Jinfei Liu,Juncheng Yang,Li Xiong,Jian Pei

DOI: https://doi.org/10.1109/icde.2017.117

2017-01-01

Abstract:Outsourcing data and computation to cloud server provides a cost-e ective way to support large scale data storage and query processing. However, due to security and privacy concerns, sensitive data (e.g., medical records) need to be protected from the cloud server and other unauthorized users. One approach is to outsource encrypted data to the cloud server and have the cloud server perform query processing on the encrypted data only. It remains a challenging task to support various queries over encrypted data in a secure and e cient way such that the cloud server does not gain any knowledge about the data, query, and query result. In this paper, we study the problem of secure skyline queries over encrypted data. The skyline query is particularly important for multicriteria decision making but also presents significant challenges due to its complex computations. We propose a fully secure skyline query protocol on data encrypted using semanticallysecure encryption. As a key subroutine, we present a new secure dominance protocol, which can be also used as a building block for other queries. Finally, we provide both serial and parallelized implementations and empirically study the protocols in terms of e ciency and scalability under di erent parameter settings, verifying the feasibility of our proposed solutions.

Chuang Li,Chunxiang Xu,Shanshan Li,Kefei Chen,Yinbin Miao

DOI: https://doi.org/10.1109/tcc.2021.3071779

IF: 5.697

2021-01-01

IEEE Transactions on Cloud Computing

Abstract:With cloud services, data users can retrieve encrypted data while preserving data confidentiality. However, this new paradigm suffers from many security concerns. A major concern is how to avoid insider Keyword-Guessing Attacks (KGA), which implies that the internal attackers can guess the candidate keywords successfully in an off-line manner. To address this issue, recently, two verifiable searchable encryption schemes (published in IEEE Transactions on Cloud Computing, doi: 10.1109/TCC.2020.2989296) in cloud storage were proposed which enjoys many desirable features. In this letter, we demonstrate that the schemes are insecure against insider keyword-guessing attack. Specifically, we show that the adversary can derive the keywords in an off-line manner.

computer science, information systems, theory & methods

Yuan Zhang,Chunxiang Xu,Jining Zhao,Xiaojun Zhang,Junwei Wen

DOI: https://doi.org/10.1016/j.jisa.2015.05.001

IF: 4.96

2015-01-01

Journal of Information Security and Applications

Abstract:Cloud storage provides an efficient way for users to work together as a group by sharing data with each other. However, since shared data can be accessed and modified by multiple users and group membership may be changed frequently, this new paradigm poses many challenges for keeping integrity of shared data. Recently, Yuan et al. proposed an efficient integrity checking scheme (IEEE INFOCOM 2014, doi: 10.1109/INFOCOM.2014.6848154) for cloud data sharing with multi-user modification, which had many appealing features. They claimed that the scheme is secure and efficient, and they also provided the formal security proof and the performance evaluation. Regretfully, existing two security flaws in Yuan et al.'s scheme are pointed out in this letter. Specifically, by fooling the third-party auditor (TPA) into trusting that the data is well maintained by the cloud server, an adversary can process the following two deceiving methods. Firstly, the adversary can modify the shared data and tamper with the interaction messages between the cloud server and the TPA, thus invalidating shared data integrity checking. Secondly, an adversary, who records a fraction of the cloud-stored data, can overwrite the vast majority of the shared data by using the recorded data and passing shared data integrity verification. Furthermore, we suggest a solution to the two security flaws while retaining all the desirable features of the original scheme.

XIA Qi,XU Chun-xiang

2009-01-01

Abstract:The security of Yang et al. verifiably encrypted signature schemes is analyzed.Although the scheme is proved security in the standard model,it is vulnerable to key substitution attack in a multi-user setting,where an adversary can generate new keys satisfying legitimate verifiably encrypted signatures created by the legitimate users.A concrete instance of fair exchange of digital signature protocol is given to show that this kind attack can breach the fairness when they are used in fair exchange in a multi-user setting.

Yinbin Miao,Jianfeng Ma,Qi Jiang,Xiong Li,Arun Kumar Sangaian

DOI: https://doi.org/10.1016/j.compeleceng.2017.06.021

IF: 4.152

2018-01-01

Computers & Electrical Engineering

Abstract:In smart city, which integrates the Information and Communication Technologies (ICT) including cloud computing and Internet of things, all kinds of data collected by smart devices help to make everything intelligent. Through outsourcing encrypted data to cloud server, data owners can reduce the high storage and computational burden on resources constrained smart devices. To further avoid the semi-honest-but-curious cloud server returning a fraction of false search results, this paper proposes a verifiable attribute-based keyword search scheme, thereby allowing users to check the correctness of the search results and achieving the fine-grained access control. Besides, our scheme considers the access privileges of the same data according to attribute-based priority tree. The formal security analysis proves that our scheme is secure against the chosen-keyword attacks in the generic bilinear group model, and the experimental simulations using a real-world dataset demonstrate its efficiency and feasibility in practice. (C) 2017 Elsevier Ltd. All rights reserved.

