Searchable public key encryption is a useful cryptographic paradigm that enables an untrustworthy server to retrieve the encrypted data without revealing the contents of the data. It offers a promising solution to enc...Searchable public key encryption is a useful cryptographic paradigm that enables an untrustworthy server to retrieve the encrypted data without revealing the contents of the data. It offers a promising solution to encrypted data retrieval in cryptographic cloud storage. Certificateless public key cryptography (CLPKC) is a novel cryptographic primitive that has many merits. It overcomes the key escrow problem in identity-based cryptography (IBC) and the cumbersome certificate problem in conventional public key cryptography (PKC). Motivated by the appealing features of CLPKC, several certificateless encryption with keyword search (CLEKS) schemes have been presented in the literature. But, our cryptanalysis demonstrates that the previously proposed CLEKS frameworks suffer from the security vulnerability caused by the keyword guessing attack. To remedy the security weakness in the previous frameworks and provide resistance against both inside and outside keyword guessing attacks, we propose a new CLEKS framework. Under the new framework, we design a concrete CLEKS scheme and formally prove its security in the random oracle model. Compared with previous two CLEKS schemes, the proposed scheme has better overall performance while offering stronger security guarantee as it withstands the existing known types of keyword guessing attacks.展开更多
To save the local storage,users store the data on the cloud server who offers convenient internet services.To guarantee the data privacy,users encrypt the data before uploading them into the cloud server.Since encrypt...To save the local storage,users store the data on the cloud server who offers convenient internet services.To guarantee the data privacy,users encrypt the data before uploading them into the cloud server.Since encryption can reduce the data availability,public-key encryption with keyword search(PEKS)is developed to achieve the retrieval of the encrypted data without decrypting them.However,most PEKS schemes cannot resist quantum computing attack,because the corresponding hardness assumptions are some number theory problems that can be solved efficiently under quantum computers.Besides,the traditional PEKS schemes have an inherent security issue that they cannot resist inside keywords guessing attack(KGA).In this attack,a malicious server can guess the keywords encapsulated in the search token by computing the ciphertext of keywords exhaustively and performing the test between the token and the ciphertext of keywords.In the paper,we propose a lattice-based PEKS scheme that can resist quantum computing attacks.To resist inside KGA,this scheme adopts a lattice-based signature technique into the encryption of keywords to prevent the malicious server from forging a valid ciphertext.Finally,some simulation experiments are conducted to demonstrate the performance of the proposed scheme and some comparison results are further shown with respect to other searchable schemes.展开更多
Cloud Computing expands its usability to various fields that utilize data and store it in a common space that is required for computing and the purpose of analysis as like the IoT devices.These devices utilize the clo...Cloud Computing expands its usability to various fields that utilize data and store it in a common space that is required for computing and the purpose of analysis as like the IoT devices.These devices utilize the cloud for storing and retrieving data since the devices are not capable of storing processing data on its own.Cloud Computing provides various services to the users like the IaaS,PaaS and SaaS.The major drawback that is faced by cloud computing include the Utilization of Cloud services for the storage of data that could be accessed by all the users related to cloud.The use of Public Key Encryptions with keyword search(PEKS)provides security against the untrustworthy third-party search capability on publicly encryption keys without revealing the data’s contents.But the Security concerns of PEKs arise when Inside Keywords Guessing attacks(IKGA),is identified in the system due to the untrusted server presume the keyword in trapdoor.This issue could be solved by using various algorithms like the Certificateless Hashed Public Key Authenticated Encryption with Keyword Search(CL-HPAEKS)which utilizes the Modified Elliptic Curve Cryptography(MECC)along with the Mutation Centred flower pollinations algorithm(CM-FPA)that is used in enhancing the performance of the algorithm using the Optimization in keys.The additional use of Message Digests 5(MD5)hash function in the system enhances the security Level that is associated with the system.The system that is proposed achieves the security level performance of 96 percent and the effort consumed by the algorithm is less compared to the other encryption techniques.展开更多
