Yunhong Zhou,Na Li,Yanmei Tian,Dezhi An,Licheng Wang

DOI: https://doi.org/10.3390/e22040421

2020-04-08

Abstract:With the popularization of cloud computing, many business and individuals prefer to outsource their data to cloud in encrypted form to protect data confidentiality. However, how to search over encrypted data becomes a concern for users. To address this issue, searchable encryption is a novel cryptographic primitive that enables user to search queries over encrypted data stored on an untrusted server while guaranteeing the privacy of the data. Public key encryption with keyword search (PEKS) has received a lot of attention as an important branch. In this paper, we focus on the development of PEKS in cloud by providing a comprehensive research survey. From a technological viewpoint, the existing PEKS schemes can be classified into several variants: PEKS based on public key infrastructure, PEKS based on identity-based encryption, PEKS based on attribute-based encryption, PEKS based on predicate encryption, PEKS based on certificateless encryption, and PEKS supporting proxy re-encryption. Moreover, we propose some potential applications and valuable future research directions in PEKS.

Kai Zhang,Xiwen Wang,Jianting Ning,Xinyi Huang

DOI: https://doi.org/10.1109/tifs.2022.3224669

IF: 7.231

2022-12-10

IEEE Transactions on Information Forensics and Security

Abstract:Searchable encryption (SE) is a promising strategy for cloud-based file retrieval services, via structuring correspondences between files and keywords. Public key encryption with keyword search (PEKS) has been generally employed in file-sharing services, as compared to searchable symmetric encryption (SSE). However, PEKS is inherently vulnerable to keyword guessing attacks (KGA) launched by a malicious server. To resist such attacks, classic solutions are dual-server PEKS (DS-PEKS) [TIFS'2015] and server-aided PEKS (SA-PEKS) [TIFS'2016]. However, the query model in these two solutions only support single keyword search pattern, which inevitably limits their wide deployments in practice due to efficiency concern. In this work, we present DSB-SE, a new cloud-based file sharing & retrieval system that supports boolean queries while retaining KGA-resistance. Compared to DS-PEKS and SA-PEKS, the cost of documents searching in DSB-SE is 25, 000 times (resp. 6, 600 times) faster when and , where -term is the least frequent keyword in the query pattern. Technically, the performance gain derives from revisiting traditional boolean SSE by: (i) introducing a pairing-free DDH-based transformation key modular that allows a data reader's query pattern to be treated as a data writer's; (ii) employing the dual-server methodology to support boolean query with efficient validity checks. In particular, the client-to-cloud communication cost for retrieving index of a single document is bounded to , and the cost of sending a token ranges fro- . Nevertheless, DSB-SE is slightly slower than DS-PEKS (but faster than SA-PEKS) for key generation cost. Overall, the experiments show that the DSB-SE is practical and sufficient for real cloud applications, which is conducted over Enron dataset under a real-world cloud platform.

computer science, theory & methods,engineering, electrical & electronic

Qian Wang,Chengzhe Lai,Rongxing Lu,Dong Zheng

DOI: https://doi.org/10.1109/tcc.2021.3120110

IF: 5.697

2021-01-01

IEEE Transactions on Cloud Computing

Abstract:Outsourcing medical data to healthcare cloud has become a popular trend. Since medical data of patients contain sensitive personal information, they should be encrypted before outsourcing. However, information retrieval methods based on plaintext cannot be directly applied to encrypted data. In this article, we present a new cryptographic primitive named conjunctive keyword search with secure channel free and autonomous path delegation function (AP-SCF-PECKS), which can be applied in scenarios where patients want to search for and autonomous delegate their private medical information without revealing their private key. Particularly, the proposed solution allows patients to set up multi-hop delegation path with their preferences, and the delegated doctors in the path can search for and access the patient’s private medical information with priority from high to low. Patients can ensure that authorized doctors are always trustworthy, and unauthorized users cannot obtain the private medical information of patients. Moreover, the scheme supports the conjunctive keyword search, secure channel free, and is secure against chosen keyword attack, chosen ciphertext attack, and keyword guessing attack. The security of proposed scheme has been formally proved in the standard model. Finally, the performance evaluations demonstrate that the overhead of proposed scheme are modest for healthcare cloud scenarios.