Wenyuan Yang,Yuesheng Zhu

DOI: https://doi.org/10.1109/tifs.2020.3001728

IF: 7.231

2021-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Semantic searching over encrypted data is a crucial task for secure information retrieval in public cloud. It aims to provide retrieval service to arbitrary words so that queries and search results are flexible. In existing semantic searching schemes, the verifiable searching does not be supported since it is dependent on the forecasted results from predefined keywords to verify the search results from cloud, and the queries are expanded on plaintext and the exact matching is performed by the extended semantically words with predefined keywords, which limits their accuracy. In this paper, we propose a secure verifiable semantic searching scheme. For semantic optimal matching on ciphertext, we formulate word transportation (WT) problem to calculate the minimum word transportation cost (MWTC) as the similarity between queries and documents, and propose a secure transformation to transform WT problems into random linear programming (LP) problems to obtain the encrypted MWTC. For verifiability, we explore the duality theorem of LP to design a verification mechanism using the intermediate data produced in matching process to verify the correctness of search results. Security analysis demonstrates that our scheme can guarantee verifiability and confidentiality. Experimental results on two datasets show our scheme has higher accuracy than other schemes.

Yinbin Miao,Jianfeng Ma,Ximeng Liu,Zhiquan Liu,Limin Shen,Fushan Wei

DOI: https://doi.org/10.1007/s12083-016-0487-7

2016-08-15

Abstract:The advantages of cloud computing encourage individuals and enterprises to outsource their local data storage and computation to cloud server, however, data security and privacy concerns seriously hinder the practicability of cloud storage. Although searchable encryption (SE) technique enables cloud server to provide fundamental encrypted data retrieval services for data-owners, equipping with a result verification mechanism is still of prime importance in practice as semi-trusted cloud server may return incorrect search results. Besides, single keyword search inevitably incurs many irrelevant results which result in waste of bandwidth and computation resources. In this paper, we are among the first to tackle the problems of data-owner updating and result verification simultaneously. To this end, we devise an efficient cryptographic primitive called as verifiable multi-keyword search over encrypted cloud data for dynamic data-owner scheme to protect both data confidentiality and integrity. Rigorous security analysis proves that our scheme is secure against keyword guessing attack (KGA) in standard model. As a further contribution, the empirical experiments over real-world dataset show that our scheme is efficient and feasible in practical applications.

computer science, information systems,telecommunications

Wan-peng Guo,Run-hua Shi,Xiao-xu Zhang

DOI: https://doi.org/10.1109/tcc.2023.3312918

IF: 5.697

2023-01-01

IEEE Transactions on Cloud Computing

Abstract:In recent article [IEEE TCC, 11(1), 971-983, 2023], the authors presented an efficient and verifiable multi-keyword attribute-based search scheme over cloud data. In this comment, we show that the key equation design in their scheme has errors, leading to the inability to perform effective searches in the case of multi-keyword. Then we propose a correction to address this issue without compromising the original scheme's security.

computer science, information systems, theory & methods

Xiaoyan Zhu,Ripei Hao,Shunrong Jiang,Haotian Chi,Hongning Li

DOI: https://doi.org/10.1109/glocom.2015.7417863

2014-01-01

Abstract:Recent years witness the rapid development of cloud computing and more and more data owners outsource their data to the cloud. To eliminate the disclosure of authorized data users' privacy in cloud services (e.g., cloud storage or cloud-assisted computing)-since the cloud providers cannot be fully trustworthy-several previous works have proposed considerable privacy-preserving schemes by exploiting searchable encryption. However, owing to its feature of untrusty, issue arises on how data users can verify whether the cloud has faithfully executed the search operations or not. Motivated by this question, in this paper, we propose a searchable and verifiable query scheme over encrypted data based on Counting Bloom Filter (CBF). Specifically, we deploy counting bloom filters to generate proofs for data users' queries in the private cloud; using the consistence between algebra operations on counting bloom filters and on data sets, we can verify the integrity of search result. The security analysis and performance evaluation show that the proposed scheme is privacy-preserving and is feasible to implement.

