Blockchain-Based Certificateless Bidirectional Authenticated Searchable Encryption Scheme in Cloud Email System

Traditional email systems can only achieve one-way communication,which means only the receiver is allowed to search for emails on the email server.In this paper,we propose a blockchain-based certificateless bidirectional authenticated searchable encryption model for a cloud email system named certificateless authenticated bidirectional searchable encryption(CL-BSE)by combining the storage function of cloud server with the communication function of email server.In the new model,not only can the data receiver search for the relevant content by generating its own trapdoor,but the data owner also can retrieve the content in the same way.Meanwhile,there are dual authentication functions in our model.First,during encryption,the data owner uses the private key to authenticate their identity,ensuring that only legal owner can generate the keyword ciphertext.Second,the blockchain verifies the data owner’s identity by the received ciphertext,allowing only authorized members to store their data in the server and avoiding unnecessary storage space consumption.We obtain a formal definition of CL-BSE and formulate a specific scheme from the new system model.Then the security of the scheme is analyzed based on the formalized security model.The results demonstrate that the scheme achieves multikeyword ciphertext indistinguishability andmulti-keyword trapdoor privacy against any adversary simultaneously.In addition,performance evaluation shows that the new scheme has higher computational and communication efficiency by comparing it with some existing ones.

Some Remarks on Cocks'Identity-Based Encryption Scheme

The theory of quadratic residues plays an important role in cryptography.In 2001,Cocks developed an identity-based encryption(IBE)scheme based on quadratic residues,resolving Shamir’s 17-year-old open problem.However,a notable drawback of Cocks’scheme is the significant expansion of the ciphertext,and some of its limitations have been addressed in subsequent research.Recently,Cotan and Teşeleanu highlighted that previous studies on Cocks’scheme relied on a trial-and-error method based on Jacobi symbols to generate the necessary parameters for the encryption process.They enhanced the encryption speed of Cocks’scheme by eliminating this trialand-error method.Based on security analysis,this study concludes that the security of Cotan-Teşeleanu’s proposal cannot be directly derived from the security of the original Cocks’scheme.Furthermore,by adopting the Cotan-Teşeleanu method and introducing an additional variable as a public element,this study develops a similar enhancement scheme that not only accelerates the encryption speed but also provides security equivalent to the original Cocks’scheme.

Vector Dominance with Threshold Searchable Encryption (VDTSE) for the Internet of Things

The Internet of Medical Things(IoMT)is an application of the Internet of Things(IoT)in the medical field.It is a cutting-edge technique that connects medical sensors and their applications to healthcare systems,which is essential in smart healthcare.However,Personal Health Records(PHRs)are normally kept in public cloud servers controlled by IoMT service providers,so privacy and security incidents may be frequent.Fortunately,Searchable Encryption(SE),which can be used to execute queries on encrypted data,can address the issue above.Nevertheless,most existing SE schemes cannot solve the vector dominance threshold problem.In response to this,we present a SE scheme called Vector Dominance with Threshold Searchable Encryption(VDTSE)in this study.We use a Lagrangian polynomial technique and convert the vector dominance threshold problem into a constraint that the number of two equal-length vectors’corresponding bits excluding wildcards is not less than a threshold t.Then,we solve the problem using the proposed technique modified in Hidden Vector Encryption(HVE).This technique makes the trapdoor size linear to the number of attributes and thus much smaller than that of other similar SE schemes.A rigorous experimental analysis of a specific application for privacy-preserving diabetes demonstrates the feasibility of the proposed VDTSE scheme.

