Attribute-based encryption with keyword search(ABEKS)is a novel cryptographic paradigm that can be used to implementfine-grained access control and retrieve ciphertexts without disclosing the sensitive information.It i...Attribute-based encryption with keyword search(ABEKS)is a novel cryptographic paradigm that can be used to implementfine-grained access control and retrieve ciphertexts without disclosing the sensitive information.It is a perfect combination of attribute-based encryption(ABE)and public key encryption with keyword search(PEKS).Nevertheless,most of the existing ABEKS schemes have limited search capabilities and only support single or simple conjunctive keyword search.Due to the weak search capability and inaccurate search results,it is difficult to apply these schemes to practical applications.In this paper,an effi-cient expressive ABEKS(EABEKS)scheme supporting unbounded keyword uni-verse over prime-order groups is designed,which supplies the expressive keyword search function supporting the logical connectives of“AND”and“OR”.The proposed scheme not only leads to low computation and communica-tion costs,but also supports unbounded keyword universe.In the standard model,the scheme is proven to be secure under the chosen keyword attack and the cho-sen plaintext attack.The comparison analysis and experimental results show that it has better performance than the existing EABEKS schemes in the storage,com-putation and communication costs.展开更多
Cloud Computing expands its usability to various fields that utilize data and store it in a common space that is required for computing and the purpose of analysis as like the IoT devices.These devices utilize the clo...Cloud Computing expands its usability to various fields that utilize data and store it in a common space that is required for computing and the purpose of analysis as like the IoT devices.These devices utilize the cloud for storing and retrieving data since the devices are not capable of storing processing data on its own.Cloud Computing provides various services to the users like the IaaS,PaaS and SaaS.The major drawback that is faced by cloud computing include the Utilization of Cloud services for the storage of data that could be accessed by all the users related to cloud.The use of Public Key Encryptions with keyword search(PEKS)provides security against the untrustworthy third-party search capability on publicly encryption keys without revealing the data’s contents.But the Security concerns of PEKs arise when Inside Keywords Guessing attacks(IKGA),is identified in the system due to the untrusted server presume the keyword in trapdoor.This issue could be solved by using various algorithms like the Certificateless Hashed Public Key Authenticated Encryption with Keyword Search(CL-HPAEKS)which utilizes the Modified Elliptic Curve Cryptography(MECC)along with the Mutation Centred flower pollinations algorithm(CM-FPA)that is used in enhancing the performance of the algorithm using the Optimization in keys.The additional use of Message Digests 5(MD5)hash function in the system enhances the security Level that is associated with the system.The system that is proposed achieves the security level performance of 96 percent and the effort consumed by the algorithm is less compared to the other encryption techniques.展开更多
With the widespread use of cloud computing technology,more and more users and enterprises decide to store their data in a cloud server by outsourcing.However,these huge amounts of data may contain personal privacy,bus...With the widespread use of cloud computing technology,more and more users and enterprises decide to store their data in a cloud server by outsourcing.However,these huge amounts of data may contain personal privacy,business secrets and other sensitive information of the users and enterprises.Thus,at present,how to protect,retrieve,and legally use the sensitive information while preventing illegal accesses are security challenges of data storage in the cloud environment.A new proxy re-encryption with keyword search scheme is proposed in this paper in order to solve the problem of the low retrieval efficiency of the encrypted data in the cloud server.In this scheme,the user data are divided into files,file indexes and the keyword corresponding to the files,which are respectively encrypted to store.The improved scheme does not need to re-encrypt partial file cipher-text as in traditional schemes,but re-encrypt the cipher-text of keywords corresponding to the files.Therefore the scheme can improve the computational efficiency as well as resist chosen keyword attack.And the scheme is proven to be indistinguishable under Hash Diffie-Hellman assumption.Furthermore,the scheme does not need to use any secure channels,making it more effective in the cloud environment.展开更多
As the use of cloud storage for various services increases,the amount of private personal information along with data stored in the cloud storage is also increasing.To remotely use the data stored on the cloud storage...As the use of cloud storage for various services increases,the amount of private personal information along with data stored in the cloud storage is also increasing.To remotely use the data stored on the cloud storage,the data to be stored needs to be encrypted for this reason.Since“searchable encryption”is enable to search on the encrypted data without any decryption,it is one of convenient solutions for secure data management.A public key encryption with keyword search(for short,PEKS)is one of searchable encryptions.Abdalla et al.firstly defined IND-CCA security for PEKS to enhance it’s security and proposed consistent IND-CCA secure PEKS based on the“robust”ANO-CCA secure identity-based encryption(IBE).In this paper,we propose two generic constructions of consistent IND-CCA secure PEKS combining(1)a hierarchical identity based encryption(for short,HIBE)and a signature scheme or(2)a HIBE,an encapsulation,and a message authentication code(for short,MAC)scheme.Our generic constructions identify that HIBE requires the security of a signature or a MAC as well as the weaker“ANO-CPA security(resp.,IND-CPA security)”of HIBE than“ANOCCA security(resp.,IND-CCA security)”of IBE required in for achieving IND-CCA secure(resp.,consistent)PEKS.Finally,we prove that our generic constructions satisfy IND-CCA security and consistency under the security models.展开更多
