Blockchain-Based Certificateless Bidirectional Authenticated Searchable Encryption Scheme in Cloud Email System

Traditional email systems can only achieve one-way communication,which means only the receiver is allowed to search for emails on the email server.In this paper,we propose a blockchain-based certificateless bidirectional authenticated searchable encryption model for a cloud email system named certificateless authenticated bidirectional searchable encryption(CL-BSE)by combining the storage function of cloud server with the communication function of email server.In the new model,not only can the data receiver search for the relevant content by generating its own trapdoor,but the data owner also can retrieve the content in the same way.Meanwhile,there are dual authentication functions in our model.First,during encryption,the data owner uses the private key to authenticate their identity,ensuring that only legal owner can generate the keyword ciphertext.Second,the blockchain verifies the data owner’s identity by the received ciphertext,allowing only authorized members to store their data in the server and avoiding unnecessary storage space consumption.We obtain a formal definition of CL-BSE and formulate a specific scheme from the new system model.Then the security of the scheme is analyzed based on the formalized security model.The results demonstrate that the scheme achieves multikeyword ciphertext indistinguishability andmulti-keyword trapdoor privacy against any adversary simultaneously.In addition,performance evaluation shows that the new scheme has higher computational and communication efficiency by comparing it with some existing ones.

Vector Dominance with Threshold Searchable Encryption (VDTSE) for the Internet of Things

The Internet of Medical Things(IoMT)is an application of the Internet of Things(IoT)in the medical field.It is a cutting-edge technique that connects medical sensors and their applications to healthcare systems,which is essential in smart healthcare.However,Personal Health Records(PHRs)are normally kept in public cloud servers controlled by IoMT service providers,so privacy and security incidents may be frequent.Fortunately,Searchable Encryption(SE),which can be used to execute queries on encrypted data,can address the issue above.Nevertheless,most existing SE schemes cannot solve the vector dominance threshold problem.In response to this,we present a SE scheme called Vector Dominance with Threshold Searchable Encryption(VDTSE)in this study.We use a Lagrangian polynomial technique and convert the vector dominance threshold problem into a constraint that the number of two equal-length vectors’corresponding bits excluding wildcards is not less than a threshold t.Then,we solve the problem using the proposed technique modified in Hidden Vector Encryption(HVE).This technique makes the trapdoor size linear to the number of attributes and thus much smaller than that of other similar SE schemes.A rigorous experimental analysis of a specific application for privacy-preserving diabetes demonstrates the feasibility of the proposed VDTSE scheme.

Secure Content Based Image Retrieval Scheme Based on Deep Hashing and Searchable Encryption

To solve the problem that the existing ciphertext domain image retrieval system is challenging to balance security,retrieval efficiency,and retrieval accuracy.This research suggests a searchable encryption and deep hashing-based secure image retrieval technique that extracts more expressive image features and constructs a secure,searchable encryption scheme.First,a deep learning framework based on residual network and transfer learn-ing model is designed to extract more representative image deep features.Secondly,the central similarity is used to quantify and construct the deep hash sequence of features.The Paillier homomorphic encryption encrypts the deep hash sequence to build a high-security and low-complexity searchable index.Finally,according to the additive homomorphic property of Paillier homomorphic encryption,a similarity measurement method suitable for com-puting in the retrieval system’s security is ensured by the encrypted domain.The experimental results,which were obtained on Web Image Database from the National University of Singapore(NUS-WIDE),Microsoft Common Objects in Context(MS COCO),and ImageNet data sets,demonstrate the system’s robust security and precise retrieval,the proposed scheme can achieve efficient image retrieval without revealing user privacy.The retrieval accuracy is improved by at least 37%compared to traditional hashing schemes.At the same time,the retrieval time is saved by at least 9.7%compared to the latest deep hashing schemes.

