Hongyi Su,Geng Yang,and Dawei Li

2011-01-01

Abstract:Data storage is an important application of cloud computing. With a cloud computing platform, the burden of local data storage can be reduced. However, services and applications in a cloud may come from different providers, and creating an efficient protocol to protect privacy is critical. We propose a verification protocol for cloud database entries that protects against untrusted service providers. Based on identity-based encryption （IBE） for cloud storage, this protocol guards against breaches of privacy in cloud storage. It prevents service providers from easily constructing cloud storage and forging the signature of data owners by secret sharing. Simulation results confirm the availability and efficiency of the proposed protocol.

T. Nishide,K. Sakurai,Z. Liu,Z. Wang,R. A. Popa,N. Zeldovich

2016-01-01

Abstract:Cloud computing is latest technology widely serving client oriented applications. It has the capability of sharing selective encrypted data via public cloud storage with multiple users which may ease security over accidental data leaks in the cloud. Efficient key management is important in encryption schemes. For sharing multiple documents with different groups in cloud, separate encryption keys are needed. Security is required by owner to distribute large number of keys for encryption and searching, and by users to store received keys. Users have to submit equal number of trapdoors to the cloud for search operation. In such case features of security, storage and complexity are required at its best performance. Key-Aggregate Searchable Encryption (KASE) scheme addresses to the problem of storage management and security in group data sharing on cloud. Through this scheme only single key is distributed by owner to user for sharing multiple documents, and user also required to submit single trapdoor to receive shared documents. KASE scheme is efficient and secure as resulted by security analysis tests.

Haorui Du,Jianhua Chen,Ming Chen,Cong Peng,Debiao He

DOI: https://doi.org/10.1155/2022/2336685

2022-10-21

Wireless Communications and Mobile Computing

Abstract:Outsourcing data to cloud services is a good solution for users with limited computing resources. Privacy and confidentiality of data is jeopardized when data is transferred and shared in the cloud. The development of searchable cryptography offers the possibility to solve these problems. Symmetric searchable encryption (SSE) is popular among researchers because it is efficient and secure. SSE often requires the data sender and data receiver to use the same key to generate key ciphertext and trapdoor, which will obviously cause the problem of key management. Searchable encryption based on public key can simplify the key management problem. A public key encryption scheme with keyword search (PEKS) allows multiple senders to encrypt keywords under the receiver's public key. It is vulnerable to keyword guessing attacks (KGA) due to the small size of the keywords. The proposal of public key authenticated encryption with keyword search (PAEKS) is mainly to resist inside keyword guessing attacks. The previous security models do not involve the indistinguishability of the same keywords ( w 0 × × = w 1 ), which brings the user's search pattern easy to leak. The essential reason is that the trapdoor generation algorithm is deterministic. At the same time, most of the existing schemes use bilinear pair design, which greatly reduces the efficiency of the scheme. To address these problems, the paper introduces an improved PAEKS model. We design a lightweight public key authentication encryption scheme based on the Diffie-Hellman protocol. Then, we prove the ciphertext indistinguishability security and trapdoor indistinguishability security of the scheme in the improved security model. Finally, the paper demonstrates its comparable security and computational efficiency by comparing it with previous PAEKS schemes. Meanwhile, we conduct an experimental evaluation based on the cryptographic library. Experimental results show that the computational overhead of our scheme compared with the ciphertext generation algorithm, trapdoor generation algorithm and test algorithm of other schemes Our scheme reduces 274, 158 and 60 times, respectively.

computer science, information systems,telecommunications,engineering, electrical & electronic