Public Key Encryption with Keyword Search(PEKS),an indispensable part of searchable encryption,is stock-intrade for both protecting data and providing operability of encrypted data.So far most of PEKS schemes have bee...Public Key Encryption with Keyword Search(PEKS),an indispensable part of searchable encryption,is stock-intrade for both protecting data and providing operability of encrypted data.So far most of PEKS schemes have been established on Identity-Based Cryptography(IBC) with key escrow problem inherently.Such problem severely restricts the promotion of IBC-based Public Key Infrastructure including PEKS component.Hence,Certificateless Public Key Cryptography(CLPKC) is efficient to remove such problem.CLPKC is introduced into PEKS,and a general model of Certificate/ess PEKS(CLPEKS) is formalized.In addition,a practical CLPEKS scheme is constructed with security and efficiency analyses.The proposal is secure channel free,and semantically secure against adaptive chosen keyword attack and keyword guessing attack.To illustrate the superiority,massive experiments are conducted on Enron Email dataset which is famous in information retrieval field.Compared with existed constructions,CLPEKS improves the efficiency in theory and removes the key escrow problem.展开更多
Searchable public key encryption is a useful cryptographic paradigm that enables an untrustworthy server to retrieve the encrypted data without revealing the contents of the data. It offers a promising solution to enc...Searchable public key encryption is a useful cryptographic paradigm that enables an untrustworthy server to retrieve the encrypted data without revealing the contents of the data. It offers a promising solution to encrypted data retrieval in cryptographic cloud storage. Certificateless public key cryptography (CLPKC) is a novel cryptographic primitive that has many merits. It overcomes the key escrow problem in identity-based cryptography (IBC) and the cumbersome certificate problem in conventional public key cryptography (PKC). Motivated by the appealing features of CLPKC, several certificateless encryption with keyword search (CLEKS) schemes have been presented in the literature. But, our cryptanalysis demonstrates that the previously proposed CLEKS frameworks suffer from the security vulnerability caused by the keyword guessing attack. To remedy the security weakness in the previous frameworks and provide resistance against both inside and outside keyword guessing attacks, we propose a new CLEKS framework. Under the new framework, we design a concrete CLEKS scheme and formally prove its security in the random oracle model. Compared with previous two CLEKS schemes, the proposed scheme has better overall performance while offering stronger security guarantee as it withstands the existing known types of keyword guessing attacks.展开更多
Searchable encryption allows cloud users to outsource the massive encrypted data to the remote cloud and to search over the data without revealing the sensitive information. Many schemes have been proposed to support ...Searchable encryption allows cloud users to outsource the massive encrypted data to the remote cloud and to search over the data without revealing the sensitive information. Many schemes have been proposed to support the keyword search in a public cloud. However,they have some potential limitations. First,most of the existing schemes only consider the scenario with the single data owner. Second,they need secure channels to guarantee the secure transmission of secret keys from the data owner to data users. Third,in some schemes,the data owner should be online to help data users when data users intend to perform the search,which is inconvenient.In this paper,we propose a novel searchable scheme which supports the multi-owner keyword search without secure channels. More than that,our scheme is a non-interactive solution,in which all the users only need to communicate with the cloud server. Furthermore,the analysis proves that our scheme can guarantee the security even without secure channels. Unlike most existing public key encryption based searchable schemes,we evaluate the performance of our scheme,which shows that our scheme is practical.展开更多
In this paper, we propose a new method based on index to realize IR-style Chinese keyword search with ranking strategies in relational databases. This method creates an index by using the related information of tuple ...In this paper, we propose a new method based on index to realize IR-style Chinese keyword search with ranking strategies in relational databases. This method creates an index by using the related information of tuple words and presents a ranking strategy in terms of the nature of Chinese words. For a Chinese keyword query, the index is used to match query search words and the tuple words in index quickly, and to compute similarities between the query and tuples by the ranking strategy, and then the set of identifiers of candidate tuples is generated. Thus, we retrieve top-N results of the query using SQL selection statements and output the ranked answers according to the similarities. The experimental results show that our method is efficient and effective.展开更多
To protect the privacy of power data,we usually encrypt data before outsourcing it to the cloud servers.However,it is challenging to search over the encrypted data.In addition,we need to ensure that only authorized us...To protect the privacy of power data,we usually encrypt data before outsourcing it to the cloud servers.However,it is challenging to search over the encrypted data.In addition,we need to ensure that only authorized users can retrieve the power data.The attribute-based searchable encryption is an advanced technology to solve these problems.However,many existing schemes do not support large universe,expressive access policies,and hidden access policies.In this paper,we propose an attributebased keyword search encryption scheme for power data protection.Firstly,our proposed scheme can support encrypted data retrieval and achieve fine-grained access control.Only authorized users whose attributes satisfy the access policies can search and decrypt the encrypted data.Secondly,to satisfy the requirement in the power grid environment,the proposed scheme can support large attribute universe and hidden access policies.The access policy in this scheme does not leak private information about users.Thirdly,the security analysis and performance analysis indicate that our scheme is efficient and practical.Furthermore,the comparisons with other schemes demonstrate the advantages of our proposed scheme.展开更多
The user data stored in an untrusted server, such as the centralized data center or cloud computing server, may be dangerous of eavesdropping if the data format is a plaintext. However, the general ciphertext is diffi...The user data stored in an untrusted server, such as the centralized data center or cloud computing server, may be dangerous of eavesdropping if the data format is a plaintext. However, the general ciphertext is difficult to search and thus limited for practical usage. The keyword search encryption is a helpful mechanism that provides a searchable ciphertext for some predefined keywords. The previous studies failed to consider the attack from the data storage server to guess the keyword. This kind of attack may cause some critical information revealed to the untrusted server. This paper proposes a new keyword search encryption model that can effectively resist the keyword-guessing attack performed by the untrusted data storage(testing) server. The testing(query)secret is divided into multiple shares so that the security can be guaranteed if the servers cannot conspire with each other to retrieve all shares of the secret.展开更多
