With the widespread use of cloud computing technology,more and more users and enterprises decide to store their data in a cloud server by outsourcing.However,these huge amounts of data may contain personal privacy,bus...With the widespread use of cloud computing technology,more and more users and enterprises decide to store their data in a cloud server by outsourcing.However,these huge amounts of data may contain personal privacy,business secrets and other sensitive information of the users and enterprises.Thus,at present,how to protect,retrieve,and legally use the sensitive information while preventing illegal accesses are security challenges of data storage in the cloud environment.A new proxy re-encryption with keyword search scheme is proposed in this paper in order to solve the problem of the low retrieval efficiency of the encrypted data in the cloud server.In this scheme,the user data are divided into files,file indexes and the keyword corresponding to the files,which are respectively encrypted to store.The improved scheme does not need to re-encrypt partial file cipher-text as in traditional schemes,but re-encrypt the cipher-text of keywords corresponding to the files.Therefore the scheme can improve the computational efficiency as well as resist chosen keyword attack.And the scheme is proven to be indistinguishable under Hash Diffie-Hellman assumption.Furthermore,the scheme does not need to use any secure channels,making it more effective in the cloud environment.展开更多
With the development of Internet of Things technology,intelligent door lock devices are widely used in the field of house leasing.In the traditional housing leasing scenario,problems of door lock information disclosur...With the development of Internet of Things technology,intelligent door lock devices are widely used in the field of house leasing.In the traditional housing leasing scenario,problems of door lock information disclosure,tenant privacy disclosure and rental contract disputes frequently occur,and the security,fairness and auditability of the housing leasing transaction cannot be guaranteed.To solve the above problems,a blockchain-based proxy re-encryption scheme with conditional privacy protection and auditability is proposed.The scheme implements fine-grained access control of door lock data based on attribute encryption technology with policy hiding,and uses proxy re-encryption technology to achieve auditable supervision of door lock information transactions.Homomorphic encryption technology and zero-knowledge proof technology are introduced to ensure the confidentiality of housing rent information and the fairness of rent payment.To construct a decentralized housing lease transaction architecture,the scheme realizes the efficient collaboration between the door lock data ciphertext stored under the chain and the key information ciphertext on the chain based on the blockchain and InterPlanetary File System.Finally,the security proof and computing performance analysis of the proposed scheme are carried out.The results show that the scheme can resist the chosen plaintext attack and has low computational cost.展开更多
The dissociation between data management and data ownership makes it difficult to protect data security and privacy in cloud storage systems.Traditional encryption technologies are not suitable for data protection in ...The dissociation between data management and data ownership makes it difficult to protect data security and privacy in cloud storage systems.Traditional encryption technologies are not suitable for data protection in cloud storage systems.A novel multi-authority proxy re-encryption mechanism based on ciphertext-policy attribute-based encryption(MPRE-CPABE) is proposed for cloud storage systems.MPRE-CPABE requires data owner to split each file into two blocks,one big block and one small block.The small block is used to encrypt the big one as the private key,and then the encrypted big block will be uploaded to the cloud storage system.Even if the uploaded big block of file is stolen,illegal users cannot get the complete information of the file easily.Ciphertext-policy attribute-based encryption(CPABE)is always criticized for its heavy overload and insecure issues when distributing keys or revoking user's access right.MPRE-CPABE applies CPABE to the multi-authority cloud storage system,and solves the above issues.The weighted access structure(WAS) is proposed to support a variety of fine-grained threshold access control policy in multi-authority environments,and reduce the computational cost of key distribution.Meanwhile,MPRE-CPABE uses proxy re-encryption to reduce the computational cost of access revocation.Experiments are implemented on platforms of Ubuntu and CloudSim.Experimental results show that MPRE-CPABE can greatly reduce the computational cost of the generation of key components and the revocation of user's access right.MPRE-CPABE is also proved secure under the security model of decisional bilinear Diffie-Hellman(DBDH).展开更多
Secure and efficient outsourced computation in cloud computing environments is crucial for ensuring data confidentiality, integrity, and resource optimization. In this research, we propose novel algorithms and methodo...Secure and efficient outsourced computation in cloud computing environments is crucial for ensuring data confidentiality, integrity, and resource optimization. In this research, we propose novel algorithms and methodologies to address these challenges. Through a series of experiments, we evaluate the performance, security, and efficiency of the proposed algorithms in real-world cloud environments. Our results demonstrate the effectiveness of homomorphic encryption-based secure computation, secure multiparty computation, and trusted execution environment-based approaches in mitigating security threats while ensuring efficient resource utilization. Specifically, our homomorphic encryption-based algorithm exhibits encryption times ranging from 20 to 1000 milliseconds and decryption times ranging from 25 to 1250 milliseconds for payload sizes varying from 100 KB to 5000 KB. Furthermore, our comparative analysis against state-of-the-art solutions reveals the strengths of our proposed algorithms in terms of security guarantees, encryption overhead, and communication latency.展开更多
