Jingwei Lu,Hongbo Li,Jianye Huang,Sha Ma,Man Ho Allen Au,Qiong Huang

DOI: https://doi.org/10.1016/j.csi.2023.103759

IF: 3.721

2024-01-01

Computer Standards & Interfaces

Abstract:It is tricky to determine whether two ciphertexts contain the same message when the messages are encrypted with different public keys. public key encryption with equality test (PKEET) addresses this problem without decryption. By integrating PKEET with identity-based encryption, identity-based encryption with equality test (IBEET) simplifies the certificate management in PKEET. In this paper, we first propose an IBEET scheme that can resist offline message recovery attacks (OMRA) and requires neither the dual-tester setting nor the group mechanism. With the help of some mathematical assumptions, we demonstrate the security of our scheme. Experiment results reveal that our scheme is efficient. From the perspective of usability, we explain why our scheme is more appropriate to be applied in healthcare social Apps than other OMRA-resistant schemes.

Yuanhao Wang,Qiong Huang,Hongbo Li,Jianye Huang,Guomin Yang,Willy Susilo

DOI: https://doi.org/10.1109/access.2019.2940646

IF: 3.9

2019-01-01

IEEE Access

Abstract:Due to the massive growth of data and security concerns, data of patients would be encrypted and outsourced to the cloud server for feature matching in various medical scenarios, such as personal health record systems, actuarial judgments and diagnostic related groups. Public key encryption with equality test (PKEET) is a useful utility for encrypted feature matching. Authorized tester could perform data matching on encrypted data without decrypting. Unfortunately, due to the limited terminology in medicine, people within institutions may illegally use data, trying to obtain information through traversal methods. In this paper we propose a new PKEET notion, called public-key authenticated encryption with designated equality test (PKAE-DET), which could resist this kind of attacks launched by an inside adversary, known as offline message recovery attacks (OMRA). We propose a concrete construction of PKAE-DET, which only requires one single server to perform the feature matching job securely, and does not require any group mechanism. We prove its security based on some simple mathematical assumptions. Experimental results show that our scheme has efficiency comparable with those PKEET schemes which do not resist OMRA attacks or require group mechanism. We further show how our scheme could be effectively used in diagnostic related groups in medicine, demonstrating its practicability.

Yuanhao Wang,Yuzhao Cui,Qiong Huang,Hongbo Li,Jianye Huang,Guomin Yang

DOI: https://doi.org/10.1109/ACCESS.2020.2973459

IF: 3.9

2020-01-01

IEEE Access

Abstract:Sensitive data would be encrypted before uploading to the cloud due to the privacy issue. However, how to compare the encrypted data efficiently becomes a problem. Public Key Encryption with Equality Test (PKEET) provides an efficient way to check whether two ciphertexts (of possibly different users) contain the same message without decryption. As an enhanced variant, Attribute-based Encryption with Equality Test (ABEET) provides a flexible mechanism of authorization on the equality test. Most of the existing ABEET schemes are only proved to be secure in the random oracle model. Their security, however, would not be guaranteed if random oracles are replaced with real-life hash functions. In this work, we propose a construction of CP-ABEET scheme and prove its security based on some reasonable assumptions in the standard model. We then show how to modify the scheme to outsource complex computations in decryption and equality test to a third-party server in order to support thin clients.

Hongbo Li,Qiong Huang,Sha Ma,Jian Shen,Willy Susilo

DOI: https://doi.org/10.1109/access.2019.2899680

IF: 3.9

2019-01-01

IEEE Access

Abstract:With the higher rate of using cloud storage, protecting data privacy becomes an important issue. The most effective solution is to encrypt data before uploading to the cloud. However, how to efficiently search over data encrypted with different keys is still an open problem. To address this problem, we introduce a new notion of the identity-based encryption with equality test supporting flexible authorization (IBEET-FA). It supports the test of whether two ciphertexts encrypted under the different keys encapsulate the same message, and in the meanwhile supports fine-grained authorization of the test. Based on the equality test on ciphertexts, there is a direct way to support an authorized user to search over ciphertexts of different users, which accelerates secret data sharing among a group of users. Besides, IBEET-FA does not suffer from the complex key management problem of its counterpart in the traditional public key infrastructure. We propose a concrete construction of IBEET-FA and prove it to be securely based on simple mathematical assumptions. The experimental results show that our IBEET-FA scheme is efficient and can satisfy various types of search over encrypted data.

