Efficient Expressive Attribute-Based Encryption with Keyword Search over Prime-Order Groups

Attribute-based encryption with keyword search(ABEKS)is a novel cryptographic paradigm that can be used to implementfine-grained access control and retrieve ciphertexts without disclosing the sensitive information.It is a perfect combination of attribute-based encryption(ABE)and public key encryption with keyword search(PEKS).Nevertheless,most of the existing ABEKS schemes have limited search capabilities and only support single or simple conjunctive keyword search.Due to the weak search capability and inaccurate search results,it is difficult to apply these schemes to practical applications.In this paper,an effi-cient expressive ABEKS(EABEKS)scheme supporting unbounded keyword uni-verse over prime-order groups is designed,which supplies the expressive keyword search function supporting the logical connectives of“AND”and“OR”.The proposed scheme not only leads to low computation and communica-tion costs,but also supports unbounded keyword universe.In the standard model,the scheme is proven to be secure under the chosen keyword attack and the cho-sen plaintext attack.The comparison analysis and experimental results show that it has better performance than the existing EABEKS schemes in the storage,com-putation and communication costs.

A Lightweight, Searchable, and Controllable EMR Sharing Scheme

Electronic medical records (EMR) facilitate the sharing of medical data, but existing sharing schemes suffer fromprivacy leakage and inefficiency. This article proposes a lightweight, searchable, and controllable EMR sharingscheme, which employs a large attribute domain and a linear secret sharing structure (LSSS), the computationaloverhead of encryption and decryption reaches a lightweight constant level, and supports keyword search andpolicy hiding, which improves the high efficiency of medical data sharing. The dynamic accumulator technologyis utilized to enable data owners to flexibly authorize or revoke the access rights of data visitors to the datato achieve controllability of the data. Meanwhile, the data is re-encrypted by Intel Software Guard Extensions(SGX) technology to realize resistance to offline dictionary guessing attacks. In addition, blockchain technology isutilized to achieve credible accountability for abnormal behaviors in the sharing process. The experiments reflectthe obvious advantages of the scheme in terms of encryption and decryption computation overhead and storageoverhead, and theoretically prove the security and controllability in the sharing process, providing a feasible solutionfor the safe and efficient sharing of EMR.

A Proxy Re-Encryption with Keyword Search Scheme in Cloud Computing

With the widespread use of cloud computing technology,more and more users and enterprises decide to store their data in a cloud server by outsourcing.However,these huge amounts of data may contain personal privacy,business secrets and other sensitive information of the users and enterprises.Thus,at present,how to protect,retrieve,and legally use the sensitive information while preventing illegal accesses are security challenges of data storage in the cloud environment.A new proxy re-encryption with keyword search scheme is proposed in this paper in order to solve the problem of the low retrieval efficiency of the encrypted data in the cloud server.In this scheme,the user data are divided into files,file indexes and the keyword corresponding to the files,which are respectively encrypted to store.The improved scheme does not need to re-encrypt partial file cipher-text as in traditional schemes,but re-encrypt the cipher-text of keywords corresponding to the files.Therefore the scheme can improve the computational efficiency as well as resist chosen keyword attack.And the scheme is proven to be indistinguishable under Hash Diffie-Hellman assumption.Furthermore,the scheme does not need to use any secure channels,making it more effective in the cloud environment.

Chosen-Ciphertext Attack Secure Public-Key Encryption with Keyword Search

As the use of cloud storage for various services increases,the amount of private personal information along with data stored in the cloud storage is also increasing.To remotely use the data stored on the cloud storage,the data to be stored needs to be encrypted for this reason.Since“searchable encryption”is enable to search on the encrypted data without any decryption,it is one of convenient solutions for secure data management.A public key encryption with keyword search(for short,PEKS)is one of searchable encryptions.Abdalla et al.firstly defined IND-CCA security for PEKS to enhance it’s security and proposed consistent IND-CCA secure PEKS based on the“robust”ANO-CCA secure identity-based encryption(IBE).In this paper,we propose two generic constructions of consistent IND-CCA secure PEKS combining(1)a hierarchical identity based encryption(for short,HIBE)and a signature scheme or(2)a HIBE,an encapsulation,and a message authentication code(for short,MAC)scheme.Our generic constructions identify that HIBE requires the security of a signature or a MAC as well as the weaker“ANO-CPA security(resp.,IND-CPA security)”of HIBE than“ANOCCA security(resp.,IND-CCA security)”of IBE required in for achieving IND-CCA secure(resp.,consistent)PEKS.Finally,we prove that our generic constructions satisfy IND-CCA security and consistency under the security models.