A new authentication scheme based on a one-way hash function and Diffie-Hellman key exchange using smart card was propused by Yoon et al. in 2005. They claimed that the proposed protocol is against password guessing a...A new authentication scheme based on a one-way hash function and Diffie-Hellman key exchange using smart card was propused by Yoon et al. in 2005. They claimed that the proposed protocol is against password guessing attack. In this paper, the author demonstrate that Yoon's scheme is vulnerable to the off-line password guessing attack by using a stolen smart card and the DoS attack by computational load at the re, note system. An improvement of Yoon's scheme to resist the above attacks is also proposed.展开更多
The user data stored in an untrusted server, such as the centralized data center or cloud computing server, may be dangerous of eavesdropping if the data format is a plaintext. However, the general ciphertext is diffi...The user data stored in an untrusted server, such as the centralized data center or cloud computing server, may be dangerous of eavesdropping if the data format is a plaintext. However, the general ciphertext is difficult to search and thus limited for practical usage. The keyword search encryption is a helpful mechanism that provides a searchable ciphertext for some predefined keywords. The previous studies failed to consider the attack from the data storage server to guess the keyword. This kind of attack may cause some critical information revealed to the untrusted server. This paper proposes a new keyword search encryption model that can effectively resist the keyword-guessing attack performed by the untrusted data storage(testing) server. The testing(query)secret is divided into multiple shares so that the security can be guaranteed if the servers cannot conspire with each other to retrieve all shares of the secret.展开更多
The notion of searchable encrypted keywords introduced an elegant approach to retrieve encrypted data without the need of decryption. Since the introduction of this notion, there are two main searchable encrypted keyw...The notion of searchable encrypted keywords introduced an elegant approach to retrieve encrypted data without the need of decryption. Since the introduction of this notion, there are two main searchable encrypted keywords techniques, symmetric searchable encryption (SSE) and public key encryption with keyword search (PEKS). Due to the complicated key management problem in SSE, a number of concrete PEKS constructions have been proposed to overcome it. However, the security of these PEKS schemes was only weakly defined in presence of outsider attacks;therefore they suffer from keyword guessing attacks from the database server as an insider. How to resist insider attacks remains a challenging problem. We propose the first searchable encrypted keywords against insider attacks (SEK-IA) framework to address this problem. The security model of SEK-IA under public key environment is rebuilt. We give a concrete SEK-IA construction featured with a constant-size trapdoor and the proposed scheme is formally proved to be secure against insider attacks. The performance evaluations show that the communication cost between the receiver and the server in our SEK-IA scheme remains constant, independent of the sender identity set size, and the receiver needs the minimized computational cost to generate a trapdoor to search the data from multiple senders.展开更多
针对不同医疗机构之间电子病历(Electronic Medical Record,EMR)数据共享困难、患者隐私泄露的问题,提出一种基于区块链与可搜索加密的电子病历共享方案。该方案利用区块链技术,结合基于身份的加密与代理重加密,实现云服务器中EMR的密...针对不同医疗机构之间电子病历(Electronic Medical Record,EMR)数据共享困难、患者隐私泄露的问题,提出一种基于区块链与可搜索加密的电子病历共享方案。该方案利用区块链技术,结合基于身份的加密与代理重加密,实现云服务器中EMR的密态检索,从而确保检索结果的完整正确性。安全性分析结果表明,所提方案具有关键词密文不可区分性、陷门不可区分性和可抵御内部关键词猜测攻击的隐私安全特性。仿真结果表明,所提方案具有较高的EMR关键字密文检索效率。展开更多
基金supported by the National Natural Science Foundation of China under Grant Nos. 61772009 and U1736112the Natural Science Foundation of Jiangsu Province under Grant Nos. BK20161511 and BK20181304
文摘Searchable public key encryption is a useful cryptographic paradigm that enables an untrustworthy server to retrieve the encrypted data without revealing the contents of the data. It offers a promising solution to encrypted data retrieval in cryptographic cloud storage. Certificateless public key cryptography (CLPKC) is a novel cryptographic primitive that has many merits. It overcomes the key escrow problem in identity-based cryptography (IBC) and the cumbersome certificate problem in conventional public key cryptography (PKC). Motivated by the appealing features of CLPKC, several certificateless encryption with keyword search (CLEKS) schemes have been presented in the literature. But, our cryptanalysis demonstrates that the previously proposed CLEKS frameworks suffer from the security vulnerability caused by the keyword guessing attack. To remedy the security weakness in the previous frameworks and provide resistance against both inside and outside keyword guessing attacks, we propose a new CLEKS framework. Under the new framework, we design a concrete CLEKS scheme and formally prove its security in the random oracle model. Compared with previous two CLEKS schemes, the proposed scheme has better overall performance while offering stronger security guarantee as it withstands the existing known types of keyword guessing attacks.
基金The authors would like to thank the support from Fundamental Research Funds for the Central Universities(No.30918012204)The authors also gratefully acknowledge the helpful comments and suggestions of other researchers,which has improved the presentation.