computer science, information systems, theory & methods

Zhenhua Chen,Shundong Li,Yimin Guo,Yilei Wang,Yunjie Chu

DOI: https://doi.org/10.1007/978-3-319-11698-3_7

2014-01-01

Abstract:In this paper, we introduce a new concept of limited proxy re-encryption with keyword search (LPREKS) for fine-grained data access control in cloud computing, which combines the function of limited proxy re-encryption (LPRE) and that of public key encryption with keyword search (PEKS). However, an LPREKS scheme cannot be obtained by directly combining those two schemes since the resulting scheme is no longer proven secure in our security model. Our scheme is proven semantically secure under the modified Bilinear Diffie-Hellman (mBDH) assumption and the q-Decisional Bilinear Diffie-Hellman inversion (qDBDHI) assumption in the random oracle model. Our proposal realizes three desired situations as follows: (1) the proxy cloud server can re-encrypt the delegated data containing some keyword which matches the trapdoor from delegatee, (2) the proxy can only reencrypt a limited number of delegated data to the delegatee; otherwise, the private key of the proxy will be exposed, and (3) the proxy cloud server learns nothing about the contents of data and keyword.

Hongbo Li,Qiong Huang,Willy Susilo

DOI: https://doi.org/10.1109/tdsc.2020.3027611

2020-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Cloud storage becomes the priority for storing and sharing data for enterprise users. Encrypting prior to uploading data to the cloud is the best way to protect business secrets, however, it hinders the convenient operations on plaintexts, such as searching over the cloud data. In addition, employees in an enterprise have multiple layer structures and a higher layer employee should have the privilege to monitor the lower layer employees' data to check if these users violate the regulation without letting the employees be aware of. Public key encryption with keyword search (PEKS) is a well-known cryptographic primitive suitable for secure cloud storage, which supports keyword search without decryption in public key encryption settings. Unfortunately, no existing PEKS scheme supports the monitoring function without authorization from the sender. To address this issue, we propose a variant of PEKS named Hierarchical Public Key Encryption with Keyword Search (HPEKS) and provide a semi-generic construction utilizing a public key tree (PKTree) and a PEKS scheme. To better suit for the enterprise secret data sharing, we build an advanced HPEKS scheme, named designated-tester decryptable hierarchical public key encryption with keyword search (dDHPEKS), which enjoys stronger security and integrates the public key and symmetric key encryptions. We prove our dDHPEKS scheme secure under the security definition in the random oracle model. Particularly, it satisfies the security against outside offline keyword guessing attacks and furthermore, enjoys the transparency property so that the sender does not need to know the internal hierarchy structure of an enterprise in order to share encrypted data to the enterprise. Theoretical evaluation and concrete experiments show that our dDHPEKS scheme has comparable running efficiency with existing PEKS schemes.

computer science, information systems, software engineering, hardware & architecture

Zhenhua Chen,Shundong Li,Qiong Huang,Yilei Wang,Sufang Zhou

DOI: https://doi.org/10.1002/cpe.3754

2016-01-01

Concurrency and Computation Practice and Experience

Abstract:SummaryFor fine‐grained data access control in cloud computing, for the first time, we introduce a new concept called restricted proxy re‐encryption with keyword search, which combines the function of proxy re‐encryption with keyword search and that of threshold cryptosystem. To demonstrate this concept, we present the formal syntax for restricted proxy re‐encryption with keyword search, the security model, and a concrete construction. In our scheme, we take advantage of the techniques of threshold cryptosystem to restrict the capacity of the proxy cloud server, and in the meantime, we let the proxy cloud server can only re‐encrypt the data containing a specified keyword, which matches the trapdoor from delegatee to provide an accurate access control for users. While in this process, the proxy cloud server learns nothing about the contents of data and keyword. Our scheme is proved to be semantically secure under the modified bilinear Diffie–Hellman assumption and the q‐decisional bilinear Diffie–Hellman inversion assumption in the random oracle model. Finally, we apply the techniques in our scheme to some practical problems. Copyright © 2016 John Wiley & Sons, Ltd.

