Yuanhao Wang,Yuzhao Cui,Qiong Huang,Hongbo Li,Jianye Huang,Guomin Yang

DOI: https://doi.org/10.1109/ACCESS.2020.2973459

IF: 3.9

2020-01-01

IEEE Access

Abstract:Sensitive data would be encrypted before uploading to the cloud due to the privacy issue. However, how to compare the encrypted data efficiently becomes a problem. Public Key Encryption with Equality Test (PKEET) provides an efficient way to check whether two ciphertexts (of possibly different users) contain the same message without decryption. As an enhanced variant, Attribute-based Encryption with Equality Test (ABEET) provides a flexible mechanism of authorization on the equality test. Most of the existing ABEET schemes are only proved to be secure in the random oracle model. Their security, however, would not be guaranteed if random oracles are replaced with real-life hash functions. In this work, we propose a construction of CP-ABEET scheme and prove its security based on some reasonable assumptions in the standard model. We then show how to modify the scheme to outsource complex computations in decryption and equality test to a third-party server in order to support thin clients.

Yuanhao Wang,Qiong Huang,Hongbo Li,Meiyan Xiao,Jianye Huang,Guomin Yang

DOI: https://doi.org/10.1007/978-3-030-90402-9_3

2021-01-01

Abstract:The rise of cloud computing is driving the development in various fields and becoming one of the hot topics in recent years. To solve the problem of comparing ciphertexts between different users in cloud storage, Public Key Encryption with Equality Test (PKEET) was proposed. In PKEET, a tester can determine whether two ciphertexts encrypted with different public keys contain the same message without decrypting the ciphertexts. However, PKEET only supports exact matching, which may not be practical when two messages have misspellings, formatting differences, or differences in the data itself. Therefore, to support fuzzy matching, in this paper we propose the concept of Public Key Encryption with Fuzzy Matching (PKEFM), which allows to determine whether the edit distance between two encrypted messages is less than a threshold value. PKEFM can be well applied to support fuzzy data comparison in encrypted e-mail systems or encrypted gene testing. We then modify the scheme to provide the decryption function, and support (encrypted) wildcards in the matching, in order to further improve the generality of PKEFM at the cost of a small amount of extra computation.

Hao Lin,Fei Gao,Hua Zhang,Zhengping Jin,Wenmin Li,Qiaoyan Wen

DOI: https://doi.org/10.1109/jsyst.2021.3106701

IF: 4.802

2022-03-01

IEEE Systems Journal

Abstract:In cloud storage, public key encryption with equality test (PKEET) is suitable for testing whether two ciphertexts generated from different public keys contain the same message without decryption. Recently, (Y. J. Wang et al., 2019) have proposed a public key signcryption scheme with designated equality test (PKS-DET). In this scheme, since the public key of the tester is used in the encryption, the tester needs to use its secret key to test the ciphertexts. Without trapdoor, PKS-DET prevents the attacker from testing the user's ciphertexts with the stolen trapdoor. Therefore, the privacy of the user can be protected. However, if the user in the PKS-DET wants to authorize the other tester to test his/her ciphertexts for some reason, the message needs to be encrypted again by the public key of the other tester. This will lead to higher computational complexity. Hence, the PKS-DET is not flexible to authorize multiple testers. In this article, we propose a construction of PKEET supporting flexible designated authorization (PKEET-FDA). The user in our PKEET-FDA can adaptively authorize multiple testers to test his/her ciphertexts, and each authorized tester must use its secret key to perform equality test for the ciphertexts. More importantly, the user does not need to encrypt the message repeatedly any more. We demonstrate the security of PKEET-FDA under two types of adversaries. Compared with the related efficient PKEET schemes, PKEET-FDA satisfies high efficiency from the point of view of the user. In terms of storage requirement, our construction is superior to the PKS-DET.

computer science, information systems,telecommunications,engineering, electrical & electronic,operations research & management science

