Yilei Wang,Wenyi Bao,Yang Zhao,Hu Xiong,Zhiguang Qin

DOI: https://doi.org/10.6633/ijns.201605.18(3).09

2016-01-01

Abstract:With the continuous development of cloud computing, more and more sensitive data needs to be centrally stored in the cloud storage. For protecting the privacy of data, sensitive data must be encrypted before being outsourced to the server. The traditional PEKS (Public Encryption Keyword Search) enables users to search data by using keywords in the condition of encryption, however, it not only needs the security channel but also tolerates the huge pairing-computation. Although the pairing-free public key encryption with keyword search has been proposed, it can not support fuzzy keyword search and this drawback greatly reduces the usability of the system. In this paper, the proposed scheme features three good aspects: First, the keywords and data have been encrypted under the server's public key and thus the secure channel of the keywords transmission has been eliminated in the sense that the outside attackers cannot obtain any information related to the keywords without the knowledge of the server's private key. Second, our scheme not only supports accurate keyword search encryption but also supports the search when the keywords input have any spelling mistakes or format inconsistencies, which significantly improved the availability of the system. Finally, the proposed scheme is constructed on the El Gamal encryption instead of the bilinear-pairing encryption, which greatly improve the computational efficiency.

Hao Lin,Fei Gao,Hua Zhang,Zhengping Jin,Wenmin Li,Qiaoyan Wen

DOI: https://doi.org/10.1109/jsyst.2021.3106701

IF: 4.802

2022-03-01

IEEE Systems Journal

Abstract:In cloud storage, public key encryption with equality test (PKEET) is suitable for testing whether two ciphertexts generated from different public keys contain the same message without decryption. Recently, (Y. J. Wang et al., 2019) have proposed a public key signcryption scheme with designated equality test (PKS-DET). In this scheme, since the public key of the tester is used in the encryption, the tester needs to use its secret key to test the ciphertexts. Without trapdoor, PKS-DET prevents the attacker from testing the user's ciphertexts with the stolen trapdoor. Therefore, the privacy of the user can be protected. However, if the user in the PKS-DET wants to authorize the other tester to test his/her ciphertexts for some reason, the message needs to be encrypted again by the public key of the other tester. This will lead to higher computational complexity. Hence, the PKS-DET is not flexible to authorize multiple testers. In this article, we propose a construction of PKEET supporting flexible designated authorization (PKEET-FDA). The user in our PKEET-FDA can adaptively authorize multiple testers to test his/her ciphertexts, and each authorized tester must use its secret key to perform equality test for the ciphertexts. More importantly, the user does not need to encrypt the message repeatedly any more. We demonstrate the security of PKEET-FDA under two types of adversaries. Compared with the related efficient PKEET schemes, PKEET-FDA satisfies high efficiency from the point of view of the user. In terms of storage requirement, our construction is superior to the PKS-DET.

computer science, information systems,telecommunications,engineering, electrical & electronic,operations research & management science

Yuanhao Wang,Qiong Huang,Hongbo Li,Jianye Huang,Guomin Yang,Willy Susilo

DOI: https://doi.org/10.1109/access.2019.2940646

IF: 3.9

2019-01-01

IEEE Access

Abstract:Due to the massive growth of data and security concerns, data of patients would be encrypted and outsourced to the cloud server for feature matching in various medical scenarios, such as personal health record systems, actuarial judgments and diagnostic related groups. Public key encryption with equality test (PKEET) is a useful utility for encrypted feature matching. Authorized tester could perform data matching on encrypted data without decrypting. Unfortunately, due to the limited terminology in medicine, people within institutions may illegally use data, trying to obtain information through traversal methods. In this paper we propose a new PKEET notion, called public-key authenticated encryption with designated equality test (PKAE-DET), which could resist this kind of attacks launched by an inside adversary, known as offline message recovery attacks (OMRA). We propose a concrete construction of PKAE-DET, which only requires one single server to perform the feature matching job securely, and does not require any group mechanism. We prove its security based on some simple mathematical assumptions. Experimental results show that our scheme has efficiency comparable with those PKEET schemes which do not resist OMRA attacks or require group mechanism. We further show how our scheme could be effectively used in diagnostic related groups in medicine, demonstrating its practicability.

