Lin Yao,Xiangwei Kong,Guowei Wu,Qingna Fan,Chi Lin

DOI: https://doi.org/10.1007/s11767-008-0089-5

2010-01-01

Abstract:In pervasive computing environments, users can get services anytime and anywhere, but the ubiquity and mobility of the environments bring new security challenges. The user and the service provider do not know each other in advance, they should mutually authenticate each other. The service provider prefers to authenticate the user based on his identity while the user tends to stay anonymous. Privacy and security are two important but seemingly contradictory objectives. As a result, a user prefers not to expose any sensitive information to the service provider such as his physical location, ID and so on when being authenticated. In this paper, a highly flexible mutual authentication and key establishment protocol scheme based on biometric encryption and Diffie-Hellman key exchange to secure interactions between a user and a service provider is proposed. Not only can a user’s anonymous authentication be achieved, but also the public key cryptography operations can be reduced by adopting this scheme. Different access control policies for different services are enabled by using biometric encryption technique. The correctness of the proposed authentication and key establishment protocol is formally verified based on SVO logic.

Xiaoliang Wang,Liang Bai,Qing Yang,Liu Wang,Frank Jiang

DOI: https://doi.org/10.1016/j.jisa.2019.04.010

IF: 4.96

2019-01-01

Journal of Information Security and Applications

Abstract:With the development of wireless sensor network and internet, ubiquitous eHealth care systems are booming. However, a great deal of data computing and storage processing restrict the scalability of ubiquitous eHealth. As a solution, cloud-based eHealth is coming up. However, using cloud-computing model often causes some privacy concerns. Massive medical data in eHealth system contain numerous sensitive information and electronic health records of users. Meanwhile, if data encryption is adopted to protect privacy, cloud center cannot process data. To solve this problem, a scheme based on fully homomorphism conception for privacy protection and data processing of eHealth is proposed in this paper. Our scheme not only meets the aforementioned dual requirements but also limit the arbitrary actions of patients and doctors.

Jian Zhang,Yang,Yanjiao Chen,Jing Chen,Qian Zhang

DOI: https://doi.org/10.1016/j.comnet.2017.08.019

IF: 5.493

2017-01-01

Computer Networks

Abstract:With the growing popularity of cloud storage, to guarantee the security of outsourced data becomes more and more important. In this paper, we make the first attempt to explore the intrinsic relationship between secure cloud storage and homomorphic encryption scheme, based on which we present a Generic way to design a Secure Cloud Storage protocol, denoted as G-SCS, using any homomorphic encryption scheme (HES). The proposed G-SCS is secure under a definition that satisfy the security requirement of cloud storage. To address various issues in real application scenarios, we further extend the protocol to support deterministic and randomized auditing, data dynamics (i.e., data insertion, deletion and modification), as well as third-party public auditing, while preserving the efficiency and security of the protocol. By instantiating all abstract semantics in G-SCS, we construct three concrete secure cloud storage protocols using RSA-based, Paillier-based and DGHV-based HESs, which are multiplicatively, additively and fully HESs, respectively. We conduct extensive theoretical analysis and experimental evaluations to validate the practicability of the proposed protocol.

Huang Neng

2024-10-22

Abstract:Privacy computing involves the extensive exchange and processing of encrypted data. For the parties involved in these interactions, how to determine the consistency of exchanged data without accessing the original data, ensuring tamper resistance, non-repudiation, quality traceability, indexing, and retrieval during the use of encrypted data, which is a key topic of achieving "Data Availability versus Visibility". This paper proposes a new type of homomorphism: Feature Homomorphism, and based on this feature, introduces a cryptographic scheme for data verification under ciphertext-only conditions. The proposed scheme involves designing a group of algorithms that meet the requirements outlined in this paper, including encryption/decryption algorithms and Feature Homomorphic Algorithm. This group of algorithms not only allows for the encryption and decryption of data but also ensures that the plaintext and its corresponding ciphertext, encrypted using the specified encryption algorithm, satisfy the following property: the eigenvalue of the plaintext obtained using the Feature Homomorphic Algorithm is equal to the eigenvalue of the ciphertext obtained using the same algorithm. With this group of algorithms, it is possible to verify data consistency directly by comparing the eigenvalues of the plaintext and ciphertext without accessing the original data (i.e., under ciphertext-only conditions). This can be used for tamper resistance, non-repudiation, and quality traceability. Additionally, the eigenvalue can serve as a ciphertext index, enabling searchable encryption. This scheme completes a piece of the puzzle in homomorphic encryption. Keywords: Privacy Computing, Data Consistency, Searchable Encryption, Zero-Knowledge Proof, Feature Homomorphism

