Yuanhao Wang,Qiong Huang,Hongbo Li,Jianye Huang,Guomin Yang,Willy Susilo

DOI: https://doi.org/10.1109/access.2019.2940646

IF: 3.9

2019-01-01

IEEE Access

Abstract:Due to the massive growth of data and security concerns, data of patients would be encrypted and outsourced to the cloud server for feature matching in various medical scenarios, such as personal health record systems, actuarial judgments and diagnostic related groups. Public key encryption with equality test (PKEET) is a useful utility for encrypted feature matching. Authorized tester could perform data matching on encrypted data without decrypting. Unfortunately, due to the limited terminology in medicine, people within institutions may illegally use data, trying to obtain information through traversal methods. In this paper we propose a new PKEET notion, called public-key authenticated encryption with designated equality test (PKAE-DET), which could resist this kind of attacks launched by an inside adversary, known as offline message recovery attacks (OMRA). We propose a concrete construction of PKAE-DET, which only requires one single server to perform the feature matching job securely, and does not require any group mechanism. We prove its security based on some simple mathematical assumptions. Experimental results show that our scheme has efficiency comparable with those PKEET schemes which do not resist OMRA attacks or require group mechanism. We further show how our scheme could be effectively used in diagnostic related groups in medicine, demonstrating its practicability.

Siyue Dong,Zhen Zhao,Baocang Wang,Wen Gao,Shanshan Zhang

DOI: https://doi.org/10.3390/electronics13071256

IF: 2.9

2024-03-29

Electronics

Abstract:Public key encryption with equality test (PKEET) is a cryptographic primitive that enables a tester to determine whether two ciphertexts encrypted with same or different public keys have been generated from the same message without decryption. Previous studies extended PKEET to public key encryption with designated-position fuzzy equality test (PKE-DFET), enabling testers to verify whether plaintexts corresponding to two ciphertexts are equal while ignoring specific bits at designated positions. In this work, we have filled the research gap in the identity-based encryption (IBE) cryptosystems for this primitive. Furthermore, although our authorization method is the all-or-nothing (AoN) type, it overcomes the shortcomings present in the majority of AoN-type authorization schemes. In our scheme, equality tests can only be performed between a ciphertext and a given plaintext. Specifically, even if a tester acquires multiple AoN-type authorizations, it cannot conduct unpermitted equality tests between users. This significantly reduces the risk of user privacy leaks when handling sensitive information in certain scenarios, while still retaining the flexible and simple characteristics of AoN-type authorizations. We use the Chinese national cryptography standard SM9-IBE algorithm to provide the concrete construction of our scheme, enhancing the usability and security of our scheme, while making deployment more convenient. Finally, we prove that our scheme achieves F-OW-ID-CCA security when the adversary has the trapdoor of the challenge ciphertext, and achieves IND-ID-CCA security when the adversary does not have the trapdoor of the challenge ciphertext.

engineering, electrical & electronic,computer science, information systems,physics, applied

Yang Ming,Xiaopeng Yu,Xiaoqin Shen

DOI: https://doi.org/10.1109/access.2020.3018488

IF: 3.9

2020-01-01

IEEE Access

Abstract:Healthcare Internet of Things (IoT) is an emerging paradigm, which can provide comprehensive and different types of health services and enable various types of medical sensors to monitor patient's health conditions. In the healthcare IoT, patient is deployed with a variety of medical sensors, which continuously monitors and collects patient's sensitive health data that needs specially protection for preventing privacy leakage. To safely send multiple different health data monitored by multiple different medical sensors to multiple corresponding healthcare professionals in one data report, several multi-message and multi-receiver signcryption schemes have been introduced by employing the traditional public key cryptography, identity-based cryptography or certificateless cryptography. However, these schemes suffer from the certificate management, key escrow and key distribution problem. Besides, due to the resource-constraint property of medical sensors, they are unsuitable for healthcare IoT in terms of both performance and privacy requirements. To solve these issues, this paper introduces an efficient anonymous certificate-based multi-message and multi-receiver signcryption scheme for healthcare IoT, where the certificate-based cryptography and elliptic curve cryptography are combined to simplify the certificate management problem, eliminate the key escrow problem, solve the key distribution problem and ensure the privacy-preserving. Furthermore, the security analysis suggests that the proposed scheme is able to achieve the confidentiality, unforgeability, receiver anonymity, sender anonymity and decryption fairness; the performance evaluation indicates that the proposed scheme brings to the lower computation cost and communication cost in comparison to the existing schemes.