Ping Zhang,Jinbo Li,Zhumu Fu

DOI: https://doi.org/10.3390/info13060265

2022-01-01

Information

Abstract:With the rapid development and wide application of cloud computing and 5G communication, the number of mobile users is increasing rapidly, meaning that cloud storage services are receiving more and more attention. The equality test technology of retrievable encrypted data has become a hot research topic among scholars in recent years. In view of the problem of offline keyword-guessing attacks (KGAs) caused by collusion between internal servers and users, a public key encryption with equality test scheme (RKGA-CET) with higher security against KGAs is proposed. Based on the assumed difficulty of the discrete logarithm problem (DLP) and the properties of bilinear mapping, a specific encryption algorithm that encrypts the keyword twice is designed. In the first encryption stage, we convert the keyword according to the property of isomorphism of a finite field. In the second encryption stage, we encrypt the converted keyword vector and embed the user's private key, and then perform the equality test. The algorithm ensures that the adversary cannot generate legal ciphertexts and implement KGAs when the secondary server is offline. At the same time, the algorithm also supports two authorization modes, in which case users can flexibly choose the corresponding authorization mode according to their own needs. Performance analysis shows that this scheme has overall superiority compared with other similar ones.

Yuanhao Wang,Yuzhao Cui,Qiong Huang,Hongbo Li,Jianye Huang,Guomin Yang

DOI: https://doi.org/10.1109/ACCESS.2020.2973459

IF: 3.9

2020-01-01

IEEE Access

Abstract:Sensitive data would be encrypted before uploading to the cloud due to the privacy issue. However, how to compare the encrypted data efficiently becomes a problem. Public Key Encryption with Equality Test (PKEET) provides an efficient way to check whether two ciphertexts (of possibly different users) contain the same message without decryption. As an enhanced variant, Attribute-based Encryption with Equality Test (ABEET) provides a flexible mechanism of authorization on the equality test. Most of the existing ABEET schemes are only proved to be secure in the random oracle model. Their security, however, would not be guaranteed if random oracles are replaced with real-life hash functions. In this work, we propose a construction of CP-ABEET scheme and prove its security based on some reasonable assumptions in the standard model. We then show how to modify the scheme to outsource complex computations in decryption and equality test to a third-party server in order to support thin clients.

Qiang Wang,Li Peng,Hu Xiong,Jianfei Sun,Zhiguang Qin

DOI: https://doi.org/10.1109/access.2017.2775741

IF: 3.9

2017-01-01

IEEE Access

Abstract:Public key encryption supporting equality test (referred to as PKE-ET) provides the capability of testing the equivalence between two messages encrypted under different public keys. Ciphertext-policy attribute-based encryption (CP-ABE) is a promising primitive to achieve versatile and secure data sharing in the cloud computing by providing flexible one-to-many encryption. In this paper, we first initialize the concept of CP-ABE with equality test (CP-ABE-ET) by combining the notions of PKE-ET and CP-ABE. Using ABE-ET primitive, the receiver can delegate a cloud server to perform an equivalence test between two messages, which are encrypted under different access policies. During the delegated equivalence test, the cloud server is unable to obtain any knowledge of the message encrypted under either access policy. We propose a concrete CP-ABE-ET scheme using bilinear pairing and Viete's formulas, and give the security proof of the proposed scheme formally in the standard model. Moreover, the theoretic analysis and experimental simulation reveal that the proposed scheme is efficient and practical.

Huijun Zhu,Qingji Xue,Tianfeng Li,Dong Xie

DOI: https://doi.org/10.3390/e24030309

2022-02-22

Abstract:Public key encryption supporting equality test (PKEwET) schemes, because of their special function, have good applications in many fields, such as in cloud computing services, blockchain, and the Internet of Things. The original PKEwET has no authorization function. Subsequently, many PKEwET schemes have been proposed with the ability to perform authorization against various application scenarios. However, these schemes are incapable of traceability to the ciphertexts. In this paper, the ability of tracing to the ciphertexts is introduced into a PKEwET scheme. For the ciphertexts, the presented scheme supports not only the equality test, but also has the function of traceability. Meanwhile, the security of the proposed scheme is revealed by a game between an adversary and a simulator, and it achieves a desirable level of security. Depending on the attacker's privileges, it can resist OW-CCA security against an adversary with a trapdoor, and can resist IND-CCA security against an adversary without a trapdoor. Finally, the performance of the presented scheme is discussed.

