Liqing Chen,Jiguo Li,Yang Lu,Yichen Zhang

DOI: https://doi.org/10.1016/j.ins.2020.05.092

IF: 8.1

2020-10-01

Information Sciences

Abstract:<p>The existing public key broadcast encryption schemes are mainly constructed in identity-based cryptosystem, which bears the inherent problems of key escrow and key distribution. The certificate-based encryption mechanism can effectively address the problems in identity-based cryptosystem. Meanwhile, it simplifies the certificate revocation issue for traditional public key cryptosystem. Inspired by the idea of certificate-based encryption, we put forward the new primitive certificate-based broadcast encryption as well as its formal definition and security model. In virtue of prime order bilinear groups, we present an instantiation scheme of certificate-based broadcast encryption. To our best knowledge, the proposed scheme is the first adaptively secure scheme for certificate-based broadcast encryption in the standard model against chosen-ciphertext attack. Compared with the previous work, our scheme has advantages in the respects of computation cost as well as security properties. Furthermore, we present an application scenario of the proposed scheme for data access control in cloud storage service.</p>

computer science, information systems

T. Nishide,K. Sakurai,Z. Liu,Z. Wang,R. A. Popa,N. Zeldovich

2016-01-01

Abstract:Cloud computing is latest technology widely serving client oriented applications. It has the capability of sharing selective encrypted data via public cloud storage with multiple users which may ease security over accidental data leaks in the cloud. Efficient key management is important in encryption schemes. For sharing multiple documents with different groups in cloud, separate encryption keys are needed. Security is required by owner to distribute large number of keys for encryption and searching, and by users to store received keys. Users have to submit equal number of trapdoors to the cloud for search operation. In such case features of security, storage and complexity are required at its best performance. Key-Aggregate Searchable Encryption (KASE) scheme addresses to the problem of storage management and security in group data sharing on cloud. Through this scheme only single key is distributed by owner to user for sharing multiple documents, and user also required to submit single trapdoor to receive shared documents. KASE scheme is efficient and secure as resulted by security analysis tests.

Yang Ming,Xiaopeng Yu,Xiaoqin Shen

DOI: https://doi.org/10.1109/access.2020.3018488

IF: 3.9

2020-01-01

IEEE Access

Abstract:Healthcare Internet of Things (IoT) is an emerging paradigm, which can provide comprehensive and different types of health services and enable various types of medical sensors to monitor patient's health conditions. In the healthcare IoT, patient is deployed with a variety of medical sensors, which continuously monitors and collects patient's sensitive health data that needs specially protection for preventing privacy leakage. To safely send multiple different health data monitored by multiple different medical sensors to multiple corresponding healthcare professionals in one data report, several multi-message and multi-receiver signcryption schemes have been introduced by employing the traditional public key cryptography, identity-based cryptography or certificateless cryptography. However, these schemes suffer from the certificate management, key escrow and key distribution problem. Besides, due to the resource-constraint property of medical sensors, they are unsuitable for healthcare IoT in terms of both performance and privacy requirements. To solve these issues, this paper introduces an efficient anonymous certificate-based multi-message and multi-receiver signcryption scheme for healthcare IoT, where the certificate-based cryptography and elliptic curve cryptography are combined to simplify the certificate management problem, eliminate the key escrow problem, solve the key distribution problem and ensure the privacy-preserving. Furthermore, the security analysis suggests that the proposed scheme is able to achieve the confidentiality, unforgeability, receiver anonymity, sender anonymity and decryption fairness; the performance evaluation indicates that the proposed scheme brings to the lower computation cost and communication cost in comparison to the existing schemes.

Li Xu,Chi-Yao Weng,Lun-Pin Yuan,Mu-En Wu,Raylin Tso,Hung-Min Sun

DOI: https://doi.org/10.1007/s11227-015-1515-8

2015-01-01

Abstract:Cloud storage is one of the most important applications in our daily lives. User can store their own data into cloud storage and remotely access the saved data. Owing to the social media develops, users can share the digital files to other users, leading to the amount of data growing rapidly and searching abilities necessarily. In the some cases, servers cannot avoid data leakage even if the server provides complete access control. The encrypted data is a best way to resolve this problem but it may eliminate original structure and searching may become impossible. Applying searchable encryption for each receiver may produce messy duplication and occupy the quota of cloud storage from each receiver. User requires keeping their shared documents belonging up to date which are compared with the latest version. To this aim, we thus propose a sharable ID-based encryption with keyword search in cloud computing environment, which enables users to search in data owners’ shared storage while preserving privacy of data. For the performance analysis, we demonstrate the compared resultant with others ID-based or ID-relative encryption. In addition to that, we show the formal proof to verify the security of our proposed.