Cryptography and Security

Luo Yonglong,Huang Liusheng,Yang Wei,Xu Weijiang

2009-01-01

Abstract:Comparing information secretly is the fundamental to secure multiparty computation. The known private comparison protocols without a third party can only resolve the Greater than (GT) problem and can only compare two integers. In this paper, we develop an improved cross products protocol by using the Paillier's additive homomorphic encryption at first. Then, we propose a three-round protocol for solving the private comparison problem in the semi-honest setting based on the property of the cross products. In comparison with the known private comparison protocols, our method can determine whether a > b, a < b or a = b for two numbers a and b by running our proposed protocol only once. Moreover, our protocol can compare two real numbers in addition to integers. The analysis shows that our method is more powerful than previous methods.

Luigi Sgaglione,Luigi Coppolino,Salvatore D'Antonio,Giovanni Mazzeo,Luigi Romano,Domenico Cotroneo,Andrea Scognamiglio

DOI: https://doi.org/10.1109/wetice.2019.00073

2019-06-01

Abstract:In the recent years, we are assisting to an undiminished, and unlikely to stop number of cyber threats, that have increased the organizations/companies interest about security concerns. Further, the rising costs of an efficient IT security staff and environment is posing a significant challenge. These have created a new fast growing trend named Managed Security Services (MSS). Often customers turn to MSS providers to alleviate the pressures they face daily related to information security. One of the most critical aspect, related to the outsourcing of security issues, is privacy. Security monitoring and in general security services require access to as much data as possible, in order to provide an effective and reliable service. It is the well known conflict between privacy and security, a particularly evident problem in security monitoring solutions. This paper analyzes a scenario of MSS in order to provide a privacy preserving solution that allows the security monitoring without violating the privacy requirements. The basic idea relies on the usage of the Homomorphic Encryption technology. Encrypting data using homomorphic schemes, cloud computing and MSS providers can perform different computations on encrypted data without ever having access to their decryption. This solution keeps data confidential and secured, not only during exchange and storage, but also during processing. We provide an ad-hoc Intrusion Detection System architecture for privacy preserving security monitoring, considering as counter threats Code Injection attacks on homomorphically encrypted fields.

Khoa Nguyen,Mindaugas Budzys,Eugene Frimpong,Tanveer Khan,Antonis Michalas

2024-09-10

Abstract:Machine Learning (ML) has become one of the most impactful fields of data science in recent years. However, a significant concern with ML is its privacy risks due to rising attacks against ML models. Privacy-Preserving Machine Learning (PPML) methods have been proposed to mitigate the privacy and security risks of ML models. A popular approach to achieving PPML uses Homomorphic Encryption (HE). However, the highly publicized inefficiencies of HE make it unsuitable for highly scalable scenarios with resource-constrained devices. Hence, Hybrid Homomorphic Encryption (HHE) -- a modern encryption scheme that combines symmetric cryptography with HE -- has recently been introduced to overcome these challenges. HHE potentially provides a foundation to build new efficient and privacy-preserving services that transfer expensive HE operations to the cloud. This work introduces HHE to the ML field by proposing resource-friendly PPML protocols for edge devices. More precisely, we utilize HHE as the primary building block of our PPML protocols. We assess the performance of our protocols by first extensively evaluating each party's communication and computational cost on a dummy dataset and show the efficiency of our protocols by comparing them with similar protocols implemented using plain BFV. Subsequently, we demonstrate the real-world applicability of our construction by building an actual PPML application that uses HHE as its foundation to classify heart disease based on sensitive ECG data.