Run Xie,Chanlian He,Yu He,Chunxiang Xu,Kun Liu

DOI: https://doi.org/10.1007/978-3-319-69605-8_17

2016-01-01

Abstract:With networking became prevalent, the amount of data to be stored and managed on networked servers rapidly increases. Meanwhile, with the improvement of awareness of data privacy, the user’s sensitive data is usually encrypted before uploading them to the cloud server. The searchable public-key encryption provides an efficient mechanism to achieve data retrieval in encrypted storage. Therefore, it is a critical technique on promoting secure and efficient cloud storage. Unfortunately, only few the existing schemes are secure to resist outside keyword guessing attacks. In this paper, we propose two efficient searchable public-key encryption schemes with a designated tester (dPEKS). One is a basic dPEKS, where the dPEKS ciphertext indistinguishability is proved without the random oracle. Meanwhile, the basic scheme is secure to resist the outside KGA since it satisfies the property of trapdoor indistinguishability. Comparing with the existing dPEKS schemes which use expensive pairing computation, our scheme is more efficient since we only need multi-exponentiation. Another is an enhanced dPEKS scheme. With the sender’s identity is kept secret from server, this scheme can provide stronger security.

Rashad Elhabob,Yanan Zhao,Iva Sella,Hu Xiong

DOI: https://doi.org/10.3837/tiis.2019.09.023

2019-01-01

KSII Transactions on Internet and Information Systems

Abstract:Cloud computing provides a broad range of services like operating systems, hardware, software and resources. Availability of these services encourages data owners to outsource their intensive computations and massive data to the cloud. However, considering the untrusted nature of cloud server, it is essential to encrypt the data before outsourcing it to the cloud. Unfortunately, this leads to a challenge when it comes to providing search functionality for encrypted data located in the cloud. To address this challenge, this paper presents a public key encryption with equality test for heterogeneous systems (PKE-ET-HS). The PKE-ET-HS scheme simulates certificateless public encryption with equality test (CLE-ET) with the identity-based encryption with equality test (IBE-ET). This scheme provides the authorized cloud server the right to actuate the equivalence of two messages having their encryptions performed under heterogeneous systems. Basing on the random oracle model, we construct the security of our proposed scheme under the bilinear Diffie-Hellman (BDH) assumption. Eventually, we evaluate the size of storage, computation complexities, and properties with other related works and illustrations indicate good performance from our scheme.

Zhi-guang QIN,Wen-yi BAO,Yang ZHAO,Hu XIONG

DOI: https://doi.org/10.3969/j.issn.1671-1122.2015.11.001

2015-01-01

Abstract:Already there has been many keyword searchable encryption researches done, but they mostly bear a weakness of oflfine keyword guessing attack, besides they are based on the heavier pairing computation. What’s more, most public encryption keyword search schemes can’t support fuzzy keyword search, this obvious drawback reduces the usability of the search system. The scheme we propose use the server’s public key to encrypt the keywords and data, and if outside attackers have no server’s private key, he will not obtain any information of the keyword ciphertexts, so we can use public channel to transport PEKS. The scheme not only supports accurate keyword search encryption but also supports the search when the keywords input have any spelling mistakes or format inconsistent situations. So it has greatly improved the availability of the system. The scheme use El Gamal encryption instead of the bilinear-pairing encryption, which greatly reduce the computational overhead.