Blockchain-Assisted Secure Fine-Grained Searchable Encryption for a Cloud-Based Healthcare Cyber-Physical System

The concept of sharing of personal health data over cloud storage in a healthcare-cyber physical system has become popular in recent times as it improves access quality.The privacy of health data can only be preserved by keeping it in an encrypted form,but it affects usability and flexibility in terms of effective search.Attribute-based searchable encryption(ABSE)has proven its worth by providing fine-grained searching capabilities in the shared cloud storage.However,it is not practical to apply this scheme to the devices with limited resources and storage capacity because a typical ABSE involves serious computations.In a healthcare cloud-based cyber-physical system(CCPS),the data is often collected by resource-constraint devices;therefore,here also,we cannot directly apply ABSE schemes.In the proposed work,the inherent computational cost of the ABSE scheme is managed by executing the computationally intensive tasks of a typical ABSE scheme on the blockchain network.Thus,it makes the proposed scheme suitable for online storage and retrieval of personal health data in a typical CCPS.With the assistance of blockchain technology,the proposed scheme offers two main benefits.First,it is free from a trusted authority,which makes it genuinely decentralized and free from a single point of failure.Second,it is computationally efficient because the computational load is now distributed among the consensus nodes in the blockchain network.Specifically,the task of initializing the system,which is considered the most computationally intensive,and the task of partial search token generation,which is considered as the most frequent operation,is now the responsibility of the consensus nodes.This eliminates the need of the trusted authority and reduces the burden of data users,respectively.Further,in comparison to existing decentralized fine-grained searchable encryption schemes,the proposed scheme has achieved a significant reduction in storage and computational cost for the secret key associated with users.It has been verified both theoretically and practically in the performance analysis section.

A Blockchain-Based Credible and Secure Education Experience Data Management Scheme Supporting for Searchable Encryption

With the in-depth application of new technologies such as big data in education fields,the storage and sharing model of student education records data still faces many challenges in terms of privacy protection and efficient transmission.In this paper,we propose a data security storage and sharing scheme based on consortium blockchain,which is a credible search scheme without verification.In our scheme,the implementation of data security storage is using the blockchain and storage server together.In detail,the smart contract provides protection for data keywords,the storage server stores data after data masking,and the blockchain ensures the traceability of query transactions.The need for precise privacy data is achieved by constructing a dictionary.Cryptographic techniques such as AES and RSA are used for encrypted storage of data,keywords,and digital signatures.Security analysis and performance evaluation shows that the availability,high efficiency,and privacy-preserving can be achieved.Meanwhile,this scheme has better robustness compared to other educational records data sharing models.

Substring-searchable attribute-based encryption and its application for IoT devices

With the development of big data and cloud computing technology,more and more users choose to store data on cloud servers,which brings much convenience to their management and use of data,and also the risk of data leakage.A common method to prevent data leakage is to encrypt the data before uploading it,but the traditional encryption method is often not conducive to data sharing and querying.In this paper,a new kind of Attribute-Based Encryption(ABE)scheme,which is called the Sub-String Searchable ABE(SSS-ABE)scheme,is proposed for the sharing and querying of the encrypted data.In the SSS-ABE scheme,the data owner encrypts the data under an access structure,and only the data user who satisfies the access structure can query and decrypt it.The data user can make a substring query on the whole ciphertext without setting keywords in advance.In addition,the outsourcing method is also introduced to reduce the local computation of the decryption process so that the outsourcing SSS-ABE scheme can be applied to IoT devices.

Verifiable Identity-Based Encryption with Keyword Search for IoT from Lattice

Internet of Things(IoT),which provides the solution of connecting things and devices,has increasingly developed as vital tools to realize intelligent life.Generally,source-limited IoT sensors outsource their data to the cloud,which arises the concerns that the transmission of IoT data is happening without appropriate consideration of the profound security challenges involved.Though encryption technology can guarantee the confidentiality of private data,it hinders the usability of data.Searchable encryption(SE)has been proposed to achieve secure data sharing and searching.However,most of existing SE schemes are designed under conventional hardness assumptions and may be vulnerable to the adversary with quantum computers.Moreover,the untrusted cloud server may perform an unfaithful search execution.To address these problems,in this paper,we propose the first verifiable identity-based keyword search(VIBKS)scheme from lattice.In particular,a lattice-based delegation algorithm is adopted to help the data user to verify both the correctness and the integrity of the search results.Besides,in order to reduce the communication overhead,we refer to the identity-based mechanism.We conduct rigorous proof to demonstrate that the proposed VIBKS scheme is ciphertext indistinguishable secure against the semi-honestbut-curious adversary.In addition,we give the detailed computation and communication complexity of our VIBKS and conduct a series of experiments to validate its efficiency performance.