Yuzhao Cui,Qiong Huang,Jianye Huang,Hongbo Li,Guomin Yang

DOI: https://doi.org/10.1093/comjnl/bxz036

2019-01-01

The Computer Journal

Abstract:Thanks to the ease of access and low expenses, it is now popular for people to store data in cloud servers. To protect sensitive data from being leaked to the outside, people usually encrypt the data in the cloud. However, management of these encrypted data becomes a challenging problem, e.g. data classification. Besides, how to selectively share data with other users is also an important and interesting problem in cloud storage. In this paper, we focus on ciphertext-policy attribute based encryption with equality test (CP-ABEET). People can use CP-ABEET to implement not only flexible authorization for the access to encrypted data, but also efficient data label classification, i.e. test of whether two encrypted data contain the same message. We construct an efficient CP-ABEET scheme, and prove its security based on a reasonable number-theoretic assumption. Compared with the only existing CP-ABEET scheme, our construction is more efficient in key generation, and has shorter attribute-related secret keys and better security.

Faguo Wu,Wang Yao,Xiao Zhang,Zhiming Zheng,Wenhua Wang

DOI: https://doi.org/10.1007/978-3-030-00012-7_7

2018-01-01

Abstract:In recent years, great progress has been made in global digital construction, various kinds of methods, such as encryption, isolated storage and firewall, are used to prevent information from stealing. However, the above mentioned technologies severely hinder information sharing, especially in some special areas, such as medical industries in which doctors need to share similar patient's information to improve the effectiveness of treatment. The premise of sharing information is to find the desired information on encrypted data, although identity based encryption scheme with equality test (IBEET) has been defined as a viable solution, it can only search for the ciphertext formed by the exact same plaintext. In this paper, we firstly propose an efficient identity based privacy information sharing with similarity test in cloud environment. Our scheme can search out similar data of the target data on encrypted content. Besides, we use advanced Locality-Sensitive Hashing function to generate index for data to protect the privacy information of users.

Danial Shiraly,Ziba Eslami,Nasrollah Pakniat

DOI: https://doi.org/10.1016/j.sysarc.2024.103183

IF: 5.836

2024-05-25

Journal of Systems Architecture

Abstract:The advent of cloud computing has made cloud server outsourcing increasingly popular among data owners. However, the storage of sensitive data on cloud servers engenders serious challenges for the security and privacy of data. Public Key Authenticated Encryption with Keyword Search (PAEKS) is an effective method that protects information confidentiality and supports keyword searches. Identity-Based Authenticated Encryption with Keyword Search (IBAEKS) is a PAEKS variant in identity-based settings, designed for solving the intractable certificate management problem. To the best of our knowledge, only two IBAEKS schemes exist in the literature, both presented with weak security models that make them vulnerable against what is known as Fully Chosen Keyword attacks. Moreover, the existing IBAEKS schemes are based on the time-consuming bilinear pairing operation, leading to a significant increase in computational cost. To overcome these issues, in this paper, we first propose an enhanced security model for IBAEKS and compare it with existing models. We then prove that the existing IBAEKS schemes are not secure in our enhanced model. We also propose an efficient pairing-free dIBAEKS scheme and prove that it is secure under the enhanced security model. Finally, we compare our proposed scheme with related constructions to indicate its overall superiority.