Shunrong Jiang,Jianqing Liu,Liangmin Wang,Seong-Moo Yoo

DOI: https://doi.org/10.1109/icc.2019.8761146

2019-01-01

Abstract:Outsourcing storage and computation to clouds is popular but also raises security concerns. Most existing solutions mainly focus on an honest-but-curious cloud server, while security designs against a malicious server have not drawn enough attention. Although there are a few works addressing the issue of verifiable designs that enable the data owner to verify the integrity of search results. Unfortunately, these verification schemes are not efficient and or applicable from one scenario to another. Motivated by this, in this paper, we propose a publicly verifiable search framework for outsourced encrypted data based on blockchain. In our framework, we store the encrypted index in a decentralized blockchain (Ethereum) while outsourcing the corresponding encrypted data to the cloud or Interplanetary File System (IPFS). Thus, once a user is authorized, he/she can get the query results and check the query integrity efficiently by the designed smart contract anytime without data owner being online. Besides, to guarantee the privacy of the data user in the Ethereum, we construct a stealth authorization scheme to achieve access authorization delivery. The security analysis and performance evaluation show that the proposed scheme is secure and practical for verification of encrypted data.

Shunrong Jiang,Jianqing Liu,Jingwei Chen,Yiliang Liu,Liangmin Wang,Yong Zhou

DOI: https://doi.org/10.1109/TSC.2022.3199111

IF: 11.019

2023-01-01

IEEE Transactions on Services Computing

Abstract:Cloud outsourcing provides flexible storage and computation services for data users in a low cost, but it brings many security threats as the cloud server may not be fully trusted. Previous secure outsourcing solutions mostly assume that the server is honest-but-curious while the adversary model of a malicious server that may return incorrect results is rarely explored. Moreover, with the increasing popularity of verifiable computations, existing verification schemes are yet not efficient and cannot cater to different scenarios in practice. In this paper, we propose a blockchain-based verifiable search framework for the adversarial cloud outsourcing context. When outsourcing the encrypted data to the cloud or Interplanetary File System (IPFS), we also store the encrypted data index in a decentralized blockchain (i.e., Ethereum in this paper) which is public and cannot be modified. Once a user is authorized, he/she can flexibly obtain the query results and efficiently check the query integrity via the pre-deployed smart contract, without the need of the data owner being online. Moreover, for user's privacy protection, we construct a stealth authorization scheme to deliver the access authorization without any identity disclosure. Finally, theoretical analysis and performance evaluation validate the security and efficiency of our proposed framework.

Xinrui Ge,Jia Yu,Hanlin Zhang,Chengyu Hu,Zengpeng Li,Zhan Qin,Rong Hao

DOI: https://doi.org/10.1109/tdsc.2019.2896258

2021-01-01

Abstract:Verifiable Searchable Symmetric Encryption, as an important cloud security technique, allows users to retrieve the encrypted data from the cloud through keywords and verify the validity of the returned results. Dynamic update for cloud data is one of the most common and fundamental requirements for data owners in such schemes. To the best of our knowledge, the existing verifiable SSE schemes supporting data dynamic update are all based on asymmetric-key cryptography verification, which involves time-consuming operations. The overhead of verification may become a significant burden due to the sheer amount of cloud data. Therefore, how to achieve keyword search over dynamic encrypted cloud data with efficient verification is a critical unsolved problem. To address this problem, we explore achieving keyword search over dynamic encrypted cloud data with symmetric-key based verification and propose a practical scheme in this paper. In order to support the efficient verification of dynamic data, we design a novel Accumulative Authentication Tag (AAT) based on the symmetric-key cryptography to generate an authentication tag for each keyword. Benefiting from the accumulation property of our designed AAT, the authentication tag can be conveniently updated when dynamic operations on cloud data occur. In order to achieve efficient data update, we design a new secure index composed by a search table ST based on the orthogonal list and a verification list VL containing AATs. Owing to the connectivity and the flexibility of ST, the update efficiency can be significantly improved. The security analysis and the performance evaluation results show that the proposed scheme is secure and efficient.

