Blockchain-Based Certificateless Bidirectional Authenticated Searchable Encryption Scheme in Cloud Email System

Traditional email systems can only achieve one-way communication,which means only the receiver is allowed to search for emails on the email server.In this paper,we propose a blockchain-based certificateless bidirectional authenticated searchable encryption model for a cloud email system named certificateless authenticated bidirectional searchable encryption(CL-BSE)by combining the storage function of cloud server with the communication function of email server.In the new model,not only can the data receiver search for the relevant content by generating its own trapdoor,but the data owner also can retrieve the content in the same way.Meanwhile,there are dual authentication functions in our model.First,during encryption,the data owner uses the private key to authenticate their identity,ensuring that only legal owner can generate the keyword ciphertext.Second,the blockchain verifies the data owner’s identity by the received ciphertext,allowing only authorized members to store their data in the server and avoiding unnecessary storage space consumption.We obtain a formal definition of CL-BSE and formulate a specific scheme from the new system model.Then the security of the scheme is analyzed based on the formalized security model.The results demonstrate that the scheme achieves multikeyword ciphertext indistinguishability andmulti-keyword trapdoor privacy against any adversary simultaneously.In addition,performance evaluation shows that the new scheme has higher computational and communication efficiency by comparing it with some existing ones.

Vector Dominance with Threshold Searchable Encryption (VDTSE) for the Internet of Things

The Internet of Medical Things(IoMT)is an application of the Internet of Things(IoT)in the medical field.It is a cutting-edge technique that connects medical sensors and their applications to healthcare systems,which is essential in smart healthcare.However,Personal Health Records(PHRs)are normally kept in public cloud servers controlled by IoMT service providers,so privacy and security incidents may be frequent.Fortunately,Searchable Encryption(SE),which can be used to execute queries on encrypted data,can address the issue above.Nevertheless,most existing SE schemes cannot solve the vector dominance threshold problem.In response to this,we present a SE scheme called Vector Dominance with Threshold Searchable Encryption(VDTSE)in this study.We use a Lagrangian polynomial technique and convert the vector dominance threshold problem into a constraint that the number of two equal-length vectors’corresponding bits excluding wildcards is not less than a threshold t.Then,we solve the problem using the proposed technique modified in Hidden Vector Encryption(HVE).This technique makes the trapdoor size linear to the number of attributes and thus much smaller than that of other similar SE schemes.A rigorous experimental analysis of a specific application for privacy-preserving diabetes demonstrates the feasibility of the proposed VDTSE scheme.

Secure Content Based Image Retrieval Scheme Based on Deep Hashing and Searchable Encryption

To solve the problem that the existing ciphertext domain image retrieval system is challenging to balance security,retrieval efficiency,and retrieval accuracy.This research suggests a searchable encryption and deep hashing-based secure image retrieval technique that extracts more expressive image features and constructs a secure,searchable encryption scheme.First,a deep learning framework based on residual network and transfer learn-ing model is designed to extract more representative image deep features.Secondly,the central similarity is used to quantify and construct the deep hash sequence of features.The Paillier homomorphic encryption encrypts the deep hash sequence to build a high-security and low-complexity searchable index.Finally,according to the additive homomorphic property of Paillier homomorphic encryption,a similarity measurement method suitable for com-puting in the retrieval system’s security is ensured by the encrypted domain.The experimental results,which were obtained on Web Image Database from the National University of Singapore(NUS-WIDE),Microsoft Common Objects in Context(MS COCO),and ImageNet data sets,demonstrate the system’s robust security and precise retrieval,the proposed scheme can achieve efficient image retrieval without revealing user privacy.The retrieval accuracy is improved by at least 37%compared to traditional hashing schemes.At the same time,the retrieval time is saved by at least 9.7%compared to the latest deep hashing schemes.

