Blockchain-Based Certificateless Bidirectional Authenticated Searchable Encryption Scheme in Cloud Email System

Traditional email systems can only achieve one-way communication,which means only the receiver is allowed to search for emails on the email server.In this paper,we propose a blockchain-based certificateless bidirectional authenticated searchable encryption model for a cloud email system named certificateless authenticated bidirectional searchable encryption(CL-BSE)by combining the storage function of cloud server with the communication function of email server.In the new model,not only can the data receiver search for the relevant content by generating its own trapdoor,but the data owner also can retrieve the content in the same way.Meanwhile,there are dual authentication functions in our model.First,during encryption,the data owner uses the private key to authenticate their identity,ensuring that only legal owner can generate the keyword ciphertext.Second,the blockchain verifies the data owner’s identity by the received ciphertext,allowing only authorized members to store their data in the server and avoiding unnecessary storage space consumption.We obtain a formal definition of CL-BSE and formulate a specific scheme from the new system model.Then the security of the scheme is analyzed based on the formalized security model.The results demonstrate that the scheme achieves multikeyword ciphertext indistinguishability andmulti-keyword trapdoor privacy against any adversary simultaneously.In addition,performance evaluation shows that the new scheme has higher computational and communication efficiency by comparing it with some existing ones.

Vector Dominance with Threshold Searchable Encryption (VDTSE) for the Internet of Things

The Internet of Medical Things(IoMT)is an application of the Internet of Things(IoT)in the medical field.It is a cutting-edge technique that connects medical sensors and their applications to healthcare systems,which is essential in smart healthcare.However,Personal Health Records(PHRs)are normally kept in public cloud servers controlled by IoMT service providers,so privacy and security incidents may be frequent.Fortunately,Searchable Encryption(SE),which can be used to execute queries on encrypted data,can address the issue above.Nevertheless,most existing SE schemes cannot solve the vector dominance threshold problem.In response to this,we present a SE scheme called Vector Dominance with Threshold Searchable Encryption(VDTSE)in this study.We use a Lagrangian polynomial technique and convert the vector dominance threshold problem into a constraint that the number of two equal-length vectors’corresponding bits excluding wildcards is not less than a threshold t.Then,we solve the problem using the proposed technique modified in Hidden Vector Encryption(HVE).This technique makes the trapdoor size linear to the number of attributes and thus much smaller than that of other similar SE schemes.A rigorous experimental analysis of a specific application for privacy-preserving diabetes demonstrates the feasibility of the proposed VDTSE scheme.

Secure Content Based Image Retrieval Scheme Based on Deep Hashing and Searchable Encryption

To solve the problem that the existing ciphertext domain image retrieval system is challenging to balance security,retrieval efficiency,and retrieval accuracy.This research suggests a searchable encryption and deep hashing-based secure image retrieval technique that extracts more expressive image features and constructs a secure,searchable encryption scheme.First,a deep learning framework based on residual network and transfer learn-ing model is designed to extract more representative image deep features.Secondly,the central similarity is used to quantify and construct the deep hash sequence of features.The Paillier homomorphic encryption encrypts the deep hash sequence to build a high-security and low-complexity searchable index.Finally,according to the additive homomorphic property of Paillier homomorphic encryption,a similarity measurement method suitable for com-puting in the retrieval system’s security is ensured by the encrypted domain.The experimental results,which were obtained on Web Image Database from the National University of Singapore(NUS-WIDE),Microsoft Common Objects in Context(MS COCO),and ImageNet data sets,demonstrate the system’s robust security and precise retrieval,the proposed scheme can achieve efficient image retrieval without revealing user privacy.The retrieval accuracy is improved by at least 37%compared to traditional hashing schemes.At the same time,the retrieval time is saved by at least 9.7%compared to the latest deep hashing schemes.

Blockchain-Assisted Secure Fine-Grained Searchable Encryption for a Cloud-Based Healthcare Cyber-Physical System