Blockchain-Assisted Secure Fine-Grained Searchable Encryption for a Cloud-Based Healthcare Cyber-Physical System

The concept of sharing of personal health data over cloud storage in a healthcare-cyber physical system has become popular in recent times as it improves access quality.The privacy of health data can only be preserved by keeping it in an encrypted form,but it affects usability and flexibility in terms of effective search.Attribute-based searchable encryption(ABSE)has proven its worth by providing fine-grained searching capabilities in the shared cloud storage.However,it is not practical to apply this scheme to the devices with limited resources and storage capacity because a typical ABSE involves serious computations.In a healthcare cloud-based cyber-physical system(CCPS),the data is often collected by resource-constraint devices;therefore,here also,we cannot directly apply ABSE schemes.In the proposed work,the inherent computational cost of the ABSE scheme is managed by executing the computationally intensive tasks of a typical ABSE scheme on the blockchain network.Thus,it makes the proposed scheme suitable for online storage and retrieval of personal health data in a typical CCPS.With the assistance of blockchain technology,the proposed scheme offers two main benefits.First,it is free from a trusted authority,which makes it genuinely decentralized and free from a single point of failure.Second,it is computationally efficient because the computational load is now distributed among the consensus nodes in the blockchain network.Specifically,the task of initializing the system,which is considered the most computationally intensive,and the task of partial search token generation,which is considered as the most frequent operation,is now the responsibility of the consensus nodes.This eliminates the need of the trusted authority and reduces the burden of data users,respectively.Further,in comparison to existing decentralized fine-grained searchable encryption schemes,the proposed scheme has achieved a significant reduction in storage and computational cost for the secret key associated with users.It has been verified both theoretically and practically in the performance analysis section.

A Blockchain-Based Credible and Secure Education Experience Data Management Scheme Supporting for Searchable Encryption

With the in-depth application of new technologies such as big data in education fields,the storage and sharing model of student education records data still faces many challenges in terms of privacy protection and efficient transmission.In this paper,we propose a data security storage and sharing scheme based on consortium blockchain,which is a credible search scheme without verification.In our scheme,the implementation of data security storage is using the blockchain and storage server together.In detail,the smart contract provides protection for data keywords,the storage server stores data after data masking,and the blockchain ensures the traceability of query transactions.The need for precise privacy data is achieved by constructing a dictionary.Cryptographic techniques such as AES and RSA are used for encrypted storage of data,keywords,and digital signatures.Security analysis and performance evaluation shows that the availability,high efficiency,and privacy-preserving can be achieved.Meanwhile,this scheme has better robustness compared to other educational records data sharing models.

Lattice-Based Searchable Encryption Scheme against Inside Keywords Guessing Attack

To save the local storage,users store the data on the cloud server who offers convenient internet services.To guarantee the data privacy,users encrypt the data before uploading them into the cloud server.Since encryption can reduce the data availability,public-key encryption with keyword search(PEKS)is developed to achieve the retrieval of the encrypted data without decrypting them.However,most PEKS schemes cannot resist quantum computing attack,because the corresponding hardness assumptions are some number theory problems that can be solved efficiently under quantum computers.Besides,the traditional PEKS schemes have an inherent security issue that they cannot resist inside keywords guessing attack(KGA).In this attack,a malicious server can guess the keywords encapsulated in the search token by computing the ciphertext of keywords exhaustively and performing the test between the token and the ciphertext of keywords.In the paper,we propose a lattice-based PEKS scheme that can resist quantum computing attacks.To resist inside KGA,this scheme adopts a lattice-based signature technique into the encryption of keywords to prevent the malicious server from forging a valid ciphertext.Finally,some simulation experiments are conducted to demonstrate the performance of the proposed scheme and some comparison results are further shown with respect to other searchable schemes.

Paillier-Based Fuzzy Multi-Keyword Searchable Encryption Scheme with Order-Preserving

Efficient multi-keyword fuzzy search over encrypted data is a desirable technology for data outsourcing in cloud storage.However,the current searchable encryption solutions still have deficiencies in search efficiency,accuracy and multiple data owner support.In this paper,we propose an encrypted data searching scheme that can support multiple keywords fuzzy search with order preserving(PMS).First,a new spelling correction algorithm-(Possibility-Levenshtein based Spelling Correction)is proposed to correct user input errors,so that fuzzy keywords input can be supported.Second,Paillier encryption is introduced to calculate encrypted relevance score of multiple keywords for order preserving.Then,a queue-based query method is also applied in this scheme to break the linkability between the query keywords and search results and protect the access pattern.Our proposed scheme achieves fuzzy matching without expanding the index table or sacrificing computational efficiency.The theoretical analysis and experiment results show that our scheme is secure,accurate,error-tolerant and very efficient.