Mujeeb-ur- Rehman Jamali,Shahmurad Chandio,Nadeem Ahmed Kanasro

DOI: https://doi.org/10.21015/vtse.v11i1.1391

2023-03-26

VFAST Transactions on Software Engineering

Abstract:E-commerce and mobile commerce are two new business methodologies that utilize the cloud. A new technology called cloud computing uses the Internet to process and store data from a network of distant computers that are dispersed around the globe. Any online transaction must have security as a necessary component. Therefore, one of the main issues with the cloud is security. If electronic commerce's security is breached, customers can lose trust in it. An unauthorized individual should not have access to or be able to intercept a customer's personal information while it is being transmitted. Data integrity is a major problem since personal information shouldn't be changed before, during, or even after it is at rest on the network. The suggested solution ensures the protection of personal data and the avoidance of security problems. We have developed a solution in this study to address issues with privacy, confidentiality, and the integrity of data stored in the cloud, among other security-related issues. The suggested method employs over-encryption that is double encryption, to avoid the various security issues. It can be inferred from the results that ECC (secp256r1) utilised less time for encryption operation as compared to others asymmetric algorithms with small dispersion from means and recorded results behaviour of data is consistent because data point tends to be very close, Decryption operation ElGamal during of time was smaller than ECC and RSA with small consistent behaviour.

Huijun Zhu,Qingji Xue,Tianfeng Li,Dong Xie

DOI: https://doi.org/10.3390/e24030309

2022-02-22

Abstract:Public key encryption supporting equality test (PKEwET) schemes, because of their special function, have good applications in many fields, such as in cloud computing services, blockchain, and the Internet of Things. The original PKEwET has no authorization function. Subsequently, many PKEwET schemes have been proposed with the ability to perform authorization against various application scenarios. However, these schemes are incapable of traceability to the ciphertexts. In this paper, the ability of tracing to the ciphertexts is introduced into a PKEwET scheme. For the ciphertexts, the presented scheme supports not only the equality test, but also has the function of traceability. Meanwhile, the security of the proposed scheme is revealed by a game between an adversary and a simulator, and it achieves a desirable level of security. Depending on the attacker's privileges, it can resist OW-CCA security against an adversary with a trapdoor, and can resist IND-CCA security against an adversary without a trapdoor. Finally, the performance of the presented scheme is discussed.

Yuanhao Wang,Qiong Huang,Hongbo Li,Jianye Huang,Guomin Yang,Willy Susilo

DOI: https://doi.org/10.1109/access.2019.2940646

IF: 3.9

2019-01-01

IEEE Access

Abstract:Due to the massive growth of data and security concerns, data of patients would be encrypted and outsourced to the cloud server for feature matching in various medical scenarios, such as personal health record systems, actuarial judgments and diagnostic related groups. Public key encryption with equality test (PKEET) is a useful utility for encrypted feature matching. Authorized tester could perform data matching on encrypted data without decrypting. Unfortunately, due to the limited terminology in medicine, people within institutions may illegally use data, trying to obtain information through traversal methods. In this paper we propose a new PKEET notion, called public-key authenticated encryption with designated equality test (PKAE-DET), which could resist this kind of attacks launched by an inside adversary, known as offline message recovery attacks (OMRA). We propose a concrete construction of PKAE-DET, which only requires one single server to perform the feature matching job securely, and does not require any group mechanism. We prove its security based on some simple mathematical assumptions. Experimental results show that our scheme has efficiency comparable with those PKEET schemes which do not resist OMRA attacks or require group mechanism. We further show how our scheme could be effectively used in diagnostic related groups in medicine, demonstrating its practicability.

Dung Hoang Duong,Kazuhide Fukushima,Shinsaku Kiyomoto,Partha Sarathi Roy,Arnaud Sipasseuth,Willy Susilo

DOI: https://doi.org/10.48550/arXiv.2005.05308

2020-05-10

Abstract:Public key encryption with equality test (PKEET) supports to check whether two ciphertexts encrypted under different public keys contain the same message or not. PKEET has many interesting applications such as keyword search on encrypted data, encrypted data partitioning for efficient encrypted data management, personal health record systems, spam filtering in encrypted email systems and so on. However, the PKEET scheme lacks an authorization mechanism for a user to control the comparison of its ciphertexts with others. In 2015, Ma et al. introduce the notion of PKEET with flexible authorization (PKEET-FA) which strengthens privacy protection. Since 2015, there are several follow-up works on PKEET-FA. But, all are secure in the random-oracle model. Moreover, all are vulnerable to quantum attacks. In this paper, we provide three constructions of quantum-safe PKEET-FA secure in the standard model. Proposed constructions are secure based on the hardness assumptions of integer lattices and ideal lattices. Finally, we implement the PKEET-FA scheme over ideal lattices.