WeiDong Zhong,Xu An Wang,Ziqing Wang,Yi Ding

DOI: https://doi.org/10.1109/CIS.2011.217

2011-01-01

Abstract:Proxy re-encryption (PRE) allows a proxy to transform a cipher text for Alice (delegator) to be the one which can be decrypted by Bob (delegatee). Since it is introduced by Blaze et al. in 1998, many variants of PRE have been proposed. In this paper, we concentrate on two of them: anonymous conditional proxy re-encryption (ACPRE) and constrained proxy re-encryption with keyword search (PRES). Conditional proxy re-encryption (CPRE) is a primitive which only allows those cipher texts satisfying the condition can be re-encrypted correctly by the proxy. Anonymous conditional proxy re-encryption (ACPRE) requires the proxy not knowing which condition the cipher text associated with. PRES is a primitive which allows the proxy simultaneously re-encrypt and search the delegator's cipher text. Based on the PRES proposed by Shao et al., We show the definition of constrained proxy re-encryption with keyword search (CPRES), give its security models and discuss its potential applications. At last, based on a concrete ACPRE scheme, we construct a concrete CPRES scheme.

Cong Wang,Ning Cao,Kui Ren,Wenjing Lou

DOI: https://doi.org/10.1109/tpds.2011.282

IF: 5.3

2012-01-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:Cloud computing economically enables the paradigm of data service outsourcing. However, to protect data privacy, sensitive cloud data have to be encrypted before outsourced to the commercial public cloud, which makes effective data utilization service a very challenging task. Although traditional searchable encryption techniques allow users to securely search over encrypted data through keywords, they support only Boolean search and are not yet sufficient to meet the effective data utilization need that is inherently demanded by large number of users and huge amount of data files in cloud. In this paper, we define and solve the problem of secure ranked keyword search over encrypted cloud data. Ranked search greatly enhances system usability by enabling search result relevance ranking instead of sending undifferentiated results, and further ensures the file retrieval accuracy. Specifically, we explore the statistical measure approach, i.e., relevance score, from information retrieval to build a secure searchable index, and develop a one-to-many order-preserving mapping technique to properly protect those sensitive score information. The resulting design is able to facilitate efficient server-side ranking without losing keyword privacy. Thorough analysis shows that our proposed solution enjoys “as-strong-as-possible” security guarantee compared to previous searchable encryption schemes, while correctly realizing the goal of ranked keyword search. Extensive experimental results demonstrate the efficiency of the proposed solution.

Er-Shuo Zhuang,Chun-I Fan

DOI: https://doi.org/10.3390/math11183830

IF: 2.4

2023-09-07

Mathematics

Abstract:To protect the privacy of cloud data, encryption before uploading provides a solution. However, searching for target data in ciphertext takes effort. Therefore, searchable encryption has become an important research topic. On the other hand, since the advancement of quantum computers will lead to the crisis of cracking traditional encryption algorithms, it is necessary to design encryption schemes that can resist quantum attacks. Therefore, we propose a multi-keyword searchable identity-based proxy re-encryption scheme from lattices. In addition to resisting quantum attacks, the proposed scheme uses several cryptographic techniques to improve encryption efficiency. First, identity-based encryption is used to reduce the computation and transmission costs caused by certificates. Second, the proposed scheme uses proxy re-encryption to achieve the purpose of outsourced computing, allowing the proxy server to reduce the computation and transmission costs of the users. Third, the proposed multi-keyword searchable encryption can provide AND and OR operators to increase the flexibility of searchability. Moreover, the access structure of the proposed scheme is not based on a linear secret sharing scheme (LSSS), avoiding the errors caused by an LSSS-based structure in decryption or search results. Finally, we also give formal security proof of the proposed scheme under the decisional learning with errors assumption.

