Jian Zhang,Yang,Yanjiao Chen,Jing Chen,Qian Zhang

DOI: https://doi.org/10.1016/j.comnet.2017.08.019

IF: 5.493

2017-01-01

Computer Networks

Abstract:With the growing popularity of cloud storage, to guarantee the security of outsourced data becomes more and more important. In this paper, we make the first attempt to explore the intrinsic relationship between secure cloud storage and homomorphic encryption scheme, based on which we present a Generic way to design a Secure Cloud Storage protocol, denoted as G-SCS, using any homomorphic encryption scheme (HES). The proposed G-SCS is secure under a definition that satisfy the security requirement of cloud storage. To address various issues in real application scenarios, we further extend the protocol to support deterministic and randomized auditing, data dynamics (i.e., data insertion, deletion and modification), as well as third-party public auditing, while preserving the efficiency and security of the protocol. By instantiating all abstract semantics in G-SCS, we construct three concrete secure cloud storage protocols using RSA-based, Paillier-based and DGHV-based HESs, which are multiplicatively, additively and fully HESs, respectively. We conduct extensive theoretical analysis and experimental evaluations to validate the practicability of the proposed protocol.

XIE Qi,WU JiYi,WANG GuiLin,CHEN DeRen,YU XiuYuan

2012-01-01

Abstract:Mutual authentication between the user and the public cloud is essential requirement for the user to access the public cloud in cloud computing.In 2011,Juang et al.proposed a first authentication scheme based on proxy signature.The advantage of the scheme is that the user only needs to register on his home service cloud(HSC),and can pass through the authentication of the public cloud with the help of his HSC.However, their scheme has three weaknesses:1)the user’s HSC needs to update the user’s public key in each session to protect the user’s privacy;2)HSC may suffer from network jam when many users in the same HSC need to register on different public clouds simultaneously;and 3)a secret key should be shared between HSC and visiting cloud.To overcome these weaknesses,a provably secure convertible proxy signcryption for privacy preserving is proposed.Based on this scheme,a novel one-round authentication protocol is proposed,which the user only needs to register on his HSC,and can pass through the authentication of the visiting cloud without the help of his HSC.On the other hand,the proposed protocol can provide some nice properties,such as user privacy protection, non-repudiation,without updating the user’s public key,and secret key does not have to be shared between HSC and visiting cloud.In addition,the proposed scheme is provably secure in the random oracle model,and is more efficient than Juang et al.’s scheme.

Rafiq Ullah,Amjad Mehmood,Muhammad Altaf Khan,Carsten Maple,Jaime Lloret

DOI: https://doi.org/10.1007/s12083-024-01654-6

IF: 3.488

2024-04-28

Peer-to-Peer Networking and Applications

Abstract:Certificateless Proxy Signature (CLPS) offers a comprehensive authentication mechanism to ensure the optimal solutions from modern forgery attacks in Industrial Internet of Things (IIoTs) environment. CLPS is part of certificateless public key cryptography (CL-PKC) and has the benefits of eradicating many issues like key distribution problem. Although costly computational processing capabilities are consumed by smart devices during authentication process. This article proposed an authentication scheme for CLPS by using the mathematical cryptographic curve concepts of Hyper Elliptic Curve (HEC) to provide a secure and optimized communication approach in IIoTs environment. The arises key distribution problem in CLPS is also fixed. The scrutinized security analysis of proxy signature and delegation signature were performed to tackle different attacks like Machine-in-the-middle Attack (MiTM), Replay Attack, Key Replacement Attack, Impersonation Attack, and Chosen Message Attack. Due to HEC-DLP the forgery attack cannot succeeded. Finally, the proposed work is formally verified through the AVISPA tool. The comprehensive performance evaluation shows that the total computational cost is reduced to 49.48% and the communication overhead size is reduced to 49.57% with a comparative analysis of existing schemes. Thus, the proposed approach eradicates key distribution problems with an equal security level of RSA and ECC.