Cryptography and Security

Zhishuo Zhang,Wei Zhang,Zhiguang Qin

DOI: https://doi.org/10.1016/j.future.2021.04.022

IF: 7.307

2021-01-01

Future Generation Computer Systems

Abstract:In recent years, to address the security defect that the explicit attribute values in access policies may reveal the privacy, a new variant of ciphertext-policy attribute-based encryption(CP-ABE)——hidden policy CP-ABE (HP-CP-ABE) is proposed in some recent works. But there are two tremendous flaws in most existing HP-CP-ABE schemes. The one issue is that an attacker can launch the attribute values guessing attacks (AVGA) to detect the attribute values in access policies of many HP-CP-ABE schemes. And another issue is that, if the HP-CP-ABE schemes are using the “Linear Secret Sharing Schemes (LSSS)” as their access structures, as the rows of the LSSS matrix grows, the time complexity of the decryption testing algorithm will boost rapidly which will greatly aggravate the computing burden of the user. So in this paper, we propose a partially HP-CP-ABE (PHP-CP-ABE) scheme which can perfectly withstand the attribute values guessing attacks (AVGA). As our access structure is using the LSSS, to alleviate the computing burden of the user, we design a online privacy-protective decryption testing algorithm for the users to privately and securely outsource the decryption testing phase to the cloud server. Our online testing algorithm is privacy-protective which means during running the privacy-protective decryption testing algorithm, the cloud server has no chance to know anything about the attribute values in the access policy and the attribute values of the user. This will prevent the privacy from leaking out to the third party cloud server. Then we rigorously prove that our scheme is selectively indistinguishable secure under chosen plaintext attacks (IND-CPA). Next, by reduction to the computational q-PBDHE assumption which is firstly proposed in our paper, we prove that our HP-CP-ABE scheme is indistinguishable secure under the attribute values guessing attacks (IND-AVGA). Finally through the comparison with the state-of-art HP-CP-ABE schemes from the perspective of functionality and efficiency, it is easily to observe that our scheme has high-security and high-efficiency. In appendix, we give a straightaway analysis to some relevant works to point out the security vulnerabilities in their schemes.

Myungsun Kim,Hyung Tae Lee,San Ling,Benjamin Hong Meng Tan,Huaxiong Wang

DOI: https://doi.org/10.1109/tdsc.2017.2763593

2019-09-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Fully homomorphic encryption (FHE) brings a paradigm shift in cryptographic engineering by enabling us to resolve various unsolved problems. Among them, this work solves the problem to design a private database query (PDQ) protocol that supports compound queries with wildcard conditions on encrypted databases using FHE. More precisely, we consider a setting where clients outsource an encrypted database using FHE to a remote server, and later request results of compound queries including a wildcard search condition–given a set of attribute values $\lbrace A_1, A_2, \ldots, A_{n}\rbrace${A1,A2,...,An} and a search pattern $W$W, retrieve a set of all attribute values $A_i$Ai&#x27;s in which the pattern $W$W occurs. To this end, we first develop an algorithm for testing whether an encrypted string contains an encrypted pattern without revealing any information of the pattern, taking auxiliary encryptions as additional inputs. Then, using this algorithm, we design PDQ protocols on encrypted databases, which support compound queries using wildcard search conditions. Finally, we demonstrate proof-of-concept implementation results of our protocols by exploiting single-instruction-multiple-data operations and multi-threading techniques.

computer science, information systems, software engineering, hardware & architecture