Yuan Zhang,Chunxiang Xu,Xiaohui Liang,Hongwei Li,Yi Mu,Xiaojun Zhang

DOI: https://doi.org/10.1109/mcc.2016.94

2016-01-01

IEEE Cloud Computing

Abstract:Cloud storage services allow users to outsource their data to cloud servers to save local data storage costs. However, unlike using local storage devices, users do not physically manage the data stored on cloud servers; therefore, the data integrity of the outsourced data has become an issue. Many public verification schemes have been proposed to enable a third-party auditor to verify the data integrity for users. These schemes make an impractical assumption—the auditors have enough computation capability to bear expensive verification costs. In this paper, we propose a novel public verification scheme for the cloud storage using indistinguishability obfuscation, which requires a lightweight computation on the auditor and the delegate most computation to the cloud. We further extend our scheme to support batch verification and data dynamic operations, where multiple verification tasks from different users can be performed efficiently by the auditor and the cloud-stored data can be updated dynamically. Compared with other existing works, our scheme significantly reduces the auditor’s computation overhead. Moreover, the batch verification overhead on the auditor side in our scheme is independent of the number of verification tasks. Our scheme could be practical in a scenario, where the data integrity verifications are executed frequently, and the number of verification tasks (i.e., the number of users) is numerous; even if the auditor is equipped with a low-power device, it can verify the data integrity efficiently. We prove the security of our scheme under the strongest security model proposed by Shi et al. (ACM CCS 2013). Finally, we conduct a performance analysis to demonstrate that our scheme is more efficient than other existing works in terms of the auditor’s communication and computation efficiency.

Feng Tian,Zhenqiang Wu,Xiaolin Gui,Jianbing Ni,Xuemin (Sherman) Shen

DOI: https://doi.org/10.1109/tcc.2020.3010915

IF: 5.697

2022-01-01

IEEE Transactions on Cloud Computing

Abstract:In this article, a fine-grained query authorization scheme with integrity verification is proposed over encrypted spatial data for location-based services (LBS). The fine-grained query authorization is enabled based on a distribution of the spatial data by employing a non-uniform partition in the spatial domain to generate a density-based space filling curve (DSC), which can be used to generate index values for querying and transformation keys. The transformation keys can be used to generate query tokens for a secure spatial query as well as construct a transformation key tree whose subtree can be distributed by the LBS provider to an authorized user as transformation key for query tokens generation. Furthermore, the proposed scheme constructs a Merkle quad tree (MQ-tree) to support integrity verification by aggregating a digest of the spatial data based on the DSC and employing the MQ-tree as a verification structure. The LBS provider can share a subtree of the MQ-tree to authorized user as his verification structure, which corresponds to the transformation key of the authorized user. In this way, the authorized user can only generate the valid query tokens and verify the query results in his authorized region. The security properties of the proposed scheme is discussed, and extensive experimental results demonstrate the high efficiency of verification structure generation and verification operations.

Hua Dai,Xiangyang Zhu,Geng Yang,Xun Yi

DOI: https://doi.org/10.1109/BIGCOM.2017.56

2017-01-01

Abstract:With the development of cloud computing and its economic benefit, more and more companies and individuals outsource their data and computation to clouds. Meanwhile, the business way of resource outsourcing makes the data out of control from its owner and results in many security issues. The existing secure keyword search methods assume that cloud servers are curious-but-honest or partial honest, which makes them powerless to deal with the deliberately falsified or fabricated results of insider attacks. In this paper, we propose a verifiable single keyword top-k search scheme against insider attacks which can verify the integrity of search results. Data owners generate verification codes (VCs) for the corresponding files, which embed the ordered sequence information of the relevance scores between files and keywords. Then files and corresponding VCs are outsourced to cloud servers. When a data user performs a keyword search in cloud servers, the qualified result files are determined according to the relevance scores between the files and the interested keyword and then returned to the data user together with a VC. The integrity of the result files is verified by data users through reconstructing a new VC on the received files and comparing it with the received one. Performance evaluation have been conducted to demonstrate the efficiency and result redundancy of the proposed scheme.

Shunrong Jiang,Xiaoyan Zhu,Linke Guo,Jianqing Liu

DOI: https://doi.org/10.1109/tcc.2017.2684811

IF: 5.697

2017-01-01

IEEE Transactions on Cloud Computing

Abstract:Outsourcing storage and computation to the cloud has become a common practice for businesses and individuals. As the cloud is semi-trusted or susceptible to attacks, many researches suggest that the outsourced data should be encrypted and then retrieved by using searchable symmetric encryption (SSE) schemes. Since the cloud is not fully trusted, we doubt whether it would always process queries correctly or not. Therefore, there is a need for users to verify their query results. Motivated by this, in this paper, we propose a publicly verifiable dynamic searchable symmetric encryption scheme based on the accumulation tree. We first construct an accumulation tree based on encrypted data and then outsource both of them to the cloud. Next, during the search operation, the cloud generates the corresponding proof according to the query result by mapping Boolean query operations to set operations while keeping privacy-preservation and achieving the verification requirements: authenticity, freshness, and completeness. The security analysis and performance evaluation show that the proposed scheme is privacy-preserving and practical.