Chang Xu,Ningning Wang,Liehuang Zhu,Kashif Sharif,Chuan Zhang

DOI: https://doi.org/10.1109/jiot.2019.2917186

IF: 10.6

2019-01-01

IEEE Internet of Things Journal

Abstract:The integration of wearable wireless devices and cloud computing in e-health systems has significantly improved their effectiveness and availability. Patients can upload their personal health information (PHI) files to the cloud, from where the health service providers (HSPs) can obtain appropriate information to determine the health state. This system not only reduces the costs associated to healthcare but also provides timely diagnosis to save lives. However, a number of privacy concerns arise while sharing sensitive information. In this paper, we propose a novel privacy-preserving patient health information sharing scheme, which allows HSPs to access and search PHI files in a secure yet efficient manner. We make use of the searchable encryption technique with keyword range search and multikey-word search. The proposed privacy-preserving equality test protocol allows different types of numeric comparison searches on encrypted data. We also use a variant of bloom filter and message authentication code to classify PHI files, filter false data, and check integrity of search results. The simulations on real-world and synthetic data show the feasibility and efficiency of the system, and security analysis proves the privacy-preservation properties.

Lu Liu,Jingchao Sun,Jianqiang Li,Rong Li,Juan Li,Xi Meng,Huifang Li,Jijiang Yang

DOI: https://doi.org/10.1109/SmartCity.2015.205

2015-01-01

Abstract:With the development of healthcare industry, healthcare informatization provides great potential for the health-care improvement. The cloud computing platform, which is an important infrastructure for the inter( intra)-organization collaboration, provides a shared storage space to the medical data sharing. For the privacy protection of medical data, sensitive data has to be encrypted before being transmitted to the cloud, which makes it more challenging to use these data in the cloud. For strengthening the utilization of encrypted cloud data, various encrypted search technologies are widely studied. However, these existing searchable encryption schemes may not enforce users' demands well. This paper proposes a privacy enhanced search approach for cloud-based medical data sharing. The proposed solution implements a hybrid search approach, where the search process is conducted across plaintext and ciphertext. Moreover, the enhanced access control can ensure the privacy protection of cloud data. The empirical experiments illustrate the effectiveness of our solution.

J. Monisha Privthy Jeba,K. Vivekrabinson,B. Shanmuga Raja,N. Sundareswaran,M. Vijay

DOI: https://doi.org/10.1504/ijahuc.2024.137598

2024-03-29

International Journal of Ad Hoc and Ubiquitous Computing

Abstract:Searchable encryption is a method which permits cloud servers to recover consumers' requested data even when the contents are encrypted. However, many current searchable encryption algorithms only offer single keyword recovery and are subject to keyword guessing attacks. This work presents a blockchain-based multi-keyword searchable encryption technique based on a certificateless approach. Further, we employ attribute-based encryption to protect sensitive information and a certificateless cryptosystem to encode keywords. The encrypted files are uploaded to the cloud, whereas the encoded keyword indexes are kept on the blockchain, assuring the encrypted indexes' tamper resistance. Our approach also supports multi-keyword search over encrypted data. We created a fair payment smart contract to support the exchange of service costs with the owner of the information and the cloud service provider in the event of successful search results. The study reveals that our technique outperforms other related techniques in terms of computing efficiency.