In order to achieve fine-grained access control in cloud computing,existing digital rights management(DRM) schemes adopt attribute-based encryption as the main encryption primitive.However,these schemes suffer from in...In order to achieve fine-grained access control in cloud computing,existing digital rights management(DRM) schemes adopt attribute-based encryption as the main encryption primitive.However,these schemes suffer from inefficiency and cannot support dynamic updating of usage rights stored in the cloud.In this paper,we propose a novel DRM scheme with secure key management and dynamic usage control in cloud computing.We present a secure key management mechanism based on attribute-based encryption and proxy re-encryption.Only the users whose attributes satisfy the access policy of the encrypted content and who have effective usage rights can be able to recover the content encryption key and further decrypt the content.The attribute based mechanism allows the content provider to selectively provide fine-grained access control of contents among a set of users,and also enables the license server to implement immediate attribute and user revocation.Moreover,our scheme supports privacy-preserving dynamic usage control based on additive homomorphic encryption,which allows the license server in the cloud to update the users' usage rights dynamically without disclosing the plaintext.Extensive analytical results indicate that our proposed scheme is secure and efficient.展开更多
Genetic Algorithm(GA)has been widely used to solve various optimization problems.As the solving process of GA requires large storage and computing resources,it is well motivated to outsource the solving process of GA ...Genetic Algorithm(GA)has been widely used to solve various optimization problems.As the solving process of GA requires large storage and computing resources,it is well motivated to outsource the solving process of GA to the cloud server.However,the algorithm user would never want his data to be disclosed to cloud server.Thus,it is necessary for the user to encrypt the data before transmitting them to the server.But the user will encounter a new problem.The arithmetic operations we are familiar with cannot work directly in the ciphertext domain.In this paper,a privacy-preserving outsourced genetic algorithm is proposed.The user’s data are protected by homomorphic encryption algorithm which can support the operations in the encrypted domain.GA is elaborately adapted to search the optimal result over the encrypted data.The security analysis and experiment results demonstrate the effectiveness of the proposed scheme.展开更多
With the massive diffusion of cloud computing, more and more sensitive data is being centralized into the cloud for sharing, which brings forth new challenges for the security and privacy of outsourced data. To addres...With the massive diffusion of cloud computing, more and more sensitive data is being centralized into the cloud for sharing, which brings forth new challenges for the security and privacy of outsourced data. To address these challenges, the server-aided access control(SAAC) system was proposed. The SAAC system builds upon a variant of conditional proxy re-encryption(CPRE) named threshold conditional proxy re-encryption(TCPRE). In TCPRE, t out of n proxies can re-encrypt ciphertexts(satisfying some specified conditions) for the delegator(while up to t-1 proxies cannot), and the correctness of the re-encrypted ciphertexts can be publicly verified. Both features guarantee the trust and reliability on the proxies deployed in the SAAC system. The security models for TCPRE were formalized, several TCPRE constructions were proposed and that our final scheme was secure against chosen-ciphertext attacks was proved.展开更多
With the development of cloud computing technology,more and more data owners upload their local data to the public cloud server for storage and calculation.While this can save customers’operating costs,it also poses ...With the development of cloud computing technology,more and more data owners upload their local data to the public cloud server for storage and calculation.While this can save customers’operating costs,it also poses privacy and security challenges.Such challenges can be solved using secure multi-party computation(SMPC),but this still exposes more security issues.In cloud computing using SMPC,clients need to process their data and submit the processed data to the cloud server,which then performs the calculation and returns the results to each client.Each client and server must be honest.If there is cooperation or dishonest behavior between clients,some clients may profit from it or even disclose the private data of other clients.This paper proposes the SMPC based on a Partially-Homomorphic Encryption(PHE)scheme in which an addition homomorphic encryption algorithm with a lower computational cost is used to ensure data comparability and Zero-Knowledge Proof(ZKP)is used to limit the client’s malicious behavior.In addition,the introduction of Oblivious Transfer(OT)technology also ensures that the semi-honest cloud server knows nothing about private data,so that the cloud server of this scheme can calculate the correct data in the case of malicious participant models and safely return the calculation results to each client.Finally,the security analysis shows that the scheme not only ensures the privacy of participants,but also ensures the fairness of the comparison protocol data.展开更多
Quantum computing has undergone rapid development in recent years. Owing to limitations on scalability, personal quantum computers still seem slightly unrealistic in the near future. The first practical quantum comput...Quantum computing has undergone rapid development in recent years. Owing to limitations on scalability, personal quantum computers still seem slightly unrealistic in the near future. The first practical quantum computer for ordinary users is likely to be on the cloud. However, the adoption of cloud computing is possible only if security is ensured. Homomorphic encryption is a cryptographic protocol that allows computation to be performed on encrypted data without decrypting them, so it is well suited to cloud computing. Here, we first applied homomorphic encryption on IBM's cloud quantum computer platform. In our experiments, we successfully implemented a quantum algorithm for linear equations while protecting our privacy. This demonstration opens a feasible path to the next stage of development of cloud quantum information technology.展开更多