Zhenkui Shi,Xuemei Fu,Xianxian Li,Kai Zhu

DOI: https://doi.org/10.1109/tkde.2020.3025348

IF: 9.235

2020-01-01

IEEE Transactions on Knowledge and Data Engineering

Abstract:Symmetric Searchable Encryption(SSE) is deemed to tackle the privacy issue as well as the operability and confidentiality in data outsourcing. However, most SSE schemes assume that the cloud is honest but curious. This assumption is not always applicable. And even if some schemes supported verification, integrity or freshness checking in a malicious cloud, but the performance and security functionalities are not fully exploited. In this paper, we propose an efficient SSE scheme based on B+-Tree and Counting Bloom Filter (CBF) which supports secure verification, dynamic updating, and multi-user queries. Comparing with the previous state of the arts, we design the new data structure CBF to support dynamic updating and boost verification. We also leverage the timestamp mechanism in the scheme to prevent the malicious cloud from launching a replay attack. The new designed CBF is like a front-engine to save user's cost for query and verification. And it can achieve more efficient query and verification with negligible false positive when there is no value matching the queried keyword. The CBF supports efficient dynamic updating by combining Bloom Filter with a one-dimensional array that provides the counting capability. Furthermore, we design the authenticator for CBF. We adopt B+-Tree for it is widely used in many database engines and file systems. We also give a brief security proof of our scheme. Then we provide a detailed performance analysis. Finally, we evaluate our scheme through comprehensive experiments. The results are consistent with our analysis and show that our scheme is secure, and more efficient compared with the previous schemes with the same functionalities. The average performance can be improved by about 20 percent for both the cloud servers and users when the missing rate of the searching keywords is 20 percent. And the higher the missing rate is, the more the performance can be improved.

Yingjie Xia,Fubiao Xia,Xuejiao Liu,Xin Sun,Yuncai Liu,Yi Ge

DOI: https://doi.org/10.3837/tiis.2014.10.019

2014-01-01

Abstract:The increasing demand in promoting cloud computing in either business or other areas requires more security of a cloud storage system. Traditional cloud storage systems fail to protect data integrity information (DII), when the interactive messages between the client and the data storage server are sniffed. To protect DII and support public verifiability, we propose a data integrity verification scheme by deploying a designated confirmer signature DCS as a building block. The DCS scheme strikes the balance between public verifiable signatures and zero-knowledge proofs which can address disputes between the cloud storage server and any user, whoever acting as a malicious player during the two-round verification. In addition, our verification scheme remains blockless and stateless, which is important in conducting a secure and efficient cryptosystem. We perform security analysis and performance evaluation on our scheme, and compared with the existing schemes, the results show that our scheme is more secure and efficient.

Qi Xia,Chunxiang Xu,Yong Yu

DOI: https://doi.org/10.3772/j.issn.1006-6748.2011.02.013

2011-01-01

Abstract:As a special kind of digital signature, verifiably encrypted signatures are used as a building block to construct optimistic fair exchange. Many verifiably encrypted signature schemes have been proposed so far and most of them were proven secure under certain complexity assumptions. In this paper, however, we find that although some schemes are secure in a single-user setting, they are not secure in a multi-user setting any more. We show that Zhang, et al.'s scheme, Gorantla, et al.'s scheme and Ming, et al.'s scheme are vulnerable to key substitution attacks, where an adversary can generate new keys satisfying legitimate verifiably encrypted signatures created by the legitimate users. We also show that this kind of attacks can breach the fairness when they are used in fair exchange in a multi-user setting. © by HIGH TECHNOLOGY LETTERS PRESS.

Ye Xiong,Dawu Gu,Haining Lu

DOI: https://doi.org/10.2991/ccis-13.2013.115

2013-01-01

Abstract:With the prevalence of cloud computing, more and more data are outsourced to the untrusted cloud servers, which raises a security issue that how can data owners ensure the privacy of their data in cloud. A straightforward way is to encrypt the data before uploading, but it will face new challenge when data owners need to search on their encrypted data.Searchable encryption will help to solve this problem by enabling the cloud servers to perform searching for the data owners while not learning any information about the data and the searching criteria.Range query on large encrypted data set is one of the most difficult parts of searchable encryption. In this paper, we proposed a novel scheme which improves the security and avoids any false positive. And the evaluation shows that our scheme reduces client storage and remain efficiency compared with the existing schemes.