Fenghe Wang,Han Xiao,Junquan Wang,Ye Wang,Chengliang Cao

DOI: https://doi.org/10.1016/j.sysarc.2024.103089

IF: 5.836

2024-02-17

Journal of Systems Architecture

Abstract:Cloud storage is a basic service model of the cloud computing. Since the cloud data is stored in the ciphertext for the data confidentiality, how to search the cloud data again in ciphertext state for users is a natural requirement. The searchable encryption (SE) gives an efficient solution to achieve both the data confidentiality and the searchable requirement simultaneously. In SE schemes, the user can transfer a search trapdoor to the cloud server from a secure channel and the cloud server can use the received trapdoor to search the corresponding keyword ciphertext. Since the keywords are with low entropy, the traditional SE is vulnerable to keyword guessing attack. In order to remove the need of the secure channel and also to achieve the security against the keyword guessing attack, we build a single-user identity-based secure channel free SE scheme in the random oracle model by using lattice-based tools. Only the designated cloud server can finish the ciphertext search which means the secure channel between the user and the cloud server is not needed in the proposed scheme. Under the hardness of the learning with errors problem, we prove that the proposed scheme is ciphertext indistinguishable under the selective identity and chosen keyword attacks. Moreover, the proposed scheme also satisfies the trapdoor indistinguishability which directly leads to the security against the outside offline keyword guessing attack. Furthermore, we extend the proposed single-user scheme into the multi-user scenario. The proposed multi-user scheme inherits all functions achieved in the single-user scheme, such as secure channel free. Meanwhile, ciphertext length is fixed with the number of users increasing, which is more suitable for the large group users. In addition, we analyze the theoretical evaluation and experimental evaluation between the proposed schemes and some known literatures respectively. The results demonstrate that our proposed algorithms have several advantages in the both single-user and multi-user schemes, for example, the ciphertext lengths in the single/multi-user schemes are only 5.632KB and 6.016KB respectively and the running time of Test algorithm for any user groups is fixed to be 0.65ms in our simulated experiments.

computer science, software engineering, hardware & architecture

Chunwei Lou,Mingsheng Cao,Yaohua Luo,Hua Xu,Yuan Gao,Weiwei Wang,Dong Wang

DOI: https://doi.org/10.1109/access.2020.2980886

IF: 3.9

2024-01-01

IEEE Access

Abstract:Key-aggregate keyword retrieval primitive enables a cloud server on behalf of delegated users to securely perform a keyword search over the data encrypted with various public keys. However, existing key-aggregate searchable encryption schemes are insecure against keyword guessing attacks, which result in the privacy leakage of keyword ciphertext and trapdoor. In this paper, we for the first time formulate a secure and efficient key-aggregate searchable encryption for cloud-assisted IoT applications, which not only enables a data owner to securely share the selected documents to multiple users, but also supports data users in delegating the capability of keyword search to a cloud server for searching the desired documents without leaking any privacy of keyword ciphertext and trapdoor. Then, the security of the proposed scheme is formally defined and proven to be secure against the indistinguishable selective-file chosen keyword attacks. The flexibility and practicability of the formulated scheme is also demonstrated by theoretical evaluations and experimental simulations.

Axin Wu,Fagen Li,Xiangjun Xin,Yinghui Zhang,Jianhao Zhu

DOI: https://doi.org/10.1016/j.sysarc.2024.103104

IF: 5.836

2024-03-08

Journal of Systems Architecture

Abstract:Cloud storage offers data users relief from cumbersome management tasks and enhances overall efficiency. However, while it brings convenience, there is also the risk of privacy breaches. To address this, public-key encryption with keyword search (PEKE) presents a solution that balances efficiency, convenience, and security in the context of cloud storage. Nevertheless, PEKS is vulnerable to inside keyword guessing attacks and algorithm substitution attacks, posing a serious threat to its deployment. Cryptographic reverse firewall technique randomizes incoming messages to effectively defend against both types of attacks mentioned earlier through a gateway. However, this approach requires the gateway to store a random number for each keyword, increasing storage costs and potentially exposing keyword information. In response, we propose an improved scheme that inherits the remarkable properties of the method based on cryptographic reverse firewall. Additionally, the proposed scheme eliminates the need for gateways to store random numbers, reducing the management and storage burdens and supports multiple keywords for one document, a feature more aligned with real-world applications. Furthermore, we prove the security of the scheme, which achieves the same security goals as the existing scheme. Finally, we analyze the scheme s efficiency through theoretical analysis and performance evaluation, which demonstrates its efficiency.

computer science, software engineering, hardware & architecture

Li Xu,Chi-Yao Weng,Lun-Pin Yuan,Mu-En Wu,Raylin Tso,Hung-Min Sun

DOI: https://doi.org/10.1007/s11227-015-1515-8

2015-01-01

Abstract:Cloud storage is one of the most important applications in our daily lives. User can store their own data into cloud storage and remotely access the saved data. Owing to the social media develops, users can share the digital files to other users, leading to the amount of data growing rapidly and searching abilities necessarily. In the some cases, servers cannot avoid data leakage even if the server provides complete access control. The encrypted data is a best way to resolve this problem but it may eliminate original structure and searching may become impossible. Applying searchable encryption for each receiver may produce messy duplication and occupy the quota of cloud storage from each receiver. User requires keeping their shared documents belonging up to date which are compared with the latest version. To this aim, we thus propose a sharable ID-based encryption with keyword search in cloud computing environment, which enables users to search in data owners’ shared storage while preserving privacy of data. For the performance analysis, we demonstrate the compared resultant with others ID-based or ID-relative encryption. In addition to that, we show the formal proof to verify the security of our proposed.