The concept of sharing of personal health data over cloud storage in a healthcare-cyber physical system has become popular in recent times as it improves access quality.The privacy of health data can only be preserved by keeping it in an encrypted form,but it affects usability and flexibility in terms of effective search.Attribute-based searchable encryption(ABSE)has proven its worth by providing fine-grained searching capabilities in the shared cloud storage.However,it is not practical to apply this scheme to the devices with limited resources and storage capacity because a typical ABSE involves serious computations.In a healthcare cloud-based cyber-physical system(CCPS),the data is often collected by resource-constraint devices;therefore,here also,we cannot directly apply ABSE schemes.In the proposed work,the inherent computational cost of the ABSE scheme is managed by executing the computationally intensive tasks of a typical ABSE scheme on the blockchain network.Thus,it makes the proposed scheme suitable for online storage and retrieval of personal health data in a typical CCPS.With the assistance of blockchain technology,the proposed scheme offers two main benefits.First,it is free from a trusted authority,which makes it genuinely decentralized and free from a single point of failure.Second,it is computationally efficient because the computational load is now distributed among the consensus nodes in the blockchain network.Specifically,the task of initializing the system,which is considered the most computationally intensive,and the task of partial search token generation,which is considered as the most frequent operation,is now the responsibility of the consensus nodes.This eliminates the need of the trusted authority and reduces the burden of data users,respectively.Further,in comparison to existing decentralized fine-grained searchable encryption schemes,the proposed scheme has achieved a significant reduction in storage and computational cost for the secret key associated with users.It has been verified both theoretically and practically in the performance analysis section.

A Blockchain-Based Credible and Secure Education Experience Data Management Scheme Supporting for Searchable Encryption

With the in-depth application of new technologies such as big data in education fields,the storage and sharing model of student education records data still faces many challenges in terms of privacy protection and efficient transmission.In this paper,we propose a data security storage and sharing scheme based on consortium blockchain,which is a credible search scheme without verification.In our scheme,the implementation of data security storage is using the blockchain and storage server together.In detail,the smart contract provides protection for data keywords,the storage server stores data after data masking,and the blockchain ensures the traceability of query transactions.The need for precise privacy data is achieved by constructing a dictionary.Cryptographic techniques such as AES and RSA are used for encrypted storage of data,keywords,and digital signatures.Security analysis and performance evaluation shows that the availability,high efficiency,and privacy-preserving can be achieved.Meanwhile,this scheme has better robustness compared to other educational records data sharing models.

Substring-searchable attribute-based encryption and its application for IoT devices

With the development of big data and cloud computing technology,more and more users choose to store data on cloud servers,which brings much convenience to their management and use of data,and also the risk of data leakage.A common method to prevent data leakage is to encrypt the data before uploading it,but the traditional encryption method is often not conducive to data sharing and querying.In this paper,a new kind of Attribute-Based Encryption(ABE)scheme,which is called the Sub-String Searchable ABE(SSS-ABE)scheme,is proposed for the sharing and querying of the encrypted data.In the SSS-ABE scheme,the data owner encrypts the data under an access structure,and only the data user who satisfies the access structure can query and decrypt it.The data user can make a substring query on the whole ciphertext without setting keywords in advance.In addition,the outsourcing method is also introduced to reduce the local computation of the decryption process so that the outsourcing SSS-ABE scheme can be applied to IoT devices.

Efficient Expressive Attribute-Based Encryption with Keyword Search over Prime-Order Groups

Attribute-based encryption with keyword search(ABEKS)is a novel cryptographic paradigm that can be used to implementfine-grained access control and retrieve ciphertexts without disclosing the sensitive information.It is a perfect combination of attribute-based encryption(ABE)and public key encryption with keyword search(PEKS).Nevertheless,most of the existing ABEKS schemes have limited search capabilities and only support single or simple conjunctive keyword search.Due to the weak search capability and inaccurate search results,it is difficult to apply these schemes to practical applications.In this paper,an effi-cient expressive ABEKS(EABEKS)scheme supporting unbounded keyword uni-verse over prime-order groups is designed,which supplies the expressive keyword search function supporting the logical connectives of“AND”and“OR”.The proposed scheme not only leads to low computation and communica-tion costs,but also supports unbounded keyword universe.In the standard model,the scheme is proven to be secure under the chosen keyword attack and the cho-sen plaintext attack.The comparison analysis and experimental results show that it has better performance than the existing EABEKS schemes in the storage,com-putation and communication costs.