This paper presents an effective keyword search method for data-centric extensive markup language (XML) documents. The method divides an XML document into compact connected integral subtrees, called self-integral tr...This paper presents an effective keyword search method for data-centric extensive markup language (XML) documents. The method divides an XML document into compact connected integral subtrees, called self-integral trees (SI-Trees), to capture the structural information in the XML document. The SI-Trees are generated based on a schema guide. Meaningful self-integral trees (MSI-Trees) are identified, which contain all or some of the input keywords for the keyword search in the XML documents. Indexing is used to accelerate the retrieval of MSI-Trees related to the input keywords. The MSI-Trees are ranked to identify the top-k results with the highest ranks. Extensive tests demonstrate that this method costs 10-100 ms to answer a keyword query, and outperforms existing approaches by 1-2 orders of magnitude.展开更多
Attribute-based encryption with keyword search(ABKS)achieves both fine-grained access control and keyword search.However,in the previous ABKS schemes,the search algorithm requires that each keyword to be identical bet...Attribute-based encryption with keyword search(ABKS)achieves both fine-grained access control and keyword search.However,in the previous ABKS schemes,the search algorithm requires that each keyword to be identical between the target keyword set and the ciphertext keyword set,otherwise the algorithm does not output any search result,which is not conducive to use.Moreover,the previous ABKS schemes are vulnerable to what we call a peer-decryption attack,that is,the ciphertext may be eavesdropped and decrypted by an adversary who has sufficient authorities but no information about the ciphertext keywords.In this paper,we provide a new system in fog computing,the ciphertext-policy attribute-based encryption with dynamic keyword search(ABDKS).In ABDKS,the search algorithm requires only one keyword to be identical between the two keyword sets and outputs the corresponding correlation which reflects the number of the same keywords in those two sets.In addition,our ABDKS is resistant to peer-decryption attack,since the decryption requires not only sufficient authority but also at least one keyword of the ciphertext.Beyond that,the ABDKS shifts most computational overheads from resource constrained users to fog nodes.The security analysis shows that the ABDKS can resist Chosen-Plaintext Attack(CPA)and Chosen-Keyword Attack(CKA).展开更多
The existing solutions to keyword search in the cloud can be divided into two categories: searching on exact keywords and searching on error-tolerant keywords. An error-tolerant keyword search scheme permits to make ...The existing solutions to keyword search in the cloud can be divided into two categories: searching on exact keywords and searching on error-tolerant keywords. An error-tolerant keyword search scheme permits to make searches on encrypted data with only an approximation of some keyword. The scheme is suitable to the case where users' searching input might not exactly match those pre-set keywords. In this paper, we first present a general framework for searching on error-tolerant keywords. Then we propose a concrete scheme, based on a fuzzy extractor, which is proved secure against an adaptive adversary under well-defined security definition. The scheme is suitable for all similarity metrics including Hamming distance, edit distance, and set difference. It does not require the user to construct or store anything in advance, other than the key used to calculate the trapdoor of keywords and the key to encrypt data documents. Thus, our scheme tremendously eases the users' burden. What is more, our scheme is able to transform the servers' searching for error-tolerant keywords on ciphertexts to the searching for exact keywords on plaintexts. The server can use any existing approaches of exact keywords search to search plaintexts on an index table.展开更多
Keyword search has become a ubiquitous method for users to access text data in the face of information explosion. Inverted lists are usually used to index underlying documents to retrieve documents according to a set ...Keyword search has become a ubiquitous method for users to access text data in the face of information explosion. Inverted lists are usually used to index underlying documents to retrieve documents according to a set of keywords efficiently. Since inverted lists are usually large, many compression techniques have been proposed to reduce the storage space and disk I/O time. However, these techniques usually perform decompression operations on the fly, which increases the CPU time. This paper presents a more efficient index structure, the Generalized INverted IndeX (Ginix), which merges consecutive IDs in inverted lists into intervals to save storage space. With this index structure, more efficient algorithms can be devised to perform basic keyword search operations, i.e., the union and the intersection operations, by taking the advantage of intervals. Specifically, these algorithms do not require conversions from interval lists back to ID lists. As a result, keyword search using Ginix can be more efficient than those using traditional inverted indices. The performance of Ginix is also improved by reordering the documents in datasets using two scalable algorithms. Experiments on the performance and scalability of Ginix on real datasets show that Ginix not only requires less storage space, but also improves the keyword search performance, compared with traditional inverted indexes.展开更多
may incur significant bandwidth for executing more com- plicated search queries such as multiple-attribute queries. In order to reduce query overhead, KSS (keyword-set search) by Gnawali partitions the index by a set ...may incur significant bandwidth for executing more com- plicated search queries such as multiple-attribute queries. In order to reduce query overhead, KSS (keyword-set search) by Gnawali partitions the index by a set of keywords. However, a KSS index is considerably larger than a standard inverted index, since there are more word sets than there are individual words. And the insert overhead and storage overhead are obviously un- acceptable for full-text search on a collection of documents even if KSS uses the distance window technology. In this paper, we extract the relationship information between query keywords from websites’ queries logs to improve performance of KSS system. Experiments results clearly demonstrated that the improved keyword-set search system based on keywords relationship (KRBKSS) is more efficient than KSS index in insert overhead and storage overhead, and a standard inverted index in terms of communication costs for query.展开更多
