Lattice-Based Searchable Encryption Scheme against Inside Keywords Guessing Attack

To save the local storage, users store the data on the cloud server who offers convenient internet services. To guarantee the data privacy, users encrypt the data before uploading them into the cloud server. Since encryption can reduce the data availability, public-key encryption with keyword search (PEKS) is developed to achieve the retrieval of the encrypted data without decrypting them. However, most PEKS schemes cannot resist quantum computing attack, because the corresponding hardness assumptions are some number theory problems that can be solved efficiently under quantum computers. Besides, the traditional PEKS schemes have an inherent security issue that they cannot resist inside keywords guessing attack (KGA). In this attack, a malicious server can guess the keywords encapsulated in the search token by computing the ciphertext of keywords exhaustively and performing the test between the token and the ciphertext of keywords. In the paper, we propose a lattice-based PEKS scheme that can resist quantum computing attacks. To resist inside KGA, this scheme adopts a lattice-based signature technique into the encryption of keywords to prevent the malicious server from forging a valid ciphertext. Finally, some simulation experiments are conducted to demonstrate the performance of the proposed scheme and some comparison results are further shown with respect to other searchable schemes.     

A Secure Rotation Invariant LBP Feature Computation in Cloud Environment

In the era of big data, outsourcing massive data to a remote cloud server is a promising approach. Outsourcing storage and computation services can reduce storage costs and computational burdens. However, public cloud storage brings about new privacy and security concerns since the cloud servers can be shared by multiple users. Privacy-preserving feature extraction techniques are an effective solution to this issue. Because the Rotation Invariant Local Binary Pattern (RILBP) has been widely used in various image processing fields, we propose a new privacy-preserving outsourcing computation of RILBP over encrypted images in this paper (called PPRILBP). To protect image content, original images are encrypted using block scrambling, pixel circular shift, and pixel diffusion when uploaded to the cloud server. It is proved that RILBP features remain unchanged before and after encryption. Moreover, the server can directly extract RILBP features from encrypted images. Analyses and experiments confirm that the proposed scheme is secure and effective, and outperforms previous secure LBP feature computing methods.     

Research on Electronic Document Management System Based on Cloud Computing

With the development of information technology, cloud computing technology has brought many conveniences to all aspects of work and life. With the continuous promotion, popularization and vigorous development of e-government and e-commerce, the number of documents in electronic form is getting larger and larger. Electronic document is an indispensable main tool and real record of e-government and business activities. How to scientifically and effectively manage electronic documents? This is an important issue faced by governments and enterprises in improving management efficiency, protecting state secrets or business secrets, and reducing management costs. This paper discusses the application of cloud computing technology in the construction of electronic file management system, proposes an architecture of electronic file management system based on cloud computing, and makes a more detailed discussion on key technologies and implementation. The electronic file management system is built on the cloud architecture to enable users to upload, download, share, set security roles, audit, and retrieve files based on multiple modes. An electronic file management system based on cloud computing can make full use of cloud storage, cloud security, and cloud computing technologies to achieve unified, reliable, and secure management of electronic files.     

A Multi-Conditional Proxy Broadcast Re-Encryption Scheme for Sensor Networks

In sensor networks, it is a challenge to ensure the security of data exchange between packet switching nodes holding different private keys. In order to solve this problem, the present study proposes a scheme called multi-conditional proxy broadcast reencryption (MC-PBRE). The scheme consists of the following roles: the source node, proxy server, and the target node. If the condition is met, the proxy can convert the encrypted data of the source node into data that the target node can directly decrypt. It allows the proxy server to convert the ciphertext of the source node to a new ciphertext of the target node in a different group, while the proxy server does not need to store the key or reveal the plaintext. At the same time, the proxy server cannot obtain any valuable information in the ciphertext. This paper formalizes the concept of MC-PBRE and its security model, and proposes a MC-PBRE scheme of ciphertext security. Finally, the scheme security has been proved in the random oracle.     

Verifiable Diversity Ranking Search Over Encrypted Outsourced Data

Data outsourcing has become an important application of cloud computing. Driven by the growing security demands of data outsourcing applications, sensitive data have to be encrypted before outsourcing. Therefore, how to properly encrypt data in a way that the encrypted and remotely stored data can still be queried has become a challenging issue. Searchable encryption scheme is proposed to allow users to search over encrypted data. However, most searchable encryption schemes do not consider search result diversification, resulting in information redundancy. In this paper, a verifiable diversity ranking search scheme over encrypted outsourced data is proposed while preserving privacy in cloud computing, which also supports search results verification. The goal is that the ranked documents concerning diversification instead of reading relevant documents that only deliver redundant information. Extensive experiments on real-world dataset validate our analysis and show that our proposed solution is effective for the diversification of documents and verification.     