Lattice-Based Searchable Encryption Scheme against Inside Keywords Guessing Attack

To save the local storage,users store the data on the cloud server who offers convenient internet services.To guarantee the data privacy,users encrypt the data before uploading them into the cloud server.Since encryption can reduce the data availability,public-key encryption with keyword search(PEKS)is developed to achieve the retrieval of the encrypted data without decrypting them.However,most PEKS schemes cannot resist quantum computing attack,because the corresponding hardness assumptions are some number theory problems that can be solved efficiently under quantum computers.Besides,the traditional PEKS schemes have an inherent security issue that they cannot resist inside keywords guessing attack(KGA).In this attack,a malicious server can guess the keywords encapsulated in the search token by computing the ciphertext of keywords exhaustively and performing the test between the token and the ciphertext of keywords.In the paper,we propose a lattice-based PEKS scheme that can resist quantum computing attacks.To resist inside KGA,this scheme adopts a lattice-based signature technique into the encryption of keywords to prevent the malicious server from forging a valid ciphertext.Finally,some simulation experiments are conducted to demonstrate the performance of the proposed scheme and some comparison results are further shown with respect to other searchable schemes.

Fully Secure Identity-based Broadcast Encryption in the Subgroups

In this paper,we show how to use the dual techniques in the subgroups to give a secure identity-based broadcast encryption(IBBE) scheme with constant-size ciphertexts. Our scheme achieves the full security(adaptive security) under three static(i.e. non q-based) assumptions. It is worth noting that only recently Waters gives a short ciphertext broadcast encryption system that is even adaptively secure under the simple assumptions. One feature of our methodology is that it is relatively simple to leverage our techniques to get adaptive security.

Paillier-Based Fuzzy Multi-Keyword Searchable Encryption Scheme with Order-Preserving

Efficient multi-keyword fuzzy search over encrypted data is a desirable technology for data outsourcing in cloud storage.However,the current searchable encryption solutions still have deficiencies in search efficiency,accuracy and multiple data owner support.In this paper,we propose an encrypted data searching scheme that can support multiple keywords fuzzy search with order preserving(PMS).First,a new spelling correction algorithm-(Possibility-Levenshtein based Spelling Correction)is proposed to correct user input errors,so that fuzzy keywords input can be supported.Second,Paillier encryption is introduced to calculate encrypted relevance score of multiple keywords for order preserving.Then,a queue-based query method is also applied in this scheme to break the linkability between the query keywords and search results and protect the access pattern.Our proposed scheme achieves fuzzy matching without expanding the index table or sacrificing computational efficiency.The theoretical analysis and experiment results show that our scheme is secure,accurate,error-tolerant and very efficient.

A time-aware searchable encryption scheme for EHRs

Despite the benefits of EHRs (Electronic Health Records), there is a growing concern over the risks of privacy exposure associated with the technologies of EHR storing and transmission. To deal with this problem, a timeaware searchable encryption with designated server is proposed in this paper. It is based on Boneh's public key encryption with keyword search and Rivest's timed-release cryptology. Our construction has three features: the user cannot issue a keyword search query successfully unless the search falls into the specific time range;only the authorized user can generate a valid trapdoor;only the designated server can execute the search. Applying our scheme in a multi-user environment, the number of the keyword ciphertexts would not increase linearly with the number of the authorized users. The security and performance analysis shows that our proposed scheme is securer and more efficient than the existing similar schemes.

Searchable Encryption with Access Control on Keywords in Multi-User Setting

Searchable encryption technology makes it convenient to search encrypted data with keywords for people.A data owner shared his data with other users on the cloud server.For security,it is necessary for him to build a fine-grained and flexible access control mechanism.The main idea of this paper is to let the owner classify his data and then authorizes others according to categories.The cloud server maintains a permission matrix,which will be used to verify whether a trapdoor is valid or not.In this way we can achieve access control and narrow the search range at the same time.We prove that our scheme can achieve index and trapdoor indistinguishability under chosen keywords attack security in the random oracles.