Ke Cheng,Liangmin Wang,Yulong Shen,Hua Wang,Yongzhi Wang,Xiaohong Jiang,Hong Zhong

DOI: https://doi.org/10.1109/tbdata.2017.2707552

2017-01-01

IEEE Transactions on Big Data

Abstract:The k-nearest neighbors (k-NN) query is a fundamental primitive in spatial and multimedia databases. It has extensive applications in location-based services, classification & clustering and so on. With the promise of confidentiality and privacy, massive data are increasingly outsourced to cloud in the encrypted form for enjoying the advantages of cloud computing (e.g., reduce storage and query processing costs). Recently, many schemes have been proposed to support k-NN query on encrypted cloud data. However, prior works have all assumed that the query users (QUs) are fully-trusted and know the key of the data owner (DO), which is used to encrypt and decrypt outsourced data. The assumptions are unrealistic in many situations, since many users are neither trusted nor knowing the key. In this paper, we propose a novel scheme for secure k-NN query on encrypted cloud data with multiple keys, in which the DO and each QU all hold their own different keys, and do not share them with each other; meanwhile, the DO encrypts and decrypts outsourced data using the key of his own. Our scheme is constructed by a distributed two trapdoors public-key cryptosystem (DT-PKC) and a set of protocols of secure two-party computation, which not only preserves the data confidentiality and query privacy but also supports the offline data owner. Our extensive theoretical and experimental evaluations demonstrate the effectiveness of our scheme in terms of security and performance.

Xiaoling Sun,Shanshan Li

DOI: https://doi.org/10.7717/peerj-cs.1433

2023-06-20

Abstract:Presently, the focus of target detection is shifting towards the integration of information acquired from multiple sensors. When faced with a vast amount of data from various sensors, ensuring data security during transmission and storage in the cloud becomes a primary concern. Data files can be encrypted and stored in the cloud. When using data, the required data files can be returned through ciphertext retrieval, and then searchable encryption technology can be developed. However, the existing searchable encryption algorithms mainly ignore the data explosion problem in a cloud computing environment. The issue of authorised access under cloud computing has yet to be solved uniformly, resulting in a waste of computing power by data users when processing more and more data. Furthermore, to save computing resources, ECS (encrypted cloud storage) may only return a fragment of results in response to a search query, lacking a practical and universal verification mechanism. Therefore, this article proposes a lightweight, fine-grained searchable encryption scheme tailored to the cloud edge computing environment. We generate ciphertext and search trap gates for terminal devices based on bilinear pairs and introduce access policies to restrict ciphertext search permissions, which improves the efficiency of ciphertext generation and retrieval. This scheme allows for encryption and trapdoor calculation generation on auxiliary terminal devices, with complex calculations carried out on edge devices. The resulting method ensures secure data access, fast search in multi-sensor network tracking, and accelerates computing speed while maintaining data security. Ultimately, experimental comparisons and analyses demonstrate that the proposed method improves data retrieval efficiency by approximately 62%, reduces the storage overhead of the public key, ciphertext index, and verifiable searchable ciphertext by half, and effectively mitigates delays in data transmission and computation processes.

Zhenkui Shi,Xuemei Fu,Xianxian Li,Kai Zhu

DOI: https://doi.org/10.1109/tkde.2020.3025348

IF: 9.235

2020-01-01

IEEE Transactions on Knowledge and Data Engineering

Abstract:Symmetric Searchable Encryption(SSE) is deemed to tackle the privacy issue as well as the operability and confidentiality in data outsourcing. However, most SSE schemes assume that the cloud is honest but curious. This assumption is not always applicable. And even if some schemes supported verification, integrity or freshness checking in a malicious cloud, but the performance and security functionalities are not fully exploited. In this paper, we propose an efficient SSE scheme based on B+-Tree and Counting Bloom Filter (CBF) which supports secure verification, dynamic updating, and multi-user queries. Comparing with the previous state of the arts, we design the new data structure CBF to support dynamic updating and boost verification. We also leverage the timestamp mechanism in the scheme to prevent the malicious cloud from launching a replay attack. The new designed CBF is like a front-engine to save user's cost for query and verification. And it can achieve more efficient query and verification with negligible false positive when there is no value matching the queried keyword. The CBF supports efficient dynamic updating by combining Bloom Filter with a one-dimensional array that provides the counting capability. Furthermore, we design the authenticator for CBF. We adopt B+-Tree for it is widely used in many database engines and file systems. We also give a brief security proof of our scheme. Then we provide a detailed performance analysis. Finally, we evaluate our scheme through comprehensive experiments. The results are consistent with our analysis and show that our scheme is secure, and more efficient compared with the previous schemes with the same functionalities. The average performance can be improved by about 20 percent for both the cloud servers and users when the missing rate of the searching keywords is 20 percent. And the higher the missing rate is, the more the performance can be improved.