Hash Function Based Keyword Searchable Encryption Framework in Cloud Server Using MD5 and MECC

Cloud Computing expands its usability to various fields that utilize data and store it in a common space that is required for computing and the purpose of analysis as like the IoT devices.These devices utilize the cloud for storing and retrieving data since the devices are not capable of storing processing data on its own.Cloud Computing provides various services to the users like the IaaS,PaaS and SaaS.The major drawback that is faced by cloud computing include the Utilization of Cloud services for the storage of data that could be accessed by all the users related to cloud.The use of Public Key Encryptions with keyword search(PEKS)provides security against the untrustworthy third-party search capability on publicly encryption keys without revealing the data’s contents.But the Security concerns of PEKs arise when Inside Keywords Guessing attacks(IKGA),is identified in the system due to the untrusted server presume the keyword in trapdoor.This issue could be solved by using various algorithms like the Certificateless Hashed Public Key Authenticated Encryption with Keyword Search(CL-HPAEKS)which utilizes the Modified Elliptic Curve Cryptography(MECC)along with the Mutation Centred flower pollinations algorithm(CM-FPA)that is used in enhancing the performance of the algorithm using the Optimization in keys.The additional use of Message Digests 5(MD5)hash function in the system enhances the security Level that is associated with the system.The system that is proposed achieves the security level performance of 96 percent and the effort consumed by the algorithm is less compared to the other encryption techniques.

Stability-mutation feature identification of Web search keywords based on keyword concentration change ratio

Purpose: The aim of this paper is to discuss how the keyword concentration change ratio(KCCR) is used while identifying the stability-mutation feature of Web search keywords during information analyses and predictions.Design/methodology/approach: By introducing the stability-mutation feature of keywords and its significance, the paper describes the function of the KCCR in identifying keyword stability-mutation features. By using Ginsberg's influenza keywords, the paper shows how the KCCR can be used to identify the keyword stability-mutation feature effectively.Findings: Keyword concentration ratio has close positive correlation with the change rate of research objects retrieved by users, so from the characteristic of the 'stability-mutation' of keywords, we can understand the relationship between these keywords and certain information. In general, keywords representing for mutation fit for the objects changing in short-term, while those representing for stability are suitable for long-term changing objects. Research limitations: It is difficult to acquire the frequency of keywords, so indexes or parameters which are closely related to the true search volume are chosen for this study.Practical implications: The stability-mutation feature identification of Web search keywords can be applied to predict and analyze the information of unknown public events through observing trends of keyword concentration ratio.Originality/value: The stability-mutation feature of Web search could be quantitatively described by the keyword concentration change ratio(KCCR). Through KCCR, the authors took advantage of Ginsberg's influenza epidemic data accordingly and demonstrated how accurate and effective the method proposed in this paper was while it was used in information analyses and predictions.

Searching Databases with Keywords

Traditionally, SQL query language is used to search the data in databases. However, it is inappropriate for end-users, since it is complex and hard to learn. It is the need of end-user, searching in databases with keywords, like in web search engines. This paper presents a survey of work on keyword search in databases. It also includes a brief introduction to the SEEKER system which has been developed.