Cloud computing provides a convenient way of content trading and sharing. In this paper, we propose a secure and privacy-preserving digital rights management (DRM) scheme using homomorphic encryption in cloud comput...Cloud computing provides a convenient way of content trading and sharing. In this paper, we propose a secure and privacy-preserving digital rights management (DRM) scheme using homomorphic encryption in cloud computing. We present an efficient digital rights management framework in cloud computing, which allows content provider to outsource encrypted contents to centralized content server and allows user to consume contents with the license issued by license server. Further, we provide a secure content key distribution scheme based on additive homomorphic probabilistic public key encryption and proxy re-encryption. The provided scheme prevents malicious employees of license server from issuing the license to unauthorized user. In addition, we achieve privacy preserving by allowing users to stay anonymous towards the key server and service provider. The analysis and comparison results indicate that the proposed scheme has high efficiency and security.展开更多
In current cloud computing system, large amounts of sensitive data are shared to other cloud users. To keep these data confidentiality, data owners should encrypt their data before outsourcing. We choose proxy reencry...In current cloud computing system, large amounts of sensitive data are shared to other cloud users. To keep these data confidentiality, data owners should encrypt their data before outsourcing. We choose proxy reencryption (PRE) as the cloud data encryption technique. In a PRE system, a semi-trusted proxy can transform a ciphertext under one public key into a ciphertext of the same message under another public key, but the proxy cannot gain any information about the message. In this paper, we propose a certificateless PRE (CL-PRE) scheme without pairings. The security of the proposed scheme can be proved to be equivalent to the computational Dire- Hellman (CDH) problem in the random oracle model. Compared with other existing CL-PRE schemes, our scheme requires less computation cost and is significantly more efficient. The new scheme does not need the public key certificates to guarantee validity of public keys and solves the key escrow problem in identity-based public key cryptography.展开更多
Cloud computing provides a wide platform for information sharing. Users can access data and retrieve service easily and quickly. Generally, the data in cloud are transferred with encrypted form to protect the informat...Cloud computing provides a wide platform for information sharing. Users can access data and retrieve service easily and quickly. Generally, the data in cloud are transferred with encrypted form to protect the information. As an important technology of cloud security, access control should take account of multi-factor and ciphertext to satisfy the complex requirement for cloud data protection. We propose a proxy re-encryption (PRE) based multi-factor access control (PMAC) for cipher text in the above background. The PMAC adapts to the privacy and the protection of data confidently. We explain the motivation and some assumptions of PMAC at first. Then we define system model and algorithm. The system model and algorithm show how to create the data with corresponding accessing Policy and how to grant and revoke the nermission.展开更多
Fog computing is a concept that extends the paradigm of cloud computing to the network edge. The goal of fog computing is to situate resources in the vicinity of end users. As with cloud computing, fog computing provi...Fog computing is a concept that extends the paradigm of cloud computing to the network edge. The goal of fog computing is to situate resources in the vicinity of end users. As with cloud computing, fog computing provides storage services. The data owners can store their confidential data in many fog nodes, which could cause more challenges for data sharing security. In this paper, we present a novel architecture for data sharing in a fog environment. We explore the benefits of fog computing in addressing one-to-many data sharing applications. This architecture sought to outperform the cloud-based architecture and to ensure further enhancements to system performance, especially from the perspective of security. We will address the security challenges of data sharing, such as fine-grained access control, data confidentiality, collusion resistance, scalability, and the issue of user revocation. Keeping these issues in mind, we will secure data sharing in fog computing by combining attributebased encryption and proxy re-encryption techniques. Findings of this study indicate that our system has the response and processing time faster than classical cloud systems. Further, experimental results show that our system has an efficient user revocation mechanism, and that it provides high scalability and sharing of data in real time with low latency.展开更多
Fully homomorphic encryption(FHE)can be used for privacy-preserving aggregation of medical data.In this typical application,the security against passive attacks has been well studied by Li and Micciancio(2021).In this...Fully homomorphic encryption(FHE)can be used for privacy-preserving aggregation of medical data.In this typical application,the security against passive attacks has been well studied by Li and Micciancio(2021).In this paper,the authors further consider a“nearly passive”kind of attack,where the attacker may behave like a passive attacker in the view of the third-party server.To capture the security against this hard-to-detect attack,the authors propose a new notion of IND-CPA^(rD)security.The authors show that the standard LWE encryption and its related FHE schemes can not defend against IND-CPA^(rD)attack,even under a stricter rule limiting the content and number of queries made by the attacker.To make the application of FHE schemes more secure,the authors discuss some possible modifications that may serve as countermeasures to IND-CPA^(rD)attack.展开更多