GU Bolun,XU Zikai,LI Weihai,YU Nenghai

DOI: https://doi.org/10.11959/j.issn.2096-109x.2024055

2024-01-01

Abstract:With the rapid development and application of the Internet, traditional storage resources have been found unable to meet the growing demand for massive data storage. An increasing number of users have attempted to upload their data to third-party cloud servers for unified storage. Efficient deduplication and secure file sharing in the cloud have emerged as critical concerns. Moreover, users have always preferred to customize their passwords for encrypting and decrypting files, only sharing encrypted files when necessary. Based on this preference, a deterministic stepwise encryption algorithm was first designed. It was such that when the keys for the two steps of encryption satisfied a certain relationship, the two steps of encryption could be equivalent to a single encryption process. A novel key-customizable encrypted deduplication scheme with access control for cloud storage was proposed, utilizing the deterministic stepwise encryption algorithm to encrypt files and a ciphertext-policy attribute-based encryption algorithm to encrypt file keys. This scheme not only offered the flexibility to customize encryption and decryption keys for different users with the same files, but also ensured secure file sharing through a dynamic access control mechanism. Moreover, the optional access control component was made compatible with the majority of existing ciphertext-policy attribute-based encryption (CP-ABE) schemes, even allowing for different CP-ABE schemes within different attribute groups. Security analysis results show that the proposed scheme achieves the highest level of security under the current encrypted deduplication paradigm. Experimental and analytical results indicate that it effectively meets the practical needs of cloud service providers and users, and also achieves acceptable efficiency.

Haiyan Wang,Yuan Li,Willy Susilo,Dung Hoang Duong,Fucai Luo

DOI: https://doi.org/10.1016/j.csi.2022.103635

2022-08-01

Abstract:How to use efficient search mechanisms to realize data sharing while ensuring data security has become an important research topic at present. In this paper, we propose a new searchable algorithm based on LSSS (Linear Secret Sharing Scheme) access policy, which is superior to previous work in computational and storage efficiency. Our scheme supports various search mechanisms, such as exact search, boolean search and range search mechanism. We use 0,1-coding theory to reduce the number of the numeric keywords, thus improving the range search mechanism. We also prove that our scheme is secure against the selectively chosen-keyword attack (SCKA) in the generic bilinear group model. Furthermore, we evaluate the performance of our scheme by theoretical analysis and experimental simulation, and the result show that our scheme achieves significant improvement in both computational and storage efficiency. To enhance the security and practicality of our scheme, we also deploy our scheme on a private chain and conduct extensive experiments to demonstrate its practical performance.

computer science, software engineering, hardware & architecture

Kai Fan,Tingting Liu,Kuan Zhang,Hui Li,Yintang Yang

DOI: https://doi.org/10.1016/j.jpdc.2019.09.008

IF: 4.542

2020-01-01

Journal of Parallel and Distributed Computing

Abstract:<p>With the development of computer technology, it makes malicious users more easily get data stored in cloud. However, these data are always related to users' privacy, and it is harmful when the data are acquired by attackers. Ciphertext-policy attribute-based encryption (CP-ABE) is suitable to achieve privacy and security in cloud. In this paper, we put forward a secure and efficient outsourced computation algorithm on data sharing scheme for privacy computing. Existing schemes only outsource decryption computation to the cloud, users still have heavy burden in encryption. In order to reduce the computing burden of users, most encryption and decryption computations are outsourced to the cloud service provider in our construction. At the same time, to apply in practice, we propose efficient user and attribute revocation. Finally, the security analysis and simulation results show that our scheme is secure and efficient compared with existing schemes.</p>