Blockchain-Assisted Secure Fine-Grained Searchable Encryption for a Cloud-Based Healthcare Cyber-Physical System

The concept of sharing of personal health data over cloud storage in a healthcare-cyber physical system has become popular in recent times as it improves access quality.The privacy of health data can only be preserved by keeping it in an encrypted form,but it affects usability and flexibility in terms of effective search.Attribute-based searchable encryption(ABSE)has proven its worth by providing fine-grained searching capabilities in the shared cloud storage.However,it is not practical to apply this scheme to the devices with limited resources and storage capacity because a typical ABSE involves serious computations.In a healthcare cloud-based cyber-physical system(CCPS),the data is often collected by resource-constraint devices;therefore,here also,we cannot directly apply ABSE schemes.In the proposed work,the inherent computational cost of the ABSE scheme is managed by executing the computationally intensive tasks of a typical ABSE scheme on the blockchain network.Thus,it makes the proposed scheme suitable for online storage and retrieval of personal health data in a typical CCPS.With the assistance of blockchain technology,the proposed scheme offers two main benefits.First,it is free from a trusted authority,which makes it genuinely decentralized and free from a single point of failure.Second,it is computationally efficient because the computational load is now distributed among the consensus nodes in the blockchain network.Specifically,the task of initializing the system,which is considered the most computationally intensive,and the task of partial search token generation,which is considered as the most frequent operation,is now the responsibility of the consensus nodes.This eliminates the need of the trusted authority and reduces the burden of data users,respectively.Further,in comparison to existing decentralized fine-grained searchable encryption schemes,the proposed scheme has achieved a significant reduction in storage and computational cost for the secret key associated with users.It has been verified both theoretically and practically in the performance analysis section.

Searchable Encryption Cloud Storage with Dynamic Data Update to Support Efficient Policy Hiding

Ciphertext policy attribute based encryption(CP-ABE)can provide high finegrained access control for cloud storage.However,it needs to solve problems such as property privacy protection,ciphertext search and data update in the application process.Therefore,based on CP-ABE scheme,this paper proposes a dynamically updatable searchable encryption cloud storage(DUSECS)scheme.Using the characteristics of homomorphic encryption,the encrypted data is compared to achieve efficient hiding policy.Meanwhile,adopting linked list structure,the DUSECS scheme realizes the dynamic data update and integrity detection,and the search encryption against keyword guessing attacks is achieved by combining homomorphic encryption with aggregation algorithm.The analysis of security and performance shows that the scheme is secure and efficient.

X-RESTORE: Middleware for XML's Relational Storage and Retrieve

We propose a new approach to store and query XML data in an RDBMS basing on the idea of the numbering scheme and inverted list. O ur approach allows us to quickly determine the precedence, sibling and ancestor/ descendant relationships between any pair of nodes in the hierarchy of XML, and utilize path index to speed up calculating of path expressions. Examples have de monstrated that our approach can effectively and efficiently support both XQuery queries and keyword searches. Our approach is also flexible enough to support X ML documents both with Schema and without Schema, and applications both retrieva l and update. We also present the architecture of middleware for application acc essing XML documents stored in relations, and an algorithm translating a given X ML document into relations effectively.

Towards Privacy-Preserving Cloud Storage:A Blockchain Approach

With the rapid development of cloud computing technology,cloud services have now become a new business model for information services.The cloud server provides the IT resources required by customers in a selfservice manner through the network,realizing business expansion and rapid innovation.However,due to the insufficient protection of data privacy,the problem of data privacy leakage in cloud storage is threatening cloud computing.To address the problem,we propose BC-PECK,a data protection scheme based on blockchain and public key searchable encryption.Firstly,all the data is protected by the encryption algorithm.The privacy data is encrypted and stored in a cloud server,while the ciphertext index is established by a public key searchable encryption scheme and stored on the blockchain.Secondly,based on the characteristics of trusted execution of smart contract technology,a control mechanism for data accessing and sharing is given.Data transaction is automatically recorded on the blockchain,which is fairer under the premise of ensuring the privacy and security of the data sharing process.Finally,we analyzed the security and fairness of the current scheme.Through the comparison with similar schemes,we have shown the advantages of the proposed scheme.

IoT Services:Realizing Private Real-Time Detection via Authenticated Conjunctive Searchable Encryption

With the rapid development of wireless communication technology,the Internet of Things is playing an increasingly important role in our everyday.The amount of data generated by sensor devices is increasing as a large number of connectable devices are deployed in many fields,including the medical,agricultural,and industrial areas.Uploading data to the cloud solves the problem of data overhead but results in privacy issues.Therefore,the question of how to manage the privacy of uploading data and make it available to be interconnected between devices is a crucial issue.In this paper,we propose a scheme that supports real-time authentication with conjunctive keyword detection(RA-CKD),this scheme can realize the interconnection of encrypted data between devices while ensuring some measure of privacy for both encrypted data and detection tokens.Through authentication technology,connected devices can both authenticate each other’s identity and prevent malicious adversaries from interfering with device interconnection.Finally,we prove that our scheme can resist inside keyword guessing attack through rigorous security reduction.The experiment shows that the efficiency of RA-CKD is good enough to be practical.