3-Multi ranked encryption with enhanced security in cloud computing

Searchable Encryption(SE)enables data owners to search remotely stored ciphertexts selectively.A practical model that is closest to real life should be able to handle search queries with multiple keywords and multiple data owners/users,and even return the top-k most relevant search results when requested.We refer to a model that satisfies all of the conditions a 3-multi ranked search model.However,SE schemes that have been proposed to date use fully trusted trapdoor generation centers,and several methods assume a secure connection between the data users and a trapdoor generation center.That is,they assume the trapdoor generation center is the only entity that can learn the information regarding queried keywords,but it will never attempt to use it in any other manner than that requested,which is impractical in real life.In this study,to enhance the security,we propose a new 3-multi ranked SE scheme that satisfies all conditions without these security assumptions.The proposed scheme uses randomized keywords to protect the interested keywords of users from both outside adversaries and the honest-but-curious trapdoor generation center,thereby preventing attackers from determining whether two different queries include the same keyword.Moreover,we develop a method for managing multiple encrypted keywords from every data owner,each encrypted with a different key.Our evaluation demonstrates that,despite the trade-off overhead that results from the weaker security assumption,the proposed scheme achieves reasonable performance compared to extant schemes,which implies that our scheme is practical and closest to real life.

Lattice-Based Searchable Encryption Scheme against Inside Keywords Guessing Attack

To save the local storage,users store the data on the cloud server who offers convenient internet services.To guarantee the data privacy,users encrypt the data before uploading them into the cloud server.Since encryption can reduce the data availability,public-key encryption with keyword search(PEKS)is developed to achieve the retrieval of the encrypted data without decrypting them.However,most PEKS schemes cannot resist quantum computing attack,because the corresponding hardness assumptions are some number theory problems that can be solved efficiently under quantum computers.Besides,the traditional PEKS schemes have an inherent security issue that they cannot resist inside keywords guessing attack(KGA).In this attack,a malicious server can guess the keywords encapsulated in the search token by computing the ciphertext of keywords exhaustively and performing the test between the token and the ciphertext of keywords.In the paper,we propose a lattice-based PEKS scheme that can resist quantum computing attacks.To resist inside KGA,this scheme adopts a lattice-based signature technique into the encryption of keywords to prevent the malicious server from forging a valid ciphertext.Finally,some simulation experiments are conducted to demonstrate the performance of the proposed scheme and some comparison results are further shown with respect to other searchable schemes.

Paillier-Based Fuzzy Multi-Keyword Searchable Encryption Scheme with Order-Preserving

Efficient multi-keyword fuzzy search over encrypted data is a desirable technology for data outsourcing in cloud storage.However,the current searchable encryption solutions still have deficiencies in search efficiency,accuracy and multiple data owner support.In this paper,we propose an encrypted data searching scheme that can support multiple keywords fuzzy search with order preserving(PMS).First,a new spelling correction algorithm-(Possibility-Levenshtein based Spelling Correction)is proposed to correct user input errors,so that fuzzy keywords input can be supported.Second,Paillier encryption is introduced to calculate encrypted relevance score of multiple keywords for order preserving.Then,a queue-based query method is also applied in this scheme to break the linkability between the query keywords and search results and protect the access pattern.Our proposed scheme achieves fuzzy matching without expanding the index table or sacrificing computational efficiency.The theoretical analysis and experiment results show that our scheme is secure,accurate,error-tolerant and very efficient.

A time-aware searchable encryption scheme for EHRs

Despite the benefits of EHRs (Electronic Health Records), there is a growing concern over the risks of privacy exposure associated with the technologies of EHR storing and transmission. To deal with this problem, a timeaware searchable encryption with designated server is proposed in this paper. It is based on Boneh's public key encryption with keyword search and Rivest's timed-release cryptology. Our construction has three features: the user cannot issue a keyword search query successfully unless the search falls into the specific time range;only the authorized user can generate a valid trapdoor;only the designated server can execute the search. Applying our scheme in a multi-user environment, the number of the keyword ciphertexts would not increase linearly with the number of the authorized users. The security and performance analysis shows that our proposed scheme is securer and more efficient than the existing similar schemes.

Searchable Encryption with Access Control on Keywords in Multi-User Setting

Searchable encryption technology makes it convenient to search encrypted data with keywords for people.A data owner shared his data with other users on the cloud server.For security,it is necessary for him to build a fine-grained and flexible access control mechanism.The main idea of this paper is to let the owner classify his data and then authorizes others according to categories.The cloud server maintains a permission matrix,which will be used to verify whether a trapdoor is valid or not.In this way we can achieve access control and narrow the search range at the same time.We prove that our scheme can achieve index and trapdoor indistinguishability under chosen keywords attack security in the random oracles.