computer science, information systems,telecommunications

Jianhong Zhang,Peirong Ou

DOI: https://doi.org/10.3390/s19153370

IF: 3.9

2019-07-31

Sensors

Abstract:Nowadays, the widely deployed and high performance Internet of Things (IoT) facilitates the communication between its terminal nodes. To enhance data sharing among terminal devices and ensure the recipients’ privacy protection, a few anonymous multi-recipient broadcast encryption (AMBE) proposals are recently given. Nevertheless, the majority of these AMBE proposals are only proven be securely against adaptively chosen plain-text attack (CPA) or selectively chosen ciphertext attack (CCA). Furthermore, all AMBE proposals are subjected to key escrow issue due to inherent characteristics of the ID-based public cryptography (ID-PKC), and cannot furnish secure de-duplication detection. However, for cloud storage, it is very important for expurgating duplicate copies of the identical message since de-duplication can save the bandwidth of network and storage space. To address the above problems, in the work, we present a privacy-preserving multi-receiver certificateless broadcast encryption scheme with de-duplication (PMCBED) in the cloud-computing setting based on certificateless cryptography and anonymous broadcast encryption. In comparison with the prior AMBE proposals, our scheme has the following three characteristics. First, it can fulfill semantic security notions of data-confidentiality and receiver identity anonymity, whereas the existing proposals only accomplish them by formalizing the weaker security models. Second, it achieves duplication detection of the ciphertext for the identical message encrypted with our broadcast encryption. Finally, it also avoids the key escrow problem of the AMBE schemes.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Shuanggen Liu,Hailun Pan,Xu An Wang,Siyi Zhao,Qing Li

DOI: https://doi.org/10.1016/j.sysarc.2024.103100

IF: 5.836

2024-03-08

Journal of Systems Architecture

Abstract:Medical data sharing is essential for the advancement of medical research, but the existence of malicious encryptors and malicious users poses a major challenge to the seamless sharing of information among healthcare providers. We proposed a traceable and revocable broadcast encryption scheme for preventing malicious encryptors in the Medical Internet of Things (MIoT). In 2023, Wang et al. first proposed the concept of malicious encryptor for broadcast encryption and trator tracing, and they constructed a scheme for preventing this attack. The malicious encryptor is reasonable in real broadcast encryption systems because the encryptor is not always the same as the digital content provider. When digital content providers for medical institutions want to share sensitive medical data, the employees may implement encryption. Then the employees may plant some trapdoors and sell to the black market, which can be used to construct pirated boxes. To resist malicious encryptor attacks, we rely on the uniform distribution of the output of the secure cryptographic hash function to generate the randomness needed for encryption. To prevent malicious users from selling their private keys to attackers, we set up public tracing and revocation mechanisms. Meanwhile, we enable digital content providers to share common encrypted data to different groups of authorized users protected by privacy, while also sharing individual data to designated consumers of those groups. Under the decision q -parallel BDHE assumption without random oracles, our construction is demonstrated to be adaptive IND-CPA secure. Since we have a compact communication bandwidth, a constant user secret key size, and only three bilinear operations are needed for decryption to recover the encrypted broadcast message, our scheme does not add much overhead and is therefore practical.

computer science, software engineering, hardware & architecture

Mamta,Brij B. Gupta,Kuan-Ching Li,Victor C. M. Leung,Kostas E. Psannis,Shingo Yamaguchi

DOI: https://doi.org/10.1109/jas.2021.1004003

2021-12-01

IEEE/CAA Journal of Automatica Sinica

Abstract:The concept of sharing of personal health data over cloud storage in a healthcare-cyber physical system has become popular in recent times as it improves access quality. The privacy of health data can only be preserved by keeping it in an encrypted form, but it affects usability and flexibility in terms of effective search. Attribute-based searchable encryption (ABSE) has proven its worth by providing fine-grained searching capabilities in the shared cloud storage. However, it is not practical to apply this scheme to the devices with limited resources and storage capacity because a typical ABSE involves serious computations. In a healthcare cloud-based cyber-physical system (CCPS), the data is often collected by resource-constraint devices; therefore, here also, we cannot directly apply ABSE schemes. In the proposed work, the inherent computational cost of the ABSE scheme is managed by executing the computationally intensive tasks of a typical ABSE scheme on the blockchain network. Thus, it makes the proposed scheme suitable for online storage and retrieval of personal health data in a typical CCPS. With the assistance of blockchain technology, the proposed scheme offers two main benefits. First, it is free from a trusted authority, which makes it genuinely decentralized and free from a single point of failure. Second, it is computationally efficient because the computational load is now distributed among the consensus nodes in the blockchain network. Specifically, the task of initializing the system, which is considered the most computationally intensive, and the task of partial search token generation, which is considered as the most frequent operation, is now the responsibility of the consensus nodes. This eliminates the need of the trusted authority and reduces the burden of data users, respectively. Further, in comparison to existing decentralized fine-grained searchable encryption schemes, the proposed scheme has achieved a significant reduction i- storage and computational cost for the secret key associated with users. It has been verified both theoretically and practically in the performance analysis section.