On the Privacy-Preserving Outsourcing Scheme of Reversible Data Hiding over Encrypted Image Data in Cloud Computing

Advanced cloud computing technology provides cost saving and flexibility of services for users. With the explosion of multimedia data, more and more data owners would outsource their personal multimedia data on the cloud. In the meantime, some computationally expensive tasks are also undertaken by cloud servers. However, the outsourced multimedia data and its applications may reveal the data owner’s private information because the data owners lose the control of their data. Recently, this thought has aroused new research interest on privacy-preserving reversible data hiding over outsourced multimedia data. In this paper, two reversible data hiding schemes are proposed for encrypted image data in cloud computing: reversible data hiding by homomorphic encryption and reversible data hiding in encrypted domain. The former is that additional bits are extracted after decryption and the latter is that extracted before decryption. Meanwhile, a combined scheme is also designed. This paper proposes the privacy-preserving outsourcing scheme of reversible data hiding over encrypted image data in cloud computing, which not only ensures multimedia data security without relying on the trustworthiness of cloud servers, but also guarantees that reversible data hiding can be operated over encrypted images at the different stages. Theoretical analysis confirms the correctness of the proposed encryption model and justifies the security of the proposed scheme. The computation cost of the proposed scheme is acceptable and adjusts to different security levels.     

中央控制远程印刷文件云服务系统的研究

设计和构建了由中央控制服务器和企业文件服务器群构成的一种印刷文件云服务系统,实现了客户直接递交文件到企业印刷文件服务云,通过云端文件复制或转移,使企业实现了本地化管理远程数字文件资源,实现了自动化印刷工作流程控制。实验对云端服务器间相互确认、动态版面形成及自动文件转移等进行了测试。中央控制远程印刷文件云服务系统改变了远程印刷服务过程中的文件管理模式,为印刷企业实现云印刷服务和自动化数字印刷流程提供支持。     

An Efficient Ciphertext-Policy Attribute-Based Encryption Scheme with Policy Update

Ciphertext-policy attribute-based encryption (CP-ABE) is a promising cryptographic solution to the problem for enforcing fine-grained access control over encrypted data in the cloud. However, when applying CP-ABE to data outsourcing scenarios, we have to address the challenging issue of policy updates because access control elements, such as users, attributes, and access rules may change frequently. In this paper, we propose a notion of access policy updatable ciphertext-policy attribute-based encryption (APU-CP-ABE) by combining the idea of ciphertext-policy attribute-based key encapsulation and symmetric proxy re-encryption. When an access policy update occurs, data owner is no longer required to download any data for re-encryption from the cloud, all he needs to do is generate a re-encryption key and produce a new encapsulated symmetric key, and then upload them to the cloud. The cloud server executes re-encryption without decryption. Because the re-encrypted ciphertext is encrypted under a completely new key, users cannot decrypt data even if they keep the old symmetric keys or parts of the previous ciphertext. We present an APU-CP-ABE construction based on Syalim et al.’s [Syalim, Nishide and Sakurai (2017)] improved symmetric proxy re-encryption scheme and Agrawal et al.’s [Agrawal and Chase (2017)] attribute-based message encryption scheme. It requires only 6 bilinear pairing operations for decryption, regardless of the number of attributes involved. This makes our construction particularly attractive when decryption is time-critical.     

Enabling Comparable Search Over Encrypted Data for IoT with Privacy-Preserving

With the rapid development of cloud computing and Internet of Things (IoT) technology, massive data raises and shuttles on the network every day. To ensure the confidentiality and utilization of these data, industries and companies users encrypt their data and store them in an outsourced party. However, simple adoption of encryption scheme makes the original lose its flexibility and utilization. To address these problems, the searchable encryption scheme is proposed. Different from traditional encrypted data search scheme, this paper focuses on providing a solution to search the data from one or more IoT device by comparing their underlying numerical values. We present a multi-client comparable search scheme over encrypted numerical data which supports range queries. This scheme is mainly designed for keeping the confidentiality and searchability of numeric data, it enables authorized clients to fetch the data from different data owners by a generated token. Furthermore, to rich the scheme’s functionality, we exploit the idea of secret sharing to realize cross-domain search which improves the data’s utilization. The proposed scheme has also been proven to be secure through a series of security games. Moreover, we conduct experiments to demonstrate that our scheme is more practical than the existed similar schemes and achieves a balance between functionality and efficiency.     