Hao Yang,Shiyu Shen,Zhe Liu,Yunlei Zhao

DOI: https://doi.org/10.1109/tifs.2023.3267677

IF: 7.231

2023-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Private comparison schemes constructed on homomorphic encryption offer the noninteractive and parallelizable features, and have advantages in communication bandwidth and performance. In this work, we propose cuXCMP, an extension of the privacy comparison scheme XCMP (AsiaCCS 2018). We address the relatively small input domain and the incompletely expressible output of XCMP, by modifying the encoding method and devising a constant term extraction (CTX) approach. Then, we describe a method for constructing privacy-preserving decision tree (PPDT) using this scheme. Considering the high computational overhead of CTX, we exploit the massive parallelism of the GPU to accelerate this function. Based on the results of the kernel profiling, we utilize several optimization techniques to improve the performance, including using multiple CUDA streams, reducing the grid dimension, kernel fusion, etc. By accelerating this function, we boost the execution time of the scheme and demonstrate 130× and 1.9× speedups for CTX and cuXCMP, respectively, as well as a 35% reduction in the evaluation time of PPDT.

computer science, theory & methods,engineering, electrical & electronic

Daxin Huang,Qingqing Gan,Xiaoming Wang,Marek R Ogiela,Xu An Wang

DOI: https://doi.org/10.1016/j.iot.2022.100625

Abstract:IoT-based crowd-sensing network, which aims to achieve data collection and task allocation to mobile users, become more and more popular in recent years. This data collected by IoT devices may be private and directly transmission of these data maybe incur privacy leakage. With the help of homomorphic encryption (HE), which supports the additive and/or multiplicative operations over the encrypted data, privacy preserving crowd-sensing network is now possible. Until now several such secure data aggregation schemes based on HE have been proposed. In many cases, ciphertext comparison is an important step for further secure data processing. However efficient ciphertext comparison is not supported by most such schemes. In this paper, aiming at enabling ciphertext comparison among multiple users in crowd-sensing network, with Lagrange's interpolation technique we propose comparable homomorphic encryption (CompHE) schemes. We also prove our schemes' security, and the performance analysis show our schemes are practical. We also discuss the applications of our IoT based crowd-sensing network with comparable homomorphic encryption for combatting COVID19, including the first example of privacy preserving close contact determination based on the spatial distance, and the second example of privacy preserving social distance controlling based on the spatial difference of lockdown zones, controlled zones and precautionary zones. From the analysis we see our IoT based crowd-sensing network can be used for contact tracing without worrying about the privacy leakage. Compared with the existing CompHE schemes, our proposals can be collusion resistance or secure in the semi-honest model while the previous schemes cannot achieve this easily. Our schemes only need 4 or 5 modular exponentiation when implementing the most important comparison algorithm, which are better than the existing closely related scheme with advantage of 50% or 37.5%.

Thi Van Thao Doan,Mohamed-Lamine Messai,Gérald Gavin,Jérôme Darmont

DOI: https://doi.org/10.1007/s11227-023-05233-z

IF: 3.3

2023-04-14

The Journal of Supercomputing

Abstract:With the increased need for data confidentiality in various applications of our daily life, homomorphic encryption (HE) has emerged as a promising cryptographic topic. HE enables to perform computations directly on encrypted data (ciphertexts) without decryption in advance. Since the results of calculations remain encrypted and can only be decrypted by the data owner, confidentiality is guaranteed and any third party can operate on ciphertexts without access to decrypted data (plaintexts). Applying a homomorphic cryptosystem in a real-world application depends on its resource efficiency. Several works compared different HE schemes and gave the stakes of this research field. However, the existing works either do not deal with recently proposed HE schemes (such as CKKS) or focus only on one type of HE. In this paper, we conduct an extensive comparison and evaluation of homomorphic cryptosystems’ performance based on their experimental results. The study covers all three families of HE, including several notable schemes such as BFV, BGV, FHEW, TFHE, CKKS, RSA, El-Gamal, and Paillier, as well as their implementation specification in widely used HE libraries, namely Microsoft SEAL, PALISADE, and HElib. In addition, we also discuss the resilience of HE schemes to different kind of attacks such as indistinguishability under chosen plaintext attack and integer factorization attacks on classical and quantum computers.