computer science, software engineering, hardware & architecture

Hao Lin,Fei Gao,Hua Zhang,Zhengping Jin,Wenmin Li,Qiaoyan Wen

DOI: https://doi.org/10.1109/jsyst.2021.3106701

IF: 4.802

2022-03-01

IEEE Systems Journal

Abstract:In cloud storage, public key encryption with equality test (PKEET) is suitable for testing whether two ciphertexts generated from different public keys contain the same message without decryption. Recently, (Y. J. Wang et al., 2019) have proposed a public key signcryption scheme with designated equality test (PKS-DET). In this scheme, since the public key of the tester is used in the encryption, the tester needs to use its secret key to test the ciphertexts. Without trapdoor, PKS-DET prevents the attacker from testing the user's ciphertexts with the stolen trapdoor. Therefore, the privacy of the user can be protected. However, if the user in the PKS-DET wants to authorize the other tester to test his/her ciphertexts for some reason, the message needs to be encrypted again by the public key of the other tester. This will lead to higher computational complexity. Hence, the PKS-DET is not flexible to authorize multiple testers. In this article, we propose a construction of PKEET supporting flexible designated authorization (PKEET-FDA). The user in our PKEET-FDA can adaptively authorize multiple testers to test his/her ciphertexts, and each authorized tester must use its secret key to perform equality test for the ciphertexts. More importantly, the user does not need to encrypt the message repeatedly any more. We demonstrate the security of PKEET-FDA under two types of adversaries. Compared with the related efficient PKEET schemes, PKEET-FDA satisfies high efficiency from the point of view of the user. In terms of storage requirement, our construction is superior to the PKS-DET.

computer science, information systems,telecommunications,engineering, electrical & electronic,operations research & management science

Jingwei Liu,Yue Fan,Rong Sun,Lei Liu,Celimuge Wu,Shahid Mumtaz

DOI: https://doi.org/10.1109/jiot.2023.3287636

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:Due to the massive applications of Internet of Things (IoT) and the prevalence of wearable devices, e-healthcare systems are widely deployed in medical institutions. As a significant carrier of medical data, electronic medical record (EMR) is convenient to be stored and retrieved, which greatly simplifies the experience of medical treatment and cuts down the trivial work of paramedics. However, EMRs usually include much sensitive information such as patients’ identification numbers or home addresses that may be easily captured by unauthorized doctors and cloud servers. Based on this concern, e-healthcare systems can make use of attribute-based encryption (ABE) to protect private information while achieving fine-grained access control of encrypted EMRs. Whereas, most ABE schemes do not support both policy hiding and keyword search. To address the above issues, we propose an inner product searchable encryption scheme with multi-keyword search (MK-IPSE) based on blockchain to provide full privacy preservation and efficient ciphertext retrieval for EMRs. Inner product encryption (IPE) can not only specify access permissions such that only users with matched attributes can get the target files, but also support access policy hiding. Besides, the proposed scheme combines searchable encryption (SE) and federated blockchain (FB) to implement efficient and stable multi-keyword search. Compared with the existing schemes, MK-IPSE shows better performance on computation and storage. Additionally, security analysis demonstrates that our scheme can resist IND-CKA and collusion attacks.

computer science, information systems,telecommunications,engineering, electrical & electronic

Ye Li,Mengen Xiong,Junling Yuan,Qikun Zhang,Hongfei Zhu

DOI: https://doi.org/10.3390/electronics13163236

IF: 2.9

2024-08-16

Electronics

Abstract:In edge–cloud collaboration scenarios, data sharing is a critical technological tool, yet smart devices encounter significant challenges in ensuring data-sharing security. Attribute-based keyword search (ABKS) is employed in these contexts to facilitate fine-grained access control over shared data, allowing only users with the necessary privileges to retrieve keywords. The implementation of secure data sharing is threatened since most of the current ABKS protocols cannot resist keyword guessing attacks (KGAs), which can be launched by an untrusted cloud server and result in the exposure of sensitive personal information. Using attribute-based encryption (ABE) as the foundation, we build a secure data exchange paradigm that resists KGAs in this work. In our paper, we provide a secure data-sharing framework that resists KGAs and uses ABE as the foundation to achieve fine-grained access control to resources in the ciphertext. To avoid malicious guessing of keywords by the cloud server, the edge layer computes two encryption session keys based on group key agreement (GKA) technology, which are used to re-encrypt the data user's secret key of the keyword index and keyword trapdoor. The model is implemented using the JPBC library. According to the security analysis, the model can resist KGAs in the random oracle model. The model's performance examination demonstrates its feasibility and lightweight nature, its large computing advantages, and lower storage consumption.