Dynamic Proofs of Retrievability Based on Partitioning-Based Square Root Oblivious RAM

With the development of cloud storage, the problem of efficiently checking and proving data integrity needs more consideration. Therefore, much of growing interest has been pursed in the context of the integrity verification of cloud storage. Provable data possession (PDP) and Proofs of retrievablity (POR) are two kinds of important scheme which can guarantee the data integrity in the cloud storage environments. The main difference between them is that POR schemes store a redundant encoding of the client data on the server so as to she has the ability of retrievablity while PDP does not have. Unfortunately, most of POR schemes support only static data. Stefanov et al. proposed a dynamic POR, but their scheme need a large of amount of client storage and has a large audit cost. Cash et al. use Oblivious RAM (ORAM) to construct a fully dynamic POR scheme, but the cost of their scheme is also very heavy. Based on the idea which proposed by Cash, we propose dynamic proofs of retrievability via Partitioning-Based Square Root Oblivious RAM (DPoR-PSR-ORAM). Firstly, the notions used in our scheme are defined. The Partitioning-Based Square Root Oblivious RAM (PSR-ORAM) protocol is also proposed. The DPOR-PSR-ORAM Model which includes the formal definitions, security definitions and model construction methods are described in the paper. Finally, we give the security analysis and efficiency analysis. The analysis results show that our scheme not only has the property of correctness, authenticity, next-read pattern hiding and retrievabiltiy, but also has the high efficiency.     

Fuzzy Search for Multiple Chinese Keywords in Cloud Environment

With the continuous development of cloud computing and big data technology, the use of cloud storage is more and more extensive, and a large amount of data is outsourced for public cloud servers, and the security problems that follow are gradually emerging. It can not only protect the data privacy of users, but also realize efficient retrieval and use of data, which is an urgent problem for cloud storage. Based on the existing fuzzy search and encrypted data fuzzy search schemes, this paper uses the characteristics of fuzzy sounds and polysemy that are unique to Chinese, and realizes the synonym construction of keywords through Chinese Pinyin and Chinese-English translation, and establishes the fuzzy word and synonym set of keywords. This paper proposes a Chinese multi-keyword fuzzy search scheme in a cloud environment, which realizes the fuzzy search of multiple Chinese keywords and protects the private key by using a pseudo-random function. Finally, the safety analysis and system experiments verify that the scheme has high security, good practicability, and high search success rate.     

Towards Privacy-Preserving Cloud Storage: A Blockchain Approach

With the rapid development of cloud computing technology, cloud services have now become a new business model for information services. The cloud server provides the IT resources required by customers in a self-service manner through the network, realizing business expansion and rapid innovation. However, due to the insufficient protection of data privacy, the problem of data privacy leakage in cloud storage is threatening cloud computing. To address the problem, we propose BC-PECK, a data protection scheme based on blockchain and public key searchable encryption. Firstly, all the data is protected by the encryption algorithm. The privacy data is encrypted and stored in a cloud server, while the ciphertext index is established by a public key searchable encryption scheme and stored on the blockchain. Secondly, based on the characteristics of trusted execution of smart contract technology, a control mechanism for data accessing and sharing is given. Data transaction is automatically recorded on the blockchain, which is fairer under the premise of ensuring the privacy and security of the data sharing process. Finally, we analyzed the security and fairness of the current scheme. Through the comparison with similar schemes, we have shown the advantages of the proposed scheme.     

An Immunization Scheme for Ransomware

In recent years, as the popularity of anonymous currencies such as Bitcoin has made the tracking of ransomware attackers more difficult, the amount of ransomware attacks against personal computers and enterprise production servers is increasing rapidly. The ransomware has a wide range of influence and spreads all over the world. It is affecting many industries including internet, education, medical care, traditional industry, etc. This paper uses the idea of virus immunity to design an immunization solution for ransomware viruses to solve the problems of traditional ransomware defense methods (such as anti-virus software, firewalls, etc.), which cannot meet the requirements of rapid detection and immediate prevention of new outbreaks attacks. Our scheme includes two parts: server and client. The server provides an immune configuration file and configuration file management functions, including a configuration file module, a cryptography algorithm module, and a display module. The client obtains the immunization configuration file from server in real time, and performs the corresponding operations according to the configuration file to make the computer have an immune function for a specific ransomware, including an update module, a configuration file module, a cryptography algorithm module, a control module, and a log module. This scheme controls mutexes, services, files and registries respectively, to destroy the triggering conditions of the virus and finally achieve the purpose of immunizing a computer from a specific ransomware.     