The paper presents a novel benefit based query processing strategy for efficient query routing. Based on DHT as the overlay network, it first applies Nash equilibrium to construct the optimal peer group based on the c...The paper presents a novel benefit based query processing strategy for efficient query routing. Based on DHT as the overlay network, it first applies Nash equilibrium to construct the optimal peer group based on the correlations of keywords and coverage and overlap of the peers to decrease the time cost, and then presents a two-layered architecture for query processing that utilizes Bloom filter as compact representation to reduce the bandwidth consumption. Extensive experiments conducted on a real world dataset have demonstrated that our approach obviously decreases the processing time, while improves the precision and recall as well.展开更多
A search strategy over encrypted cloud data based on keywords has been improved and has presented a method using different strategies on the client and the server to improve the search efficiency in this paper. The cl...A search strategy over encrypted cloud data based on keywords has been improved and has presented a method using different strategies on the client and the server to improve the search efficiency in this paper. The client uses the Chinese and English to achieve the synonym construction of the keywords, the establishment of the fuzzy-syllable words and synonyms set of keywords and the implementation of fuzzy search strategy over the encryption of cloud data based on keywords. The server side through the analysis of the user’s query request provides keywords for users to choose and topic words and secondary words are picked out. System will match topic words with historical inquiry in time order, and then the new query result of the request is directly gained. The analysis of the simulation experiment shows that the fuzzy search strategy can make better use of historical results on the basis of privacy protection for the realization of efficient data search, saving the search time and improving the efficiency of search.展开更多
Purpose: The aim of this paper is to discuss how the keyword concentration change ratio(KCCR) is used while identifying the stability-mutation feature of Web search keywords during information analyses and predictions...Purpose: The aim of this paper is to discuss how the keyword concentration change ratio(KCCR) is used while identifying the stability-mutation feature of Web search keywords during information analyses and predictions.Design/methodology/approach: By introducing the stability-mutation feature of keywords and its significance, the paper describes the function of the KCCR in identifying keyword stability-mutation features. By using Ginsberg's influenza keywords, the paper shows how the KCCR can be used to identify the keyword stability-mutation feature effectively.Findings: Keyword concentration ratio has close positive correlation with the change rate of research objects retrieved by users, so from the characteristic of the 'stability-mutation' of keywords, we can understand the relationship between these keywords and certain information. In general, keywords representing for mutation fit for the objects changing in short-term, while those representing for stability are suitable for long-term changing objects. Research limitations: It is difficult to acquire the frequency of keywords, so indexes or parameters which are closely related to the true search volume are chosen for this study.Practical implications: The stability-mutation feature identification of Web search keywords can be applied to predict and analyze the information of unknown public events through observing trends of keyword concentration ratio.Originality/value: The stability-mutation feature of Web search could be quantitatively described by the keyword concentration change ratio(KCCR). Through KCCR, the authors took advantage of Ginsberg's influenza epidemic data accordingly and demonstrated how accurate and effective the method proposed in this paper was while it was used in information analyses and predictions.展开更多
The concept of sharing of personal health data over cloud storage in a healthcare-cyber physical system has become popular in recent times as it improves access quality.The privacy of health data can only be preserved...The concept of sharing of personal health data over cloud storage in a healthcare-cyber physical system has become popular in recent times as it improves access quality.The privacy of health data can only be preserved by keeping it in an encrypted form,but it affects usability and flexibility in terms of effective search.Attribute-based searchable encryption(ABSE)has proven its worth by providing fine-grained searching capabilities in the shared cloud storage.However,it is not practical to apply this scheme to the devices with limited resources and storage capacity because a typical ABSE involves serious computations.In a healthcare cloud-based cyber-physical system(CCPS),the data is often collected by resource-constraint devices;therefore,here also,we cannot directly apply ABSE schemes.In the proposed work,the inherent computational cost of the ABSE scheme is managed by executing the computationally intensive tasks of a typical ABSE scheme on the blockchain network.Thus,it makes the proposed scheme suitable for online storage and retrieval of personal health data in a typical CCPS.With the assistance of blockchain technology,the proposed scheme offers two main benefits.First,it is free from a trusted authority,which makes it genuinely decentralized and free from a single point of failure.Second,it is computationally efficient because the computational load is now distributed among the consensus nodes in the blockchain network.Specifically,the task of initializing the system,which is considered the most computationally intensive,and the task of partial search token generation,which is considered as the most frequent operation,is now the responsibility of the consensus nodes.This eliminates the need of the trusted authority and reduces the burden of data users,respectively.Further,in comparison to existing decentralized fine-grained searchable encryption schemes,the proposed scheme has achieved a significant reduction in storage and computational cost for the secret key associated with users.It has been verified both theoretically and practically in the performance analysis section.展开更多
基金supported in part by the National Natural Science Foundation of China under Grant No.61772009the Natural Science Foundation of Jiangsu Province under Grant No.BK20181304.