engineering, electrical & electronic,computer science, information systems,physics, applied

Yuzhao Cui,Qiong Huang,Jianye Huang,Hongbo Li,Guomin Yang

DOI: https://doi.org/10.1007/978-3-030-14234-6_24

2018-01-01

Abstract:In the cloud era people get used to store their data to the cloud server, and would use encryption technique to protect their sensitive data from leakage. However, encrypted data management is a challenging problem, for example, encrypted data classification. Besides, how to effectively control the access to the encrypted data is also an important problem. Ciphertext-policy attribute-based encryption with equality test (CP-ABEET) is an efficient solution to the aforementioned problems, which enjoys the advantage of attribute-based encryption, and in the meanwhile supports the test of whether two different ciphertexts contain the same message without the need of decryption. However, the existing CP-ABEET schemes suffer from high computation costs. In this paper, we study how to outsource the heavy computation in CP-ABEET scheme to a third-party server. We introduce the notion of CP-ABEET supporting outsourced decryption (OCP-ABEET), which saves a lot of local computation loads of CP-ABEET. We propose a concrete construction of OCP-ABEET, and prove its security based on a reasonable number-theoretic assumption in the random oracle model. Compared with the existing CP-ABEET schemes, our scheme is more computationally .

Shaofen Xie,Faguo Wu,Xiao Zhang,Wang Yao,Zhiming Zheng

DOI: https://doi.org/10.1109/iceiec.2019.8784488

2019-01-01

Abstract:Recently, how to share the encrypted data efficiently from the cloud service provider becomes a hot topic, and massive research works have studied on Equality Test for encryption files of secure cloud storage. The basic idea of sharing information is to find the encrypted target information. Considering the scheme of identity-based encryption with equal test (IBEET) is defined as a feasible scheme, but it can only search for ciphertext composed of identical plaintext. However, the above technologies have seriously affected information sharing, because it greatly limits the search scope. Especially in some special areas, such as medical industries, doctors need to share similar medical information for auxiliary treatment and autonomous learning to improve the personal business ability. We propose the similarity test for sharing the privacy-preserving medical information in cloud environment. Our scheme proposal focuses on the Locality-Sensitive Hashing function to generate the index for protecting the upload information. In addition, our scheme utilizes the identity based on NTRU encryption to achieve resistance to quantum attacks.

Siyue Dong,Zhen Zhao,Baocang Wang,Wen Gao,Shanshan Zhang

DOI: https://doi.org/10.3390/electronics13071256

IF: 2.9

2024-03-29

Electronics

Abstract:Public key encryption with equality test (PKEET) is a cryptographic primitive that enables a tester to determine whether two ciphertexts encrypted with same or different public keys have been generated from the same message without decryption. Previous studies extended PKEET to public key encryption with designated-position fuzzy equality test (PKE-DFET), enabling testers to verify whether plaintexts corresponding to two ciphertexts are equal while ignoring specific bits at designated positions. In this work, we have filled the research gap in the identity-based encryption (IBE) cryptosystems for this primitive. Furthermore, although our authorization method is the all-or-nothing (AoN) type, it overcomes the shortcomings present in the majority of AoN-type authorization schemes. In our scheme, equality tests can only be performed between a ciphertext and a given plaintext. Specifically, even if a tester acquires multiple AoN-type authorizations, it cannot conduct unpermitted equality tests between users. This significantly reduces the risk of user privacy leaks when handling sensitive information in certain scenarios, while still retaining the flexible and simple characteristics of AoN-type authorizations. We use the Chinese national cryptography standard SM9-IBE algorithm to provide the concrete construction of our scheme, enhancing the usability and security of our scheme, while making deployment more convenient. Finally, we prove that our scheme achieves F-OW-ID-CCA security when the adversary has the trapdoor of the challenge ciphertext, and achieves IND-ID-CCA security when the adversary does not have the trapdoor of the challenge ciphertext.

engineering, electrical & electronic,computer science, information systems,physics, applied