IoT Services:Realizing Private Real-Time Detection via Authenticated Conjunctive Searchable Encryption

With the rapid development of wireless communication technology,the Internet of Things is playing an increasingly important role in our everyday.The amount of data generated by sensor devices is increasing as a large number of connectable devices are deployed in many fields,including the medical,agricultural,and industrial areas.Uploading data to the cloud solves the problem of data overhead but results in privacy issues.Therefore,the question of how to manage the privacy of uploading data and make it available to be interconnected between devices is a crucial issue.In this paper,we propose a scheme that supports real-time authentication with conjunctive keyword detection(RA-CKD),this scheme can realize the interconnection of encrypted data between devices while ensuring some measure of privacy for both encrypted data and detection tokens.Through authentication technology,connected devices can both authenticate each other’s identity and prevent malicious adversaries from interfering with device interconnection.Finally,we prove that our scheme can resist inside keyword guessing attack through rigorous security reduction.The experiment shows that the efficiency of RA-CKD is good enough to be practical.

A Searchable Encryption Scheme Based on Lattice for Log Systems in Blockchain

With the increasing popularity of cloud storage,data security on the cloud has become increasingly visible.Searchable encryption has the ability to realize the privacy protection and security of data in the cloud.However,with the continuous development of quantum computing,the standard Public-key Encryption with Keyword Search(PEKS)scheme cannot resist quantumbased keyword guessing attacks.Further,the credibility of the server also poses a significant threat to the security of the retrieval process.This paper proposes a searchable encryption scheme based on lattice cryptography using blockchain to address the above problems.Firstly,we design a lattice-based encryption primitive to resist quantum keyword guessing attacks.Moreover,blockchain is to decentralize the cloud storage platform’s jurisdiction of data.It also ensures that the traceability of keyword retrieval process and maintains the credibility of search result,which malicious platforms are prevented as much as possible from deliberately sending wrong search results.Last but not least,through security analysis,our proposed scheme satisfies the credibility and unforgeability of the keyword ciphertext.The comprehensive performance evaluates that our scheme has certain advantages in terms of efficiency compared with others.

Secure Content Based Image Retrieval Scheme Based on Deep Hashing and Searchable Encryption

To solve the problem that the existing ciphertext domain image retrieval system is challenging to balance security,retrieval efficiency,and retrieval accuracy.This research suggests a searchable encryption and deep hashing-based secure image retrieval technique that extracts more expressive image features and constructs a secure,searchable encryption scheme.First,a deep learning framework based on residual network and transfer learn-ing model is designed to extract more representative image deep features.Secondly,the central similarity is used to quantify and construct the deep hash sequence of features.The Paillier homomorphic encryption encrypts the deep hash sequence to build a high-security and low-complexity searchable index.Finally,according to the additive homomorphic property of Paillier homomorphic encryption,a similarity measurement method suitable for com-puting in the retrieval system’s security is ensured by the encrypted domain.The experimental results,which were obtained on Web Image Database from the National University of Singapore(NUS-WIDE),Microsoft Common Objects in Context(MS COCO),and ImageNet data sets,demonstrate the system’s robust security and precise retrieval,the proposed scheme can achieve efficient image retrieval without revealing user privacy.The retrieval accuracy is improved by at least 37%compared to traditional hashing schemes.At the same time,the retrieval time is saved by at least 9.7%compared to the latest deep hashing schemes.

An Efficient Identity-Based Homomorphic Broadcast Encryption

Broadcast encryption (BE) allows a sender to broadcast its message to a set of receivers in a single ciphertext. However, in broadcast encryption scheme, ciphertext length is always related to the size of the receiver set. Thus, how to improve the communication of broadcast encryption is a big issue. In this paper, we proposed an identity-based homomorphic broadcast encryption scheme which supports an external entity to directly calculate ciphertexts and get a new ciphertext which is the corresponding result of the operation on plaintexts without decrypting them. The correctness and security proofs of our scheme were formally proved. Finally, we implemented our scheme in a simulation environment and the experiment results showed that our scheme is efficient for practical applications.

