Peng Liu,Qian He,Baokang Zhao,Biao Guo,Zhongyi Zhai

DOI: https://doi.org/10.32604/cmc.2023.041167

2023-01-01

Abstract:Cloud storage and edge computing are utilized to address the storage and computational challenges arising from the exponential data growth in IoT. However, data privacy is potentially risky when data is outsourced to cloud servers or edge services. While data encryption ensures data confidentiality, it can impede data sharing and retrieval. Attribute-based searchable encryption (ABSE) is proposed as an effective technique for enhancing data security and privacy. Nevertheless, ABSE has its limitations, such as single attribute authorization failure, privacy leakage during the search process, and high decryption overhead. This paper presents a novel approach called the blockchain-assisted efficient multi-authority attribute-based searchable encryption scheme (BEM-ABSE) for cloud-edge collaboration scenarios to address these issues. BEM-ABSE leverages a consortium blockchain to replace the central authentication center for global public parameter management. It incorporates smart contracts to facilitate reliable and fair ciphertext keyword search and decryption result verification. To minimize the computing burden on resource-constrained devices, BEM-ABSE adopts an online/offline hybrid mechanism during the encryption process and a verifiable edge-assisted decryption mechanism. This ensures both low computation cost and reliable ciphertext. Security analysis conducted under the random oracle model demonstrates that BEM-ABSE is resistant to indistinguishable chosen keyword attacks (IND-CKA) and indistinguishable chosen plaintext attacks (IND-CPA). Theoretical analysis and simulation results confirm that BEM-ABSE significantly improves computational efficiency compared to existing solutions.

Kaiyang Guo,Yiliang Han,Riming Wu,Kai Liu

DOI: https://doi.org/10.1155/2022/6719302

2022-10-08

Wireless Communications and Mobile Computing

Abstract:The network security situation is grim, and the problem of "information isolated island" is becoming increasingly prominent. In view of the low efficiency and insufficient security of data cross-domain sharing in the open network environment, a searchable data sharing scheme supporting cross-domain is proposed based on attribute encryption technology. Firstly, different types of nodes on the blockchain are used to realize the data sharing of users in different domains. Secondly, the flexible ciphertext-search function is realized through the search form of keyword strategy. Moreover, the scheme adopts the mode of storage under the chain, which reduces the operation pressure of the blockchain. At the same time, according to the characteristics of the blockchain, the traceability and tamper-proof of the access process can be realized. Finally, the analysis shows that the scheme can resist quantum attack and collusive attack while avoiding complex bilinear operation and meet the security of trapdoor search and indistinguishability under chosen-plaintext attack. Compared with other searchable attribute-based encryption schemes, the scheme has certain advantages in function and performance.

computer science, information systems,telecommunications,engineering, electrical & electronic

Yuling Huang,Chuang Ma,Guangxia Xu

DOI: https://doi.org/10.1109/CloudNet59005.2023.10490083

2023-11-01

Abstract:With the rapid development of the internet economy, blockchain has emerged as one of the leading methods for data sharing. However, due to the high value and sensitivity of data assets, electronic data sharing faces challenges such as access control and privacy leakage. Traditional encryption schemes based on attributes have been ineffective in addressing these problems and still suffer from security vulnerabilities. In this paper, we propose a decentralized data sharing framework that combines keyword-searchable attributes encryption with proxy re-encryption using blockchain technology and Interplanetary File Systems. This framework offers high flexibility and efficiency by addressing the issues of a single point of failure and privacy leaks. We provide comprehensive and rigorous proofs of security and efficiency for our scheme, considering security proof and storage overhead. The simulation results demonstrate that our scheme satisfies the requirements for ciphertext and keyword security and is capable of resisting collusive attacks. Furthermore, our proposed scheme exhibits higher computational efficiency and better feasibility compared to existing schemes.