computer science, information systems,telecommunications

Manoj Kumar,Harsh Kumar Verma,Geeta Sikka

DOI: https://doi.org/10.1002/ett.3883

IF: 3.6

2020-03-22

Transactions on Emerging Telecommunications Technologies

Abstract:<p>Cloud‐edge (CE) is revolutionizing our modern world with a greater user experience through the Internet of Things (IoT). However, the edge devices, communication bridge between the cloud and users, are repeatedly exhibiting many security flaws which will inevitably lead to massive cyber attacks. Thus, providing a proper security, specifically, the confidentiality and authenticity of sensitive data become a prime focus for many of the researchers. In cryptography, certificateless signcryption (CLSC) is one of the recent public key techniques that meets the requirements of confidentiality and authenticity of sensitive data between parties with minimal overhead. This paper aims to present a new data sharing protocol where the safety of data is achieved through a new CLSC scheme. The proposed CLSC is designed using the bilinear pairing and modular exponentiation operations. Besides, the CLSC is secure based on the intractability of Diffie‐Hellman inversion (DHI) and bilinear‐DHI assumptions without considering the random oracle model (ROM). Performance assessment of proposed CLSC gives satisfactory results after comparing with other related CLSC schemes. Therefore, proposed CLSC can be installed in the cloud‐based edge‐IoT environment where both the authenticity and confidentiality with minimal computational overhead are the essential factors.</p>

telecommunications

Qi XIE,XiuYuan YU,WenHao LIU,DeRen CHEN,GuiLin WANG,JiYi WU

DOI: https://doi.org/10.1360/112011-915

2012-01-01

Scientia Sinica Informationis

Abstract:Mutual authentication between the user and the public cloud is essential requirement for the user to access the public cloud in cloud computing. In 2011, Juang et al. proposed a first authentication scheme based on proxy signature. The advantage of the scheme is that the user only needs to register on his home service cloud (HSC), and can pass through the authentication of the public cloud with the help of his HSC. However, their scheme has three weaknesses: 1) the users HSC needs to update the users public key in each session to protect the users privacy; 2) HSC may suffer from network jam when many users in the same HSC need to register on different public clouds simultaneously; and 3) a secret key should be shared between HSC and visiting cloud. To overcome these weaknesses, a provably secure convertible proxy signcryption for privacy preserving is proposed. Based on this scheme, a novel one-round authentication protocol is proposed, which the user only needs to register on his HSC, and can pass through the authentication of the visiting cloud without the help of his HSC. On the other hand, the proposed protocol can provide some nice properties, such as user privacy protection, non-repudiation, without updating the users public key, and secret key does not have to be shared between HSC and visiting cloud. In addition, the proposed scheme is provably secure in the random oracle model, and is more efficient than Juang et al.s scheme.

Vijay Kumar Yadav,Nitish Andola,Shekhar Verma,S. Venkatesan

DOI: https://doi.org/10.1007/s11227-022-04795-8

2022-10-07

Abstract:Internet of things (IoT) devices are being used to provide services to different spheres of society. These devices gather data from industries and forward their data to the cloud server to minimize data storage and processing. In IoT, the cloud plays an important role because IoT is a resource constraint device with limited battery and memory. In order to handle this, IoT devices gather the data and send it to the cloud server so that space will be available for IoT data at the IoT device. Apart from this, IoT devices are computationally inefficient. For example, sometimes users want huge computation of IoT data, but due to the limited computation power of IoT devices, users cannot get the results. To overcome this issue, IoT device collaborates with the cloud server and outsource the data to it. The cloud server has huge computational power; it uses the received data, performs the computation, and sends it back to the IoT device. Authentication of the outsourced IoT data is a serious concern in the industrial IoT network. Several certificateless signature (CLS) schemes have been proposed to provide for data authentication in the IoT network. Current CLS schemes either suffer from the huge computation overhead or adversarial attacks. To solve these problems, we propose a provably secure certificateless signature (PSCLS) scheme. The PSCLS scheme's security depends on the computational Diffie-Hellman problem in the random oracle model with a tight reduction. The scheme requires only one pairing operation, and it is secure from adversarial attacks. We analyzed the PSCLS scheme's performance with the other existing CLS schemes in terms of computation and communication costs. The results prove that the PSCLS scheme performs better than the other existing CLS schemes.

computer science, theory & methods,engineering, electrical & electronic, hardware & architecture