Zhen Yan,Xijun Lin,Xiaoshuai Zhang,Jianliang Xu,Haipeng Qu

DOI: https://doi.org/10.3390/e26010074

IF: 2.738

2024-01-16

Entropy

Abstract:The identity-based encryption with equality test (IBEET) has become a hot research topic in cloud computing as it provides an equality test for ciphertexts generated under different identities while preserving the confidentiality. Subsequently, for the sake of the confidentiality and authenticity of the data, the identity-based signcryption with equality test (IBSC-ET) has been put forward. Nevertheless, the existing schemes do not consider the anonymity of the sender and the receiver, which leads to the potential leakage of sensitive personal information. How to ensure confidentiality, authenticity, and anonymity in the IBEET setting remains a significant challenge. In this paper, we put forward the concept of the identity-based matchmaking encryption with equality test (IBME-ET) to address this issue. We formalized the system model, the definition, and the security models of the IBME-ET and, then, put forward a concrete scheme. Furthermore, our scheme was confirmed to be secure and practical by proving its security and evaluating its performance.

physics, multidisciplinary

Nanjing University,Wang Ming,Zhong Hong,Zhong Sheng

DOI: https://doi.org/10.1007/s11704-020-9396-2

IF: 2.6688

2021-01-01

Frontiers of Computer Science

Abstract:1 Introduction With the rapid development of cloud computing,more and more data are stored in cloud servers as cyphertexts for stor-age[1,2].However,it faces enormous challenges regarding ci-phertext analysis.For example,in the cloud medical services,authorized medical institutions(AMIs)need analyze medical records to figure out gender and age information on patients with the same disease.On account of privacy protection for pa-tients,hospitals should encrypt each medical record,and upload the ciphertext to the cloud server,followed by the application of public key encryption with equality test(PKEET)[3,4]to get the encrypted medical records with the same disease.However,frequent operations of equality testing will result in off-line key-word guessing attacks(KGAs)[5],thus making insider attack-ers snatch users'confidential information because the keyword space of diseases is far smaller than key space.

Rashad Elhabob,Yanan Zhao,Alzubair Hassan,Hu Xiong

DOI: https://doi.org/10.1007/s11277-020-07190-9

IF: 2.017

2020-01-01

Wireless Personal Communications

Abstract:With the continuous development of the Internet of Things (IoT), a growing number of users choose to store the data collected from their smart devices on a cloud server for saving costs. However, the security and privacy issues that accompany the cloud-assisted IoT are also becoming increasingly apparent. Considering the untrusted nature of the cloud server, the data accumulated by the smart sensor must be encrypted before outsourcing to the cloud server. Nevertheless, the above mechanism raises another serious problem. For users of another public key cryptosystem, it is impractical to download all the data stored in the cloud to find the data he needs. To solve this problem, we first, proposed a public key encryption with equality test for heterogeneous systems (PKE-ET-HS) which combines the ideas of identity-based encryption with outsourced equality test and public key encryption with equality test. This scheme allows the authorized cloud server to retrieve whether two encryptions encrypted in a heterogeneous system contain equivalent messages. In addition, in the random oracle, the security of the proposed scheme has been given under the bilinear Diffie–Hellman assumption and the computational Diffie–Hellman assumption. Finally, storage size, computation complexity, and properties are compared with other related works. The results show that the PKE-ET-HS scheme proposed in this paper has a good performance.

Yuanhao Wang,Yuzhao Cui,Qiong Huang,Hongbo Li,Jianye Huang,Guomin Yang

DOI: https://doi.org/10.1109/ACCESS.2020.2973459

IF: 3.9

2020-01-01

IEEE Access

Abstract:Sensitive data would be encrypted before uploading to the cloud due to the privacy issue. However, how to compare the encrypted data efficiently becomes a problem. Public Key Encryption with Equality Test (PKEET) provides an efficient way to check whether two ciphertexts (of possibly different users) contain the same message without decryption. As an enhanced variant, Attribute-based Encryption with Equality Test (ABEET) provides a flexible mechanism of authorization on the equality test. Most of the existing ABEET schemes are only proved to be secure in the random oracle model. Their security, however, would not be guaranteed if random oracles are replaced with real-life hash functions. In this work, we propose a construction of CP-ABEET scheme and prove its security based on some reasonable assumptions in the standard model. We then show how to modify the scheme to outsource complex computations in decryption and equality test to a third-party server in order to support thin clients.