mathematics

Boshen Shan,Yuanzhi Yao,Weihai Li,Xiaodong Zuo,Nenghai Yu

DOI: https://doi.org/10.1109/trustcom56396.2022.00189

2022-01-01

Abstract:Due to the increasing popularity of cloud computing and privacy preservation concerns, sensitive data should be encrypted before outsourcing to the cloud and data utilization becomes a challenging issue. Searchable encryption (SE) is a promising technique to address this problem. Most existing searchable encryption schemes only support accurate keyword but fuzzy keyword search schemes are appreciated in practice. Moreover, in some application scenarios like the video on demand systems, data owners only hope to give the access of their data to those who have payed but authenticated user identity may often change. Therefore, dynamic user attribute updating should be considered. To solve about issues, we propose a fuzzy secure keyword search scheme over encrypted cloud data with dynamic fine-grained access control. We design a novel fuzzy keyword index to retrieve corresponding documents. To reduce the computation cost, the cloud server selects most relevant top-k documents and return them to the data users. The ciphertextpolicy attribute based encryption (CP-ABE) technique is introduced to implement fine-grained access control. Meanwhile, the basic CP-ABE is improved to meet the practical need of user attribute updating. Extensive security and performance analysis demonstrates that our proposed scheme is highly efficient and can satisfy the security requirements for fuzzy keyword search over encrypted cloud data.

Xiaoling Yu,Chungen Xu,Bennian Dou,Yuntao Wang

DOI: https://doi.org/10.1007/s11042-020-09753-1

IF: 2.577

2020-09-19

Multimedia Tools and Applications

Abstract:Multimedia cloud storage which saves the huge storage overhead of local devices has attracted considerable attention. However, due to the lack of physical control of data, the privacy protection of data on the multimedia cloud has become one of the main concerns of users. Public-key encryption with keywords search (PEKS) is a technique that can keep the privacy and searchability of data in the cloud. In this paper, we present a PEKS with time-controlled proxy re-encryption model which allows the data owner to delegate the access right of the encrypted multimedia database to other users, to achieve the time-controlled multi-user search. Furthermore, it is designed to resist keywords guessing attack and support conjunctive keywords search. Compared with previous works which require a time server to generate a time seal for the generation of the search token, this model embeds the time information of accessing the encrypted database into public and secret key pairs of data users, which saves the managing overhead and reduces the security risks resulting from an extra server. In addition, most existing PEKS schemes were constructed based on the hardness of classical mathematical problems which can be broken by quantum computers. To address this issue, a lattice-based PEKS scheme based on the above model is proposed, which can be considered as the candidate for protecting multimedia data security in the quantum era.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Hongtao Yu,Suhui Liu,Liquan Chen,Yuan Gao

DOI: https://doi.org/10.1016/j.sysarc.2024.103103

IF: 5.836

2024-03-09

Journal of Systems Architecture

Abstract:In smart wards, data generated by wearables and monitoring devices are periodically transferred to the cloud server for long-term logging and subsequent access. Remote cloud storage inevitably raises security and access control challenges. Encryption can secure data but may severely impact the value generated by sharing data. More importantly, the privacy leakage caused by keyword searches is unacceptable for medical data. The designated-server public-key encryption with keyword search (dPEKS) can realize ciphertext-based search. However, existing dPEKS face an efficiency bottleneck as they only achieve one-to-one data sharing. In addition, cloud-controlled access control creates over-centralized power. In contrast, using blockchain to control who can search has the extra benefit that the blockchain can record access behavior for subsequent tracking. Therefore, this paper proposes a blockchain-assisted dPEKS (BC-dPEKS) scheme, which exploits a permissioned blockchain to perform trapdoor generation on behalf of data users and record data uploading and access for tracing. To the best of our knowledge, this is the first scheme to tightly integrate blockchain to change PEKS primitive to achieve one-to-many search. Formal security models, the corresponding security proofs, and comprehensive performance analysis are presented.

computer science, software engineering, hardware & architecture

Yilei Wang,Wenyi Bao,Yang Zhao,Hu Xiong,Zhiguang Qin

DOI: https://doi.org/10.6633/ijns.201605.18(3).09

2016-01-01

Abstract:With the continuous development of cloud computing, more and more sensitive data needs to be centrally stored in the cloud storage. For protecting the privacy of data, sensitive data must be encrypted before being outsourced to the server. The traditional PEKS (Public Encryption Keyword Search) enables users to search data by using keywords in the condition of encryption, however, it not only needs the security channel but also tolerates the huge pairing-computation. Although the pairing-free public key encryption with keyword search has been proposed, it can not support fuzzy keyword search and this drawback greatly reduces the usability of the system. In this paper, the proposed scheme features three good aspects: First, the keywords and data have been encrypted under the server's public key and thus the secure channel of the keywords transmission has been eliminated in the sense that the outside attackers cannot obtain any information related to the keywords without the knowledge of the server's private key. Second, our scheme not only supports accurate keyword search encryption but also supports the search when the keywords input have any spelling mistakes or format inconsistencies, which significantly improved the availability of the system. Finally, the proposed scheme is constructed on the El Gamal encryption instead of the bilinear-pairing encryption, which greatly improve the computational efficiency.