Bin Wu,Caifen Wang,Hailong Yao

DOI: https://doi.org/10.1371/journal.pone.0230722

IF: 3.7

2020-04-09

PLoS ONE

Abstract:With the rapid development of informatization, an increasing number of industries and organizations outsource their data to cloud servers, to avoid the cost of local data management and to share data. For example, industrial Internet of things systems and mobile healthcare systems rely on cloud computing's powerful data storage and processing capabilities to address the storage, provision, and maintenance of massive amounts of industrial and medical data. One of the major challenges facing cloud-based storage environments is how to ensure the confidentiality and security of outsourced sensitive data. To mitigate these issues, He et al. and Ma et al. have recently independently proposed two certificateless public key searchable encryption schemes. In this paper, we analyze the security of these two schemes and show that the reduction proof of He et al.'s CLPAEKS scheme is incorrect, and that Ma et al.'s CLPEKS scheme is not secure against keyword guessing attacks. We then propose a channel-free certificateless searchable public key authenticated encryption (dCLPAEKS) scheme and prove that it is secure against inside keyword guessing attacks under the enhanced security model. Compared with other certificateless public key searchable encryption schemes, this scheme has higher security and comparable efficiency.

Yanzhong Sun,Xiaoni Du,Shufen Niu,Xiaodong Yang

DOI: https://doi.org/10.32604/cmes.2023.043589

2024-01-01

Computer Modeling in Engineering & Sciences

Abstract:Traditional email systems can only achieve one-way communication, which means only the receiver is allowed to search for emails on the email server. In this paper, we propose a blockchain-based certificateless bidirectional authenticated searchable encryption model for a cloud email system named certificateless authenticated bidirectional searchable encryption (CL-BSE) by combining the storage function of cloud server with the communication function of email server. In the new model, not only can the data receiver search for the relevant content by generating its own trapdoor, but the data owner also can retrieve the content in the same way. Meanwhile, there are dual authentication functions in our model. First, during encryption, the data owner uses the private key to authenticate their identity, ensuring that only legal owner can generate the keyword ciphertext. Second, the blockchain verifies the data owner’s identity by the received ciphertext, allowing only authorized members to store their data in the server and avoiding unnecessary storage space consumption. We obtain a formal definition of CL-BSE and formulate a specific scheme from the new system model. Then the security of the scheme is analyzed based on the formalized security model. The results demonstrate that the scheme achieves multi-keyword ciphertext indistinguishability and multi-keyword trapdoor privacy against any adversary simultaneously. In addition, performance evaluation shows that the new scheme has higher computational and communication efficiency by comparing it with some existing ones.

engineering, multidisciplinary,mathematics, interdisciplinary applications

Xiaodong Yang,Tian Tian,Jiaqi Wang,Caifen Wang

DOI: https://doi.org/10.1007/s12083-022-01345-0

2022-07-25

Abstract:Nowadays, with the rapid development of smart health-care based on electronic health records, it remarkably supplies a promising way to alleviate the shortage of medical resources and improve medical efficiency. Meanwhile, data in electronic health records are sensitive and require protection against unauthorized access. However, most previous electronic health records sharing schemes are vulnerable to data leakage and forgery. To address these challenging problems, we propose a new electronic health record sharing scheme. We use the certificateless cryptosystem to encrypt keywords, which solves the certificate management problem and key escrow problem. The proposed scheme also supports multi-user search and the user authorization table can be used to modify access permissions of medical data users. Besides, the root values of the Merkle trees are written into the blockchain to ensure anti-tampering, integrity and traceability of search results. Moreover, a smart contract enables a fair transaction between cloud server provider and medical data users without trusted third parties. We prove that the proposed scheme is secure against the keyword guessing attack in the random oracle model. Furthermore, performance analysis demonstrates that our scheme has greater computational efficiency compared with other related schemes.