Kaibin Huang,Raylin Tso,Yu-Chi Chen,Wangyu Li,Hung-Min Sun

DOI: https://doi.org/10.1007/978-3-319-11698-3_45

2014-01-01

Abstract:We proposed a new public key encryption scheme with equality test (PKEET), which stands for a public key encryption scheme with comparable ciphertext. The equivalence among ciphertext under PKEET schemes can be verified without decryption. In some PKEET algorithms like Tang's AoN-PKEET, which is called authorization-based PKEET, the equality test functionality is restricted to some authorized users: only users who own authorities are able to perform equality test functions. For the best of our knowledge, the authorities of all existing authorization-based PKEET schemes are valid for all ciphertext encrypted under the same public key. Accurately, we propose a CBA-PKEET scheme following Tang's AoN-PKEET scheme, which means a PKEET scheme with ciphertext-binded authorities (CBA). Each ciphertext-binded authority is valid for a specific ciphertext, rather than all ciphertext encrypted under the same public key. Then, we compare the features and efficiency between our CBA-PKEET and some existing authorization-based PKEET schemes. Finally, the security of CBA-PKEET is proved in the random oracle model based on the some hard problems.

Huijun Zhu,Qingji Xue,Tianfeng Li,Dong Xie

DOI: https://doi.org/10.3390/e24030309

2022-02-22

Abstract:Public key encryption supporting equality test (PKEwET) schemes, because of their special function, have good applications in many fields, such as in cloud computing services, blockchain, and the Internet of Things. The original PKEwET has no authorization function. Subsequently, many PKEwET schemes have been proposed with the ability to perform authorization against various application scenarios. However, these schemes are incapable of traceability to the ciphertexts. In this paper, the ability of tracing to the ciphertexts is introduced into a PKEwET scheme. For the ciphertexts, the presented scheme supports not only the equality test, but also has the function of traceability. Meanwhile, the security of the proposed scheme is revealed by a game between an adversary and a simulator, and it achieves a desirable level of security. Depending on the attacker's privileges, it can resist OW-CCA security against an adversary with a trapdoor, and can resist IND-CCA security against an adversary without a trapdoor. Finally, the performance of the presented scheme is discussed.

Mohammed Ramadan,Yongjian Liao,Fagen Li,Shijie Zhou,Hisham Abdalla

DOI: https://doi.org/10.1007/s11036-019-01215-9

2019-01-01

Abstract:Wireless body area network (WBAN) constitutes a widely implemented technique for remote acquisition and monitoring of patient health-related information via the use of embodied sensors. Given that security and privacy protection, including, but not limited to user authentication, integrity, and confidentiality, are both key challenges and a matter of deep concern when it comes to the deployment of emerging technologies in healthcare applications, state-of-the-art measures and solutions are needed to fully address security and privacy concerns in an effective and sensible manner by considering all the benefits and limitation of remote healthcare systems. In this paper, we proposed an efficient and secure identity-based encryption scheme under the RSA assumption providing equality test. We then proved the security of our scheme for one-way secure against chosen-identity and chosen-ciphertext attacks (OW-ID-CCA) by means of the random oracle model. The performance evaluation results indicated that our scheme outperforms other security schemes in terms of providing relatively low computational cost and stable compatibility with WBAN applications.