Rashad Elhabob,Nabeil Eltayieb,Hu Xiong,Fazlullah Khan,Ali Kashif Bashir,Saru Kumari,Ryan Alturki,Sachin Kumar

DOI: https://doi.org/10.1109/TCE.2024.3405496

2024-01-01

IEEE Transactions on Consumer Electronics

Abstract:The rise of e-commerce and the adoption of cloud servers have revolutionized retail by providing greater convenience and selection to online shoppers. However, personalizing the customer experience also poses important challenges regarding privacy, security, and trust. To tackle this issue, the public key encryption with equality test (PKEET) is employed. Customer experiences are securely transmitted to the cloud server in an encrypted manner. Consequently, the cloud server is authorized to carry out an equality test on the encrypted data and retrieval without revealing private details. Edward Snowden’s disclosures underscored the risk of capable adversaries infiltrating user devices and surreptitiously accessing private information via covert backdoors. To tackle this, cryptographic reverse firewalls (CRFs) were proposed. However, applying CRF techniques to PKEET for securing personalization and contextualization in e-commerce has yet to be realized. Thus, this work introduces a novel equality test public key encryption with cryptographic reverse firewalls (ET-PKE-CRF) approach. The performance evaluation demonstrates that the ET-PKE-CRF scheme substantially enhances efficiency in terms of communication and computation, outperforming current advanced solutions.

Rashad Elhabob,Yanan Zhao,Alzubair Hassan,Hu Xiong

DOI: https://doi.org/10.1007/s11277-020-07190-9

IF: 2.017

2020-01-01

Wireless Personal Communications

Abstract:With the continuous development of the Internet of Things (IoT), a growing number of users choose to store the data collected from their smart devices on a cloud server for saving costs. However, the security and privacy issues that accompany the cloud-assisted IoT are also becoming increasingly apparent. Considering the untrusted nature of the cloud server, the data accumulated by the smart sensor must be encrypted before outsourcing to the cloud server. Nevertheless, the above mechanism raises another serious problem. For users of another public key cryptosystem, it is impractical to download all the data stored in the cloud to find the data he needs. To solve this problem, we first, proposed a public key encryption with equality test for heterogeneous systems (PKE-ET-HS) which combines the ideas of identity-based encryption with outsourced equality test and public key encryption with equality test. This scheme allows the authorized cloud server to retrieve whether two encryptions encrypted in a heterogeneous system contain equivalent messages. In addition, in the random oracle, the security of the proposed scheme has been given under the bilinear Diffie–Hellman assumption and the computational Diffie–Hellman assumption. Finally, storage size, computation complexity, and properties are compared with other related works. The results show that the PKE-ET-HS scheme proposed in this paper has a good performance.

Jianfei Sun,Yangyang Bao,Xuyun Nie,Hu Xiong

DOI: https://doi.org/10.1109/access.2018.2843565

IF: 3.9

2018-01-01

IEEE Access

Abstract:Public key encryption with equality test (PKE-ET) enables anyone to perform equivalence test between two messages encrypted under distinct public keys. Attribute-hiding predicate encryption is a paradigm for public key encryption that supports both attribute-hiding and fine-grained access control. In this paper, we first initialize the concept of attribute-hiding predicate encryption with equality test (AH-PE-ET) by incorporating the notions of PKE-ET and PE, and then propose a concrete AH-PE-ET scheme. Inheriting the merits of predicate encryption, versatile access control can be achieved such that the ciphertexts and the secret key are, respectively, associated with the descriptive attributes x and the boolean functions f and decryption can only be done if f (x) returns true. In the AH-PE-ET scheme, one data receiver can calculate a trapdoor using his/her private key and delivers this trapdoor to an untrusted cloud server, who in turn compares the ciphertexts from this receiver with other receivers' ciphertexts. During the comparison, the information about the trapdoor as well as the attributes associated with the ciphertexts will not be disclosed to this cloud server. Furthermore, it is also proven to be selectively secure against the chosen plaintext attack in the standard model under the decisional bilinear Diffie-Hellman assumption. Finally, the theoretical performance analysis and experimental simulation indicate the feasibility and practicability of our suggested scheme.