文摘Attribute-based encryption with keyword search(ABEKS)is a novel cryptographic paradigm that can be used to implementfine-grained access control and retrieve ciphertexts without disclosing the sensitive information.It is a perfect combination of attribute-based encryption(ABE)and public key encryption with keyword search(PEKS).Nevertheless,most of the existing ABEKS schemes have limited search capabilities and only support single or simple conjunctive keyword search.Due to the weak search capability and inaccurate search results,it is difficult to apply these schemes to practical applications.In this paper,an effi-cient expressive ABEKS(EABEKS)scheme supporting unbounded keyword uni-verse over prime-order groups is designed,which supplies the expressive keyword search function supporting the logical connectives of“AND”and“OR”.The proposed scheme not only leads to low computation and communica-tion costs,but also supports unbounded keyword universe.In the standard model,the scheme is proven to be secure under the chosen keyword attack and the cho-sen plaintext attack.The comparison analysis and experimental results show that it has better performance than the existing EABEKS schemes in the storage,com-putation and communication costs.
文摘Cloud Computing expands its usability to various fields that utilize data and store it in a common space that is required for computing and the purpose of analysis as like the IoT devices.These devices utilize the cloud for storing and retrieving data since the devices are not capable of storing processing data on its own.Cloud Computing provides various services to the users like the IaaS,PaaS and SaaS.The major drawback that is faced by cloud computing include the Utilization of Cloud services for the storage of data that could be accessed by all the users related to cloud.The use of Public Key Encryptions with keyword search(PEKS)provides security against the untrustworthy third-party search capability on publicly encryption keys without revealing the data’s contents.But the Security concerns of PEKs arise when Inside Keywords Guessing attacks(IKGA),is identified in the system due to the untrusted server presume the keyword in trapdoor.This issue could be solved by using various algorithms like the Certificateless Hashed Public Key Authenticated Encryption with Keyword Search(CL-HPAEKS)which utilizes the Modified Elliptic Curve Cryptography(MECC)along with the Mutation Centred flower pollinations algorithm(CM-FPA)that is used in enhancing the performance of the algorithm using the Optimization in keys.The additional use of Message Digests 5(MD5)hash function in the system enhances the security Level that is associated with the system.The system that is proposed achieves the security level performance of 96 percent and the effort consumed by the algorithm is less compared to the other encryption techniques.
基金This work is supported by“13th Five-Year”National Crypto Development Fund(No.MMJJ20170122)Zhejiang Provincial Natural Science Foundation of China(No.Y15F020053)+1 种基金the Project of Education Department of Henan Province(No.18A413001,No.16A520013)Natural Science Foundation of Henan Polytechnic University(No.T2018-1).
文摘With the widespread use of cloud computing technology,more and more users and enterprises decide to store their data in a cloud server by outsourcing.However,these huge amounts of data may contain personal privacy,business secrets and other sensitive information of the users and enterprises.Thus,at present,how to protect,retrieve,and legally use the sensitive information while preventing illegal accesses are security challenges of data storage in the cloud environment.A new proxy re-encryption with keyword search scheme is proposed in this paper in order to solve the problem of the low retrieval efficiency of the encrypted data in the cloud server.In this scheme,the user data are divided into files,file indexes and the keyword corresponding to the files,which are respectively encrypted to store.The improved scheme does not need to re-encrypt partial file cipher-text as in traditional schemes,but re-encrypt the cipher-text of keywords corresponding to the files.Therefore the scheme can improve the computational efficiency as well as resist chosen keyword attack.And the scheme is proven to be indistinguishable under Hash Diffie-Hellman assumption.Furthermore,the scheme does not need to use any secure channels,making it more effective in the cloud environment.
文摘As the use of cloud storage for various services increases,the amount of private personal information along with data stored in the cloud storage is also increasing.To remotely use the data stored on the cloud storage,the data to be stored needs to be encrypted for this reason.Since“searchable encryption”is enable to search on the encrypted data without any decryption,it is one of convenient solutions for secure data management.A public key encryption with keyword search(for short,PEKS)is one of searchable encryptions.Abdalla et al.firstly defined IND-CCA security for PEKS to enhance it’s security and proposed consistent IND-CCA secure PEKS based on the“robust”ANO-CCA secure identity-based encryption(IBE).In this paper,we propose two generic constructions of consistent IND-CCA secure PEKS combining(1)a hierarchical identity based encryption(for short,HIBE)and a signature scheme or(2)a HIBE,an encapsulation,and a message authentication code(for short,MAC)scheme.Our generic constructions identify that HIBE requires the security of a signature or a MAC as well as the weaker“ANO-CPA security(resp.,IND-CPA security)”of HIBE than“ANOCCA security(resp.,IND-CCA security)”of IBE required in for achieving IND-CCA secure(resp.,consistent)PEKS.Finally,we prove that our generic constructions satisfy IND-CCA security and consistency under the security models.