Searchable Encryption with Access Control on Keywords in Multi-User Setting

Searchable encryption technology makes it convenient to search encrypted data with keywords for people.A data owner shared his data with other users on the cloud server.For security,it is necessary for him to build a fine-grained and flexible access control mechanism.The main idea of this paper is to let the owner classify his data and then authorizes others according to categories.The cloud server maintains a permission matrix,which will be used to verify whether a trapdoor is valid or not.In this way we can achieve access control and narrow the search range at the same time.We prove that our scheme can achieve index and trapdoor indistinguishability under chosen keywords attack security in the random oracles.

IoT Services:Realizing Private Real-Time Detection via Authenticated Conjunctive Searchable Encryption

With the rapid development of wireless communication technology,the Internet of Things is playing an increasingly important role in our everyday.The amount of data generated by sensor devices is increasing as a large number of connectable devices are deployed in many fields,including the medical,agricultural,and industrial areas.Uploading data to the cloud solves the problem of data overhead but results in privacy issues.Therefore,the question of how to manage the privacy of uploading data and make it available to be interconnected between devices is a crucial issue.In this paper,we propose a scheme that supports real-time authentication with conjunctive keyword detection(RA-CKD),this scheme can realize the interconnection of encrypted data between devices while ensuring some measure of privacy for both encrypted data and detection tokens.Through authentication technology,connected devices can both authenticate each other’s identity and prevent malicious adversaries from interfering with device interconnection.Finally,we prove that our scheme can resist inside keyword guessing attack through rigorous security reduction.The experiment shows that the efficiency of RA-CKD is good enough to be practical.

A Searchable Encryption Scheme Based on Lattice for Log Systems in Blockchain

With the increasing popularity of cloud storage,data security on the cloud has become increasingly visible.Searchable encryption has the ability to realize the privacy protection and security of data in the cloud.However,with the continuous development of quantum computing,the standard Public-key Encryption with Keyword Search(PEKS)scheme cannot resist quantumbased keyword guessing attacks.Further,the credibility of the server also poses a significant threat to the security of the retrieval process.This paper proposes a searchable encryption scheme based on lattice cryptography using blockchain to address the above problems.Firstly,we design a lattice-based encryption primitive to resist quantum keyword guessing attacks.Moreover,blockchain is to decentralize the cloud storage platform’s jurisdiction of data.It also ensures that the traceability of keyword retrieval process and maintains the credibility of search result,which malicious platforms are prevented as much as possible from deliberately sending wrong search results.Last but not least,through security analysis,our proposed scheme satisfies the credibility and unforgeability of the keyword ciphertext.The comprehensive performance evaluates that our scheme has certain advantages in terms of efficiency compared with others.

IXT: Improved searchable encryption for multi-word queries based on PSI

Oblivious Cross-Tags(OXT)[1]is the first efficient searchable encryption(SE)protocol for conjunctive queries in a single-writer single-reader framework.However,it also has a trade-off between security and efficiency by leaking partial database information to the server.Recent attacks on these SE schemes show that the leakages from these SE schemes can be used to recover the content of queried keywords.To solve this problem,Lai et al.[2]propose Hidden Cross-Tags(HXT),which reduces the access pattern leakage from Keyword Pair Result Pattern(KPRP)to Whole Result Pattern(WRP).However,the WRP leakage can also be used to recover some additional contents of queried keywords.This paper proposes Improved Cross-Tags(IXT),an efficient searchable encryption protocol that achieves access and searches pattern hiding based on the labeled private set intersection.We also prove the proposed labeled private set intersection(PSI)protocol is secure against semi-honest adversaries,and IXT is-semi-honest secure(is leakage function).Finally,we do experiments to compare IXT with HXT.The experimental results show that the storage overhead and computation overhead of the search phase at the client-side in IXT is much lower than those in HXT.Meanwhile,the experimental results also show that IXT is scalable and can be applied to various sizes of datasets.