IoT Services:Realizing Private Real-Time Detection via Authenticated Conjunctive Searchable Encryption

With the rapid development of wireless communication technology,the Internet of Things is playing an increasingly important role in our everyday.The amount of data generated by sensor devices is increasing as a large number of connectable devices are deployed in many fields,including the medical,agricultural,and industrial areas.Uploading data to the cloud solves the problem of data overhead but results in privacy issues.Therefore,the question of how to manage the privacy of uploading data and make it available to be interconnected between devices is a crucial issue.In this paper,we propose a scheme that supports real-time authentication with conjunctive keyword detection(RA-CKD),this scheme can realize the interconnection of encrypted data between devices while ensuring some measure of privacy for both encrypted data and detection tokens.Through authentication technology,connected devices can both authenticate each other’s identity and prevent malicious adversaries from interfering with device interconnection.Finally,we prove that our scheme can resist inside keyword guessing attack through rigorous security reduction.The experiment shows that the efficiency of RA-CKD is good enough to be practical.

A Searchable Encryption Scheme Based on Lattice for Log Systems in Blockchain

With the increasing popularity of cloud storage,data security on the cloud has become increasingly visible.Searchable encryption has the ability to realize the privacy protection and security of data in the cloud.However,with the continuous development of quantum computing,the standard Public-key Encryption with Keyword Search(PEKS)scheme cannot resist quantumbased keyword guessing attacks.Further,the credibility of the server also poses a significant threat to the security of the retrieval process.This paper proposes a searchable encryption scheme based on lattice cryptography using blockchain to address the above problems.Firstly,we design a lattice-based encryption primitive to resist quantum keyword guessing attacks.Moreover,blockchain is to decentralize the cloud storage platform’s jurisdiction of data.It also ensures that the traceability of keyword retrieval process and maintains the credibility of search result,which malicious platforms are prevented as much as possible from deliberately sending wrong search results.Last but not least,through security analysis,our proposed scheme satisfies the credibility and unforgeability of the keyword ciphertext.The comprehensive performance evaluates that our scheme has certain advantages in terms of efficiency compared with others.

融合Inception与SE-Attention的加密流量移动业务识别

移动设备通常接入无线局域网,并依赖WiFi加密协议对网络中数据链路层流量进行加密,以维护通信安全。然而,现有加密流量识别方法主要针对网络层及以上的流量载荷进行分析,无法有效识别链路层加密流量的移动业务类别。针对该问题,提出了一种在WiFi加密场景下基于链路层流量的移动业务识别方法。通过被动嗅探WiFi数据帧,提取链路层中可用的流量侧信道特征,将流量数据转换为二维直方图矩阵。融合Inception网络和SE-Attention机制,提出识别模型——SE-Inception,旨在更好地捕捉到流量数据帧分布特征中的细节和全局信息,突出对重要特征的关注,以提高识别准确率。文中采用真实数据集进行实验验证,结果表明该方法在WiFi加密场景下可有效识别链路层加密流量的移动业务类别,平均准确率可达98.29%,相比于已有的识别方法具有更优的性能。

基于CP-ABSE的农机社会化服务联盟链隐私匹配方案

针对多个农机社会化服务平台联合,实现跨平台任务匹配中存在的敏感数据泄露和集中式服务器不可信问题,该研究提出了基于密文策略属性基可搜索加密(ciphertext-policy attribute-based searchable encryption,CP-ABSE)的农机社会化服务联盟链隐私匹配方案。该方案基于联盟链构建农机社会化服务联合平台,为多平台数据共享提供去中心化的可信环境;基于CP-ABSE技术实现跨平台的任务匹配,支持对任务密文数据的检索以及细粒度的访问控制,保护作业任务发布方和农机手的敏感数据;使用智能合约实现农田作业任务与农机手之间的匹配服务,避免集中式服务器存在的单点故障和恶意违规操作等问题。安全性分析表明,该方案能够保证数据的完整性、机密性以及匹配结果的可信性。基于Hyperledger Fabric构建了一个原型系统,测试结果表明,当全局属性数量为200时,系统构建和私钥生成的运行时间分别约8和2.5 s,搜索令牌生成与数据加密的计算开销分别为60和80 ms,匹配智能合约平均时延约为250 ms。该方案破解了农机社会化服务平台间的“数据孤岛”问题,对于促进农机社会化服务的推广具有重要的意义。

Constructing Certificateless Encryption with Keyword Search against Outside and Inside Keyword Guessing Attacks