基金This research was supported by the National Science Foundation of China for Funding Projects (61173089,61472298) and National Statistical Science Program of China(2013LZ46).
文摘Public Key Encryption with Keyword Search(PEKS),an indispensable part of searchable encryption,is stock-intrade for both protecting data and providing operability of encrypted data.So far most of PEKS schemes have been established on Identity-Based Cryptography(IBC) with key escrow problem inherently.Such problem severely restricts the promotion of IBC-based Public Key Infrastructure including PEKS component.Hence,Certificateless Public Key Cryptography(CLPKC) is efficient to remove such problem.CLPKC is introduced into PEKS,and a general model of Certificate/ess PEKS(CLPEKS) is formalized.In addition,a practical CLPEKS scheme is constructed with security and efficiency analyses.The proposal is secure channel free,and semantically secure against adaptive chosen keyword attack and keyword guessing attack.To illustrate the superiority,massive experiments are conducted on Enron Email dataset which is famous in information retrieval field.Compared with existed constructions,CLPEKS improves the efficiency in theory and removes the key escrow problem.
基金supported by the National Natural Science Foundation of China under Grant Nos. 61772009 and U1736112the Natural Science Foundation of Jiangsu Province under Grant Nos. BK20161511 and BK20181304
文摘Searchable public key encryption is a useful cryptographic paradigm that enables an untrustworthy server to retrieve the encrypted data without revealing the contents of the data. It offers a promising solution to encrypted data retrieval in cryptographic cloud storage. Certificateless public key cryptography (CLPKC) is a novel cryptographic primitive that has many merits. It overcomes the key escrow problem in identity-based cryptography (IBC) and the cumbersome certificate problem in conventional public key cryptography (PKC). Motivated by the appealing features of CLPKC, several certificateless encryption with keyword search (CLEKS) schemes have been presented in the literature. But, our cryptanalysis demonstrates that the previously proposed CLEKS frameworks suffer from the security vulnerability caused by the keyword guessing attack. To remedy the security weakness in the previous frameworks and provide resistance against both inside and outside keyword guessing attacks, we propose a new CLEKS framework. Under the new framework, we design a concrete CLEKS scheme and formally prove its security in the random oracle model. Compared with previous two CLEKS schemes, the proposed scheme has better overall performance while offering stronger security guarantee as it withstands the existing known types of keyword guessing attacks.
基金supported by Natural Science Foundation of China(No.61303264)
文摘Searchable encryption allows cloud users to outsource the massive encrypted data to the remote cloud and to search over the data without revealing the sensitive information. Many schemes have been proposed to support the keyword search in a public cloud. However,they have some potential limitations. First,most of the existing schemes only consider the scenario with the single data owner. Second,they need secure channels to guarantee the secure transmission of secret keys from the data owner to data users. Third,in some schemes,the data owner should be online to help data users when data users intend to perform the search,which is inconvenient.In this paper,we propose a novel searchable scheme which supports the multi-owner keyword search without secure channels. More than that,our scheme is a non-interactive solution,in which all the users only need to communicate with the cloud server. Furthermore,the analysis proves that our scheme can guarantee the security even without secure channels. Unlike most existing public key encryption based searchable schemes,we evaluate the performance of our scheme,which shows that our scheme is practical.
文摘In this paper, we propose a new method based on index to realize IR-style Chinese keyword search with ranking strategies in relational databases. This method creates an index by using the related information of tuple words and presents a ranking strategy in terms of the nature of Chinese words. For a Chinese keyword query, the index is used to match query search words and the tuple words in index quickly, and to compute similarities between the query and tuples by the ranking strategy, and then the set of identifiers of candidate tuples is generated. Thus, we retrieve top-N results of the query using SQL selection statements and output the ranked answers according to the similarities. The experimental results show that our method is efficient and effective.
基金supported in part by the National Science Foundation of China(62272389)the Shenzhen Fundamental Research Program(20210317191843003)+1 种基金Innovation Foundation for Doctor Dissertation of Northwestern Polytechnical University(CX2022065)Gansu Science and Technology Association Young Science and Technology Talents Lifting Project(GXH20220530-10).
文摘To protect the privacy of power data,we usually encrypt data before outsourcing it to the cloud servers.However,it is challenging to search over the encrypted data.In addition,we need to ensure that only authorized users can retrieve the power data.The attribute-based searchable encryption is an advanced technology to solve these problems.However,many existing schemes do not support large universe,expressive access policies,and hidden access policies.In this paper,we propose an attributebased keyword search encryption scheme for power data protection.Firstly,our proposed scheme can support encrypted data retrieval and achieve fine-grained access control.Only authorized users whose attributes satisfy the access policies can search and decrypt the encrypted data.Secondly,to satisfy the requirement in the power grid environment,the proposed scheme can support large attribute universe and hidden access policies.The access policy in this scheme does not leak private information about users.Thirdly,the security analysis and performance analysis indicate that our scheme is efficient and practical.Furthermore,the comparisons with other schemes demonstrate the advantages of our proposed scheme.