OBLIVIOUS TRANSFER WITH ACCESS CONTROL AND IDENTITY-BASED ENCRYPTION WITH ANONYMOUS KEY ISSUING

In ACM'CCS 2009,Camenisch,et al.proposed the Oblivious Transfer with Access Control(AC-OT) in which each item is associated with an attribute set and can only be available,on request,to the users who have all the attributes in the associated set.Namely,AC-OT achieves access control policy for conjunction of attributes.Essentially,the functionality of AC-OT is equivalent to the sim-plified version that we call AC-OT-SV:for each item,one attribute is associated with it,and it is requested that only the users who possess the associated attribute can obtain the item by queries.On one hand,AC-OT-SV is a special case of AC-OT when there is just one associated attribute with each item.On the other hand,any AC-OT can be realized by an AC-OT-SV.In this paper,we first present a concrete AC-OT-SV protocol which is proved to be secure in the model defined by Camenisch,et al..Then from the protocol,interestingly,a concrete Identity-Based Encryption(IBE) with Anonymous Key Issuing(AKI) is given which is just a direct application to AC-OT-SV.By comparison,we show that the AKI protocol we present is more efficient in communications than that proposed by Chow.

Security Analysis of a Privacy-Preserving Identity-Based Encryption Architecture

Identity-Based Encryption (IBE) has seen limited adoption, largely due to the absolute trust that must be placed in the private key generator (PKG)—an authority that computes the private keys for all the users in the environment. Several constructions have been proposed to reduce the trust required in the PKG (and thus preserve the privacy of users), but these have generally relied on unrealistic assumptions regarding non-collusion between various entities in the system. Unfortunately, these constructions have not significantly improved IBE adoption rates in real-world environments. In this paper, we present a construction that reduces trust in the PKG without unrealistic non-collusion assumptions. We achieve this by incorporating a novel combination of digital credential technology and bilinear maps, and making use of multiple randomly-chosen entities to complete certain tasks. The main result and primary contribution of this paper are a thorough security analysis of this proposed construction, examining the various entity types, attacker models, and collusion opportunities in this environment. We show that this construction can prevent, or at least mitigate, all considered attacks. We conclude that our construction appears to be effective in preserving user privacy and we hope that this construction and its security analysis will encourage greater use of IBE in real-world environments.

Construction and Implementation of a Privacy-Preserving Identity-Based Encryption Architecture

A recent proposal by Adams integrates the digital credentials (DC) technology of Brands with the identity-based encryption (IBE) technology of Boneh and Franklin to create an IBE scheme that demonstrably enhances privacy for users. We refer to this scheme as a privacy-preserving identity-based encryption (PP-IBE) construction. In this paper, we discuss the concrete implementation considerations for PP-IBE and provide a detailed instantiation (based on q-torsion groups in supersingular elliptic curves) that may be useful both for proof-of-concept purposes and for pedagogical purposes.

Constructing Certificateless Encryption with Keyword Search against Outside and Inside Keyword Guessing Attacks

Searchable public key encryption is a useful cryptographic paradigm that enables an untrustworthy server to retrieve the encrypted data without revealing the contents of the data. It offers a promising solution to encrypted data retrieval in cryptographic cloud storage. Certificateless public key cryptography (CLPKC) is a novel cryptographic primitive that has many merits. It overcomes the key escrow problem in identity-based cryptography (IBC) and the cumbersome certificate problem in conventional public key cryptography (PKC). Motivated by the appealing features of CLPKC, several certificateless encryption with keyword search (CLEKS) schemes have been presented in the literature. But, our cryptanalysis demonstrates that the previously proposed CLEKS frameworks suffer from the security vulnerability caused by the keyword guessing attack. To remedy the security weakness in the previous frameworks and provide resistance against both inside and outside keyword guessing attacks, we propose a new CLEKS framework. Under the new framework, we design a concrete CLEKS scheme and formally prove its security in the random oracle model. Compared with previous two CLEKS schemes, the proposed scheme has better overall performance while offering stronger security guarantee as it withstands the existing known types of keyword guessing attacks.