Cloud computing has become a powerful mechanism for initiating secure communication among users.The advancements in the technology lead to provide various services,like accessing network,resources,and platform.However...Cloud computing has become a powerful mechanism for initiating secure communication among users.The advancements in the technology lead to provide various services,like accessing network,resources,and platform.However,handling large datasets and security are major issues in the cloud systems.Hence,this paper proposes a technique,namely,Jaya–Whale Optimization(JWO),which is the integration of Jaya algorithm and Whale optimization algorithm(WOA)and adapts homomorphic encryption for initiating secure data transmission in the cloud.The original data are preserved by generating Data Protection(DP)coefficient using the proposed JWO algorithm.In the proposed algorithm,the fitness is calculated based on privacy and utility parameters for selecting the optimal solution.Also,the sanitized data are generated by EXORing the Key Information Product(KIP)matrix and key vector.Finally,the data owner provides the key to the users for retrieving the original data from the sanitized data.The experimentation is carried out using Cleveland,Hungarian,and Switzerland datasets in terms of BD,accuracy,and fitness and the analysis shows that the proposed JWO provides superior performance in terms of BD,accuracy,and fitness parameters with values 0.720,0.822,and 0.722.展开更多
Different efforts have been undertaken to customizing a security and privacy concern in clouddata access. Therefore, the security measures are reliable and the data access was verified as themajor problem in the cloud...Different efforts have been undertaken to customizing a security and privacy concern in clouddata access. Therefore, the security measures are reliable and the data access was verified as themajor problem in the cloud environment. To overcome this problem, we proposed an efficientdata access control using optimized homomorphic encryption (HE). Because users outsourcetheir sensitive information to cloud providers, data security and access control is one of themost difficult ongoing cloud computing research projects. Existing solutions that rely on cryptographictechnologies to address these security issues result in significant complexity for bothdata and cloud service providers. The experimental results show that the key generation is 7.6%decreased by HE and 14.14% less than the proposed method. The encryption time is 11.34% lessthan the optimized HE and 23.28% decreased by ECC. The decryption time is 13.18% and 24.07%when compared with HE and ECC respectively.展开更多
Cloud data sharing service, which allows a group of people to work together to access and modify the shared data, is one of the most popular and efficient working styles in the enterprises. However, the cloud server i...Cloud data sharing service, which allows a group of people to work together to access and modify the shared data, is one of the most popular and efficient working styles in the enterprises. However, the cloud server is not completely trusted, and its security could be compromised by monetary reasons or caused by hacking and hardware errors. Therefore, despite of having advantages of scalability and flexibility, cloud storage service comes with privacy and the security concerns. A straightforward method to protect the user's privacy is to encrypt the data stored at the cloud. To enable the authenticated users to access the encrypted cloud data, a practical group key management algorithm for the cloud data sharing application is highly desired. The existing group key management mechanisms presume that the server is trusted. But, the cloud data service mode does not always meet this condition. How to manage the group keys to support the scenario of the cloud storage with a semi-trusted cloud server is still a challenging task. Moreover, the cloud storage system is a large-scale and open application, in which the user group is dynamic. To address this problem, we propose a practical group key management algorithm based on a proxy re-encryption mechanism in this paper. We use the cloud server to act as a proxy tore-encrypt the group key to allow authorized users to decrypt and get the group key by their private key. To achieve the hierarchical access control policy, our scheme enables the cloud server to convert the encrypted group key of the lower group to the upper group. The numerical analysis and experimental results further validate the high efficiency and security of the proposed scheme.展开更多
In the analysis of big data,deep learn-ing is a crucial technique.Big data analysis tasks are typically carried out on the cloud since it offers strong computer capabilities and storage areas.Nev-ertheless,there is a ...In the analysis of big data,deep learn-ing is a crucial technique.Big data analysis tasks are typically carried out on the cloud since it offers strong computer capabilities and storage areas.Nev-ertheless,there is a contradiction between the open nature of the cloud and the demand that data own-ers maintain their privacy.To use cloud resources for privacy-preserving data training,a viable method must be found.A privacy-preserving deep learning model(PPDLM)is suggested in this research to ad-dress this preserving issue.To preserve data privacy,we first encrypted the data using homomorphic en-cryption(HE)approach.Moreover,the deep learn-ing algorithm’s activation function—the sigmoid func-tion—uses the least-squares method to process non-addition and non-multiplication operations that are not allowed by homomorphic.Finally,experimental re-sults show that PPDLM has a significant effect on the protection of data privacy information.Compared with Non-Privacy Preserving Deep Learning Model(NPPDLM),PPDLM has higher computational effi-ciency.展开更多
Despite the multifaceted advantages of cloud computing,concerns about data leakage or abuse impedes its adoption for security-sensi tive tasks.Recent investigations have revealed that the risk of unauthorized data acc...Despite the multifaceted advantages of cloud computing,concerns about data leakage or abuse impedes its adoption for security-sensi tive tasks.Recent investigations have revealed that the risk of unauthorized data access is one of the biggest concerns of users of cloud-based services.Transparency and accountability for data managed in the cloud is necessary.Specifically,when using a cloudhost service,a user typically has to trust both the cloud service provider and cloud infrastructure provider to properly handling private data.This is a multi-party system.Three particular trust models can be used according to the credibility of these providers.This pa per describes techniques for preventing data leakage that can be used with these different models.展开更多
基金This work is supported by“13th Five-Year”National Crypto Development Fund(No.MMJJ20170122)Zhejiang Provincial Natural Science Foundation of China(No.Y15F020053)+1 种基金the Project of Education Department of Henan Province(No.18A413001,No.16A520013)Natural Science Foundation of Henan Polytechnic University(No.T2018-1).