SEOT: Secure dynamic searchable encryption with outsourced ownership transfer

When one enterprise acquires another,the electronic data of the acquired enterprise will be transferred to the acquiring enterprise.In particular,if the data system of acquired enterprise contains a searchable encryption mechanism,the corresponding searchability will also be transferred.In this paper,we introduce the concept of Searchable Encryption with Ownership Transfer(SEOT),and propose a secure SEOT scheme.Based on the new structure of polling pool,our proposed searchable encryption scheme not only achieves efficient transfer of outsourced data,but also implements secure transfer of data searchability.Moreover,we optimize the storage cost for user to a desirable value.We prove our scheme can achieve the secure characteristics,then carry out the performance evaluation and experiments.The results demonstrate that our scheme is superior in efficiency and practicability.

Secure Channel Free ID-Based Searchable Encryption for Peer-to-Peer Group

Data sharing and searching are important functionalities in cloud storage. In this paper, we show how to securely and flexibly search and share cloud data among a group of users without a group manager. We formalize a novel cryptosystem： secure channel free searchable encryption in a peer-to-peer group, which features with the secure cloud data sharing and searching for group members in an identity-based setting. Our scheme allows group members to join or leave the group dynamically. We present two schemes： basic scheme and enhanced scheme. We formally prove that our basic scheme achieves consistency and indistinguishability against the chosen keyword and ciphertext attack and the outsider＇s keyword guessing attack, respectively. An enhanced scheme is also proposed to achieve forward secrecy, which allows to revoke user search right over the former shared data.

Substring-searchable attribute-based encryption and its application for IoT devices

With the development of big data and cloud computing technology,more and more users choose to store data on cloud servers,which brings much convenience to their management and use of data,and also the risk of data leakage.A common method to prevent data leakage is to encrypt the data before uploading it,but the traditional encryption method is often not conducive to data sharing and querying.In this paper,a new kind of Attribute-Based Encryption(ABE)scheme,which is called the Sub-String Searchable ABE(SSS-ABE)scheme,is proposed for the sharing and querying of the encrypted data.In the SSS-ABE scheme,the data owner encrypts the data under an access structure,and only the data user who satisfies the access structure can query and decrypt it.The data user can make a substring query on the whole ciphertext without setting keywords in advance.In addition,the outsourcing method is also introduced to reduce the local computation of the decryption process so that the outsourcing SSS-ABE scheme can be applied to IoT devices.

Secure searchable encryption:a survey

Cloud computing facilitates convenient and on-demand network access to a centralized pool of resources.Currently,many users prefer to outsource data to the cloud in order to mitigate the burden of local storage.However,storing sensitive data on remote servers poses privacy challenges and is currently a source of concern.SE(Searchable Encryption)is a positive way to protect users sensitive data,while preserving search ability on the server side.SE allows the server to search encrypted data without leaking information in plaintext data.The two main branches of SE are SSE(Searchable Symmetric Encryption)and PEKS(Public key Encryption with Keyword Search).SSE allows only private key holders to produce ciphertexts and to create trapdoors for search,whereas PEKS enables a number of users who know the public key to produce ciphertexts but allows only the private key holder to create trapdoors.This article surveys the two main techniques of SE:SSE and PEKS.Different SE schemes are categorized and compared in terms of functionality,efficiency,and security.Moreover,we point out some valuable directions for future work on SE schemes.

Hybrid cloud approach for block-level deduplication and searchable encryption in large universe

Ciphertext-policy attribute-based searchable encryption （CP-ABSE） can achieve fine-grained access control for data sharing and retrieval, and secure deduplication can save storage space by eliminating duplicate copies. However, there are seldom schemes supporting both searchable encryption and secure deduplication. In this paper, a large universe CP-ABSE scheme supporting secure block-level deduplication are proposed under a hybrid cloud mechanism. In the proposed scheme, after the ciphertext is inserted into bloom filter tree （BFT）, private cloud can perform fine-grained deduplication efficiently by matching tags, and public cloud can search efficiently using homomorphic searchable method and keywords matching. Finally, the proposed scheme can achieve privacy under chosen distribution attacks block-level （PRV-CDA-B） secure deduplication and match-concealing （MC） searchable security. Compared with existing schemes, the proposed scheme has the advantage in supporting fine-grained access control, block-level deduplication and efficient search, simultaneously.