Searchable public key encryption is a useful cryptographic paradigm that enables an untrustworthy server to retrieve the encrypted data without revealing the contents of the data. It offers a promising solution to encrypted data retrieval in cryptographic cloud storage. Certificateless public key cryptography (CLPKC) is a novel cryptographic primitive that has many merits. It overcomes the key escrow problem in identity-based cryptography (IBC) and the cumbersome certificate problem in conventional public key cryptography (PKC). Motivated by the appealing features of CLPKC, several certificateless encryption with keyword search (CLEKS) schemes have been presented in the literature. But, our cryptanalysis demonstrates that the previously proposed CLEKS frameworks suffer from the security vulnerability caused by the keyword guessing attack. To remedy the security weakness in the previous frameworks and provide resistance against both inside and outside keyword guessing attacks, we propose a new CLEKS framework. Under the new framework, we design a concrete CLEKS scheme and formally prove its security in the random oracle model. Compared with previous two CLEKS schemes, the proposed scheme has better overall performance while offering stronger security guarantee as it withstands the existing known types of keyword guessing attacks.

Verifiable Identity-Based Encryption with Keyword Search for IoT from Lattice

Internet of Things(IoT),which provides the solution of connecting things and devices,has increasingly developed as vital tools to realize intelligent life.Generally,source-limited IoT sensors outsource their data to the cloud,which arises the concerns that the transmission of IoT data is happening without appropriate consideration of the profound security challenges involved.Though encryption technology can guarantee the confidentiality of private data,it hinders the usability of data.Searchable encryption(SE)has been proposed to achieve secure data sharing and searching.However,most of existing SE schemes are designed under conventional hardness assumptions and may be vulnerable to the adversary with quantum computers.Moreover,the untrusted cloud server may perform an unfaithful search execution.To address these problems,in this paper,we propose the first verifiable identity-based keyword search(VIBKS)scheme from lattice.In particular,a lattice-based delegation algorithm is adopted to help the data user to verify both the correctness and the integrity of the search results.Besides,in order to reduce the communication overhead,we refer to the identity-based mechanism.We conduct rigorous proof to demonstrate that the proposed VIBKS scheme is ciphertext indistinguishable secure against the semi-honestbut-curious adversary.In addition,we give the detailed computation and communication complexity of our VIBKS and conduct a series of experiments to validate its efficiency performance.

Chosen-Ciphertext Attack Secure Public-Key Encryption with Keyword Search

As the use of cloud storage for various services increases,the amount of private personal information along with data stored in the cloud storage is also increasing.To remotely use the data stored on the cloud storage,the data to be stored needs to be encrypted for this reason.Since“searchable encryption”is enable to search on the encrypted data without any decryption,it is one of convenient solutions for secure data management.A public key encryption with keyword search(for short,PEKS)is one of searchable encryptions.Abdalla et al.firstly defined IND-CCA security for PEKS to enhance it’s security and proposed consistent IND-CCA secure PEKS based on the“robust”ANO-CCA secure identity-based encryption(IBE).In this paper,we propose two generic constructions of consistent IND-CCA secure PEKS combining(1)a hierarchical identity based encryption(for short,HIBE)and a signature scheme or(2)a HIBE,an encapsulation,and a message authentication code(for short,MAC)scheme.Our generic constructions identify that HIBE requires the security of a signature or a MAC as well as the weaker“ANO-CPA security(resp.,IND-CPA security)”of HIBE than“ANOCCA security(resp.,IND-CCA security)”of IBE required in for achieving IND-CCA secure(resp.,consistent)PEKS.Finally,we prove that our generic constructions satisfy IND-CCA security and consistency under the security models.

一种基于SHVE的连接查询动态对称可搜索加密方案

对称可搜索加密(searchable symmetric encryption,SSE)因其较高的搜索效率得到了人们的广泛关注.支持连接查询的对称可搜索加密方案可以提高方案的功能性.然而现有大部分连接查询方案不支持对加密数据库的动态更新操作,结合静态对称隐藏向量加密(symmetric hidden vectors encryption,SHVE)的定义,提出支持动态数据更新的动态对称隐藏向量加密(dynamic SHVE,DSHVE)的定义,并在此定义下构造了一种适用于可搜索加密应用场景的DSHVE方案.在此基础上,通过引入基于盲指数计算的不经意动态交叉标签,设计具有前向和后向隐私的向量数据存取结构,构造了支持连接查询的动态对称可搜索加密方案,给出了方案的详细工作过程和正式的安全性分析.理论分析和实验结果表明,连接查询时,该方案能够在不明显增加存储和计算开销的前提下,有效避免泄露匹配文档索引之外的结果特征.同时该方案能够仅通过单轮通信实现连接查询,具有较低的通信开销和较高的搜索效率.