Axin Wu,Fagen Li,Xiangjun Xin,Yinghui Zhang,Jianhao Zhu

DOI: https://doi.org/10.1016/j.sysarc.2024.103104

IF: 5.836

2024-03-08

Journal of Systems Architecture

Abstract:Cloud storage offers data users relief from cumbersome management tasks and enhances overall efficiency. However, while it brings convenience, there is also the risk of privacy breaches. To address this, public-key encryption with keyword search (PEKE) presents a solution that balances efficiency, convenience, and security in the context of cloud storage. Nevertheless, PEKS is vulnerable to inside keyword guessing attacks and algorithm substitution attacks, posing a serious threat to its deployment. Cryptographic reverse firewall technique randomizes incoming messages to effectively defend against both types of attacks mentioned earlier through a gateway. However, this approach requires the gateway to store a random number for each keyword, increasing storage costs and potentially exposing keyword information. In response, we propose an improved scheme that inherits the remarkable properties of the method based on cryptographic reverse firewall. Additionally, the proposed scheme eliminates the need for gateways to store random numbers, reducing the management and storage burdens and supports multiple keywords for one document, a feature more aligned with real-world applications. Furthermore, we prove the security of the scheme, which achieves the same security goals as the existing scheme. Finally, we analyze the scheme s efficiency through theoretical analysis and performance evaluation, which demonstrates its efficiency.

computer science, software engineering, hardware & architecture

Dung Hoang Duong,Kazuhide Fukushima,Shinsaku Kiyomoto,Partha Sarathi Roy,Arnaud Sipasseuth,Willy Susilo

DOI: https://doi.org/10.48550/arXiv.2005.05308

2020-05-10

Abstract:Public key encryption with equality test (PKEET) supports to check whether two ciphertexts encrypted under different public keys contain the same message or not. PKEET has many interesting applications such as keyword search on encrypted data, encrypted data partitioning for efficient encrypted data management, personal health record systems, spam filtering in encrypted email systems and so on. However, the PKEET scheme lacks an authorization mechanism for a user to control the comparison of its ciphertexts with others. In 2015, Ma et al. introduce the notion of PKEET with flexible authorization (PKEET-FA) which strengthens privacy protection. Since 2015, there are several follow-up works on PKEET-FA. But, all are secure in the random-oracle model. Moreover, all are vulnerable to quantum attacks. In this paper, we provide three constructions of quantum-safe PKEET-FA secure in the standard model. Proposed constructions are secure based on the hardness assumptions of integer lattices and ideal lattices. Finally, we implement the PKEET-FA scheme over ideal lattices.

Cryptography and Security

Qiuxiang Dong,Zhi Guan,Liang Wu,Zhong Chen

DOI: https://doi.org/10.1007/978-3-642-38562-9_74

2013-01-01

Abstract:Searchable encryption is used to support searches over encrypted data stored on cloud servers. Traditional searchable encryption only supports exact keyword search instead of more flexible fuzzy keyword search. To solve this problem, a recent emerging paradigm, named fuzzy keyword searchable encryption, has been proposed. There have been some proposals designed for fuzzy keyword search in the symmetric key setting, but none efficient schemes in the public key setting. In this paper, we propose a new primitive of interactive public key encryption with fuzzy keyword search (IPEFKS), which supports efficient fuzzy keyword search over encrypted data in the public key setting. We construct and implement a homomorphic encryption based IPEFKS scheme. To compare this scheme with the existing ones, we implement LWW-FKS, which, to the best of our knowledge, is the most efficient among the existing schemes. The experimental results show that IPEFKS is much more efficient than LWW-FKS.

Peiming Xu,Shaohua Tang,Peng Xu,Qianhong Wu,Honggang Hu,Willy Susilo

DOI: https://doi.org/10.1109/tsc.2019.2903502

IF: 11.019

2021-01-01

IEEE Transactions on Services Computing

Abstract:With the outbreak of e-mail message leakage events, such as the Hillary Clinton's Email Controversy, privacy and security of sensitive e-mail information have become users' primary concern. Encrypted email seems to be a viable solution for providing security, but it will greatly limit their operations. Public encryption with keyword search (PEKS) scheme is a popular technology to incorporate security protection and favorable operability functions together, which can play an important role in searching over encrypted email in a cloud server. In this paper, we propose a practical PEKS scheme named as public-key multi-keyword searchable encryption with hidden structures (PMSEHS). It could enable e-mail receivers to do the multi-keyword and boolean search in the large encrypted email database as fast as possible, without revealing more information to the cloud server. We also give comparative experiments, which demonstrate that our scheme has a higher efficiency in multi-keyword search for encrypted emails.