Wenchao Li,Chuanjie Jin,Saru Kumari,Hu Xiong,Sachin Kumar

DOI: https://doi.org/10.1002/ett.3986

IF: 3.6

2020-01-01

Transactions on Emerging Telecommunications Technologies

Abstract:The integration of the Internet of Things (IoT) and cloud computing brings tremendous convenience and efficiency to process and store growing sensor data in healthcare systems. For the security of sensor data collected by healthcare systems, encrypting data before uploading is necessary. Nevertheless, these encrypted form sensor data make it a research challenge to achieve efficient data search and data sharing on the cloud-assisted IoT simultaneously. Encrypting data by public key encryption with equality test (PKE-ET) scheme, identified as a viable solution, is capable to search data encrypted with different keys efficiently. However, how to efficiently share searched healthcare record on the cloud server is still an unsettled problem. To address this problem, we combine the concepts of proxy re-encryption (PRE) and PKE-ET to obtain proxy re-encryption with equality test (PRE-ET). Inheriting the advantages of PKE-ET and PRE, the user can search the required healthcare record data from data encrypted under different public keys. Meanwhile, the searched healthcare record can be shared securely and flexibly without disclosing the secret key and plaintext. We prove the security of our PRE-ET construction based on divisible computation Diffie-Hellman assumption in the random oracle model. Eventually, the proposed scheme is proven useful according to extensive efficiency analysis and comparison.

Abdelrhman Hassan,Yong Wang,Rashad Elhabob,Nabeil Eltayieb,Fagen Li

DOI: https://doi.org/10.1016/j.sysarc.2020.101776

IF: 5.836

2020-01-01

Journal of Systems Architecture

Abstract:The challenges confronting the privacy of outsourcing medical data have become a significant concern for patients and healthcare providers. The encryption of this sensitive data before outsourcing to the healthcare server present an effective solution for protection. However, searching on different ciphertexts while protecting the privacy of data remains a research challenge. Indeed, most of the existing schemes are inefficient, particularly for deployment on mobile devices due to limited resources (e.g. computing power, battery lifetime, and storage capacity). In this paper, we propose a CertificateLess Public-Key Encryption with Authorized Equality Test (CLPKE-AET) scheme. With the CLPKE-AET scheme, an authorized cloud server is permitted to check the equivalence of two different ciphertexts consisting of the same messages. Moreover, We provide four types of authorizations, base on which an authorized user can directly search on different user's ciphertext using different methods while enhancing the privacy of the user's data. We present our construction from bilinear pairing and demonstrate its security under modified Bilinear Diffie-Hellman (mBDHI) assumption in the Random Oracle Model (ROM). Finally, compared with other's similar schemes, the performance analysis shows that our CLPKE-AET scheme is practical and more suitable for healthcare environments.

Hao Lin,Fei Gao,Hua Zhang,Zhengping Jin,Wenmin Li,Qiaoyan Wen

DOI: https://doi.org/10.1109/jsyst.2021.3106701

IF: 4.802

2022-03-01

IEEE Systems Journal

Abstract:In cloud storage, public key encryption with equality test (PKEET) is suitable for testing whether two ciphertexts generated from different public keys contain the same message without decryption. Recently, (Y. J. Wang et al., 2019) have proposed a public key signcryption scheme with designated equality test (PKS-DET). In this scheme, since the public key of the tester is used in the encryption, the tester needs to use its secret key to test the ciphertexts. Without trapdoor, PKS-DET prevents the attacker from testing the user's ciphertexts with the stolen trapdoor. Therefore, the privacy of the user can be protected. However, if the user in the PKS-DET wants to authorize the other tester to test his/her ciphertexts for some reason, the message needs to be encrypted again by the public key of the other tester. This will lead to higher computational complexity. Hence, the PKS-DET is not flexible to authorize multiple testers. In this article, we propose a construction of PKEET supporting flexible designated authorization (PKEET-FDA). The user in our PKEET-FDA can adaptively authorize multiple testers to test his/her ciphertexts, and each authorized tester must use its secret key to perform equality test for the ciphertexts. More importantly, the user does not need to encrypt the message repeatedly any more. We demonstrate the security of PKEET-FDA under two types of adversaries. Compared with the related efficient PKEET schemes, PKEET-FDA satisfies high efficiency from the point of view of the user. In terms of storage requirement, our construction is superior to the PKS-DET.

computer science, information systems,telecommunications,engineering, electrical & electronic,operations research & management science