Blockchain-Assisted Secure Fine-Grained Searchable Encryption for a Cloud-Based Healthcare Cyber-Physical System

The concept of sharing of personal health data over cloud storage in a healthcare-cyber physical system has become popular in recent times as it improves access quality.The privacy of health data can only be preserved by keeping it in an encrypted form,but it affects usability and flexibility in terms of effective search.Attribute-based searchable encryption(ABSE)has proven its worth by providing fine-grained searching capabilities in the shared cloud storage.However,it is not practical to apply this scheme to the devices with limited resources and storage capacity because a typical ABSE involves serious computations.In a healthcare cloud-based cyber-physical system(CCPS),the data is often collected by resource-constraint devices;therefore,here also,we cannot directly apply ABSE schemes.In the proposed work,the inherent computational cost of the ABSE scheme is managed by executing the computationally intensive tasks of a typical ABSE scheme on the blockchain network.Thus,it makes the proposed scheme suitable for online storage and retrieval of personal health data in a typical CCPS.With the assistance of blockchain technology,the proposed scheme offers two main benefits.First,it is free from a trusted authority,which makes it genuinely decentralized and free from a single point of failure.Second,it is computationally efficient because the computational load is now distributed among the consensus nodes in the blockchain network.Specifically,the task of initializing the system,which is considered the most computationally intensive,and the task of partial search token generation,which is considered as the most frequent operation,is now the responsibility of the consensus nodes.This eliminates the need of the trusted authority and reduces the burden of data users,respectively.Further,in comparison to existing decentralized fine-grained searchable encryption schemes,the proposed scheme has achieved a significant reduction in storage and computational cost for the secret key associated with users.It has been verified both theoretically and practically in the performance analysis section.

A Blockchain-Based Credible and Secure Education Experience Data Management Scheme Supporting for Searchable Encryption

With the in-depth application of new technologies such as big data in education fields,the storage and sharing model of student education records data still faces many challenges in terms of privacy protection and efficient transmission.In this paper,we propose a data security storage and sharing scheme based on consortium blockchain,which is a credible search scheme without verification.In our scheme,the implementation of data security storage is using the blockchain and storage server together.In detail,the smart contract provides protection for data keywords,the storage server stores data after data masking,and the blockchain ensures the traceability of query transactions.The need for precise privacy data is achieved by constructing a dictionary.Cryptographic techniques such as AES and RSA are used for encrypted storage of data,keywords,and digital signatures.Security analysis and performance evaluation shows that the availability,high efficiency,and privacy-preserving can be achieved.Meanwhile,this scheme has better robustness compared to other educational records data sharing models.

Lattice-Based Searchable Encryption Scheme against Inside Keywords Guessing Attack

To save the local storage,users store the data on the cloud server who offers convenient internet services.To guarantee the data privacy,users encrypt the data before uploading them into the cloud server.Since encryption can reduce the data availability,public-key encryption with keyword search(PEKS)is developed to achieve the retrieval of the encrypted data without decrypting them.However,most PEKS schemes cannot resist quantum computing attack,because the corresponding hardness assumptions are some number theory problems that can be solved efficiently under quantum computers.Besides,the traditional PEKS schemes have an inherent security issue that they cannot resist inside keywords guessing attack(KGA).In this attack,a malicious server can guess the keywords encapsulated in the search token by computing the ciphertext of keywords exhaustively and performing the test between the token and the ciphertext of keywords.In the paper,we propose a lattice-based PEKS scheme that can resist quantum computing attacks.To resist inside KGA,this scheme adopts a lattice-based signature technique into the encryption of keywords to prevent the malicious server from forging a valid ciphertext.Finally,some simulation experiments are conducted to demonstrate the performance of the proposed scheme and some comparison results are further shown with respect to other searchable schemes.

Substring-searchable attribute-based encryption and its application for IoT devices

With the development of big data and cloud computing technology,more and more users choose to store data on cloud servers,which brings much convenience to their management and use of data,and also the risk of data leakage.A common method to prevent data leakage is to encrypt the data before uploading it,but the traditional encryption method is often not conducive to data sharing and querying.In this paper,a new kind of Attribute-Based Encryption(ABE)scheme,which is called the Sub-String Searchable ABE(SSS-ABE)scheme,is proposed for the sharing and querying of the encrypted data.In the SSS-ABE scheme,the data owner encrypts the data under an access structure,and only the data user who satisfies the access structure can query and decrypt it.The data user can make a substring query on the whole ciphertext without setting keywords in advance.In addition,the outsourcing method is also introduced to reduce the local computation of the decryption process so that the outsourcing SSS-ABE scheme can be applied to IoT devices.