文摘With the widespread use of cloud computing technology,more and more users and enterprises decide to store their data in a cloud server by outsourcing.However,these huge amounts of data may contain personal privacy,business secrets and other sensitive information of the users and enterprises.Thus,at present,how to protect,retrieve,and legally use the sensitive information while preventing illegal accesses are security challenges of data storage in the cloud environment.A new proxy re-encryption with keyword search scheme is proposed in this paper in order to solve the problem of the low retrieval efficiency of the encrypted data in the cloud server.In this scheme,the user data are divided into files,file indexes and the keyword corresponding to the files,which are respectively encrypted to store.The improved scheme does not need to re-encrypt partial file cipher-text as in traditional schemes,but re-encrypt the cipher-text of keywords corresponding to the files.Therefore the scheme can improve the computational efficiency as well as resist chosen keyword attack.And the scheme is proven to be indistinguishable under Hash Diffie-Hellman assumption.Furthermore,the scheme does not need to use any secure channels,making it more effective in the cloud environment.
基金supported by National Key Research and Development Project(No.2020YFB1005500)Beijing Natural Science Foundation Project(No.M21034)。
文摘With the development of Internet of Things technology,intelligent door lock devices are widely used in the field of house leasing.In the traditional housing leasing scenario,problems of door lock information disclosure,tenant privacy disclosure and rental contract disputes frequently occur,and the security,fairness and auditability of the housing leasing transaction cannot be guaranteed.To solve the above problems,a blockchain-based proxy re-encryption scheme with conditional privacy protection and auditability is proposed.The scheme implements fine-grained access control of door lock data based on attribute encryption technology with policy hiding,and uses proxy re-encryption technology to achieve auditable supervision of door lock information transactions.Homomorphic encryption technology and zero-knowledge proof technology are introduced to ensure the confidentiality of housing rent information and the fairness of rent payment.To construct a decentralized housing lease transaction architecture,the scheme realizes the efficient collaboration between the door lock data ciphertext stored under the chain and the key information ciphertext on the chain based on the blockchain and InterPlanetary File System.Finally,the security proof and computing performance analysis of the proposed scheme are carried out.The results show that the scheme can resist the chosen plaintext attack and has low computational cost.
基金supported by the National Natural Science Foundation of China(6120200461472192)+1 种基金the Special Fund for Fast Sharing of Science Paper in Net Era by CSTD(2013116)the Natural Science Fund of Higher Education of Jiangsu Province(14KJB520014)
文摘The dissociation between data management and data ownership makes it difficult to protect data security and privacy in cloud storage systems.Traditional encryption technologies are not suitable for data protection in cloud storage systems.A novel multi-authority proxy re-encryption mechanism based on ciphertext-policy attribute-based encryption(MPRE-CPABE) is proposed for cloud storage systems.MPRE-CPABE requires data owner to split each file into two blocks,one big block and one small block.The small block is used to encrypt the big one as the private key,and then the encrypted big block will be uploaded to the cloud storage system.Even if the uploaded big block of file is stolen,illegal users cannot get the complete information of the file easily.Ciphertext-policy attribute-based encryption(CPABE)is always criticized for its heavy overload and insecure issues when distributing keys or revoking user's access right.MPRE-CPABE applies CPABE to the multi-authority cloud storage system,and solves the above issues.The weighted access structure(WAS) is proposed to support a variety of fine-grained threshold access control policy in multi-authority environments,and reduce the computational cost of key distribution.Meanwhile,MPRE-CPABE uses proxy re-encryption to reduce the computational cost of access revocation.Experiments are implemented on platforms of Ubuntu and CloudSim.Experimental results show that MPRE-CPABE can greatly reduce the computational cost of the generation of key components and the revocation of user's access right.MPRE-CPABE is also proved secure under the security model of decisional bilinear Diffie-Hellman(DBDH).
文摘Secure and efficient outsourced computation in cloud computing environments is crucial for ensuring data confidentiality, integrity, and resource optimization. In this research, we propose novel algorithms and methodologies to address these challenges. Through a series of experiments, we evaluate the performance, security, and efficiency of the proposed algorithms in real-world cloud environments. Our results demonstrate the effectiveness of homomorphic encryption-based secure computation, secure multiparty computation, and trusted execution environment-based approaches in mitigating security threats while ensuring efficient resource utilization. Specifically, our homomorphic encryption-based algorithm exhibits encryption times ranging from 20 to 1000 milliseconds and decryption times ranging from 25 to 1250 milliseconds for payload sizes varying from 100 KB to 5000 KB. Furthermore, our comparative analysis against state-of-the-art solutions reveals the strengths of our proposed algorithms in terms of security guarantees, encryption overhead, and communication latency.
基金ACKNOWLEDGEMENTS This work has been supported by the National Natural Science Foundation of China under Grant No. 61272519, 61121061.