MULKASE:a novel approach for key-aggregate searchable encryption for multi-owner data

Recent attempts at key-aggregate searchable encryption(KASE) combine the advantages of searching encrypted data with support for data owners to share an aggregate searchable key with a user delegating search rights to a set of data. A user, in turn, is required to submit only one single aggregate trapdoor to the cloud to perform a keyword search across the shared set of data. However, the existing KASE methods do not support searching through data that are shared by multiple owners using a single aggregate trapdoor. Therefore, we propose a MULKASE method that allows a user to search across different data records owned by multiple users using a single trapdoor. In MULKASE, the size of the aggregate key is independent of the number of documents held by a data owner. The size of an aggregate key remains constant even though the number of outsourced ciphertexts goes beyond the predefined limit. Security analysis proves that MULKASE is secure against chosen message attacks and chosen keyword attacks. In addition, the security analysis confirms that MULKASE is secure against cross-pairing attacks and provides query privacy. Theoretical and empirical analyses show that MULKASE performs better than the existing KASE methods. We also illustrate how MULKASE can carry out federated searches.

3-Multi ranked encryption with enhanced security in cloud computing

Searchable Encryption(SE)enables data owners to search remotely stored ciphertexts selectively.A practical model that is closest to real life should be able to handle search queries with multiple keywords and multiple data owners/users,and even return the top-k most relevant search results when requested.We refer to a model that satisfies all of the conditions a 3-multi ranked search model.However,SE schemes that have been proposed to date use fully trusted trapdoor generation centers,and several methods assume a secure connection between the data users and a trapdoor generation center.That is,they assume the trapdoor generation center is the only entity that can learn the information regarding queried keywords,but it will never attempt to use it in any other manner than that requested,which is impractical in real life.In this study,to enhance the security,we propose a new 3-multi ranked SE scheme that satisfies all conditions without these security assumptions.The proposed scheme uses randomized keywords to protect the interested keywords of users from both outside adversaries and the honest-but-curious trapdoor generation center,thereby preventing attackers from determining whether two different queries include the same keyword.Moreover,we develop a method for managing multiple encrypted keywords from every data owner,each encrypted with a different key.Our evaluation demonstrates that,despite the trade-off overhead that results from the weaker security assumption,the proposed scheme achieves reasonable performance compared to extant schemes,which implies that our scheme is practical and closest to real life.

Searchable Encryption System for Big Data Storage

Big data cloud platforms provide users with on-demand configurable computing,storage resources to users,thus involving a large amount of user data.However,most of the data is processed and stored in plaintext,resulting in data leakage.At the same time,simple encrypted storage ensures the confidentiality of the cloud data,but has the following problems:if the encrypted data is downloaded to the client and then decrypted,the search efficiency will be low.If the encrypted data is decrypted and searched on the server side,the security will be reduced.Data availability is finally reduced,and indiscriminate protection measures make the risk of data leakage uncontrollable.To solve the problems,based on searchable encryption and key derivation,a cipher search system is designed in this paper considering both data security and availability,and the use of a search encryption algorithm that supports dynamic update is listed.Moreover,the system structure has the advantage of adapting different searchable encryption algorithm.In particular,a user-centered key derivation mechanism is designed to realize file-level fine-grained encryption.Finally,extensive experiment and analysis show that the scheme greatly improves the data security of big data platform.

Efficient Expressive Attribute-Based Encryption with Keyword Search over Prime-Order Groups

Attribute-based encryption with keyword search(ABEKS)is a novel cryptographic paradigm that can be used to implementfine-grained access control and retrieve ciphertexts without disclosing the sensitive information.It is a perfect combination of attribute-based encryption(ABE)and public key encryption with keyword search(PEKS).Nevertheless,most of the existing ABEKS schemes have limited search capabilities and only support single or simple conjunctive keyword search.Due to the weak search capability and inaccurate search results,it is difficult to apply these schemes to practical applications.In this paper,an effi-cient expressive ABEKS(EABEKS)scheme supporting unbounded keyword uni-verse over prime-order groups is designed,which supplies the expressive keyword search function supporting the logical connectives of“AND”and“OR”.The proposed scheme not only leads to low computation and communica-tion costs,but also supports unbounded keyword universe.In the standard model,the scheme is proven to be secure under the chosen keyword attack and the cho-sen plaintext attack.The comparison analysis and experimental results show that it has better performance than the existing EABEKS schemes in the storage,com-putation and communication costs.