Cryptography and Security

Nanjing University,Wang Ming,Zhong Hong,Zhong Sheng

DOI: https://doi.org/10.1007/s11704-020-9396-2

IF: 2.6688

2021-01-01

Frontiers of Computer Science

Abstract:1 Introduction With the rapid development of cloud computing,more and more data are stored in cloud servers as cyphertexts for stor-age[1,2].However,it faces enormous challenges regarding ci-phertext analysis.For example,in the cloud medical services,authorized medical institutions(AMIs)need analyze medical records to figure out gender and age information on patients with the same disease.On account of privacy protection for pa-tients,hospitals should encrypt each medical record,and upload the ciphertext to the cloud server,followed by the application of public key encryption with equality test(PKEET)[3,4]to get the encrypted medical records with the same disease.However,frequent operations of equality testing will result in off-line key-word guessing attacks(KGAs)[5],thus making insider attack-ers snatch users'confidential information because the keyword space of diseases is far smaller than key space.

Yunhong Zhou,Na Li,Yanmei Tian,Dezhi An,Licheng Wang

DOI: https://doi.org/10.3390/e22040421

2020-04-08

Abstract:With the popularization of cloud computing, many business and individuals prefer to outsource their data to cloud in encrypted form to protect data confidentiality. However, how to search over encrypted data becomes a concern for users. To address this issue, searchable encryption is a novel cryptographic primitive that enables user to search queries over encrypted data stored on an untrusted server while guaranteeing the privacy of the data. Public key encryption with keyword search (PEKS) has received a lot of attention as an important branch. In this paper, we focus on the development of PEKS in cloud by providing a comprehensive research survey. From a technological viewpoint, the existing PEKS schemes can be classified into several variants: PEKS based on public key infrastructure, PEKS based on identity-based encryption, PEKS based on attribute-based encryption, PEKS based on predicate encryption, PEKS based on certificateless encryption, and PEKS supporting proxy re-encryption. Moreover, we propose some potential applications and valuable future research directions in PEKS.

Tatsuya Suzuki,Keita Emura,Toshihiro Ohigashi

DOI: https://doi.org/10.1007/s10916-019-1244-2

IF: 4.92

2019-03-28

Journal of Medical Systems

Abstract:To provide a search functionality for encrypted data, public key encryption with keyword search (PEKS) has been widely recognized. In actual usage, a PEKS scheme should be employed with a PKE scheme since PEKS itself does not support the decryption of data. Since a naive composition of a PEKS ciphertext and a PKE ciphertext does not provide CCA security, several attempts have been made to integrate PEKS and PKE in a joint CCA manner (PEKS/PKE for short). In this paper, we further extend these works by integrating secure-channel free PEKS (SCF-PEKS) and PKE, which we call SCF-PEKS/PKE, where no secure channel is required to send trapdoors. We give a formal security definition of SCF-PEKS/PKE in a joint CCA manner, and propose a generic construction of SCF-PEKS/PKE based on anonymous identity-based encryption, tag-based encryption, and one-time signature. We also strengthen the current consistency definition according to the secure-channel free property, and show that our construction is strongly consistent if the underlying IBE provides unrestricted strong collision-freeness which is defined in this paper. We also show that such an IBE scheme can be constructed by employing the Abdalla et al. transformations (TCC 2010/J. Cryptology 2018). Finally, as an application of SCF-PEKS/PKE, we strengthen the security of encrypted Electronic Medical Record (EMR) system proposed by Guo and Yau (J. Medical Sys. 2015).

health care sciences & services,medical informatics

Feng Bao,Robert H. Deng,Peirong Feng

DOI: https://doi.org/10.1007/3-540-45247-8_13

2001-01-01

Abstract:It is commonly acknowledged that customers’ privacy in electronic commerce should be well protected. The solutions may come not only from the ethics education and legislation, but also from cryptographic technologies. In this paper we propose and analyze a privacy protection scheme for e-commerce of digital goods. The scheme takes cryptography as its technical means to realize privacy protection for online customers. It is efficient in both computational cost and communication cost. It is very practical for real e-commerce systems compared with previous solutions. The cryptographic technique presented in this paper is rather simple. But the scheme has great application potential in reality. We give careful security analysis to the scheme.