Bin Wu,Caifen Wang,Hailong Yao

DOI: https://doi.org/10.1371/journal.pone.0230722

IF: 3.7

2020-04-09

PLoS ONE

Abstract:With the rapid development of informatization, an increasing number of industries and organizations outsource their data to cloud servers, to avoid the cost of local data management and to share data. For example, industrial Internet of things systems and mobile healthcare systems rely on cloud computing's powerful data storage and processing capabilities to address the storage, provision, and maintenance of massive amounts of industrial and medical data. One of the major challenges facing cloud-based storage environments is how to ensure the confidentiality and security of outsourced sensitive data. To mitigate these issues, He et al. and Ma et al. have recently independently proposed two certificateless public key searchable encryption schemes. In this paper, we analyze the security of these two schemes and show that the reduction proof of He et al.'s CLPAEKS scheme is incorrect, and that Ma et al.'s CLPEKS scheme is not secure against keyword guessing attacks. We then propose a channel-free certificateless searchable public key authenticated encryption (dCLPAEKS) scheme and prove that it is secure against inside keyword guessing attacks under the enhanced security model. Compared with other certificateless public key searchable encryption schemes, this scheme has higher security and comparable efficiency.

Jie XU,Hong-xiang SUN,Qiao-yan WEN,Hua ZHANG

DOI: https://doi.org/10.1016/s1005-8885(11)60288-4

2012-01-01

The Journal of China Universities of Posts and Telecommunications

Abstract:Multi-proxy signature is a scheme that an original signer delegates his or her signing capability to a proxy group. In the scheme, only the cooperation of all proxy signers in the proxy group can create a signature on behalf of the original signer. Jin and Wen firstly defined the formal security model of certificateless multi-proxy signature (CLMPS) and proposed a concrete CLMPS scheme. However, their construction has three problems: the definition of the strengthened security model is inaccurate, the concrete signature scheme has a security flaw, and the proof of the security is imperfect. With further consideration, a remedial strengthened security model is redefined, and an improved scheme is also proposed, which is existentially unforgeable against adaptively chosen-warrant, chosen-message and chosen-identity attacks in the random oracles. In this condition, the computational Diffie-Hellman (CDH) assumption is used to prove full security for our CLMPS scheme.

Lunzhi Deng Lunzhi Deng,Zhenyu Hu Lunzhi Deng,Yu Ruan Zhenyu Hu,Tao Wang Yu Ruan

DOI: https://doi.org/10.53106/160792642022032302008

2022-03-01

網際網路技術學刊

Abstract:Proxy signature frees the original signer from the heavy signature work. Many certificateless proxy signature (CLPS) schemes have been proposed in the last ten years. The security proofs of most known schemes are given in the random oracle model (ROM). There are only two CLPS schemes with provably security in the standard model (SM). However, in which the size of the system parameter increase linearly with the size of the user’s identity information. That increase the storage burden of the key generation center. In this paper, a new CLPS scheme is constructed and the security proofs are showed in SM. The size of system parameters and the master key are constant in the scheme. Requiring only three pairing operations, the new scheme is more efficient and suitable for mobile computing. &nbsp;

Lu Yan,Haozhe Qin,Kexin Yang,Heye Xie,Xu An Wang,Shuanggen Liu

DOI: https://doi.org/10.3390/electronics13030534

IF: 2.9

2024-01-29

Electronics

Abstract:The popularity of secure cloud data sharing is on the rise, but it also comes with significant concerns about privacy violations and data tampering. While existing Proxy Re-Encryption (PRE) schemes effectively protect data in the cloud, challenges persist with certificate administration and key escrow. Moreover, the increasing number of users and prevalence of lightweight devices demand functional and cost-effective solutions. To address these issues, this paper presents a novel Pairing-free Certificate-Based Proxy Re-Encryption Plus scheme that leverages elliptic curve groups for improved effectiveness and performance. This scheme successfully resolves challenges related to certificate management and key escrow in traditional PRE schemes, while also introducing non-transferable and message-level fine-grained control characteristics. These enhancements bolster data security during sharing and minimize the risk of malicious information leakage. Our proposed scheme's correctness, security, and effectiveness are rigorously verified and analyzed. The results demonstrate that the scheme achieves the chosen ciphertext security in the random oracle model. Compared to current PRE schemes, our approach offers greater advantages, lower computational overhead, and enhanced suitability for practical cloud computing applications.

engineering, electrical & electronic,computer science, information systems,physics, applied

