMW60847.2023.00096

2023-12-04

Abstract:In the field of smart healthcare, data security and privacy protection are of paramount importance. However, within this context, we are confronted with a crucial question: how can we enable multiple users to simultaneously access online data while safeguarding their privacy? To address this issue, this paper introduces a blockchain-based attribute-based searchable encryption scheme, along with the HBC (Healthcare Blockchain Cipher) encryption algorithm. This scheme enables multiple users to simultaneously access online data while safeguarding their privacy through encrypted search functionality. Furthermore, we integrates tamper-resistant blockchain technology into the system, to address the potential threats to data integrity and correctness when storing data on semi-trusted cloud servers. Additionally, we consider use attribute encryption for access control, to prevent malicious attackers from obtaining sensitive information through access patterns. The scheme also supports attribute revocation to prevent unauthorized access by former system users. Lastly, we provide detailed security and efficiency analysis, the results show that our scheme are security and efficiency.

Medicine,Computer Science

Lixue Sun,Chunxiang Xu,Chuang Li,Yuhui Li

DOI: https://doi.org/10.1016/j.comcom.2020.09.018

IF: 5.047

2020-12-01

Computer Communications

Abstract:<p>Searchable encryption schemes allow users to search encrypted data containing some keyword without decrypting the data. It protects the data privacy of data owners, meanwhile facilitates efficient data access in secure cloud storage service. Most of the existing schemes only considered the single-user setting, in which a user uploads his encrypted data and later performs searches on it. However, the majority of databases in practice do not only serve one user; instead, they support write operations by multiple data owners and search operations by some authorized users. There exists the following issues in existing multi-user searchable encryption schemes. First, some schemes allow only one data owner to write to the encrypted database; second, a number of schemes may require the data owner to interact with the authorized users to distribute secret keys; third, some other schemes cannot efficiently support the search authorization revocation on users, and do not achieve the trapdoor unlinkability. In this paper, we address these issues by proposing a server-aided searchable encryption scheme in multi-user setting. In our scheme, the data owners only need to know the public key of an administration server to generate the searchable ciphertext, regardless of the number of authorized users. Furthermore, our scheme is shown to be semantically secure against outside keyword guessing attacks. Finally, the performance analyses and comparisons with some existing schemes demonstrate that our scheme achieves better performance.</p>

computer science, information systems,telecommunications,engineering, electrical & electronic

Ling Huaze,Xue Kaiping,Wei David S.L.,Li Ruidong

DOI: https://doi.org/10.52396/JUST-2021-0071

2021-01-01

Journal of University of Science and Technology of China

Abstract:As more and more enterprises and individuals choose to outsource their encrypted private data to the cloud, Searchable Encryption ( SE) , which solves the issue of keyword-searching over encrypted data, is becoming much more important. To overcome typos and semantic diversity existing in query requests, fuzzy search is introduced to achieve a misspelling-tolerate search-supported encryption scheme. However, current schemes of fuzzy search over encrypted data not only bring in high computing and communication overhead in multi-user scenarios but also are unable to cover all kinds of error types under the premise of an effective accuracy. In this paper, we thus propose a multi-user multi-keyword fuzzy searchable encryption scheme. Specifically, we introduce the permuterm index to support multi-keyword wildcard search which can solve more kinds of misspelling with a higher degree of correctness. Moreover, by letting the cloud server re-encrypt indexes user encrypt, our scheme supports unshared-key multi-user fuzzy search, reducing users ' computing overhead effectively and improving the level of privacy-preserving. The results of experiments demonstrate that, compared with existing schemes, our scheme not only has a better accuracy rate, but also supports more varieties of misspelling keyword search with acceptable computational overhead.