computer science, theory & methods,engineering, electrical & electronic, hardware & architecture

陈良,许勇

DOI: https://doi.org/10.3969/j.issn.1001-3695.2010.03.075

2010-01-01

Abstract:Secure two-party comparing is a special case and a basic module of secure computations,and is applied in mobile code and e-commerce security etc.But known solutions have some disadvantages:expensive costs of computing and communicating,limited ranges of compared numbers.Based on a modified ElGamal algorithm,this paper presented and proved multiplicative,mixed-multiplicative,additive and subtractive homomorphic cryptosystem.Constructed an encrypted function unknown by two-party using the homomorphic cryptosystem.Based on the homomorphic cryptosystem and evaluation of encrypted functions,designed secure two-party comparing protocol under semi-honest model.Proof,example and comparing with other protocols show the proposed protocol has the merits of security,fairness,lower costs of communication and computational complexity,and comparing integers.

Zhang Lan,Li Xiangyang,Liu Yunhao

2013-01-01

Abstract:The invention discloses a verifiable privacy data comparison and ranking query method. The method comprises: S1, a system is initialized, privacy data vi and relevant random numbers of users are verified and encrypted, and the encrypted data are signed to form and issue digital certificates to the users; S2, a user p1 issues a digital certificate to a user p2 who performs verification and homomorphic calculation on the received data and sends the results to the user p1; S3, the user p1 deciphers the homomorphic calculation results sent by the user p2 to obtain comparison results of the privacy data; S4, the user p1 verifies the accuracy of the comparison results of the privacy data; and S5, performing steps of S2 to S5 on each user to obtain ranking of the users. According to the verifiable privacy data comparison and ranking query method, comparison can be performed and results can be verified under the circumstance that the user privacy data are protected, users are guaranteed against inputting or comparing false data, and a server is not needed in the whole query process; and the processing speed is rapid, the calculation cost is small, and the method is not limited by a platform.

Lucy Li,Bijeeta Pal,Junade Ali,Nick Sullivan,Rahul Chatterjee,Thomas Ristenpart

DOI: https://doi.org/10.1145/3319535.3354229

2019-11-06

Abstract:To prevent credential stuffing attacks, industry best practice now proactively checks if user credentials are present in known data breaches. Recently, some web services, such as HaveIBeenPwned (HIBP) and Google Password Checkup (GPC), have started providing APIs to check for breached passwords. We refer to such services as compromised credential checking (C3) services. We give the first formal description of C3 services, detailing different settings and operational requirements, and we give relevant threat models. One key security requirement is the secrecy of a user&#x27;s passwords that are being checked. Current widely deployed C3 services have the user share a small prefix of a hash computed over the user&#x27;s password. We provide a framework for empirically analyzing the leakage of such protocols, showing that in some contexts knowing the hash prefixes leads to a 12x increase in the efficacy of remote guessing attacks. We propose two new protocols that provide stronger protection for users&#x27; passwords, implement them, and show experimentally that they remain practical to deploy.

Charlotte Bonte,Eleftheria Makri,Amin Ardeshirdavani,Jaak Simm,Yves Moreau,Frederik Vercauteren

