A time-aware searchable encryption scheme for EHRs

Despite the benefits of EHRs (Electronic Health Records), there is a growing concern over the risks of privacy exposure associated with the technologies of EHR storing and transmission. To deal with this problem, a time-aware searchable encryption with designated server is proposed in this paper. It is based on Boneh's public key encryption with keyword search and Rivest's timed-release cryptology. Our construction has three features: the user cannot issue a keyword search query successfully unless the search falls into the specific time range; only the authorized user can generate a valid trapdoor; only the designated server can execute the search. Applying our scheme in a multi-user environment, the number of the keyword ciphertexts would not increase linearly with the number of the authorized users. The security and performance analysis shows that our proposed scheme is securer and more efficient than the existing similar schemes.     

Cryptanalysis of nonlinear confusion component based encryption algorithm

Recently many substitution box based encryption algorithms ensuring privacy have been proposed. Many, chaotic map based S-boxes have been generated posing high nonlinearity and strong cryptographic properties. Encryption schemes depending on the substitution box (S-box) only are weak and easily breakable with the help of chosen plaintext and ciphertext attacks. In this work, we have completely cryptanalyzed S-box based encryption scheme successfully by two types of attacks. Cryptanalysis in both types of attacks is performed by only one selected image. Moreover, we have suggested some improvements in the algorithm to defeat attacks.     

物联网本体存储数据可撤销加密仿真研究

针对物联网密钥不可随机拆分与撤销,本体存储数据容易遭到外界入侵,导致用户隐私信息泄露,提出物联网本体存储数据可撤销加密方法。根据数据可撤销加密的理论确定双线性映射函数,通过加密撤销的困难假设构建了物联网本体存储数据可撤销模型。对存储数据进行可撤销运算,采用了周期更新思想,将用户密钥属性、用户身份以及时间进行划分,并根据访问树的节点数据对用户存储数据进行加密计算。通过主要密钥随机拆分撤销运算,根据结果对存储数据可撤销加密进行安全认证。仿真结果表明,采用可撤销加密方法能够实现物联网密钥的随机拆分,缩短用户密钥更新周期,数据安全性更高。     

基于ATP-ABE的访问控制方案

对访问控制机制中存在的安全性和有效性的问题进行了研究，提出了基于访问树剪枝的属性加密ATP-ABE（Access Tree Pruning Attribute Based Encryption）的访问控制方案。当ATP-ABE算法需要访问它的树型结构访问策略时，通过剪枝处理访问树结构中包含用户ID属性节点的分支，提高了用户所有者DO（Data Owner）管理和控制属性的效率，更加有效地实现了数据共享。还为访问树结构设计了许可访问属性，使DO仍保留共享数据的关键属性，并且能够完全控制它们的共享数据。基于决策双线性密钥交换算法DBDH（Decisional Bilinear Diffie-Hellman）假设分析了ATP-ABE方案的安全性，研究结果表明与两种经典ABE方案比较，ATP-ABE更加有效地减少了算法的系统设置、私钥生成、密文大小、用户属性撤销以及加解密过程中的计算开销，并给出了定量结论。     

Efficient and secure identity-based encryption scheme with equality test in cloud computing

Efficient searching on encrypted data outsourced to the cloud remains a research challenge. Identity-based encryption with equality test (IBEET) scheme has recently been identified as a viable solution, in which users can delegate a trapdoor to the server and the server then searches on user outsourced encrypted data to determine whether two different ciphertexts are encryptions of the same plaintext. Such schemes are, unfortunately, inefficient particularly for deployment on mobile devices (with limited power/battery life and computing capacity). In this paper, we propose an efficient IBEET scheme with bilinear pairing, which reduces the need for time-consuming HashToPoint function. We then prove the security of our scheme for one-way secure against chosen identity and chosen ciphertext attacks (OW–ID–CCA) in the random oracle model (ROM). The performance evaluation of our scheme demonstrates that in comparison to the scheme of Ma (2016), our scheme achieves a reduction of 36.7% and 39.24% in computation cost during the encryption phase and test phase, respectively, and that our scheme is suitable for (mobile) cloud deployment.     

A SIMPLIFIED AES ALGORITHM AND ITS LINEAR AND DIFFERENTIAL CRYPTANALYSES

In this paper, we describe a simplified version of the Advanced Encryption Standard algorithm. This version can be used in the classroom for explaining the Advanced Encryption Standard. After presentation of the simplified version, it is easier for students to understand the real version. This simplified version has the advantage that examples can be worked by hand. We also describe attacks on this version using both linear and differential cryptanalysis. These too can be used in the classroom as a way of explaining those kinds of attacks.     

士兵职业技能鉴定系统数据库加密研究

针对士兵职业技能鉴定系统数据库,就如何保证系统在高性能、高可用的同时,提升数据的安全性,确保系统不被入侵,关键数据不被泄露或是增删改等问题,提出了一种只针对敏感数据加密的策略,将DES和RSA加密算法结合起来运用到数据加密的不同环节中,确保了系统安全可靠。加密结果表明,加密后的系统数据库能有效地提高系统的安全性能,即便是他人入侵到数据库也束手无策,防止了人为因素,杜绝了体外操作,有效地增强鉴定管理的规范性,提高鉴定的含金量和认可度。     

Joint image compression–encryption using discrete fractional transforms

Exchange of data in the form of text and image on internet is in fast progression and it is spawning new compression and encryption algorithms for bandwidth and security respectively. We have proposed a new kind of joint algorithm using discrete fractional transforms for compression–encryption of image. In this algorithm, the discrete fractional Fourier transform which is discrete version of fractional Fourier transform, is used to compress the images with variation of its parameter ‘α’ (order of transform). The compressed image is encrypted using discrete fractional cosine transform to provide security. The advantage of this method is its feasible implementation in practice, superior, robustness, security and sensitivity of keys, which has a good prospect and practicability in information security field. Results of computer simulations are presented to verify the validity of the proposed method such as mean square error (MSE) and peak signal to noise ratio between the original image and decrypted image. Sensitivity for right decryption key is proved with respect to MSE.     

Optimal quantitative cryptanalysis of permutation-only multimedia ciphers against plaintext attacks

Recently, an image scrambling encryption algorithm of pixel bit based on chaos map was proposed. Considering the algorithm as a typical binary image scrambling/permutation algorithm exerting on plaintext of size M×(8N), this paper proposes a novel optimal method to break it with some known/chosen-plaintexts. The spatial complexity and computational complexity of the attack are only O(32·MN) and O(16·n₀·MN) respectively, where n₀ is the number of known/chosen-plaintexts used. The method can be easily extended to break any permutation-only encryption scheme exerting on plaintext of size M×N and with L different levels of values. The corresponding spatial complexity and computational complexity are only O(MN) and O(⌈log_L(MN)⌉·MN) respectively. In addition, some specific remarks on the performance of the image scrambling encryption algorithm are presented.     

网络通讯中信息安全性分析

确保网络通讯中信息安全的主要技术是加密技术。在论述了信息加密技术的基础上,进一步分析了加密技术在网络通讯中的应用,最后介绍了网络信息加密技术的发展方向。