Kaifeng Xiao,Xinjian Chen,Jianye Huang,Hongbo Li,Qiong Huang

DOI: https://doi.org/10.1016/j.csi.2023.103758

IF: 3.721

2024-01-01

Computer Standards & Interfaces

Abstract:When data security is facing growing threats, ordinary encryption techniques cannot meet the needs of comparing, sharing, and classifying data hidden in ciphertexts. At the same time, the advent of the quantum computing era has brought unprecedented challenges to traditional cryptography. Fortunately, a lattice-based PKEET scheme can solve the above problems. In this paper, we design a lattice-based PKE-DET scheme that can support the delegated tester function with satisfying anti-quantum computing security and resisting OMRA attacks. To the best of our knowledge, this is the first PKE-DET scheme that has both kinds of security at the same time. Under the standard model, we prove the security of the scheme based on the LWE hardness assumption. Compared with existing schemes, our scheme has many advantages, such as high security, delegated tester authorization, and small storage space.

Rashad Elhabob,Yanan Zhao,Iva Sella,Hu Xiong

DOI: https://doi.org/10.3837/tiis.2019.09.023

2019-01-01

KSII Transactions on Internet and Information Systems

Abstract:Cloud computing provides a broad range of services like operating systems, hardware, software and resources. Availability of these services encourages data owners to outsource their intensive computations and massive data to the cloud. However, considering the untrusted nature of cloud server, it is essential to encrypt the data before outsourcing it to the cloud. Unfortunately, this leads to a challenge when it comes to providing search functionality for encrypted data located in the cloud. To address this challenge, this paper presents a public key encryption with equality test for heterogeneous systems (PKE-ET-HS). The PKE-ET-HS scheme simulates certificateless public encryption with equality test (CLE-ET) with the identity-based encryption with equality test (IBE-ET). This scheme provides the authorized cloud server the right to actuate the equivalence of two messages having their encryptions performed under heterogeneous systems. Basing on the random oracle model, we construct the security of our proposed scheme under the bilinear Diffie-Hellman (BDH) assumption. Eventually, we evaluate the size of storage, computation complexities, and properties with other related works and illustrations indicate good performance from our scheme.

Sha Ma,Zhiqing Ye,Qiong Huang,Chengyu Jiang

DOI: https://doi.org/10.1016/j.ins.2024.120099

IF: 8.1

2024-01-13

Information Sciences

Abstract:Text similarity measures have become increasingly pivotal in text-related research and applications, encompassing tasks such as information retrieval, text classification, document clustering. Unveiling the equality relationship between encrypted words is fundamental for ensuring privacy-preserving text similarity. Identity-based encryption with equality test (IBEET) emerges as a promising solution for computing similarity over encrypted data in cloud environment. However, prevalent IBEET schemes often lack control over the lifespan of trapdoors, potentially leading to misuse and unauthorized disclosure of users' privacy. In this paper, we introduce a novel primitive known as controllable forward secure identity-based encryption with equality test (CFS-IBEET), designed to support both permanent trapdoor and temporary trapdoor. We present a concrete CFS-IBEET scheme based on bilinear pairing and conduct a comprehensive security analysis against two types of adversaries in random oracle model. The comprehensive performance evaluation shows that our CFS-IBEET scheme offers significant advantages of high efficiency of encryption, decryption, trapdoor generation and test algorithms as well as the guarantee of controllable forward security, showcasing its applicability for collaborative filtering recommendation system in E-commerce age.

computer science, information systems

Dung Hoang Duong,Kazuhide Fukushima,Shinsaku Kiyomoto,Partha Sarathi Roy,Arnaud Sipasseuth,Willy Susilo

DOI: https://doi.org/10.48550/arXiv.2005.05308

2020-05-10

Abstract:Public key encryption with equality test (PKEET) supports to check whether two ciphertexts encrypted under different public keys contain the same message or not. PKEET has many interesting applications such as keyword search on encrypted data, encrypted data partitioning for efficient encrypted data management, personal health record systems, spam filtering in encrypted email systems and so on. However, the PKEET scheme lacks an authorization mechanism for a user to control the comparison of its ciphertexts with others. In 2015, Ma et al. introduce the notion of PKEET with flexible authorization (PKEET-FA) which strengthens privacy protection. Since 2015, there are several follow-up works on PKEET-FA. But, all are secure in the random-oracle model. Moreover, all are vulnerable to quantum attacks. In this paper, we provide three constructions of quantum-safe PKEET-FA secure in the standard model. Proposed constructions are secure based on the hardness assumptions of integer lattices and ideal lattices. Finally, we implement the PKEET-FA scheme over ideal lattices.