Yang Lu,Jiguo Li

DOI: https://doi.org/10.1109/tcc.2023.3305370

IF: 5.697

2023-01-01

IEEE Transactions on Cloud Computing

Abstract:With the excessive growth of data and the rapid development of cloud technology, cloud adoption is expanding rapidly nowadays. To achieve the purpose of privacy protection, the cloud data may be transmitted, stored and retrieved in enciphered form. Public key searchable encryption (PKSE) provides a feasible solution for efficient retrieval over enciphered data without decryption. However, traditional PKSE suffers from some problems, such as keyword guessing (KG) attack and unauthorized ciphertext retrieval. In this paper, we present a practical PKSE scheme named forward public key authenticated encryption with field-free conjunctive keyword search (FW-PAE-FCKS). The scheme enjoys several good properties (e.g., flexible multi-keyword search with no keyword fields, forward ciphertext retrieval) and can effectively withstand the KG attack and the unauthorized ciphertext retrieval. Moreover, the executive overhead of the scheme is very friendly to the user terminals with limited resources as it totally avoids the operations with high computation cost (such as hash-to-point, bilinear pairing) on the user side. Based on the infeasibility assumption of the hash Diffie-Hellman problem, we formally prove its security without using the random oracle. Comparison analysis and experimental results show that it outperforms the existing related schemes.

computer science, information systems, theory & methods

Kaibin Huang,Raylin Tso,Yu-Chi Chen,Wangyu Li,Hung-Min Sun

DOI: https://doi.org/10.1007/978-3-319-11698-3_45

2014-01-01

Abstract:We proposed a new public key encryption scheme with equality test (PKEET), which stands for a public key encryption scheme with comparable ciphertext. The equivalence among ciphertext under PKEET schemes can be verified without decryption. In some PKEET algorithms like Tang's AoN-PKEET, which is called authorization-based PKEET, the equality test functionality is restricted to some authorized users: only users who own authorities are able to perform equality test functions. For the best of our knowledge, the authorities of all existing authorization-based PKEET schemes are valid for all ciphertext encrypted under the same public key. Accurately, we propose a CBA-PKEET scheme following Tang's AoN-PKEET scheme, which means a PKEET scheme with ciphertext-binded authorities (CBA). Each ciphertext-binded authority is valid for a specific ciphertext, rather than all ciphertext encrypted under the same public key. Then, we compare the features and efficiency between our CBA-PKEET and some existing authorization-based PKEET schemes. Finally, the security of CBA-PKEET is proved in the random oracle model based on the some hard problems.

Jingwei Lu,Hongbo Li,Jianye Huang,Sha Ma,Man Ho Allen Au,Qiong Huang

DOI: https://doi.org/10.1016/j.csi.2023.103759

IF: 3.721

2024-01-01

Computer Standards & Interfaces

Abstract:It is tricky to determine whether two ciphertexts contain the same message when the messages are encrypted with different public keys. public key encryption with equality test (PKEET) addresses this problem without decryption. By integrating PKEET with identity-based encryption, identity-based encryption with equality test (IBEET) simplifies the certificate management in PKEET. In this paper, we first propose an IBEET scheme that can resist offline message recovery attacks (OMRA) and requires neither the dual-tester setting nor the group mechanism. With the help of some mathematical assumptions, we demonstrate the security of our scheme. Experiment results reveal that our scheme is efficient. From the perspective of usability, we explain why our scheme is more appropriate to be applied in healthcare social Apps than other OMRA-resistant schemes.