Yulong Shen

DOI: https://doi.org/10.1109/tbdata.2017.2707552

2017-01-01

IEEE Transactions on Big Data

Abstract:The k-nearest neighbors (k-NN) query is a fundamental primitive in spatial and multimedia databases. It has extensive applications in location-based services, classification & clustering and so on. With the promise of confidentiality and privacy, massive data are increasingly outsourced to cloud in the encrypted form for enjoying the advantages of cloud computing (e.g., reduce storage and query processing costs). Recently, many schemes have been proposed to support k-NN query on encrypted cloud data. However, prior works have all assumed that the query users (QUs) are fully-trusted and know the key of the data owner (DO), which is used to encrypt and decrypt outsourced data. The assumptions are unrealistic in many situations, since many users are neither trusted nor knowing the key. In this paper, we propose a novel scheme for secure k-NN query on encrypted cloud data with multiple keys, in which the DO and each QU all hold their own different keys, and do not share them with each other; meanwhile, the DO encrypts and decrypts outsourced data using the key of his own. Our scheme is constructed by a distributed two trapdoors public-key cryptosystem (DT-PKC) and a set of protocols of secure two-party computation, which not only preserves the data confidentiality and query privacy but also supports the offline data owner. Our extensive theoretical and experimental evaluations demonstrate the effectiveness of our scheme in terms of security and performance.

Dung Hoang Duong,Kazuhide Fukushima,Shinsaku Kiyomoto,Partha Sarathi Roy,Arnaud Sipasseuth,Willy Susilo

DOI: https://doi.org/10.48550/arXiv.2005.05308

2020-05-10

Abstract:Public key encryption with equality test (PKEET) supports to check whether two ciphertexts encrypted under different public keys contain the same message or not. PKEET has many interesting applications such as keyword search on encrypted data, encrypted data partitioning for efficient encrypted data management, personal health record systems, spam filtering in encrypted email systems and so on. However, the PKEET scheme lacks an authorization mechanism for a user to control the comparison of its ciphertexts with others. In 2015, Ma et al. introduce the notion of PKEET with flexible authorization (PKEET-FA) which strengthens privacy protection. Since 2015, there are several follow-up works on PKEET-FA. But, all are secure in the random-oracle model. Moreover, all are vulnerable to quantum attacks. In this paper, we provide three constructions of quantum-safe PKEET-FA secure in the standard model. Proposed constructions are secure based on the hardness assumptions of integer lattices and ideal lattices. Finally, we implement the PKEET-FA scheme over ideal lattices.

Cryptography and Security

Yuanhao Wang,Qiong Huang,Hongbo Li,Meiyan Xiao,Jianye Huang,Guomin Yang

DOI: https://doi.org/10.1007/978-3-030-90402-9_3

2021-01-01

Abstract:The rise of cloud computing is driving the development in various fields and becoming one of the hot topics in recent years. To solve the problem of comparing ciphertexts between different users in cloud storage, Public Key Encryption with Equality Test (PKEET) was proposed. In PKEET, a tester can determine whether two ciphertexts encrypted with different public keys contain the same message without decrypting the ciphertexts. However, PKEET only supports exact matching, which may not be practical when two messages have misspellings, formatting differences, or differences in the data itself. Therefore, to support fuzzy matching, in this paper we propose the concept of Public Key Encryption with Fuzzy Matching (PKEFM), which allows to determine whether the edit distance between two encrypted messages is less than a threshold value. PKEFM can be well applied to support fuzzy data comparison in encrypted e-mail systems or encrypted gene testing. We then modify the scheme to provide the decryption function, and support (encrypted) wildcards in the matching, in order to further improve the generality of PKEFM at the cost of a small amount of extra computation.