Xuhui Liu,Qin Liu,Tao Peng,Jie Wu

DOI: https://doi.org/10.1016/j.ins.2016.06.035

IF: 8.1

2017-02-01

Information Sciences

Abstract:With the development of cloud computing, an increasing number of users are using cloud-based personal health record (PHR) systems. The PHR is closely tied to patient privacy, and thus existing studies suggest encrypting PHRs before outsourcing. Comparison-based encryption (CBE) was the first to implement time comparison in an attribute-based access policy by means of the forward and backward derivation functions. However, CBE cannot be directly applied to cloud-based PHR environments for the following reasons: First, the cost of encryption grows linearly with the number of attributes in the access policy. Second, policy updating incurs high communication and computation costs for the data owner. To efficiently implement a dynamic access policy for PHRs in clouds, we first propose a hierarchical comparison-based encryption (HCBE) scheme that incorporates an attribute hierarchy into CBE. The HCBE scheme encrypts a ciphertext with a small number of generalized attributes at a higher level rather than many specific attributes at a lower level, greatly improving the encryption performance. Using the HCBE scheme as a foundation, we then develop a dynamic policy updating (DPU) scheme by utilizing the proxy re-encryption (PRE) technique. The DPU scheme can avoid the transmission of ciphertexts and minimize the computation overhead on the data owner by delegating the policy updating operations to the cloud. Extensive experiments have been conducted using a synthetic data set to verify the efficiency of our proposed schemes.

computer science, information systems

Zhangjie Fu,Kui Ren,Jiangang Shu,Xingming Sun,Fengxiao Huang

DOI: https://doi.org/10.1109/tpds.2015.2506573

IF: 5.3

2015-01-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:In cloud computing, searchable encryption scheme over outsourced data is a hot research field. However, most existing works on encrypted search over outsourced cloud data follow the model of “one size fits all” and ignore personalized search intention. Moreover, most of them support only exact keyword search, which greatly affects data usability and user experience. So how to design a searchable encryption scheme that supports personalized search and improves user search experience remains a very challenging task. In this paper, for the first time, we study and solve the problem of personalized multi-keyword ranked search over encrypted data (PRSE) while preserving privacy in cloud computing. With the help of semantic ontology WordNet, we build a user interest model for individual user by analyzing the user's search history, and adopt a scoring mechanism to express user interest smartly. To address the limitations of the model of “one size fit all” and keyword exact search, we propose two PRSE schemes for different search intentions. Extensive experiments on real-world dataset validate our analysis and show that our proposed solution is very efficient and effective.

Jing He,Yiming Wu,Guangli Xiang,Zhendong Wu,Shouling Ji

DOI: https://doi.org/10.1007/978-3-319-69471-9_33

2017-01-01

Abstract:Encrypting data before outsourcing data has become a challenge in using traditional search algorithms. Many techniques have been proposed to cater the needs. However, as cloud service has a pay-as-you-go basis, these techniques are inefficiency. In this paper we attack the challenging problem by proposing an approximate multi keyword search with multi factor ranking over encrypted cloud data. Moreover, we establish strict privacy requirements and prove that the proposed scheme is secure in terms of privacy. To the best of our knowledge, we are the first who propose approximate matching technique on semantic search. Furthermore, to improve search efficiency, we consider multi-factor ranking technique to rank a query for documents. Through comprehensive experimental analysis combined with real world data, our proposed technique shows more efficiency and can retrieve more accurate results and meanwhile improve privacy by introducing randomness in query data.