Axin Wu,Fagen Li,Xiangjun Xin,Yinghui Zhang,Jianhao Zhu

DOI: https://doi.org/10.1016/j.sysarc.2024.103104

IF: 5.836

2024-03-08

Journal of Systems Architecture

Abstract:Cloud storage offers data users relief from cumbersome management tasks and enhances overall efficiency. However, while it brings convenience, there is also the risk of privacy breaches. To address this, public-key encryption with keyword search (PEKE) presents a solution that balances efficiency, convenience, and security in the context of cloud storage. Nevertheless, PEKS is vulnerable to inside keyword guessing attacks and algorithm substitution attacks, posing a serious threat to its deployment. Cryptographic reverse firewall technique randomizes incoming messages to effectively defend against both types of attacks mentioned earlier through a gateway. However, this approach requires the gateway to store a random number for each keyword, increasing storage costs and potentially exposing keyword information. In response, we propose an improved scheme that inherits the remarkable properties of the method based on cryptographic reverse firewall. Additionally, the proposed scheme eliminates the need for gateways to store random numbers, reducing the management and storage burdens and supports multiple keywords for one document, a feature more aligned with real-world applications. Furthermore, we prove the security of the scheme, which achieves the same security goals as the existing scheme. Finally, we analyze the scheme s efficiency through theoretical analysis and performance evaluation, which demonstrates its efficiency.

computer science, software engineering, hardware & architecture

Kaifeng Xiao,Xinjian Chen,Jianye Huang,Hongbo Li,Qiong Huang

DOI: https://doi.org/10.1016/j.csi.2023.103758

IF: 3.721

2024-01-01

Computer Standards & Interfaces

Abstract:When data security is facing growing threats, ordinary encryption techniques cannot meet the needs of comparing, sharing, and classifying data hidden in ciphertexts. At the same time, the advent of the quantum computing era has brought unprecedented challenges to traditional cryptography. Fortunately, a lattice-based PKEET scheme can solve the above problems. In this paper, we design a lattice-based PKE-DET scheme that can support the delegated tester function with satisfying anti-quantum computing security and resisting OMRA attacks. To the best of our knowledge, this is the first PKE-DET scheme that has both kinds of security at the same time. Under the standard model, we prove the security of the scheme based on the LWE hardness assumption. Compared with existing schemes, our scheme has many advantages, such as high security, delegated tester authorization, and small storage space.

P. Punitha,Lakshmana Kumar,S. Revathi,R. Premalatha,R. S. Aiswarya

DOI: https://doi.org/10.1142/s0218843024500011

2024-03-19

International Journal of Cooperative Information Systems

Abstract:International Journal of Cooperative Information Systems, Ahead of Print. As with IoT devices, cloud computation increases its applicability to other areas that use the information and puts it in a commonplace that is necessary for computing and analysis. These devices need the cloud to store and retrieve data since they are unable to store and process data on their own. Cloud computing offers a variety of services to consumers, including IaaS, PaaS, and SaaS. The usage of cloud resources for data storage that may be accessible by all users associated with cloud computing is a key disadvantage of cloud computing. Without disclosing the data's contents, the usage of Public Key Encryptions with Keyword Search (PEKS) secures publicly encrypted keys against third-party search capabilities that are not trustworthy. PEKs provide a security risk every time Interior Keywords Guessing Attacks (IKGA) are discovered in the system since an unauthorized service estimates the keywords in the trapdoor. This issue can be resolved using various methodologies such as the Certificateless Fleshed Public Key Authenticated Encryption of Keyword Search (CL-HPAEKS), which also uses Altered Elliptic Curve Cryptography (MECC), and the Mutation Centred Flower Pollinations Algorithm (CM-FPA), which uses optimization in keys to be improving the algorithm's performance. The system's security is achieved by adding a Message Fragments 5 (MD5) scramble mechanism. The proposed system achieves system security of 96%, and it takes less time to implement than earlier encryption methods.