computer science, theory & methods

Yilei Wang,Wenyi Bao,Yang Zhao,Hu Xiong,Zhiguang Qin

DOI: https://doi.org/10.6633/ijns.201605.18(3).09

2016-01-01

Abstract:With the continuous development of cloud computing, more and more sensitive data needs to be centrally stored in the cloud storage. For protecting the privacy of data, sensitive data must be encrypted before being outsourced to the server. The traditional PEKS (Public Encryption Keyword Search) enables users to search data by using keywords in the condition of encryption, however, it not only needs the security channel but also tolerates the huge pairing-computation. Although the pairing-free public key encryption with keyword search has been proposed, it can not support fuzzy keyword search and this drawback greatly reduces the usability of the system. In this paper, the proposed scheme features three good aspects: First, the keywords and data have been encrypted under the server's public key and thus the secure channel of the keywords transmission has been eliminated in the sense that the outside attackers cannot obtain any information related to the keywords without the knowledge of the server's private key. Second, our scheme not only supports accurate keyword search encryption but also supports the search when the keywords input have any spelling mistakes or format inconsistencies, which significantly improved the availability of the system. Finally, the proposed scheme is constructed on the El Gamal encryption instead of the bilinear-pairing encryption, which greatly improve the computational efficiency.

Liqing Chen,Jiayi Li,Jiguo Li,Jian Weng

DOI: https://doi.org/10.1109/tifs.2024.3484155

IF: 7.231

2024-11-02

IEEE Transactions on Information Forensics and Security

Abstract:In recent years, many cloud service providers adopt the pay-per-query model to offer paid search services to the public. The data owner rents the resources of cloud service providers and charges the data user a fee based on the data volume to be queried. While this commercial model offers flexibility, convenience, and cost-effectiveness, it comes with a significant vulnerability to data breaches. Public-key authentication encryption with keyword search (PAEKS) is a technology which is well applied in the pay-per-query model. But there is no PAEKS scheme applicable to this scenario. For this purpose, we present public-key authentication encryption with similar data search for pay-per-query (PAESS) and construct the first idiographic scheme PAESS-I. PAESS-I utilizes Shamir secret sharing and locality sensitive hashing to implement similar data search, has the verifiability of results, adds the charge function to prevent cloud servers and data users from colluding to deny deductions. We propose the second scheme PAESS-II based on PAESS-I, which is a mobile-friendly lightweight PAESS. Our second scheme operates in the pay-per-query model without pairing and exponential operations. PAESS-I satisfies ciphertext indistinguishability and trapdoor indistinguishability, and sacrifices the computational performance in favor of the pay-per-query model. The optimized PAESS-II is resistant to adaptively-chosen-targets attack, and satisfies ciphertext indistinguishability and trapdoor indistinguishability. PAESS-II distinguishes itself from other existing similar schemes by having the same characteristics as PAESS-I, along with the benefits when it comes to the calculation cost.

computer science, theory & methods,engineering, electrical & electronic

Lu Yan,Haozhe Qin,Kexin Yang,Heye Xie,Xu An Wang,Shuanggen Liu

DOI: https://doi.org/10.3390/electronics13030534

IF: 2.9

2024-01-29

Electronics

Abstract:The popularity of secure cloud data sharing is on the rise, but it also comes with significant concerns about privacy violations and data tampering. While existing Proxy Re-Encryption (PRE) schemes effectively protect data in the cloud, challenges persist with certificate administration and key escrow. Moreover, the increasing number of users and prevalence of lightweight devices demand functional and cost-effective solutions. To address these issues, this paper presents a novel Pairing-free Certificate-Based Proxy Re-Encryption Plus scheme that leverages elliptic curve groups for improved effectiveness and performance. This scheme successfully resolves challenges related to certificate management and key escrow in traditional PRE schemes, while also introducing non-transferable and message-level fine-grained control characteristics. These enhancements bolster data security during sharing and minimize the risk of malicious information leakage. Our proposed scheme's correctness, security, and effectiveness are rigorously verified and analyzed. The results demonstrate that the scheme achieves the chosen ciphertext security in the random oracle model. Compared to current PRE schemes, our approach offers greater advantages, lower computational overhead, and enhanced suitability for practical cloud computing applications.

engineering, electrical & electronic,computer science, information systems,physics, applied