文摘To save the local storage,users store the data on the cloud server who offers convenient internet services.To guarantee the data privacy,users encrypt the data before uploading them into the cloud server.Since encryption can reduce the data availability,public-key encryption with keyword search(PEKS)is developed to achieve the retrieval of the encrypted data without decrypting them.However,most PEKS schemes cannot resist quantum computing attack,because the corresponding hardness assumptions are some number theory problems that can be solved efficiently under quantum computers.Besides,the traditional PEKS schemes have an inherent security issue that they cannot resist inside keywords guessing attack(KGA).In this attack,a malicious server can guess the keywords encapsulated in the search token by computing the ciphertext of keywords exhaustively and performing the test between the token and the ciphertext of keywords.In the paper,we propose a lattice-based PEKS scheme that can resist quantum computing attacks.To resist inside KGA,this scheme adopts a lattice-based signature technique into the encryption of keywords to prevent the malicious server from forging a valid ciphertext.Finally,some simulation experiments are conducted to demonstrate the performance of the proposed scheme and some comparison results are further shown with respect to other searchable schemes.
文摘Cloud Computing expands its usability to various fields that utilize data and store it in a common space that is required for computing and the purpose of analysis as like the IoT devices.These devices utilize the cloud for storing and retrieving data since the devices are not capable of storing processing data on its own.Cloud Computing provides various services to the users like the IaaS,PaaS and SaaS.The major drawback that is faced by cloud computing include the Utilization of Cloud services for the storage of data that could be accessed by all the users related to cloud.The use of Public Key Encryptions with keyword search(PEKS)provides security against the untrustworthy third-party search capability on publicly encryption keys without revealing the data’s contents.But the Security concerns of PEKs arise when Inside Keywords Guessing attacks(IKGA),is identified in the system due to the untrusted server presume the keyword in trapdoor.This issue could be solved by using various algorithms like the Certificateless Hashed Public Key Authenticated Encryption with Keyword Search(CL-HPAEKS)which utilizes the Modified Elliptic Curve Cryptography(MECC)along with the Mutation Centred flower pollinations algorithm(CM-FPA)that is used in enhancing the performance of the algorithm using the Optimization in keys.The additional use of Message Digests 5(MD5)hash function in the system enhances the security Level that is associated with the system.The system that is proposed achieves the security level performance of 96 percent and the effort consumed by the algorithm is less compared to the other encryption techniques.
文摘A new authentication scheme based on a one-way hash function and Diffie-Hellman key exchange using smart card was propused by Yoon et al. in 2005. They claimed that the proposed protocol is against password guessing attack. In this paper, the author demonstrate that Yoon's scheme is vulnerable to the off-line password guessing attack by using a stolen smart card and the DoS attack by computational load at the re, note system. An improvement of Yoon's scheme to resist the above attacks is also proposed.
文摘The user data stored in an untrusted server, such as the centralized data center or cloud computing server, may be dangerous of eavesdropping if the data format is a plaintext. However, the general ciphertext is difficult to search and thus limited for practical usage. The keyword search encryption is a helpful mechanism that provides a searchable ciphertext for some predefined keywords. The previous studies failed to consider the attack from the data storage server to guess the keyword. This kind of attack may cause some critical information revealed to the untrusted server. This paper proposes a new keyword search encryption model that can effectively resist the keyword-guessing attack performed by the untrusted data storage(testing) server. The testing(query)secret is divided into multiple shares so that the security can be guaranteed if the servers cannot conspire with each other to retrieve all shares of the secret.
基金This work is supported by the National Natural Science Foundation of China under Grant Nos. 61300181 and 61502044, and the Fundamental Research Funds for the Central Universities of China under Grant No. 2015RC23.
文摘The notion of searchable encrypted keywords introduced an elegant approach to retrieve encrypted data without the need of decryption. Since the introduction of this notion, there are two main searchable encrypted keywords techniques, symmetric searchable encryption (SSE) and public key encryption with keyword search (PEKS). Due to the complicated key management problem in SSE, a number of concrete PEKS constructions have been proposed to overcome it. However, the security of these PEKS schemes was only weakly defined in presence of outsider attacks;therefore they suffer from keyword guessing attacks from the database server as an insider. How to resist insider attacks remains a challenging problem. We propose the first searchable encrypted keywords against insider attacks (SEK-IA) framework to address this problem. The security model of SEK-IA under public key environment is rebuilt. We give a concrete SEK-IA construction featured with a constant-size trapdoor and the proposed scheme is formally proved to be secure against insider attacks. The performance evaluations show that the communication cost between the receiver and the server in our SEK-IA scheme remains constant, independent of the sender identity set size, and the receiver needs the minimized computational cost to generate a trapdoor to search the data from multiple senders.
文摘针对不同医疗机构之间电子病历(Electronic Medical Record,EMR)数据共享困难、患者隐私泄露的问题,提出一种基于区块链与可搜索加密的电子病历共享方案。该方案利用区块链技术,结合基于身份的加密与代理重加密,实现云服务器中EMR的密态检索,从而确保检索结果的完整正确性。安全性分析结果表明,所提方案具有关键词密文不可区分性、陷门不可区分性和可抵御内部关键词猜测攻击的隐私安全特性。仿真结果表明,所提方案具有较高的EMR关键字密文检索效率。