computer science, information systems,telecommunications

Chuang Li,Chunxiang Xu,Shanshan Li,Kefei Chen,Yinbin Miao

DOI: https://doi.org/10.1109/tcc.2021.3071779

IF: 5.697

2021-01-01

IEEE Transactions on Cloud Computing

Abstract:With cloud services, data users can retrieve encrypted data while preserving data confidentiality. However, this new paradigm suffers from many security concerns. A major concern is how to avoid insider Keyword-Guessing Attacks (KGA), which implies that the internal attackers can guess the candidate keywords successfully in an off-line manner. To address this issue, recently, two verifiable searchable encryption schemes (published in IEEE Transactions on Cloud Computing, doi: 10.1109/TCC.2020.2989296) in cloud storage were proposed which enjoys many desirable features. In this letter, we demonstrate that the schemes are insecure against insider keyword-guessing attack. Specifically, we show that the adversary can derive the keywords in an off-line manner.

computer science, information systems, theory & methods

Chunwei Lou,Mingsheng Cao,Yaohua Luo,Hua Xu,Yuan Gao,Weiwei Wang,Dong Wang

DOI: https://doi.org/10.1109/access.2020.2980886

IF: 3.9

2024-01-01

IEEE Access

Abstract:Key-aggregate keyword retrieval primitive enables a cloud server on behalf of delegated users to securely perform a keyword search over the data encrypted with various public keys. However, existing key-aggregate searchable encryption schemes are insecure against keyword guessing attacks, which result in the privacy leakage of keyword ciphertext and trapdoor. In this paper, we for the first time formulate a secure and efficient key-aggregate searchable encryption for cloud-assisted IoT applications, which not only enables a data owner to securely share the selected documents to multiple users, but also supports data users in delegating the capability of keyword search to a cloud server for searching the desired documents without leaking any privacy of keyword ciphertext and trapdoor. Then, the security of the proposed scheme is formally defined and proven to be secure against the indistinguishable selective-file chosen keyword attacks. The flexibility and practicability of the formulated scheme is also demonstrated by theoretical evaluations and experimental simulations.

Hancheng Gao,Haiping Huang,Lingyan Xue,Fu Xiao,Qi Li

DOI: https://doi.org/10.1109/jiot.2023.3279893

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:The integration of Internet of Things (IoT) with cloud-edge computing in cyber-physical systems has revolutionized the way healthcare enterprises manage electronic health records (EHRs). With more healthcare enterprises outsourcing encrypted EHRs to the cloud, searchable encryption is utilized to retrieve encrypted data, especially attribute-based searchable encryption (ABSE) can achieve fine-grained access control. However, ABSE usually requires a lot of computation, which imposes a serious burden on resource-limited devices. Moreover, ensuring fairness in data access is crucial in the healthcare domain, where both data users and owners may have conflicting interests. In order to overcome these problems, this paper proposes a searchable encryption scheme with fine-grained access control for cloud-based EHRs sharing assisted by blockchain. It transfers computing tasks to edge servers and enables users to control who has access to their EHRs. The adoption of blockchain and smart contracts guarantees data integrity and transaction fairness. Moreover, a consensus algorithm is designed for the higher efficiency of the proposed scheme. Finally, security analysis proves the proposed scheme resists adaptive chosen keyword attacks (CKA). Performance analysis further confirms it has more functionalities and is efficient for smart healthcare.

computer science, information systems,telecommunications,engineering, electrical & electronic