Jin Li,Qian Wang,Cong Wang,Ning Cao,Kui Ren,Wenjing Lou

DOI: https://doi.org/10.1109/infcom.2010.5462196

2010-01-01

Abstract:As Cloud Computing becomes prevalent, more and more sensitive information are being centralized into the cloud. For the protection of data privacy, sensitive data usually have to be encrypted before outsourcing, which makes effective data utilization a very challenging task. Although traditional searchable encryption schemes allow a user to securely search over encrypted data through keywords and selectively retrieve files of interest, these techniques support only exact keyword search. That is, there is no tolerance of minor typos and format inconsistencies which, on the other hand, are typical user searching behavior and happen very frequently. This significant drawback makes existing techniques unsuitable in Cloud Computing as it greatly affects system usability, rendering user searching experiences very frustrating and system efficacy very low. In this paper, for the first time we formalize and solve the problem of effective fuzzy keyword search over encrypted cloud data while maintaining keyword privacy. Fuzzy keyword search greatly enhances system usability by returning the matching files when users' searching inputs exactly match the predefined keywords or the closest possible matching files based on keyword similarity semantics, when exact match fails. In our solution, we exploit edit distance to quantify keywords similarity and develop an advanced technique on constructing fuzzy keyword sets, which greatly reduces the storage and representation overheads. Through rigorous security analysis, we show that our proposed solution is secure and privacy-preserving, while correctly realizing the goal of fuzzy keyword search.

Kaibin Huang,Raylin Tso,Yu-Chi Chen,Wangyu Li,Hung-Min Sun

DOI: https://doi.org/10.1007/978-3-319-11698-3_45

2014-01-01

Abstract:We proposed a new public key encryption scheme with equality test (PKEET), which stands for a public key encryption scheme with comparable ciphertext. The equivalence among ciphertext under PKEET schemes can be verified without decryption. In some PKEET algorithms like Tang's AoN-PKEET, which is called authorization-based PKEET, the equality test functionality is restricted to some authorized users: only users who own authorities are able to perform equality test functions. For the best of our knowledge, the authorities of all existing authorization-based PKEET schemes are valid for all ciphertext encrypted under the same public key. Accurately, we propose a CBA-PKEET scheme following Tang's AoN-PKEET scheme, which means a PKEET scheme with ciphertext-binded authorities (CBA). Each ciphertext-binded authority is valid for a specific ciphertext, rather than all ciphertext encrypted under the same public key. Then, we compare the features and efficiency between our CBA-PKEET and some existing authorization-based PKEET schemes. Finally, the security of CBA-PKEET is proved in the random oracle model based on the some hard problems.

Hu Xiong,Tianang Yao,Hanxiao Wang,Jun Feng,Shui Yu

DOI: https://doi.org/10.1109/jiot.2021.3109440

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:Nowadays, Internet of Things (IoT) is an attractive system to provide broad connectivity of a wide range of applications, and clouds are natural promoters. Cloud-assisted IoT combines the advantages of cloud computing and IoT, which is able to collect data from the real world and maximizes the value of the collected data by the means of data sharing and data analysis. Meanwhile, secure and convenient data retrieval in cloud servers becomes an important requirement for both enterprises and individual users. Public-key encryption with search functionality (shorten as PKE-SF) is a widely used cryptographic technique that allows users to retrieve encrypted data without decryption. PKE-SF mainly contains the primitives of public-key encryption with keyword search (PKE-KS), public-key encryption with equality test (PKE-ET), and plaintext-checkable encryption (PCE). In light of the overwhelming variety and multitude of PKE-SF schemes, this survey presents these schemes from different perspectives to provide better comprehension for beginners and advanced researchers. More concretely, this survey concentrates on the state of the art of PKE-SF by analyzing the design rationale, examining the framework and security model, and assessing the existing schemes in accordance with theoretic efficiency, security properties, and experimental performance. Furthermore, we discuss the extensions of traditional PKE-SF schemes which feature with the access control delegation, conjunctive keyword search, certificate-free, and offline keyword guessing attack resilience. Finally, we point out some promising directions for readers.