Lu Liu,Jingchao Sun,Jianqiang Li,Rong Li,Juan Li,Xi Meng,Huifang Li,Jijiang Yang

DOI: https://doi.org/10.1109/SmartCity.2015.205

2015-01-01

Abstract:With the development of healthcare industry, healthcare informatization provides great potential for the health-care improvement. The cloud computing platform, which is an important infrastructure for the inter( intra)-organization collaboration, provides a shared storage space to the medical data sharing. For the privacy protection of medical data, sensitive data has to be encrypted before being transmitted to the cloud, which makes it more challenging to use these data in the cloud. For strengthening the utilization of encrypted cloud data, various encrypted search technologies are widely studied. However, these existing searchable encryption schemes may not enforce users' demands well. This paper proposes a privacy enhanced search approach for cloud-based medical data sharing. The proposed solution implements a hybrid search approach, where the search process is conducted across plaintext and ciphertext. Moreover, the enhanced access control can ensure the privacy protection of cloud data. The empirical experiments illustrate the effectiveness of our solution.

Zhirong Shen,Jiwu Shu,Wei Xue

DOI: https://doi.org/10.1109/iwqos.2013.6550283

2013-01-01

Abstract:Cloud computing cuts down large capital outlays in facilities purchase and eliminates complex system management for users. To protect data confidentiality in cloud utilization, sensitive data are usually stored in encrypted form, making traditional search service on plaintext inapplicable. Thus, enabling keyword search over encrypted data becomes a paramount urgency. Given massive data users with various search preferences, it becomes necessary to support preferred keyword search and output the data files in the order of the user's preference. In this paper, for the first time, we investigate the challenging problem of preferred keyword search over encrypted data (PSED). We first establish a set of privacy requirements and utilize the appearance frequency of each keyword to serve as its “weight”. A preference preprocessing mechanism is then explored to ensure that the search result will faithfully respect the user's preference and the Lagrange polynomial is introduced to express the user's preference formula. We further represent keyword weights of each file by using vectors, convert the preference polynomial into the vector form, and securely calculate their inner products to quantitatively characterize the relevance measure between data files and a query. Finally, an extensive performance evaluation demonstrates the proposed scheme can achieve acceptable efficiency.

Gang Xu,Shiyuan Xu,Yibo Cao,Fan Yun,Yu Cui,Yiying Yu,Ke Xiao

DOI: https://doi.org/10.1155/2022/3368819

IF: 1.968

2022-03-29

Security and Communication Networks

Abstract:In the current E-healthcare scenarios, medical institutions are used to encrypt the information and store it in an Electronic Health Record (EHR) system in order to ensure the privacy of medical information. To realize data sharing, a Public-key Encryption with Keyword Search (PEKS) scheme is indispensable, ensuring doctors search for medical information in the state of ciphertext. However, the traditional PEKS scheme cannot resist the keyword guessing quantum computing attacks, and its security depends on the confidentiality of the secret key. In addition, classical PEKS hand over the search process to a third party, affecting the search results’ accuracy. Therefore, we proposed a postquantum Public-key Searchable Encryption scheme on Blockchain (PPSEB) for E-healthcare scenarios. Firstly, we utilized a lattice-based cryptographic primitive to ensure the security of the search process and achieve forward security to avoid key leakage of medical information. Secondly, we introduced blockchain technology to solve the problem of third-party untrustworthiness in the search process. Finally, through security analysis, we prove the correctness and forward security of the solution in the E-healthcare scenarios, and the comprehensive performance evaluation demonstrates the efficiency of our scheme compared with other existing schemes.

computer science, information systems,telecommunications

Shufen Niu,Fei Yu,Mi Song,Song Han,Caifen Wang

DOI: https://doi.org/10.1007/s00500-022-07292-5

Abstract:Searchable encryption allows data users to search for encrypted files by keywords without restriction. However, electronic health record (EHR) contains sensitive information, and data users should search for and share EHR with restriction. If data users are not restricted when EHR is searched and shared, there is a high risk that EHR will be misused and reveal large amounts of private patient information. This paper proposes a specified keywords search scheme for EHR sharing based on searchable encryption and proxy re-encryption to address this problem. In the scheme, the data user searches with the keywords specified by the doctor and obtains EHR from the medical cloud. Proxy re-encryption is used to implement the sharing of EHR and privacy preservation securely. The security proof demonstrates that our scheme is secure against chosen keyword attack. Furthermore, the experimental results show that the scheme achieves computational efficiency.