文摘The user data stored in an untrusted server, such as the centralized data center or cloud computing server, may be dangerous of eavesdropping if the data format is a plaintext. However, the general ciphertext is difficult to search and thus limited for practical usage. The keyword search encryption is a helpful mechanism that provides a searchable ciphertext for some predefined keywords. The previous studies failed to consider the attack from the data storage server to guess the keyword. This kind of attack may cause some critical information revealed to the untrusted server. This paper proposes a new keyword search encryption model that can effectively resist the keyword-guessing attack performed by the untrusted data storage(testing) server. The testing(query)secret is divided into multiple shares so that the security can be guaranteed if the servers cannot conspire with each other to retrieve all shares of the secret.
基金Partly Supported by the National High-Tech Research and Development (863) Program of China (No. 2007AA01Z152)the Basic Research Foundation of Tsinghua National Laboratory for Information Science and Technology (TNList)2008 HP Labs Innovation Research Program
文摘This paper presents an effective keyword search method for data-centric extensive markup language (XML) documents. The method divides an XML document into compact connected integral subtrees, called self-integral trees (SI-Trees), to capture the structural information in the XML document. The SI-Trees are generated based on a schema guide. Meaningful self-integral trees (MSI-Trees) are identified, which contain all or some of the input keywords for the keyword search in the XML documents. Indexing is used to accelerate the retrieval of MSI-Trees related to the input keywords. The MSI-Trees are ranked to identify the top-k results with the highest ranks. Extensive tests demonstrate that this method costs 10-100 ms to answer a keyword query, and outperforms existing approaches by 1-2 orders of magnitude.
基金National Cryptography Development Fund(MMJJ20180210)the National Natural Science Foundation of China(Grant Nos.61832012 and 61672019).
文摘Attribute-based encryption with keyword search(ABKS)achieves both fine-grained access control and keyword search.However,in the previous ABKS schemes,the search algorithm requires that each keyword to be identical between the target keyword set and the ciphertext keyword set,otherwise the algorithm does not output any search result,which is not conducive to use.Moreover,the previous ABKS schemes are vulnerable to what we call a peer-decryption attack,that is,the ciphertext may be eavesdropped and decrypted by an adversary who has sufficient authorities but no information about the ciphertext keywords.In this paper,we provide a new system in fog computing,the ciphertext-policy attribute-based encryption with dynamic keyword search(ABDKS).In ABDKS,the search algorithm requires only one keyword to be identical between the two keyword sets and outputs the corresponding correlation which reflects the number of the same keywords in those two sets.In addition,our ABDKS is resistant to peer-decryption attack,since the decryption requires not only sufficient authority but also at least one keyword of the ciphertext.Beyond that,the ABDKS shifts most computational overheads from resource constrained users to fog nodes.The security analysis shows that the ABDKS can resist Chosen-Plaintext Attack(CPA)and Chosen-Keyword Attack(CKA).
基金supported by the National Natural Science Foundation of China under Grant Nos.61272436,61003232 and 61272404the Natural Science Foundation of Guangdong Province of China under Grant No.10351806001000000
文摘The existing solutions to keyword search in the cloud can be divided into two categories: searching on exact keywords and searching on error-tolerant keywords. An error-tolerant keyword search scheme permits to make searches on encrypted data with only an approximation of some keyword. The scheme is suitable to the case where users' searching input might not exactly match those pre-set keywords. In this paper, we first present a general framework for searching on error-tolerant keywords. Then we propose a concrete scheme, based on a fuzzy extractor, which is proved secure against an adaptive adversary under well-defined security definition. The scheme is suitable for all similarity metrics including Hamming distance, edit distance, and set difference. It does not require the user to construct or store anything in advance, other than the key used to calculate the trapdoor of keywords and the key to encrypt data documents. Thus, our scheme tremendously eases the users' burden. What is more, our scheme is able to transform the servers' searching for error-tolerant keywords on ciphertexts to the searching for exact keywords on plaintexts. The server can use any existing approaches of exact keywords search to search plaintexts on an index table.
基金supported by the National Natural Science Foundation of China(No.60833003)
文摘Keyword search has become a ubiquitous method for users to access text data in the face of information explosion. Inverted lists are usually used to index underlying documents to retrieve documents according to a set of keywords efficiently. Since inverted lists are usually large, many compression techniques have been proposed to reduce the storage space and disk I/O time. However, these techniques usually perform decompression operations on the fly, which increases the CPU time. This paper presents a more efficient index structure, the Generalized INverted IndeX (Ginix), which merges consecutive IDs in inverted lists into intervals to save storage space. With this index structure, more efficient algorithms can be devised to perform basic keyword search operations, i.e., the union and the intersection operations, by taking the advantage of intervals. Specifically, these algorithms do not require conversions from interval lists back to ID lists. As a result, keyword search using Ginix can be more efficient than those using traditional inverted indices. The performance of Ginix is also improved by reordering the documents in datasets using two scalable algorithms. Experiments on the performance and scalability of Ginix on real datasets show that Ginix not only requires less storage space, but also improves the keyword search performance, compared with traditional inverted indexes.