Computer Science

Hongjian Yin,Yiming Zhao,Lei Zhang,Baojun Qiao,Wenbo Chen,Huaqing Wang

DOI: https://doi.org/10.1016/j.sysarc.2024.103081

IF: 5.836

2024-03-01

Journal of Systems Architecture

Abstract:In this paper, we address the secure sharing of sensitive healthcare data in blockchain-based healthcare. As a form of sensitive information, healthcare data is often encrypted before being uploaded to cloud servers. Extensive research has been conducted on Attribute-Based Searchable Encryption (ABSE) to achieve fine-grained searchability of encrypted sensitive healthcare data. However, the existing ABSE schemes rely on a single authoritative center for managing the master key, resulting in a single point of failure. Additionally, there has been limited research focusing on the privacy concerns of user identity during the key generation process. To tackle these challenges, we propose a novel decentralized ciphertext-policy attribute-based encryption (DCP-ABSE) scheme. In this scheme, the master key is jointly managed by all attribute nodes on the blockchain. This ensures the smooth operation of the system even if some nodes are compromised. In addition, the user’s private key fragments are generated through interactions with all attribute nodes, in this process, the user’s identity information is not disclosed to attribute nodes. In addition, we prove that the proposed scheme is secure against chosen keyword attacks and chosen plaintext attacks under the Decisional Bilinear Diffie–Hellman assumption. The performance evaluation shows that the proposed scheme has high efficiency.

computer science, software engineering, hardware & architecture

Xu Ma,Chen Wang,Xiaofeng Chen

DOI: https://doi.org/10.1016/j.csi.2021.103543

2021-10-01

Abstract:<p>Along with the progress of cloud service, a growing quantity of data owners store their data on cloud databases, which can not only reduce data owners' storage cost but also provide a quick search function. However, while cloud storage brings some conveniences to users, new privacy problems may emerge, such as the leakage of data privacy and user's query privacy. The best way of protecting data privacy is to encrypt the data. So how to efficiently retrieve the ciphertext to make it available becomes a hot issue in recent years. In this paper, new searchable encryption with multiple keywords is described, it can improve the accuracy of retrieval results, and we present a secure and trusted data sharing framework based on attribute-based encryption (ABE), searchable encryption, and blockchain. Unlike the previous studies, we realize flexible data sharing by using ABE. Furthermore, we transfer the related calculation of ciphertext retrieval to blockchain for credible execution without relying on any trusted third party. The security analysis proves that our method meets the proposed security requirements of data, keyword index, trapdoor, and query. Finally, the experimental results indicate that our scheme suggested has certain practicability and efficiency.</p>

computer science, software engineering, hardware & architecture

Liang Yan,Lina Ge,Zhe Wang,Guifen Zhang,Jingya Xu,Zheng Hu

DOI: https://doi.org/10.1186/s13677-023-00444-4

2023-04-19

Journal of Cloud Computing

Abstract:With the rapid development of cloud computing technology, how to achieve secure access to cloud data has become a current research hotspot. Attribute-based encryption technology provides the feasibility to achieve the above goal. However, most of the existing solutions have high computational and trust costs. Furthermore, the fairness of access authorization and the security of data search can be difficult to guarantee. To address these issues, we propose a novel access control scheme based on blockchain and attribute-based searchable encryption in cloud environment. The proposed scheme achieves fine-grained access control with low computation consumption by implementing proxy encryption and decryption, while supporting policy hiding and attribute revocation. The encrypted file is stored in the IPFS and the metadata ciphertext is stored on the blockchain, which ensures data integrity and confidentiality. Simultaneously, the scheme enables the secure search of ciphertext keyword in an open and transparent blockchain environment. Additionally, an audit contract is designed to constrain user access behavior to dynamically manage access authorization. Security analysis proves that our scheme is resistant to chosen-plaintext attacks and keyword-guessing attacks. Theoretical analysis and experimental results show that our scheme has high computational and storage efficiency, which is more advantageous than other schemes.