Zhen Yan,Xijun Lin,Xiaoshuai Zhang,Jianliang Xu,Haipeng Qu

DOI: https://doi.org/10.3390/e26010074

IF: 2.738

2024-01-16

Entropy

Abstract:The identity-based encryption with equality test (IBEET) has become a hot research topic in cloud computing as it provides an equality test for ciphertexts generated under different identities while preserving the confidentiality. Subsequently, for the sake of the confidentiality and authenticity of the data, the identity-based signcryption with equality test (IBSC-ET) has been put forward. Nevertheless, the existing schemes do not consider the anonymity of the sender and the receiver, which leads to the potential leakage of sensitive personal information. How to ensure confidentiality, authenticity, and anonymity in the IBEET setting remains a significant challenge. In this paper, we put forward the concept of the identity-based matchmaking encryption with equality test (IBME-ET) to address this issue. We formalized the system model, the definition, and the security models of the IBME-ET and, then, put forward a concrete scheme. Furthermore, our scheme was confirmed to be secure and practical by proving its security and evaluating its performance.

physics, multidisciplinary

Kaibin Huang,Raylin Tso,Yu-Chi Chen,Wangyu Li,Hung-Min Sun

DOI: https://doi.org/10.1007/978-3-319-11698-3_45

2014-01-01

Abstract:We proposed a new public key encryption scheme with equality test (PKEET), which stands for a public key encryption scheme with comparable ciphertext. The equivalence among ciphertext under PKEET schemes can be verified without decryption. In some PKEET algorithms like Tang's AoN-PKEET, which is called authorization-based PKEET, the equality test functionality is restricted to some authorized users: only users who own authorities are able to perform equality test functions. For the best of our knowledge, the authorities of all existing authorization-based PKEET schemes are valid for all ciphertext encrypted under the same public key. Accurately, we propose a CBA-PKEET scheme following Tang's AoN-PKEET scheme, which means a PKEET scheme with ciphertext-binded authorities (CBA). Each ciphertext-binded authority is valid for a specific ciphertext, rather than all ciphertext encrypted under the same public key. Then, we compare the features and efficiency between our CBA-PKEET and some existing authorization-based PKEET schemes. Finally, the security of CBA-PKEET is proved in the random oracle model based on the some hard problems.

Wei Wang,Dongli Liu,Zilin Zheng,Peng Xu,Laurence Tianruo Yang

DOI: https://doi.org/10.1109/tifs.2024.3452548

IF: 7.231

2024-09-14

IEEE Transactions on Information Forensics and Security

Abstract:Public key Encryption with Keyword Search (PEKS) has emerged as a solution for the receiver to securely search the sender's encrypted data on the cloud. However, the PEKS scheme is threatened by the Keyword Guessing Attack (KGA), which leaks the receiver's keyword privacy. To resist KGA, researchers have inherited the authentication mechanism into the PEKS system (PAEKS) but also forbid using one trapdoor to search all sender's encrypted data. In this paper, we explore the KGA problem from grouping senders and propose the notion of Identity-based Group Encryption with Keyword Search (IBGEKS), which leverages Identity-based cryptography to securely search encrypted data. Compared with the PAEKS scheme, the IBGEKS scheme can search the sender's ciphertexts within the same group established by the receiver via one receiver's trapdoor. For security, we analyze the KGA problem and propose ciphertexts, identities, and trapdoors indistinguishability for IBGEKS. The evaluation depicts that the IBGEKS has competitive algorithm performance with other SA-PEKS and PAEKS schemes and has superior search performance on the Enron email dataset.

computer science, theory & methods,engineering, electrical & electronic

Kaifeng Xiao,Xinjian Chen,Jianye Huang,Hongbo Li,Qiong Huang

DOI: https://doi.org/10.1016/j.csi.2023.103758

IF: 3.721

2024-01-01

Computer Standards & Interfaces

Abstract:When data security is facing growing threats, ordinary encryption techniques cannot meet the needs of comparing, sharing, and classifying data hidden in ciphertexts. At the same time, the advent of the quantum computing era has brought unprecedented challenges to traditional cryptography. Fortunately, a lattice-based PKEET scheme can solve the above problems. In this paper, we design a lattice-based PKE-DET scheme that can support the delegated tester function with satisfying anti-quantum computing security and resisting OMRA attacks. To the best of our knowledge, this is the first PKE-DET scheme that has both kinds of security at the same time. Under the standard model, we prove the security of the scheme based on the LWE hardness assumption. Compared with existing schemes, our scheme has many advantages, such as high security, delegated tester authorization, and small storage space.