A time-aware searchable encryption scheme for EHRs

Despite the benefits of EHRs (Electronic Health Records), there is a growing concern over the risks of privacy exposure associated with the technologies of EHR storing and transmission. To deal with this problem, a timeaware searchable encryption with designated server is proposed in this paper. It is based on Boneh's public key encryption with keyword search and Rivest's timed-release cryptology. Our construction has three features: the user cannot issue a keyword search query successfully unless the search falls into the specific time range;only the authorized user can generate a valid trapdoor;only the designated server can execute the search. Applying our scheme in a multi-user environment, the number of the keyword ciphertexts would not increase linearly with the number of the authorized users. The security and performance analysis shows that our proposed scheme is securer and more efficient than the existing similar schemes.

Paillier-Based Fuzzy Multi-Keyword Searchable Encryption Scheme with Order-Preserving

Efficient multi-keyword fuzzy search over encrypted data is a desirable technology for data outsourcing in cloud storage.However,the current searchable encryption solutions still have deficiencies in search efficiency,accuracy and multiple data owner support.In this paper,we propose an encrypted data searching scheme that can support multiple keywords fuzzy search with order preserving(PMS).First,a new spelling correction algorithm-(Possibility-Levenshtein based Spelling Correction)is proposed to correct user input errors,so that fuzzy keywords input can be supported.Second,Paillier encryption is introduced to calculate encrypted relevance score of multiple keywords for order preserving.Then,a queue-based query method is also applied in this scheme to break the linkability between the query keywords and search results and protect the access pattern.Our proposed scheme achieves fuzzy matching without expanding the index table or sacrificing computational efficiency.The theoretical analysis and experiment results show that our scheme is secure,accurate,error-tolerant and very efficient.

Searchable Encryption with Access Control on Keywords in Multi-User Setting

Searchable encryption technology makes it convenient to search encrypted data with keywords for people.A data owner shared his data with other users on the cloud server.For security,it is necessary for him to build a fine-grained and flexible access control mechanism.The main idea of this paper is to let the owner classify his data and then authorizes others according to categories.The cloud server maintains a permission matrix,which will be used to verify whether a trapdoor is valid or not.In this way we can achieve access control and narrow the search range at the same time.We prove that our scheme can achieve index and trapdoor indistinguishability under chosen keywords attack security in the random oracles.

IoT Services:Realizing Private Real-Time Detection via Authenticated Conjunctive Searchable Encryption

With the rapid development of wireless communication technology,the Internet of Things is playing an increasingly important role in our everyday.The amount of data generated by sensor devices is increasing as a large number of connectable devices are deployed in many fields,including the medical,agricultural,and industrial areas.Uploading data to the cloud solves the problem of data overhead but results in privacy issues.Therefore,the question of how to manage the privacy of uploading data and make it available to be interconnected between devices is a crucial issue.In this paper,we propose a scheme that supports real-time authentication with conjunctive keyword detection(RA-CKD),this scheme can realize the interconnection of encrypted data between devices while ensuring some measure of privacy for both encrypted data and detection tokens.Through authentication technology,connected devices can both authenticate each other’s identity and prevent malicious adversaries from interfering with device interconnection.Finally,we prove that our scheme can resist inside keyword guessing attack through rigorous security reduction.The experiment shows that the efficiency of RA-CKD is good enough to be practical.

A Searchable Encryption Scheme Based on Lattice for Log Systems in Blockchain

With the increasing popularity of cloud storage,data security on the cloud has become increasingly visible.Searchable encryption has the ability to realize the privacy protection and security of data in the cloud.However,with the continuous development of quantum computing,the standard Public-key Encryption with Keyword Search(PEKS)scheme cannot resist quantumbased keyword guessing attacks.Further,the credibility of the server also poses a significant threat to the security of the retrieval process.This paper proposes a searchable encryption scheme based on lattice cryptography using blockchain to address the above problems.Firstly,we design a lattice-based encryption primitive to resist quantum keyword guessing attacks.Moreover,blockchain is to decentralize the cloud storage platform’s jurisdiction of data.It also ensures that the traceability of keyword retrieval process and maintains the credibility of search result,which malicious platforms are prevented as much as possible from deliberately sending wrong search results.Last but not least,through security analysis,our proposed scheme satisfies the credibility and unforgeability of the keyword ciphertext.The comprehensive performance evaluates that our scheme has certain advantages in terms of efficiency compared with others.