Qian Wang,Chengzhe Lai,Rongxing Lu,Dong Zheng

DOI: https://doi.org/10.1109/tcc.2021.3120110

IF: 5.697

2021-01-01

IEEE Transactions on Cloud Computing

Abstract:Outsourcing medical data to healthcare cloud has become a popular trend. Since medical data of patients contain sensitive personal information, they should be encrypted before outsourcing. However, information retrieval methods based on plaintext cannot be directly applied to encrypted data. In this article, we present a new cryptographic primitive named conjunctive keyword search with secure channel free and autonomous path delegation function (AP-SCF-PECKS), which can be applied in scenarios where patients want to search for and autonomous delegate their private medical information without revealing their private key. Particularly, the proposed solution allows patients to set up multi-hop delegation path with their preferences, and the delegated doctors in the path can search for and access the patient’s private medical information with priority from high to low. Patients can ensure that authorized doctors are always trustworthy, and unauthorized users cannot obtain the private medical information of patients. Moreover, the scheme supports the conjunctive keyword search, secure channel free, and is secure against chosen keyword attack, chosen ciphertext attack, and keyword guessing attack. The security of proposed scheme has been formally proved in the standard model. Finally, the performance evaluations demonstrate that the overhead of proposed scheme are modest for healthcare cloud scenarios.

computer science, information systems, theory & methods

Haorui Du,Jianhua Chen,Ming Chen,Cong Peng,Debiao He

DOI: https://doi.org/10.1155/2022/2336685

2022-10-21

Wireless Communications and Mobile Computing

Abstract:Outsourcing data to cloud services is a good solution for users with limited computing resources. Privacy and confidentiality of data is jeopardized when data is transferred and shared in the cloud. The development of searchable cryptography offers the possibility to solve these problems. Symmetric searchable encryption (SSE) is popular among researchers because it is efficient and secure. SSE often requires the data sender and data receiver to use the same key to generate key ciphertext and trapdoor, which will obviously cause the problem of key management. Searchable encryption based on public key can simplify the key management problem. A public key encryption scheme with keyword search (PEKS) allows multiple senders to encrypt keywords under the receiver's public key. It is vulnerable to keyword guessing attacks (KGA) due to the small size of the keywords. The proposal of public key authenticated encryption with keyword search (PAEKS) is mainly to resist inside keyword guessing attacks. The previous security models do not involve the indistinguishability of the same keywords ( w 0 × × = w 1 ), which brings the user's search pattern easy to leak. The essential reason is that the trapdoor generation algorithm is deterministic. At the same time, most of the existing schemes use bilinear pair design, which greatly reduces the efficiency of the scheme. To address these problems, the paper introduces an improved PAEKS model. We design a lightweight public key authentication encryption scheme based on the Diffie-Hellman protocol. Then, we prove the ciphertext indistinguishability security and trapdoor indistinguishability security of the scheme in the improved security model. Finally, the paper demonstrates its comparable security and computational efficiency by comparing it with previous PAEKS schemes. Meanwhile, we conduct an experimental evaluation based on the cryptographic library. Experimental results show that the computational overhead of our scheme compared with the ciphertext generation algorithm, trapdoor generation algorithm and test algorithm of other schemes Our scheme reduces 274, 158 and 60 times, respectively.

computer science, information systems,telecommunications,engineering, electrical & electronic

Ming Li,Shucheng Yu,Kui Ren,Wenjing Lou,Y. Thomas Hou

DOI: https://doi.org/10.1109/mnet.2013.6574666

IF: 10.294

2013-01-01

IEEE Network

Abstract:Cloud computing is envisioned as the next generation architecture of IT enterprises, providing convenient remote access to massively scalable data storage and application services. While this outsourced storage and computing paradigm can potentially bring great economical savings for data owners and users, its benefits may not be fully realized due to wide concerns of data owners that their private data may be involuntarily exposed or handled by cloud providers. Although end-to-end encryption techniques have been proposed as promising solutions for secure cloud data storage, a primary challenge toward building a full-fledged cloud data service remains: how to effectively support flexible data utilization services such as search over the data in a privacy-preserving manner. In this article, we identify the system requirements and challenges toward achieving privacy-assured searchable outsourced cloud data services, especially, how to design usable and practically efficient search schemes for encrypted cloud storage. We present a general methodology for this using searchable encryption techniques, which allows encrypted data to be searched by users without leaking information about the data itself and users' queries. In particular, we discuss three desirable functionalities of usable search operations: supporting result ranking, similarity search, and search over structured data. For each of them, we describe approaches to design efficient privacy-assured searchable encryption schemes, which are based on several recent symmetric-key encryption primitives. We analyze their advantages and limitations, and outline the future challenges that need to be solved to make such secure searchable cloud data service a reality.