文摘In order to achieve fine-grained access control in cloud computing,existing digital rights management(DRM) schemes adopt attribute-based encryption as the main encryption primitive.However,these schemes suffer from inefficiency and cannot support dynamic updating of usage rights stored in the cloud.In this paper,we propose a novel DRM scheme with secure key management and dynamic usage control in cloud computing.We present a secure key management mechanism based on attribute-based encryption and proxy re-encryption.Only the users whose attributes satisfy the access policy of the encrypted content and who have effective usage rights can be able to recover the content encryption key and further decrypt the content.The attribute based mechanism allows the content provider to selectively provide fine-grained access control of contents among a set of users,and also enables the license server to implement immediate attribute and user revocation.Moreover,our scheme supports privacy-preserving dynamic usage control based on additive homomorphic encryption,which allows the license server in the cloud to update the users' usage rights dynamically without disclosing the plaintext.Extensive analytical results indicate that our proposed scheme is secure and efficient.
基金This work is supported by the NSFC(61672294,61601236,U1536206,61502242,61572258,U1405254,61373133,61373132,61232016)BK20150925,Six peak talent project of Jiangsu Province(R2016L13),NRF-2016R1D1A1B03933294,CICAEET,and PAPD fund.
文摘Genetic Algorithm(GA)has been widely used to solve various optimization problems.As the solving process of GA requires large storage and computing resources,it is well motivated to outsource the solving process of GA to the cloud server.However,the algorithm user would never want his data to be disclosed to cloud server.Thus,it is necessary for the user to encrypt the data before transmitting them to the server.But the user will encounter a new problem.The arithmetic operations we are familiar with cannot work directly in the ciphertext domain.In this paper,a privacy-preserving outsourced genetic algorithm is proposed.The user’s data are protected by homomorphic encryption algorithm which can support the operations in the encrypted domain.GA is elaborately adapted to search the optimal result over the encrypted data.The security analysis and experiment results demonstrate the effectiveness of the proposed scheme.
基金The National Natural Science Foundation of China(No.61272413,No.61472165)
文摘With the massive diffusion of cloud computing, more and more sensitive data is being centralized into the cloud for sharing, which brings forth new challenges for the security and privacy of outsourced data. To address these challenges, the server-aided access control(SAAC) system was proposed. The SAAC system builds upon a variant of conditional proxy re-encryption(CPRE) named threshold conditional proxy re-encryption(TCPRE). In TCPRE, t out of n proxies can re-encrypt ciphertexts(satisfying some specified conditions) for the delegator(while up to t-1 proxies cannot), and the correctness of the re-encrypted ciphertexts can be publicly verified. Both features guarantee the trust and reliability on the proxies deployed in the SAAC system. The security models for TCPRE were formalized, several TCPRE constructions were proposed and that our final scheme was secure against chosen-ciphertext attacks was proved.
基金supported by the National Natural Science Foundation of China under Grant No.(62202118.61962009)And in part by Natural Science Foundation of Shandong Province(ZR2021MF086)+1 种基金And in part by Top Technology Talent Project from Guizhou Education Department(Qian jiao ji[2022]073)And in part by Foundation of Guangxi Key Laboratory of Cryptography and Information Security(GCIS202118).
文摘With the development of cloud computing technology,more and more data owners upload their local data to the public cloud server for storage and calculation.While this can save customers’operating costs,it also poses privacy and security challenges.Such challenges can be solved using secure multi-party computation(SMPC),but this still exposes more security issues.In cloud computing using SMPC,clients need to process their data and submit the processed data to the cloud server,which then performs the calculation and returns the results to each client.Each client and server must be honest.If there is cooperation or dishonest behavior between clients,some clients may profit from it or even disclose the private data of other clients.This paper proposes the SMPC based on a Partially-Homomorphic Encryption(PHE)scheme in which an addition homomorphic encryption algorithm with a lower computational cost is used to ensure data comparability and Zero-Knowledge Proof(ZKP)is used to limit the client’s malicious behavior.In addition,the introduction of Oblivious Transfer(OT)technology also ensures that the semi-honest cloud server knows nothing about private data,so that the cloud server of this scheme can calculate the correct data in the case of malicious participant models and safely return the calculation results to each client.Finally,the security analysis shows that the scheme not only ensures the privacy of participants,but also ensures the fairness of the comparison protocol data.
基金Acknowledgements The authors acknowledge the use of IBM's Quantum Experience for this work. The views expressed are those of the author and do not reflect the official policy or position of IBM or the IBM Quantum Experience team, This project was supported by the National Basic Research Program of China (Grant No, 201acBaa8002), National Natural Science Foundation of China (Grant Nos. 11504430 and 61502526).