Secure, Efficient and Searchable File System on Distributed Clouds

Many enterprises and personals are inclining to outsource their data to public clouds, but security and privacy are two critical problems cannot be ignored. The door of cloud provider may be broken, and the data may also be dug into by providers to find valuable information. In this paper, a secure and efficient storage file (SES FS) system is proposed to distribute files in several clouds and allows users to search the files securely and efficiently. In the proposed system, keywords were transformed into integers and secretly shared in a defined finite field, then the shares were mapped to random numbers in specified random domain in each cloud. Files were encrypted with distinct secret key and scattered within different clouds. Information about keyword/file was secretly shared among cloud providers. Legal users can search in the clouds to find correct encrypted files and reconstruct corresponding secret key. No adversary can find or detect the real file information even they can collude all the servers. Manipulation on shares by one or more clouds can be detected with high probability. The system can also detect malicious servers through introduced virtual points. One interesting property for the scheme is that new keywords can be added easily, which is difficult and usually not efficient for many searchable symmetric encryption systems. Detailed experimental result shows, with tolerable uploading delay, the scheme exhibits excellent performance on data retrieving aspect.

Identity-based searchable attribute signcryption in lattice for a blockchain-based medical system

Electronic healthcare systems can offer convenience but face the risk of data forgery and information leakage.To solve these issues,we propose an identity-based searchable attribute signcryption in lattice for a blockchain-based medical system(BCMS-LIDSASC).BCMS-LIDSASC achieves decentralization and anti-quantum security in the blockchain environment,and provides fine-grained access control and searchability.Furthermore,smart contracts are used to replace traditional trusted third parties,and the interplanetary file system(IPFS)is used for ciphertext storage to alleviate storage pressure on the blockchain.Compared to other schemes,BCMS-LIDSASC requires smaller key size and less storage,and has lower computation cost.It contributes to secure and efficient management of medical data and can protect patient privacy and ensure the integrity of electronic healthcare systems.

IXT: Improved searchable encryption for multi-word queries based on PSI

Oblivious Cross-Tags(OXT)[1]is the first efficient searchable encryption(SE)protocol for conjunctive queries in a single-writer single-reader framework.However,it also has a trade-off between security and efficiency by leaking partial database information to the server.Recent attacks on these SE schemes show that the leakages from these SE schemes can be used to recover the content of queried keywords.To solve this problem,Lai et al.[2]propose Hidden Cross-Tags(HXT),which reduces the access pattern leakage from Keyword Pair Result Pattern(KPRP)to Whole Result Pattern(WRP).However,the WRP leakage can also be used to recover some additional contents of queried keywords.This paper proposes Improved Cross-Tags(IXT),an efficient searchable encryption protocol that achieves access and searches pattern hiding based on the labeled private set intersection.We also prove the proposed labeled private set intersection(PSI)protocol is secure against semi-honest adversaries,and IXT is-semi-honest secure(is leakage function).Finally,we do experiments to compare IXT with HXT.The experimental results show that the storage overhead and computation overhead of the search phase at the client-side in IXT is much lower than those in HXT.Meanwhile,the experimental results also show that IXT is scalable and can be applied to various sizes of datasets.

SEOT: Secure dynamic searchable encryption with outsourced ownership transfer

When one enterprise acquires another,the electronic data of the acquired enterprise will be transferred to the acquiring enterprise.In particular,if the data system of acquired enterprise contains a searchable encryption mechanism,the corresponding searchability will also be transferred.In this paper,we introduce the concept of Searchable Encryption with Ownership Transfer(SEOT),and propose a secure SEOT scheme.Based on the new structure of polling pool,our proposed searchable encryption scheme not only achieves efficient transfer of outsourced data,but also implements secure transfer of data searchability.Moreover,we optimize the storage cost for user to a desirable value.We prove our scheme can achieve the secure characteristics,then carry out the performance evaluation and experiments.The results demonstrate that our scheme is superior in efficiency and practicability.