Gaimei Gao,Hongxia Fei,Zefeng Qin

DOI: https://doi.org/10.1002/cpe.5924

2020-07-18

Concurrency and Computation: Practice and Experience

Abstract:<p>Cloud storage is a mode of online storage in which data are stored on multiple virtual servers usually hosted by third parties. Cloud service providers manage and operate data storage as services. The major concern in cloud storage is the integrity of outsourced data. Many public auditing schemes which authorize the third party auditor (TPA) to check the integrity of outsourced data have been proposed. However, most of them are based on traditional public key cryptosystems. This paper proposes an efficient certificateless public auditing Scheme (CL‐PAS) in cloud storage. In the process of challenge and auditing, CL‐PAS ensures that malicious cloud servers cannot forge auditing evidences to deceive TPA to pass the verification, and prevents curious TPA from recovering original data from auditing evidences. So it strengthens privacy preserving. Security analysis shows that CL‐PAS scheme meets the predetermined security requirements. The simulation and performance analysis results show that, compared with similar schemes, CL‐PAS scheme has the higher efficiency.</p>

Hongbin Yang,Shuxiong Jiang,Wenfeng Shen,Zhou Lei

DOI: https://doi.org/10.3390/fi10060049

2018-06-07

Future Internet

Abstract:Provable Data Possession (PDP) protocol makes it possible for cloud users to check whether the cloud servers possess their original data without downloading all the data. However, most of the existing PDP schemes are based on either public key infrastructure (PKI) or identity-based cryptography, which will suffer from issues of expensive certificate management or key escrow. In this paper, we propose a new construction of certificateless provable group shared data possession (CL-PGSDP) protocol by making use of certificateless cryptography, which will eliminate the above issues. Meanwhile, by taking advantage of zero-knowledge protocol and randomization method, the proposed CL-PGSDP protocol leaks no information of the stored data and the group user’s identity to the verifiers during the verifying process, which is of the property of comprehensive privacy preservation. In addition, our protocol also supports efficient user revocation from the group. Security analysis and experimental evaluation indicate that our CL-PGSDP protocol provides strong security with desirable efficiency.

Atul Kumar Srivastava,Dhiraj Pandey,Alok Agarwal

DOI: https://doi.org/10.1007/s11277-024-11021-6

IF: 2.017

2024-04-27

Wireless Personal Communications

Abstract:Due to the exponential growth of cloud data and network services, computational resources and cloud data security have one of the most attractive research issues in the real-time cloud environment. Numerous types of cloud services are combined into various domain applications, including, e-health, defence, clinical databases, and so on, for data storage and resource computing. However, a traditional challenge to consider is that the Data Owner (DO) no longer has the ability to modify the access control policy or key policy, resulting in data sharing inflexibility, inefficiency, and key abusers. To address these concerns, we propose an enhanced d level cut-off point-Quantum Secret Sharing (EdLCp-QSS) scheme based on an efficient Monitoring Key Ciphertext-ABE (MKCABE) –access control with Blockchain and Key Controller (EQMBK) mechanism for security. The proposed EQMBK mechanism provides security for monitoring the data from getting accessed by un-authorized users as well as offers updating security when a new user joins the cloud environment. The proposed EQMBK system ensures that data is not accessible by unauthorised users and that security is updated when a new user joins the cloud environment. Finally, experimental simulation reveals that the suggested technique is very efficient in preserving the privacy of the user's data against unauthorised parties in terms of computation time encryption time, system initialization time, key generation time, and decryption time. Furthermore, when compared to state-of-the-art techniques, the proposed methods are more resilient and provide greater performance.

telecommunications

Jaya Rao Gudeme,Syamkumar Pasupuleti,Ramesh Kandukuri

DOI: https://doi.org/10.1016/j.jpdc.2021.06.001

IF: 4.542

2021-10-01

Journal of Parallel and Distributed Computing

Abstract:With the increasing popularity of data sharing among users of a group in clouds, shared data auditing has become an important issue in the cloud auditing field. To address this issue, many shared data auditing schemes have been proposed in the literature based on either public key infrastructure (PKI) or identity-based cryptography (IBC). However, these schemes suffer from issues of complex certificate management or key escrow problem. To address these problems, recently, a certificateless shared auditing scheme was put forward. However, it cannot support data dynamics and does not protect data privacy against a verifier, i.e., the verifier can derive data content when verifying the data integrity, which affects the scheme's security. This paper proposes certificateless privacy preserving public auditing scheme for dynamic shared data with group user revocation in cloud storage (CLPPPA). CLPPPA protects the privacy of data from the verifier by leveraging a random masking technique. Further, CLPPPA also supports shared data dynamics and group user revocation. We formally prove the security of CLPPPA under computational Diffie-Hellman (CDH) and discrete logarithm (DL) assumptions in the Random Oracle Model (ROM). The performance of CLPPPA is evaluated by theoretical analysis, experimental results, and compared with the state-of-the-art ones. The results demonstrate that CLPPPA achieves desirable efficiency.