文摘Quantum computing has undergone rapid development in recent years. Owing to limitations on scalability, personal quantum computers still seem slightly unrealistic in the near future. The first practical quantum computer for ordinary users is likely to be on the cloud. However, the adoption of cloud computing is possible only if security is ensured. Homomorphic encryption is a cryptographic protocol that allows computation to be performed on encrypted data without decrypting them, so it is well suited to cloud computing. Here, we first applied homomorphic encryption on IBM's cloud quantum computer platform. In our experiments, we successfully implemented a quantum algorithm for linear equations while protecting our privacy. This demonstration opens a feasible path to the next stage of development of cloud quantum information technology.
基金supported by the National Natural Science Foundation of China (60803157, 90812001, 61272519)
文摘Cloud computing provides a convenient way of content trading and sharing. In this paper, we propose a secure and privacy-preserving digital rights management (DRM) scheme using homomorphic encryption in cloud computing. We present an efficient digital rights management framework in cloud computing, which allows content provider to outsource encrypted contents to centralized content server and allows user to consume contents with the license issued by license server. Further, we provide a secure content key distribution scheme based on additive homomorphic probabilistic public key encryption and proxy re-encryption. The provided scheme prevents malicious employees of license server from issuing the license to unauthorized user. In addition, we achieve privacy preserving by allowing users to stay anonymous towards the key server and service provider. The analysis and comparison results indicate that the proposed scheme has high efficiency and security.
基金the National Natural Science Foundation of China(No.61133014)
文摘In current cloud computing system, large amounts of sensitive data are shared to other cloud users. To keep these data confidentiality, data owners should encrypt their data before outsourcing. We choose proxy reencryption (PRE) as the cloud data encryption technique. In a PRE system, a semi-trusted proxy can transform a ciphertext under one public key into a ciphertext of the same message under another public key, but the proxy cannot gain any information about the message. In this paper, we propose a certificateless PRE (CL-PRE) scheme without pairings. The security of the proposed scheme can be proved to be equivalent to the computational Dire- Hellman (CDH) problem in the random oracle model. Compared with other existing CL-PRE schemes, our scheme requires less computation cost and is significantly more efficient. The new scheme does not need the public key certificates to guarantee validity of public keys and solves the key escrow problem in identity-based public key cryptography.
基金the National Natural Science Foundation of China(Nos.61702266 and 61572255)the Natural Science Foundation of Jiangsu Province(Nos.BK20150787 and BK20141404)
文摘Cloud computing provides a wide platform for information sharing. Users can access data and retrieve service easily and quickly. Generally, the data in cloud are transferred with encrypted form to protect the information. As an important technology of cloud security, access control should take account of multi-factor and ciphertext to satisfy the complex requirement for cloud data protection. We propose a proxy re-encryption (PRE) based multi-factor access control (PMAC) for cipher text in the above background. The PMAC adapts to the privacy and the protection of data confidently. We explain the motivation and some assumptions of PMAC at first. Then we define system model and algorithm. The system model and algorithm show how to create the data with corresponding accessing Policy and how to grant and revoke the nermission.
文摘Fog computing is a concept that extends the paradigm of cloud computing to the network edge. The goal of fog computing is to situate resources in the vicinity of end users. As with cloud computing, fog computing provides storage services. The data owners can store their confidential data in many fog nodes, which could cause more challenges for data sharing security. In this paper, we present a novel architecture for data sharing in a fog environment. We explore the benefits of fog computing in addressing one-to-many data sharing applications. This architecture sought to outperform the cloud-based architecture and to ensure further enhancements to system performance, especially from the perspective of security. We will address the security challenges of data sharing, such as fine-grained access control, data confidentiality, collusion resistance, scalability, and the issue of user revocation. Keeping these issues in mind, we will secure data sharing in fog computing by combining attributebased encryption and proxy re-encryption techniques. Findings of this study indicate that our system has the response and processing time faster than classical cloud systems. Further, experimental results show that our system has an efficient user revocation mechanism, and that it provides high scalability and sharing of data in real time with low latency.
基金partially supported by China National Key Research and Development Projects under Grant Nos.2020YFA0712300 and 2018YFA0704705。
文摘Fully homomorphic encryption(FHE)can be used for privacy-preserving aggregation of medical data.In this typical application,the security against passive attacks has been well studied by Li and Micciancio(2021).In this paper,the authors further consider a“nearly passive”kind of attack,where the attacker may behave like a passive attacker in the view of the third-party server.To capture the security against this hard-to-detect attack,the authors propose a new notion of IND-CPA^(rD)security.The authors show that the standard LWE encryption and its related FHE schemes can not defend against IND-CPA^(rD)attack,even under a stricter rule limiting the content and number of queries made by the attacker.To make the application of FHE schemes more secure,the authors discuss some possible modifications that may serve as countermeasures to IND-CPA^(rD)attack.