Cryptography and Security

Abdelrhman Hassan,Rashad Elhabob,Umar Ibrahim,Yong Wang

DOI: https://doi.org/10.1007/978-3-030-68884-4_9

2020-01-01

Abstract:Industrial Internet of Things (IIoT) incorporates various varieties of smart devices and communication technologies that allow organizations to move from conventional industries to smart industries. IIoT provides cost-saving and collaboration since it relies on the availability, flexibility, and powerful processing capabilities of the cloud server. Considering the cloud’s untrusted nature, it is essential to protect the IIoT data before uploading it to the server. However, encryption yields a further critical issue. Due to the “All-or-Nothing” decryption characteristic, it is impractical for the users of another public-key cryptosystem to download all the data stored on the server to obtain their needs. In resolving this issue, this paper proposes Efficient Public-Key Cryptography with Equality Test scheme for Heterogeneous Systems (PKC-ET-HS). The PKC-ET-HS scheme incorporates the notions of Certificateless Public-Key Encryption with Equality Test (CL-PKE-ET) as well as the Identity-Based Encryption with Equality Test (IBE-ET). The scheme enables the cloud server to check whether two ciphertexts having their encryptions performed under a heterogeneous systems contain identical messages. Moreover, in the Random Oracle Model (ROM), the modified Bilinear Diffie-Hellman Intractable (mDBHI) assumption is stated to construct the security of the suggested scheme. Ultimately, the performance evaluation authenticates that the suggested scheme is practicable and convenient for IIoT environments.

Hongbo Li,Qiong Huang,Sha Ma,Jian Shen,Willy Susilo

DOI: https://doi.org/10.1109/access.2019.2899680

IF: 3.9

2019-01-01

IEEE Access

Abstract:With the higher rate of using cloud storage, protecting data privacy becomes an important issue. The most effective solution is to encrypt data before uploading to the cloud. However, how to efficiently search over data encrypted with different keys is still an open problem. To address this problem, we introduce a new notion of the identity-based encryption with equality test supporting flexible authorization (IBEET-FA). It supports the test of whether two ciphertexts encrypted under the different keys encapsulate the same message, and in the meanwhile supports fine-grained authorization of the test. Based on the equality test on ciphertexts, there is a direct way to support an authorized user to search over ciphertexts of different users, which accelerates secret data sharing among a group of users. Besides, IBEET-FA does not suffer from the complex key management problem of its counterpart in the traditional public key infrastructure. We propose a concrete construction of IBEET-FA and prove it to be securely based on simple mathematical assumptions. The experimental results show that our IBEET-FA scheme is efficient and can satisfy various types of search over encrypted data.

Zhi-Yan Zhao,Peng Zeng

DOI: https://doi.org/10.1109/access.2021.3092945

IF: 3.9

2021-01-01

IEEE Access

Abstract:Public key encryption with equality test (PKEET for short) is a new cryptographic primitive which allows a proxy to check whether two ciphertexts encrypted under different public keys are of the same plaintext. PKEET has become a prospective candidate for various application scenarios, such as data management on encrypted databases, personal health record systems, spam filtering in encrypted email systems. In this paper, we propose an efficient all-or-nothing public key encryption scheme with authenticated equality test (AoN-PKEAET for short). In comparison with the existing PKEET schemes, the proposed scheme provides a new feature of ciphertext authentication before the plaintext equality test. It ensures that no misjudgement occurs when testing the equality between ciphertexts. Specially, the $mathsf {Test}$ algorithm in the proposed scheme first authenticates the compared ciphertexts and the equality test is fulfilled only if the ciphertexts are authenticated as valid. With this new feature, the $mathsf {Test}$ algorithm cannot output 0 (which means that the encrypted messages are different) when the two input ciphertexts are of an identical message, or it cannot output 1 (which means that the encrypted messages are identical) when the two input ciphertexts are of different messages. Under a redefined security model for AoN-PKEAET, we give the detailed security proof of the proposed scheme.

computer science, information systems,telecommunications,engineering, electrical & electronic