computer science, information systems

Haorui Du,Jianhua Chen,Ming Chen,Cong Peng,Debiao He

DOI: https://doi.org/10.1155/2022/2336685

2022-10-21

Wireless Communications and Mobile Computing

Abstract:Outsourcing data to cloud services is a good solution for users with limited computing resources. Privacy and confidentiality of data is jeopardized when data is transferred and shared in the cloud. The development of searchable cryptography offers the possibility to solve these problems. Symmetric searchable encryption (SSE) is popular among researchers because it is efficient and secure. SSE often requires the data sender and data receiver to use the same key to generate key ciphertext and trapdoor, which will obviously cause the problem of key management. Searchable encryption based on public key can simplify the key management problem. A public key encryption scheme with keyword search (PEKS) allows multiple senders to encrypt keywords under the receiver's public key. It is vulnerable to keyword guessing attacks (KGA) due to the small size of the keywords. The proposal of public key authenticated encryption with keyword search (PAEKS) is mainly to resist inside keyword guessing attacks. The previous security models do not involve the indistinguishability of the same keywords ( w 0 × × = w 1 ), which brings the user's search pattern easy to leak. The essential reason is that the trapdoor generation algorithm is deterministic. At the same time, most of the existing schemes use bilinear pair design, which greatly reduces the efficiency of the scheme. To address these problems, the paper introduces an improved PAEKS model. We design a lightweight public key authentication encryption scheme based on the Diffie-Hellman protocol. Then, we prove the ciphertext indistinguishability security and trapdoor indistinguishability security of the scheme in the improved security model. Finally, the paper demonstrates its comparable security and computational efficiency by comparing it with previous PAEKS schemes. Meanwhile, we conduct an experimental evaluation based on the cryptographic library. Experimental results show that the computational overhead of our scheme compared with the ciphertext generation algorithm, trapdoor generation algorithm and test algorithm of other schemes Our scheme reduces 274, 158 and 60 times, respectively.

computer science, information systems,telecommunications,engineering, electrical & electronic

Syeda Wajiha Zahra,Muhammad Nadeem,Ali Arshad,Saman Riaz,Waqas Ahmed,Muhammad Abu Bakr,Amerah Alabrah

DOI: https://doi.org/10.3390/sym16050605

2024-05-14

Symmetry

Abstract:Researchers have created cryptography algorithms that encrypt data using a public or private key to secure it from intruders. It is insufficient to protect the data by using such a key. No research article has identified an algorithm capable of protecting both the data and the associated key, nor has any mechanism been developed to determine whether access to the data is permissible or impermissible based on the authentication of the key. This paper presents a WEDEx-Kerberotic Framework for data protection, in which a user-defined key is firstly converted to a cipher key using the "Secure Words on Joining Key (SWJK)" algorithm. Subsequently, a WEDEx-Kerberotic encryption mechanism is created to protect the data by encrypting it with the cipher key. The first reason for making the WEDEx-Kerberotic Framework is to convert the user-defined key into a key that has nothing to do with the original key, and the length of the cipher key is much shorter than the original key. The second reason is that each ciphertext and key value are interlinked. When an intruder utilizes the snatching mechanism to obtain data, the attacker obtains data or a key unrelated to the original data. No matter how efficient the algorithm is, an attacker cannot access the data when these methods and algorithms are used to protect it. Finally, the proposed algorithm is compared to the previous approaches to determine the uniqueness of the algorithm and assess its superiority to the previous algorithms.

multidisciplinary sciences

Kranthi Kumar Singamaneni,Anil Kumar Budati,Thulasi Bikku

DOI: https://doi.org/10.1007/s11277-024-10908-8

IF: 2.017

2024-03-14

Wireless Personal Communications

Abstract:The Key Policy Attribute-based Encryption (KPABE) standard arises as the utmost appropriate security system for public key encipherment. KP-ABE has been extensively utilized to carry out admittance management resolutions. However, because of its pricey operating expense, it's hard to employ this encipherment standard over networks with limited resources like IoT and IIoT. Fortunately, the cloud must turn into a base framework to accommodate IoT functions; it is fascinating to take advantage of the resources of the cloud to carry out substantial functions related to IoT. We anticipated an effective Quantum KP-ABE framework for cloud-centric IoT apps; in this connection, our proposed approach is centered on using computational storage and power capabilities of cloud-based servers and reliable associate hosts to perform intense functions. A recital evaluation is directed to exhibit the efficacy of the planned framework. The experimental assessment showed that our model's encryption process computation time was 48% faster than existing methods. Memory occupancy efficacy evaluations showed that our approach uses 22% less cloud storage space than conventional standards even with 1 GB of user data. In comparative assessments of enciphered standards, the suggested model's 18% shorter execution time for key generation compared to conventional hash-based standards showed its feasibility for fast cryptographic procedures.

telecommunications