基金Project supported by the National Natural Science Foundation of China (No. 60221120145) and Science & Technology Committee of Shanghai Municipality Key Project (No. 02DJ14045), China
文摘may incur significant bandwidth for executing more com- plicated search queries such as multiple-attribute queries. In order to reduce query overhead, KSS (keyword-set search) by Gnawali partitions the index by a set of keywords. However, a KSS index is considerably larger than a standard inverted index, since there are more word sets than there are individual words. And the insert overhead and storage overhead are obviously un- acceptable for full-text search on a collection of documents even if KSS uses the distance window technology. In this paper, we extract the relationship information between query keywords from websites’ queries logs to improve performance of KSS system. Experiments results clearly demonstrated that the improved keyword-set search system based on keywords relationship (KRBKSS) is more efficient than KSS index in insert overhead and storage overhead, and a standard inverted index in terms of communication costs for query.
基金Supported by the National Natural Science Foundation of China (60673139, 60473073, 60573090)
文摘The paper presents a novel benefit based query processing strategy for efficient query routing. Based on DHT as the overlay network, it first applies Nash equilibrium to construct the optimal peer group based on the correlations of keywords and coverage and overlap of the peers to decrease the time cost, and then presents a two-layered architecture for query processing that utilizes Bloom filter as compact representation to reduce the bandwidth consumption. Extensive experiments conducted on a real world dataset have demonstrated that our approach obviously decreases the processing time, while improves the precision and recall as well.
文摘A search strategy over encrypted cloud data based on keywords has been improved and has presented a method using different strategies on the client and the server to improve the search efficiency in this paper. The client uses the Chinese and English to achieve the synonym construction of the keywords, the establishment of the fuzzy-syllable words and synonyms set of keywords and the implementation of fuzzy search strategy over the encryption of cloud data based on keywords. The server side through the analysis of the user’s query request provides keywords for users to choose and topic words and secondary words are picked out. System will match topic words with historical inquiry in time order, and then the new query result of the request is directly gained. The analysis of the simulation experiment shows that the fuzzy search strategy can make better use of historical results on the basis of privacy protection for the realization of efficient data search, saving the search time and improving the efficiency of search.
基金supported by National Social Science Foundation of China(Grand No.13&ZD173)
文摘Purpose: The aim of this paper is to discuss how the keyword concentration change ratio(KCCR) is used while identifying the stability-mutation feature of Web search keywords during information analyses and predictions.Design/methodology/approach: By introducing the stability-mutation feature of keywords and its significance, the paper describes the function of the KCCR in identifying keyword stability-mutation features. By using Ginsberg's influenza keywords, the paper shows how the KCCR can be used to identify the keyword stability-mutation feature effectively.Findings: Keyword concentration ratio has close positive correlation with the change rate of research objects retrieved by users, so from the characteristic of the 'stability-mutation' of keywords, we can understand the relationship between these keywords and certain information. In general, keywords representing for mutation fit for the objects changing in short-term, while those representing for stability are suitable for long-term changing objects. Research limitations: It is difficult to acquire the frequency of keywords, so indexes or parameters which are closely related to the true search volume are chosen for this study.Practical implications: The stability-mutation feature identification of Web search keywords can be applied to predict and analyze the information of unknown public events through observing trends of keyword concentration ratio.Originality/value: The stability-mutation feature of Web search could be quantitatively described by the keyword concentration change ratio(KCCR). Through KCCR, the authors took advantage of Ginsberg's influenza epidemic data accordingly and demonstrated how accurate and effective the method proposed in this paper was while it was used in information analyses and predictions.
文摘The concept of sharing of personal health data over cloud storage in a healthcare-cyber physical system has become popular in recent times as it improves access quality.The privacy of health data can only be preserved by keeping it in an encrypted form,but it affects usability and flexibility in terms of effective search.Attribute-based searchable encryption(ABSE)has proven its worth by providing fine-grained searching capabilities in the shared cloud storage.However,it is not practical to apply this scheme to the devices with limited resources and storage capacity because a typical ABSE involves serious computations.In a healthcare cloud-based cyber-physical system(CCPS),the data is often collected by resource-constraint devices;therefore,here also,we cannot directly apply ABSE schemes.In the proposed work,the inherent computational cost of the ABSE scheme is managed by executing the computationally intensive tasks of a typical ABSE scheme on the blockchain network.Thus,it makes the proposed scheme suitable for online storage and retrieval of personal health data in a typical CCPS.With the assistance of blockchain technology,the proposed scheme offers two main benefits.First,it is free from a trusted authority,which makes it genuinely decentralized and free from a single point of failure.Second,it is computationally efficient because the computational load is now distributed among the consensus nodes in the blockchain network.Specifically,the task of initializing the system,which is considered the most computationally intensive,and the task of partial search token generation,which is considered as the most frequent operation,is now the responsibility of the consensus nodes.This eliminates the need of the trusted authority and reduces the burden of data users,respectively.Further,in comparison to existing decentralized fine-grained searchable encryption schemes,the proposed scheme has achieved a significant reduction in storage and computational cost for the secret key associated with users.It has been verified both theoretically and practically in the performance analysis section.