DOI: https://doi.org/10.1186/s12859-018-2541-3

IF: 3.307

2018-12-01

BMC Bioinformatics

Abstract:BackgroundThe deployment of Genome-wide association studies (GWASs) requires genomic information of a large population to produce reliable results. This raises significant privacy concerns, making people hesitate to contribute their genetic information to such studies.ResultsWe propose two provably secure solutions to address this challenge: (1) a somewhat homomorphic encryption (HE) approach, and (2) a secure multiparty computation (MPC) approach. Unlike previous work, our approach does not rely on adding noise to the input data, nor does it reveal any information about the patients. Our protocols aim to prevent data breaches by calculating the χ2 statistic in a privacy-preserving manner, without revealing any information other than whether the statistic is significant or not. Specifically, our protocols compute the χ2 statistic, but only return a yes/no answer, indicating significance. By not revealing the statistic value itself but only the significance, our approach thwarts attacks exploiting statistic values. We significantly increased the efficiency of our HE protocols by introducing a new masking technique to perform the secure comparison that is necessary for determining significance.ConclusionsWe show that full-scale privacy-preserving GWAS is practical, as long as the statistics can be computed by low degree polynomials. Our implementations demonstrated that both approaches are efficient. The secure multiparty computation technique completes its execution in approximately 2 ms for data contributed by one million subjects.

biochemical research methods,biotechnology & applied microbiology,mathematical & computational biology

Qi Wang,Dehua Zhou,Yanling Li

DOI: https://doi.org/10.48550/arXiv.1812.00599

2018-12-03

Cryptography and Security

Abstract:With the rapid development of cloud computing, the privacy security incidents occur frequently, especially data security issues. Cloud users would like to upload their sensitive information to cloud service providers in encrypted form rather than the raw data, and to prevent the misuse of data. The main challenge is to securely process or analyze these encrypted data without disclosing any useful information, and to achieve the rights management efficiently. In this paper, we propose the encrypted data processing protocols for cloud computing by utilizing additively homomorphic encryption and proxy cryptography. For the traditional homomorphic encryption schemes with many limitations, which are not suitable for cloud computing applications. We simulate a cloud computing scenario with flexible access control and extend the original homomorphic cryptosystem to suit our scenario by supporting various arithmetical calculations. We also prove the correctness and security of our protocols, and analyze the advantages and performance by comparing with some latest works.

Jing-Wen Zhang,Gang Xu,Xiu-Bo Chen,Yan Chang,Zhi-Chao Dong

DOI: https://doi.org/10.1016/j.physa.2022.128397

2022-12-09

Abstract:Quantum homomorphic encryption has obvious superiority in privacy protection. In this paper, we propose a improved multiparty quantum private comparison protocol based on quantum homomorphic encryption. Firstly, a trusted key center is introduced to securely assist the distribution of the encryption keys and update of decryption keys, while preventing a malicious server from launching an attack that announces a false result. It can significantly improve the security of the protocol while ensuring that all participants get the correct comparison results. Then, our protocol is different from the previous protocols that use the help of a semi-honest third-party. The third-party in our protocol can be almost dishonest and will faithfully perform the homomorphic evaluation on the encrypted data without decryption. Finally, by preparing single photons, multiple participants request homomorphic computations from an almost dishonest third-party in parallel and there is no need for detection of the decoy photon, which greatly reduces the consumption of quantum resources. In addition, the correctness of the protocol is verified by the IBM Q experimental platform.

Jun Zhang,Shiqing Hu,Zoe Lin Jiang

DOI: https://doi.org/10.1109/access.2020.3003373

IF: 3.9

2020-01-01

IEEE Access

Abstract:A growing number of mobile social network applications are taking advantage of cloud computing to store profiles of end users and run protocols which are compute-intensive. We focus on an application scenario of similarity computation between two users. To protect data security and privacy, mobile users encrypt their sensitive profiles before outsourcing to the cloud and different users choose different encryption keys. Three challenges need attention - how to compute on encrypted profiles under different keys, how to allow mobile users to stay offline during execution of the protocol, and how to select similarity metric. Existing schemes either rely on multi-key fully homomorphic encryption with one server or partially homomorphic encryption with two non-colluding servers. To balance computational complexity on one server and communication overhead between two servers, we put forward a privacy-preserving similarity computation protocol which supports both homomorphic additions and one homomorphic multiplication. We conduct security analysis and experimental evaluation of our scheme. The results show that our protocol is provably secure and runs reasonably fast, and thus can be applied in practice.