Linjian Hong,Kai Zhang,Junqing Gong,Haifeng Qian

DOI: https://doi.org/10.1155/2022/4978802

IF: 1.968

2022-01-01

Security and Communication Networks

Abstract:Attribute-based encryption (ABE) is a powerful encryption scheme with flexible access control over encrypted data that has been widely adopted in cloud computing scenarios to facilitate data sharing. However, despite convenience and efficiency provided by data sharing based on cloud, it is commonly vulnerable to issues like key abuse (namely, illegal key sharing by user or key distribution by authority) and key escrow (namely, illegal decryption by ABE authority). Hence, exploring a more secure ABE scheme that can be key abuse and key escrow resistant is crucial. Furthermore, data modification that happens in cloud storage and outsourced computation is also a challenge for the cloud-based data sharing schemes. To handle the above issues, in this paper, we propose a secure and efficient data sharing scheme based on attribute-based encryption (ABE) and blockchain equipped with InterPlanetary File System (IPFS). In particular, we show that the large-universe ABE with outsourced decryption (LU-ABE-OD) scheme proposed by Ning et al. is vulnerable to key escrow attack, which is not secure enough in the data sharing scenario. Therefore, based on their basic proposal, we construct an improved multi-authority LU-ABE-OD scheme to encrypt personal data, which are stored in the IPFS system while blockchain is applied to store the hash value returned by IPFS and be responsible for the outsourced decryption. As a result, our scheme greatly reduces the decryption overheads of the user while risks of key abuse and key escrow can be settled. Meanwhile, the introduction of IPFS significantly reduces the storage burden on chain without data tampering problem. Through theoretical analysis and experimental simulation, we prove the feasibility, security, and efficiency of our scheme.

Mi Song,Shufen Niu,Lizhi Fang

DOI: https://doi.org/10.1109/cecit53797.2021.00012

2021-12-01

Abstract:To ensure that multiple data users can access the data and realize the dynamic change of user authority, this paper proposes a ciphertext updatable attribute-based searchable encryption scheme based on blockchain. Combine the blockchain with the cloud server, keyword ciphertext is stored on the blockchain, symmetric key ciphertext and data ciphertext are stored on the cloud server. When the data user wants to change the access policy or revoke the access rights of some users, this scheme uses the proxy re-encryption technology to realize attribute revocation and ciphertext update of the data requester. At the same time, the access policy is hidden, which realizes the user&#x27;s privacy protection. The security analysis shows that our scheme is safe and effective. In addition, the performance analysis shows that the proposed scheme is efficient and feasible.

Mamta,Brij B. Gupta,Kuan-Ching Li,Victor C. M. Leung,Kostas E. Psannis,Shingo Yamaguchi

DOI: https://doi.org/10.1109/jas.2021.1004003

2021-12-01

IEEE/CAA Journal of Automatica Sinica

Abstract:The concept of sharing of personal health data over cloud storage in a healthcare-cyber physical system has become popular in recent times as it improves access quality. The privacy of health data can only be preserved by keeping it in an encrypted form, but it affects usability and flexibility in terms of effective search. Attribute-based searchable encryption (ABSE) has proven its worth by providing fine-grained searching capabilities in the shared cloud storage. However, it is not practical to apply this scheme to the devices with limited resources and storage capacity because a typical ABSE involves serious computations. In a healthcare cloud-based cyber-physical system (CCPS), the data is often collected by resource-constraint devices; therefore, here also, we cannot directly apply ABSE schemes. In the proposed work, the inherent computational cost of the ABSE scheme is managed by executing the computationally intensive tasks of a typical ABSE scheme on the blockchain network. Thus, it makes the proposed scheme suitable for online storage and retrieval of personal health data in a typical CCPS. With the assistance of blockchain technology, the proposed scheme offers two main benefits. First, it is free from a trusted authority, which makes it genuinely decentralized and free from a single point of failure. Second, it is computationally efficient because the computational load is now distributed among the consensus nodes in the blockchain network. Specifically, the task of initializing the system, which is considered the most computationally intensive, and the task of partial search token generation, which is considered as the most frequent operation, is now the responsibility of the consensus nodes. This eliminates the need of the trusted authority and reduces the burden of data users, respectively. Further, in comparison to existing decentralized fine-grained searchable encryption schemes, the proposed scheme has achieved a significant reduction i- storage and computational cost for the secret key associated with users. It has been verified both theoretically and practically in the performance analysis section.