文摘Cloud computing has become a powerful mechanism for initiating secure communication among users.The advancements in the technology lead to provide various services,like accessing network,resources,and platform.However,handling large datasets and security are major issues in the cloud systems.Hence,this paper proposes a technique,namely,Jaya–Whale Optimization(JWO),which is the integration of Jaya algorithm and Whale optimization algorithm(WOA)and adapts homomorphic encryption for initiating secure data transmission in the cloud.The original data are preserved by generating Data Protection(DP)coefficient using the proposed JWO algorithm.In the proposed algorithm,the fitness is calculated based on privacy and utility parameters for selecting the optimal solution.Also,the sanitized data are generated by EXORing the Key Information Product(KIP)matrix and key vector.Finally,the data owner provides the key to the users for retrieving the original data from the sanitized data.The experimentation is carried out using Cleveland,Hungarian,and Switzerland datasets in terms of BD,accuracy,and fitness and the analysis shows that the proposed JWO provides superior performance in terms of BD,accuracy,and fitness parameters with values 0.720,0.822,and 0.722.
文摘Different efforts have been undertaken to customizing a security and privacy concern in clouddata access. Therefore, the security measures are reliable and the data access was verified as themajor problem in the cloud environment. To overcome this problem, we proposed an efficientdata access control using optimized homomorphic encryption (HE). Because users outsourcetheir sensitive information to cloud providers, data security and access control is one of themost difficult ongoing cloud computing research projects. Existing solutions that rely on cryptographictechnologies to address these security issues result in significant complexity for bothdata and cloud service providers. The experimental results show that the key generation is 7.6%decreased by HE and 14.14% less than the proposed method. The encryption time is 11.34% lessthan the optimized HE and 23.28% decreased by ECC. The decryption time is 13.18% and 24.07%when compared with HE and ECC respectively.
基金partially supported by National Natural Science Foundation of China No.61202034,61232002,61303026,6157237861402339CCF Opening Project of Chinese Information Processing No.CCF2014-01-02+2 种基金the Program for Innovative Research Team of Wuhan No.2014070504020237Fundamental Application Research Plan of Suzhou City No.SYG201312Natural Science Foundation of Wuhan University No.2042016gf0020
文摘Cloud data sharing service, which allows a group of people to work together to access and modify the shared data, is one of the most popular and efficient working styles in the enterprises. However, the cloud server is not completely trusted, and its security could be compromised by monetary reasons or caused by hacking and hardware errors. Therefore, despite of having advantages of scalability and flexibility, cloud storage service comes with privacy and the security concerns. A straightforward method to protect the user's privacy is to encrypt the data stored at the cloud. To enable the authenticated users to access the encrypted cloud data, a practical group key management algorithm for the cloud data sharing application is highly desired. The existing group key management mechanisms presume that the server is trusted. But, the cloud data service mode does not always meet this condition. How to manage the group keys to support the scenario of the cloud storage with a semi-trusted cloud server is still a challenging task. Moreover, the cloud storage system is a large-scale and open application, in which the user group is dynamic. To address this problem, we propose a practical group key management algorithm based on a proxy re-encryption mechanism in this paper. We use the cloud server to act as a proxy tore-encrypt the group key to allow authorized users to decrypt and get the group key by their private key. To achieve the hierarchical access control policy, our scheme enables the cloud server to convert the encrypted group key of the lower group to the upper group. The numerical analysis and experimental results further validate the high efficiency and security of the proposed scheme.
基金This work was partially supported by the Natural Science Foundation of Beijing Municipality(No.4222038)by Open Research Project of the State Key Laboratory of Media Convergence and Communication(Communication University of China),the National Key R&D Program of China(No.2021YFF0307600)Fundamental Research Funds for the Central Universities.
文摘In the analysis of big data,deep learn-ing is a crucial technique.Big data analysis tasks are typically carried out on the cloud since it offers strong computer capabilities and storage areas.Nev-ertheless,there is a contradiction between the open nature of the cloud and the demand that data own-ers maintain their privacy.To use cloud resources for privacy-preserving data training,a viable method must be found.A privacy-preserving deep learning model(PPDLM)is suggested in this research to ad-dress this preserving issue.To preserve data privacy,we first encrypted the data using homomorphic en-cryption(HE)approach.Moreover,the deep learn-ing algorithm’s activation function—the sigmoid func-tion—uses the least-squares method to process non-addition and non-multiplication operations that are not allowed by homomorphic.Finally,experimental re-sults show that PPDLM has a significant effect on the protection of data privacy information.Compared with Non-Privacy Preserving Deep Learning Model(NPPDLM),PPDLM has higher computational effi-ciency.
基金supported by National Basic Research (973) Program of China (2011CB302505)Natural Science Foundation of China (61373145, 61170210)+1 种基金National High-Tech R&D (863) Program of China (2012AA012600,2011AA01A203)Chinese Special Project of Science and Technology (2012ZX01039001)
文摘Despite the multifaceted advantages of cloud computing,concerns about data leakage or abuse impedes its adoption for security-sensi tive tasks.Recent investigations have revealed that the risk of unauthorized data access is one of the biggest concerns of users of cloud-based services.Transparency and accountability for data managed in the cloud is necessary.Specifically,when using a cloudhost service,a user typically has to trust both the cloud service provider and cloud infrastructure provider to properly handling private data.This is a multi-party system.Three particular trust models can be used according to the credibility of these providers.This pa per describes techniques for preventing data leakage that can be used with these different models.