computer science, theory & methods

P. Punitha,Lakshmana Kumar,S. Revathi,R. Premalatha,R. S. Aiswarya

DOI: https://doi.org/10.1142/s0218843024500011

2024-03-19

International Journal of Cooperative Information Systems

Abstract:International Journal of Cooperative Information Systems, Ahead of Print. As with IoT devices, cloud computation increases its applicability to other areas that use the information and puts it in a commonplace that is necessary for computing and analysis. These devices need the cloud to store and retrieve data since they are unable to store and process data on their own. Cloud computing offers a variety of services to consumers, including IaaS, PaaS, and SaaS. The usage of cloud resources for data storage that may be accessible by all users associated with cloud computing is a key disadvantage of cloud computing. Without disclosing the data's contents, the usage of Public Key Encryptions with Keyword Search (PEKS) secures publicly encrypted keys against third-party search capabilities that are not trustworthy. PEKs provide a security risk every time Interior Keywords Guessing Attacks (IKGA) are discovered in the system since an unauthorized service estimates the keywords in the trapdoor. This issue can be resolved using various methodologies such as the Certificateless Fleshed Public Key Authenticated Encryption of Keyword Search (CL-HPAEKS), which also uses Altered Elliptic Curve Cryptography (MECC), and the Mutation Centred Flower Pollinations Algorithm (CM-FPA), which uses optimization in keys to be improving the algorithm's performance. The system's security is achieved by adding a Message Fragments 5 (MD5) scramble mechanism. The proposed system achieves system security of 96%, and it takes less time to implement than earlier encryption methods.

computer science, information systems

Rachana Y. Patil,Yogesh H. Patil,Mohamed Louzazni,Rajkumar Bhimgonda Patil,Sameer Al-Dahidi

DOI: https://doi.org/10.1155/js/1603926

IF: 2.336

2024-11-29

Journal of Sensors

Abstract:The rapid development of smart renewable energy grids (SREGs) has resulted in a vast amount of data that requires efficient access control and secure mechanisms for sharing energy records among stakeholders. This paper proposes a novel approach called the identity‐based proxy signcryption‐based scheme for SREGs (ID‐PSC‐SREGs), which ensures the secure sharing of energy records in SREGs. The ID‐PSC‐SREG scheme integrates the benefits of signature and encryption techniques, merging them into a unified algorithm and providing a comprehensive solution for the confidentiality and authenticity of energy records. Extensive security analysis demonstrates that the scheme achieves provable security against adaptive chosen ciphertext attacks (IND‐ID‐PSC‐SREG‐CCA2) and existential unforgeability against adaptive chosen message attacks (EUF‐ID‐PSC‐SREG‐CMAs) under the decisional Diffie–Hellman problem. In order to further ascertain the security of the ID‐PSC‐SREG scheme, formal verification utilizing the automated validation of internet security protocols and applications (AVISPAs) is performed. The results confirm the scheme's safety under the On‐the‐Fly Model‐Checker (OFMC) and Constraint Logic‐based Attack Searcher (CL‐AtSe).

engineering, electrical & electronic,instruments & instrumentation

YiHua Zhou,Bin Tang,YuGuang Yang

DOI: https://doi.org/10.1002/ett.4960

IF: 3.6

2024-03-22

Transactions on Emerging Telecommunications Technologies

Abstract:Abstract Public key encryption with keyword search (PEKS) is able to enhance cloud data security. On the other hand, the existence of malicious cloud servers and untrusted central authorities, in addition the keyword space faces a low entropy, attackers often launch keyword guessing attacks (KGA), thereby leaking data privacy. Therefore, we use certificateless authentication and proxy re‐encryption technology to construct a lattice‐based verifiable PEKS scheme for Multi‐Data Users (MDU). Certificateless authentication can ensure that our scheme does not require key escrow, and proxy re‐encryption technology allows us to perform multi‐user authorization and use the verification block for data users to ensure the integrity of search results. Security research proves that, under the assumption that the learning with errors (LWE) problem is hard, the ciphertext is indistinguishable and resistant to KGA. Results from experiments show that our scheme is significantly more effective than current schemes.