Secure searchable encryption:a survey

Cloud computing facilitates convenient and on-demand network access to a centralized pool of resources.Currently,many users prefer to outsource data to the cloud in order to mitigate the burden of local storage.However,storing sensitive data on remote servers poses privacy challenges and is currently a source of concern.SE(Searchable Encryption)is a positive way to protect users sensitive data,while preserving search ability on the server side.SE allows the server to search encrypted data without leaking information in plaintext data.The two main branches of SE are SSE(Searchable Symmetric Encryption)and PEKS(Public key Encryption with Keyword Search).SSE allows only private key holders to produce ciphertexts and to create trapdoors for search,whereas PEKS enables a number of users who know the public key to produce ciphertexts but allows only the private key holder to create trapdoors.This article surveys the two main techniques of SE:SSE and PEKS.Different SE schemes are categorized and compared in terms of functionality,efficiency,and security.Moreover,we point out some valuable directions for future work on SE schemes.

Secure Channel Free ID-Based Searchable Encryption for Peer-to-Peer Group

Data sharing and searching are important functionalities in cloud storage. In this paper, we show how to securely and flexibly search and share cloud data among a group of users without a group manager. We formalize a novel cryptosystem： secure channel free searchable encryption in a peer-to-peer group, which features with the secure cloud data sharing and searching for group members in an identity-based setting. Our scheme allows group members to join or leave the group dynamically. We present two schemes： basic scheme and enhanced scheme. We formally prove that our basic scheme achieves consistency and indistinguishability against the chosen keyword and ciphertext attack and the outsider＇s keyword guessing attack, respectively. An enhanced scheme is also proposed to achieve forward secrecy, which allows to revoke user search right over the former shared data.

Verifiable searchable symmetric encryption for conjunctive keyword queries in cloud storage

Searchable symmetric encryption(SSE)has been introduced for secure outsourcing the encrypted database to cloud storage,while maintaining searchable features.Of various SSE schemes,most of them assume the server is honest but curious,while the server may be trustless in the real world.Considering a malicious server not honestly performing the queries,verifiable SSE(VSSE)schemes are constructed to ensure the verifiability of the search results.However,existing VSSE constructions only focus on single-keyword search or incur heavy computational cost during verification.To address this challenge,we present an efficient VSSE scheme,built on OXT protocol(Cash et al.,CRYPTO 2013),for conjunctive keyword queries with sublinear search overhead.The proposed VSSE scheme is based on a privacy-preserving hash-based accumulator,by leveraging a well-established cryptographic primitive,Symmetric Hidden Vector Encryption(SHVE).Our VSSE scheme enables both correctness and completeness verifiability for the result without pairing operations,thus greatly reducing the computational cost in the verification process.Besides,the proposed VSSE scheme can still provide a proof when the search result is empty.Finally,the security analysis and experimental evaluation are given to demonstrate the security and practicality of the proposed scheme.

Hybrid cloud approach for block-level deduplication and searchable encryption in large universe

Ciphertext-policy attribute-based searchable encryption （CP-ABSE） can achieve fine-grained access control for data sharing and retrieval, and secure deduplication can save storage space by eliminating duplicate copies. However, there are seldom schemes supporting both searchable encryption and secure deduplication. In this paper, a large universe CP-ABSE scheme supporting secure block-level deduplication are proposed under a hybrid cloud mechanism. In the proposed scheme, after the ciphertext is inserted into bloom filter tree （BFT）, private cloud can perform fine-grained deduplication efficiently by matching tags, and public cloud can search efficiently using homomorphic searchable method and keywords matching. Finally, the proposed scheme can achieve privacy under chosen distribution attacks block-level （PRV-CDA-B） secure deduplication and match-concealing （MC） searchable security. Compared with existing schemes, the proposed scheme has the advantage in supporting fine-grained access control, block-level deduplication and efficient search, simultaneously.