HiSC:A Hybrid XML Index Composing Structure-Encoded with Cluster

A new way of indexing and processing twig patterns in an XML documents is proposed in this paper. Every path in XML document can be transformed into a sequence of labels by Structure-Encoded that constructs a one-to-one correspondence between XML tree and sequence. Base on identifying characteristics of nodes in XML tree, the elements are classified and clustered. During query proceeding, the twig pattern is also transformed into its Structure-Encoded. By performing subsequence matching on the set of sequences in XML documents, all the occurrences of path in the XML documents are refined. Using the index, the numbers of elements retrieved are minimized. The search results with pertinent format provide more structure information without any false dismissals or false alarms. The index also supports keyword search Experiment results indicate the index has significantly efficiency with high precision.

A Flaw in the Security Proof of BDOP-PEKS and PEKS-STAT

Provable security has been widely used for analyzing the security of cryptosystems. Its main idea is to reduce the security to some well-defined computational assumption. The reduction process is called the security proof. In this paper, we find a flaw in the security proof of BDOP-PEKS and PEKS-STAT, present a new conclusion for the security of BDOP-PEKS, and give a security proof. The flaw in the security proof of PEKS-STAT can be fixed in the same way. Finally we conclude some steps of security proof, and emphasize that the probability is as important as the construction.

Early Detection of Temporal Lobe Epilepsy: Identification of Novel Candidate Genes and Potential Biomarkers Using Integrative Genomics Analysis

Currently afflicting more than 50 million people worldwide, epilepsy is the spectrum disorder characterizing seizures that occur without other plausible medical explanations. Temporal lobe epilepsy (TLE) is one of the most common forms of epilepsy. Current clinical methods;including MRI scans, EEG tests, and doctor visits;can take upwards of several months to confirm a TLE diagnosis;during this time, patients may experience additional seizures and are at an increased risk for other psychiatric disorders. The purpose of this study is to identify candidate genetic biomarkers to facilitate the earlier detection and diagnosis of TLE through gene-based testing (e.g., genomic heatmap analysis or genetic and/or microarray testing). It was hypothesized that potential biomarkers could be identified by analyzing genes that are normally significantly overexpressed in the temporal lobe relative to the gray matter. Statistical and functional analysis was performed on significantly overexpressed genes (≥3.000 fold change) in the gene expression profiles of four donors without epilepsy. The experimental-evidence-based STRING protein interactions analysis showed associations between genes found in DAVID keyword search and other genes facilitating network interconnectivity. After evaluation of the genes’ STRING enriched functions, changes in the expression of the genes CAMK2A, NPY, DLG4, MEF2C, and MAPK7 were concluded to be potential biomarkers for TLE, confirming the original hypothesis. Specifically, the identification of MEF2C and MAPK7 for this purpose is relatively novel in the fields of bioinformatics and neurogenetics. Future work includes investigating the utility of the candidate genes in real-world gene-based diagnostic methods.

Attribute-based keyword search encryption for power data protection

To protect the privacy of power data,we usually encrypt data before outsourcing it to the cloud servers.However,it is challenging to search over the encrypted data.In addition,we need to ensure that only authorized users can retrieve the power data.The attribute-based searchable encryption is an advanced technology to solve these problems.However,many existing schemes do not support large universe,expressive access policies,and hidden access policies.In this paper,we propose an attributebased keyword search encryption scheme for power data protection.Firstly,our proposed scheme can support encrypted data retrieval and achieve fine-grained access control.Only authorized users whose attributes satisfy the access policies can search and decrypt the encrypted data.Secondly,to satisfy the requirement in the power grid environment,the proposed scheme can support large attribute universe and hidden access policies.The access policy in this scheme does not leak private information about users.Thirdly,the security analysis and performance analysis indicate that our scheme is efficient and practical.Furthermore,the comparisons with other schemes demonstrate the advantages of our proposed scheme.