telecommunications

Kui Ma,Yanwei Zhou,Ying Wang,Chunsheng Dong,Zhe Xia,Bo Yang,Mingwu Zhang

DOI: https://doi.org/10.1109/jsyst.2023.3269597

IF: 4.802

2023-01-01

IEEE Systems Journal

Abstract:The Internet of Things (IoT) is helpful in making people&#x27;s life more convenient and efficient. To ensure that the nodes within IoT can interact securely, a certificateless signature (CLS) can be used to protect message authentication in the IoT. Recently, some concrete constructions of CLS schemes have been proposed in the literature, but through our analyses, we demonstrate that some existing CLS schemes cannot keep their claimed security because of various security flaws. For example, a valid signature can be forged by any Type I adversary by replacing the corresponding user&#x27;s public key. In this article, we describe the security flaws that need to be addressed and introduce a novel CLS scheme without using bilinear mapping. The existential unforgeability in our proposed scheme can be proved based on the hardness of the elliptic curve discrete logarithm problem in the random oracle model. The comparison with existing CLS schemes shows that our scheme not only enjoys more security features but also is more efficient in computation. Moreover, we introduce an identity authentication protocol as the application of our proposed CLS scheme, which achieves mutual authentication and anonymity in communications.

computer science, information systems,telecommunications,engineering, electrical & electronic,operations research & management science

Jingwei Lu,Hongbo Li,Jianye Huang,Sha Ma,Man Ho Allen Au,Qiong Huang

DOI: https://doi.org/10.3390/info14030142

2023-01-01

Information

Abstract:Transforming data into ciphertexts and storing them in the cloud database is a secure way to simplify data management. Public key encryption with keyword search (PEKS) is an important cryptographic primitive as it provides the ability to search for the desired files among ciphertexts. As a variant of PEKS, certificateless public key authenticated encryption with keyword search (CLPAEKS) not only simplifies certificate management but also could resist keyword guessing attacks (KGA). In this paper, we analyze the security models of two recent CLPAEKS schemes and find that they ignore the threat that, upon capturing two trapdoors, the adversary could directly compare them and distinguish whether they are generated using the same keyword. To cope with this threat, we propose an improved security model and define the notion of strong trapdoor indistinguishability. We then propose a new CLPAEKS scheme and prove it to be secure under the improved security model based on the intractability of the DBDH problem and the DDH problem in the targeted bilinear group.

Mehedi Masud,Gurjot Singh Gaba,Karanjeet Choudhary,Roobaea Alroobaea,M Shamim Hossain

DOI: https://doi.org/10.1007/s12083-021-01162-x

Abstract:Traditional healthcare services have transitioned into modern healthcare services where doctors remotely diagnose the patients. Cloud computing plays a significant role in this change by providing easy access to patients' medical records to all stakeholders, such as doctors, nurses, patients, life insurance agents, etc. Cloud services are scalable, cost-effective, and offer a broad range of mobile access to patients' electronic health record (EHR). Despite the cloud's enormous benefits like real-time data access, patients' EHR security and privacy are major concerns. Since the information about patients' health is highly sensitive and crucial, sharing it over the unsecured wireless medium brings many security challenges such as eavesdropping, modifications, etc. Considering the security needs of remote healthcare, this paper proposes a robust and lightweight, secure access scheme for cloud-based E-healthcare services. The proposed scheme addresses the potential threats to E-healthcare by providing a secure interface to stakeholders and prohibiting unauthorized users from accessing information stored in the cloud. The scheme makes use of multiple keys formed through the key derivation function (KDF) to ensure end-to-end ciphering of information for preventing misuse. The rights to access the cloud services are provided based on the identity and the association between stakeholders, thus ensuring privacy. Due to its simplicity and robustness, the proposed scheme is the best fit for protecting data security and privacy in cloud-based E-healthcare services.