Suhui Liu,Jiguo Yu,Yinhao Xiao,Zhiguo Wan,Shengling Wang,Biwei Yan

DOI: https://doi.org/10.1109/jiot.2020.2993231

IF: 10.6

2020-09-01

IEEE Internet of Things Journal

Abstract:The Internet of Things (IoT) changed our lives with huge amounts of data production. Due to source-limited IoT devices, one of the best ways to process the data is cloud storage. However, a series of security and privacy issues arise, such as illegal data access, data tampering, and privacy leak. Though symmetric encryption can guarantee data confidentiality, it cannot realize fine-grained data sharing and searching. The keyword-based searchable attribute-based encryption (KSABE) can achieve data confidentiality and fine-grained access control. More importantly, it realizes a keyword-based search for data users. However, the heavy decryption computation burden and the management of massive user keys appear when implementing attribute-based encryption schemes to IoT. Therefore, this article proposes a blockchain-aided searchable attribute-based encryption (BC-SABE) with efficient revocation and decryption, where the traditional centralized server is replaced with a decentralized blockchain system being in charge of the threshold parameter generation, key management, and user revocation. All revocation tasks are done by the blockchain and it is on longer necessary for ciphertext reencryption and key update. Moreover, users utilize the coalition blockchain to generate partial tokens. Besides, the cloud server contained in our scheme not only stores the massive encrypted data but also performs search and predecryption for users who only require one exponentiation in the group ${mathbb {G}}$ to decrypt fully. Security analyses prove that our scheme realizes the security under the chosen plaintext attack and the chosen keyword attack. Simulations show that the decryption and token generation cost of our scheme are preferable.

computer science, information systems,telecommunications,engineering, electrical & electronic

Chen Yan,Fuyuan Hu,Jing Chen,Weizhong Lu,Hongjie Wu,Luping Wang

DOI: https://doi.org/10.1109/ICDMW60847.2023.00096

2023-12-04

Abstract:In the field of smart healthcare, data security and privacy protection are of paramount importance. However, within this context, we are confronted with a crucial question: how can we enable multiple users to simultaneously access online data while safeguarding their privacy? To address this issue, this paper introduces a blockchain-based attribute-based searchable encryption scheme, along with the HBC (Healthcare Blockchain Cipher) encryption algorithm. This scheme enables multiple users to simultaneously access online data while safeguarding their privacy through encrypted search functionality. Furthermore, we integrates tamper-resistant blockchain technology into the system, to address the potential threats to data integrity and correctness when storing data on semi-trusted cloud servers. Additionally, we consider use attribute encryption for access control, to prevent malicious attackers from obtaining sensitive information through access patterns. The scheme also supports attribute revocation to prevent unauthorized access by former system users. Lastly, we provide detailed security and efficiency analysis, the results show that our scheme are security and efficiency.

Medicine,Computer Science

Shufen Niu,Lixia Chen,Jinfeng Wang,Fei Yu

DOI: https://doi.org/10.1109/access.2019.2959044

IF: 3.9

2020-01-01

IEEE Access

Abstract:With the digitization of traditional medical records, medical institutions encounter difficult problems, such as electronic health record storage and sharing. Patients and doctors spend considerable time querying the required data when accessing electronic health records, but the obtained data are not necessarily correct, and access is sometimes restricted. On this basis, this study proposes a medical data sharing scheme based on permissioned blockchains, which use ciphertext-based attribute encryption to ensure data confidentiality and access control of medical data. Under premise of ensuring patient identity privacy, a polynomial equation is used to achieve an arbitrary connection of keywords, and then blockchain technology is combined. In addition, the proposed scheme has keyword-indistinguishability against adaptive chosen keyword attacks under the random oracle model. Analysis shows that the scheme has high retrieval efficiency.

computer science, information systems,telecommunications,engineering, electrical & electronic