Keyword Search Encryption Scheme Resistant Against Keyword-Guessing Attack by the Untrusted Server

The user data stored in an untrusted server, such as the centralized data center or cloud computing server, may be dangerous of eavesdropping if the data format is a plaintext. However, the general ciphertext is difficult to search and thus limited for practical usage. The keyword search encryption is a helpful mechanism that provides a searchable ciphertext for some predefined keywords. The previous studies failed to consider the attack from the data storage server to guess the keyword. This kind of attack may cause some critical information revealed to the untrusted server. This paper proposes a new keyword search encryption model that can effectively resist the keyword-guessing attack performed by the untrusted data storage(testing) server. The testing(query)secret is divided into multiple shares so that the security can be guaranteed if the servers cannot conspire with each other to retrieve all shares of the secret.

CLASCN： Candidate Network Selection for Efficient Top-κ Keyword Queries over Databases

Keyword Search Over Relational Databases （KSORD） enables casual or Web users easily access databases through free-form keyword queries. Improving the performance of KSORD systems is a critical issue in this area. In this paper, a new approach CLASCN （Classification, Learning And Selection of Candidate Network） is developed to efficiently perform top-κ keyword queries in schema-graph-based online KSORD systems. In this approach, the Candidate Networks （CNs） from trained keyword queries or executed user queries are classified and stored in the databases, and top-κ results from the CNs are learned for constructing CN Language Models （CNLMs）. The CNLMs are used to compute the similarity scores between a new user query and the CNs from the query. The CNs with relatively large similarity score, which are the most promising ones to produce top-κ results, will be selected and performed. Currently, CLASCN is only applicable for past queries and New All-keyword-Used （NAU） queries which are frequently submitted queries. Extensive experiments also show the efficiency and effectiveness of our CLASCN approach.

Efective Error-Tolerant Keyword Search for Secure Cloud Computing

The existing solutions to keyword search in the cloud can be divided into two categories： searching on exact keywords and searching on error-tolerant keywords. An error-tolerant keyword search scheme permits to make searches on encrypted data with only an approximation of some keyword. The scheme is suitable to the case where users＇ searching input might not exactly match those pre-set keywords. In this paper, we first present a general framework for searching on error-tolerant keywords. Then we propose a concrete scheme, based on a fuzzy extractor, which is proved secure against an adaptive adversary under well-defined security definition. The scheme is suitable for all similarity metrics including Hamming distance, edit distance, and set difference. It does not require the user to construct or store anything in advance, other than the key used to calculate the trapdoor of keywords and the key to encrypt data documents. Thus, our scheme tremendously eases the users＇ burden. What is more, our scheme is able to transform the servers＇ searching for error-tolerant keywords on ciphertexts to the searching for exact keywords on plaintexts. The server can use any existing approaches of exact keywords search to search plaintexts on an index table.

ABDKS:attribute-based encryption with dynamic keyword search in fog computing

Attribute-based encryption with keyword search(ABKS)achieves both fine-grained access control and keyword search.However,in the previous ABKS schemes,the search algorithm requires that each keyword to be identical between the target keyword set and the ciphertext keyword set,otherwise the algorithm does not output any search result,which is not conducive to use.Moreover,the previous ABKS schemes are vulnerable to what we call a peer-decryption attack,that is,the ciphertext may be eavesdropped and decrypted by an adversary who has sufficient authorities but no information about the ciphertext keywords.In this paper,we provide a new system in fog computing,the ciphertext-policy attribute-based encryption with dynamic keyword search(ABDKS).In ABDKS,the search algorithm requires only one keyword to be identical between the two keyword sets and outputs the corresponding correlation which reflects the number of the same keywords in those two sets.In addition,our ABDKS is resistant to peer-decryption attack,since the decryption requires not only sufficient authority but also at least one keyword of the ciphertext.Beyond that,the ABDKS shifts most computational overheads from resource constrained users to fog nodes.The security analysis shows that the ABDKS can resist Chosen-Plaintext Attack(CPA)and Chosen-Keyword Attack(CKA).