Atul Kumar Srivastava,Dhiraj Pandey,Alok Agarwal

DOI: https://doi.org/10.1007/s11277-024-11021-6

IF: 2.017

2024-04-27

Wireless Personal Communications

Abstract:Due to the exponential growth of cloud data and network services, computational resources and cloud data security have one of the most attractive research issues in the real-time cloud environment. Numerous types of cloud services are combined into various domain applications, including, e-health, defence, clinical databases, and so on, for data storage and resource computing. However, a traditional challenge to consider is that the Data Owner (DO) no longer has the ability to modify the access control policy or key policy, resulting in data sharing inflexibility, inefficiency, and key abusers. To address these concerns, we propose an enhanced d level cut-off point-Quantum Secret Sharing (EdLCp-QSS) scheme based on an efficient Monitoring Key Ciphertext-ABE (MKCABE) –access control with Blockchain and Key Controller (EQMBK) mechanism for security. The proposed EQMBK mechanism provides security for monitoring the data from getting accessed by un-authorized users as well as offers updating security when a new user joins the cloud environment. The proposed EQMBK system ensures that data is not accessible by unauthorised users and that security is updated when a new user joins the cloud environment. Finally, experimental simulation reveals that the suggested technique is very efficient in preserving the privacy of the user's data against unauthorised parties in terms of computation time encryption time, system initialization time, key generation time, and decryption time. Furthermore, when compared to state-of-the-art techniques, the proposed methods are more resilient and provide greater performance.

telecommunications

Shufen Niu,Wenke Liu,Song Han,Lizhi Fang

DOI: https://doi.org/10.1371/journal.pone.0244979

IF: 3.7

2021-01-07

PLoS ONE

Abstract:As cloud storage technology develops, data sharing of cloud-based electronic medical records (EMRs) has become a hot topic in the academia and healthcare sectors. To solve the problem of secure search and sharing of EMR in cloud platforms, an EMR data-sharing scheme supporting multi-keyword search is proposed. The proposed scheme combines searchable encryption and proxy re-encryption technologies to perform keyword search and achieve secure sharing of encrypted EMR. At the same time, the scheme uses a traceable pseudo identity to protect the patient's private information. Our scheme is proven secure based on the modified Bilinear Diffie-Hellman assumption and Quotient Decisional Bilinear Diffie-Hellman assumption under the random oracle model. The performance of our scheme is evaluated through theoretical analysis and numerical simulation.

Ming Li,Shucheng Yu,Kui Ren,Wenjing Lou,Y. Thomas Hou

DOI: https://doi.org/10.1109/mnet.2013.6574666

IF: 10.294

2013-01-01

IEEE Network

Abstract:Cloud computing is envisioned as the next generation architecture of IT enterprises, providing convenient remote access to massively scalable data storage and application services. While this outsourced storage and computing paradigm can potentially bring great economical savings for data owners and users, its benefits may not be fully realized due to wide concerns of data owners that their private data may be involuntarily exposed or handled by cloud providers. Although end-to-end encryption techniques have been proposed as promising solutions for secure cloud data storage, a primary challenge toward building a full-fledged cloud data service remains: how to effectively support flexible data utilization services such as search over the data in a privacy-preserving manner. In this article, we identify the system requirements and challenges toward achieving privacy-assured searchable outsourced cloud data services, especially, how to design usable and practically efficient search schemes for encrypted cloud storage. We present a general methodology for this using searchable encryption techniques, which allows encrypted data to be searched by users without leaking information about the data itself and users' queries. In particular, we discuss three desirable functionalities of usable search operations: supporting result ranking, similarity search, and search over structured data. For each of them, we describe approaches to design efficient privacy-assured searchable encryption schemes, which are based on several recent symmetric-key encryption primitives. We analyze their advantages and limitations, and outline the future challenges that need to be solved to make such secure searchable cloud data service a reality.

Vamshi Adouth,Eswari Rajagopal

DOI: https://doi.org/10.1002/cpe.8192

2024-06-13

Concurrency and Computation Practice and Experience

Abstract:In the era of digital proliferation, individuals opt for cloud servers to store their data due to the diverse advantages they offer. However, entrusting data to cloud servers relinquishes users' control, potentially compromising data confidentiality and integrity. Traditional auditing methods designed to ensure data integrity in cloud servers typically depend on Trusted Third Party Auditors. Yet, many of these existing auditing approaches grapple with intricate certificate management and key escrow issues. Furthermore, the imminent threat of powerful quantum computers poses a risk of swiftly compromising these methods in polynomial time. To overcome these challenges, this paper introduces a Quantum‐based Secure Key Communication and Key Generation Scheme QSKCG for Outsourced Data in the Cloud. Leveraging Elliptic Curve Cryptography, the BB84 secure communication protocol, certificateless signature, and blockchain network, the proposed scheme is demonstrated through security analysis, affirming its robustness and high efficiency. Additionally, performance analysis underscores the practicality of the proposed scheme in achieving post‐quantum security in cloud storage.

computer science, theory & methods, software engineering