Duo Zhang,Shangping Wang,Qian Zhang,Yaling Zhang

DOI: https://doi.org/10.1109/tsc.2023.3311877

IF: 11.019

2023-01-01

IEEE Transactions on Services Computing

Abstract:Cloud computing has brought great convenience to data storage and resource sharing, however, there are still concerns about data security and service quality. Attribute-based encryption (ABE) and searchable encryption (SE) are always adopted to achieve data access authorization and data retrieval on encrypted data in data sharing, respectively. But more efficient and accurate methods have been always pursued. Moreover, the spoofing attacks is another important aspect that raises concerns, especially when it comes to reliability of search results and online payments. Blockchain, an emerging technology that can be used to solve the problem of trust, has shown great application potential in finance and data sharing. Based on blockchain, we propose an attribute-based conjunctive keyword search (ABCKS) scheme with verifiability and fairness. In this paper, data privacy-preserving, fine-grained access control, and multi-keywords search can be supported simultaneously. Blockchain and smart contract are employed to facilitate the search result verification process and ensure fair payment in the trustless case. Furthermore, we reduce the user&#x27;s decryption load to a constant level by performing partial decryption on the cloud side. Finally, the results of the performance evaluation indicate that our scheme has higher efficiency and security.

computer science, information systems, software engineering

Jiujiang Han,Ziyuan Li,Jian Liu,Huimei Wang,Ming Xian,Yuxiang Zhang,Yu Chen

DOI: https://doi.org/10.3390/electronics11162536

IF: 2.9

2022-08-14

Electronics

Abstract:Searchable encryption enables users to enjoy search services while protecting the security and privacy of their outsourced data. Blockchain-enabled searchable encryption delivers the computing processes that are executed on the server to the decentralized and transparent blockchain system, which eliminates the potential threat of malicious servers invading data. Recently, although some of the blockchain-enabled searchable encryption schemes realized that users can search freely and verify search results, unfortunately, these schemes were inefficient and costly. Motivated by this, we proposed an improved scheme that supports fine-grained access control and flexible searchable encryption. In our framework, the data owner uploads ciphertext documents and symmetric keys to cloud database and optional KMS, respectively, and manipulates the access control process and searchable encryption process through smart contracts. Finally, the experimental comparison conducted on a private Ethereum network proved the superiority of our scheme.

engineering, electrical & electronic,computer science, information systems,physics, applied

Li Yan,Gaozhou Wang,Tian Yin,Peishun Liu,Hongxin Feng,Wenbin Zhang,Hailin Hu,Fading Pan

DOI: https://doi.org/10.3390/electronics13091621

IF: 2.9

2024-04-25

Electronics

Abstract:With the advent of the big data era, the size and complexity of data continue to increase, which makes the requirement for data privacy and security increasingly urgent. However, traditional encryption methods cannot meet the demand for efficient searching in large-scale datasets. To solve this problem and enable users to search within encryped data and without decrypting the entire dataset, trapdoor functions and other cryptograhic techniques are introduced in searchable encryption. However, searchable encryption still cannot meet the needs in the real world. Therefore, researchers have introduced the concept of attribute-based encryption into searchable encryption, resulting in attribute-based searchable encryption (ABSE). This approach aims to achieve efficient search by attributes in encrypted datasets. ABSE has a wide range of applications in the fields of privacy protection, data sharing, and cloud computing. In this paper, we describe the trends in development, focusing on enhancing security, improving computational efficiency, and increasing flexibility. We also present the related schemes. In addition, several common application areas are introduced and the relevant schemes proposed by researchers are summarized. Moreover, the challenges and future directions of ABSE are discussed in this paper.

engineering, electrical & electronic,computer science, information systems,physics, applied

Xinyin Xiang,Xingwen Zhao

DOI: https://doi.org/10.1016/j.sysarc.2022.102417

IF: 5.836

2022-03-01

Journal of Systems Architecture

Abstract:The Internet of Things (IoT) is becoming increasingly popular for transmitting massive data in a network. With a limited supply of IoT devices, utilizing cloud storage is considered to be an optimal way of processing data. Although cloud computing provides an efficient means of data storage and secure sharing in resource-limited devices, it is still a challenge to enable end users to publish search queries and implement fine-grained access control over a ciphertext at the same time. Blockchain-assisted searchable attribute-based encryption (SABE) can achieve data confidentiality and fine-grained access control. In our work, we present blockchain-assisted SABE for e-health systems. Our framework not only combines the advantages of attribute-based encryption (ABE) and blockchain technology but also supports hidden policies. A rigorous security proof shows that our scheme can achieve the known security under a chosen keyword attack. An experiment indicates that the proposal is suitable for e-health systems.

computer science, software engineering, hardware & architecture