Chosen-Ciphertext Attack Secure Public-Key Encryption with Keyword Search

As the use of cloud storage for various services increases, the amount of private personal information along with data stored in the cloud storage is also increasing. To remotely use the data stored on the cloud storage, the data to be stored needs to be encrypted for this reason. Since “searchable encryption” is enable to search on the encrypted data without any decryption, it is one of convenient solutions for secure data management. A public key encryption with keyword search (for short, PEKS) is one of searchable encryptions. Abdalla et al. firstly defined IND-CCA security for PEKS to enhance it’s security and proposed consistent IND-CCA secure PEKS based on the “robust” ANO-CCA secure identity-based encryption(IBE). In this paper, we propose two generic constructions of consistent IND-CCA secure PEKS combining (1) a hierarchical identity based encryption (for short, HIBE) and a signature scheme or (2) a HIBE, an encapsulation, and a message authentication code (for short, MAC) scheme. Our generic constructions identify that HIBE requires the security of a signature or a MAC as well as the weaker “ANO-CPA security (resp., IND-CPA security)” of HIBE than “ANO-CCA security (resp., IND-CCA security)” of IBE required in for achieving IND-CCA secure (resp., consistent) PEKS. Finally, we prove that our generic constructions satisfy IND-CCA security and consistency under the security models.     

A Privacy-Preserving Image Retrieval Based on AC-Coefficients and Color Histograms in Cloud Environment

Content based image retrieval (CBIR) techniques have been widely deployed in many applications for seeking the abundant information existed in images. Due to large amounts of storage and computational requirements of CBIR, outsourcing image search work to the cloud provider becomes a very attractive option for many owners with small devices. However, owing to the private content contained in images, directly outsourcing retrieval work to the cloud provider apparently bring about privacy problem, so the images should be protected carefully before outsourcing. This paper presents a secure retrieval scheme for the encrypted images in the YUV color space. With this scheme, the discrete cosine transform (DCT) is performed on the Y component. The resulting DC coefficients are encrypted with stream cipher technology and the resulting AC coefficients as well as other two color components are encrypted with value permutation and position scrambling. Then the image owner transmits the encrypted images to the cloud server. When receiving a query trapdoor form on query user, the server extracts AC-coefficients histogram from the encrypted Y component and extracts two color histograms from the other two color components. The similarity between query trapdoor and database image is measured by calculating the Manhattan distance of their respective histograms. Finally, the encrypted images closest to the query image are returned to the query user.     

An Encrypted Image Retrieval Method Based on SimHash in Cloud Computing

With the massive growth of images data and the rise of cloud computing that can provide cheap storage space and convenient access, more and more users store data in cloud server. However, how to quickly query the expected data with privacy-preserving is still a challenging in the encryption image data retrieval. Towards this goal, this paper proposes a ciphertext image retrieval method based on SimHash in cloud computing. Firstly, we extract local feature of images, and then cluster the features by K-means. Based on it, the visual word codebook is introduced to represent feature information of images, which hashes the codebook to the corresponding fingerprint. Finally, the image feature vector is generated by SimHash searchable encryption feature algorithm for similarity retrieval. Extensive experiments on two public datasets validate the effectiveness of our method. Besides, the proposed method outperforms one popular searchable encryption, and the results are competitive to the state-of-the-art.     

Applying and Comparison of Chaotic-Based Permutation Algorithms for Audio Encryption

This research presents, and clarifies the application of two permutation algorithms, based on chaotic map systems, and applied to a file of speech signals. They are the Arnold cat map-based permutation algorithm, and the Baker’s chaotic map-based permutation algorithm. Both algorithms are implemented on the same speech signal sample. Then, both the premier and the encrypted file histograms are documented and plotted. The speech signal amplitude values with time signals of the original file are recorded and plotted against the encrypted and decrypted files. Furthermore, the original file is plotted against the encrypted file, using the spectrogram frequencies of speech signals with the signal duration. These permutation algorithms are used to shuffle the positions of the speech files signals’ values without any changes, to produce an encrypted speech file. A comparative analysis is introduced by using some of sundry statistical and experimental analyses for the procedures of encryption and decryption, e.g., the time of both procedures, the encrypted audio signals histogram, the correlation coefficient between specimens in the premier and encrypted signals, a test of the Spectral Distortion (SD), and the Log-Likelihood Ratio (LLR) measures. The outcomes of the different experimental and comparative studies demonstrate that the two permutation algorithms (Baker and Arnold) are sufficient for providing an efficient and reliable voice signal encryption solution. However, the Arnold’s algorithm gives better results in most cases as compared to the results of Baker’s algorithm.     

Cloud Data Encryption and Authentication Based on Enhanced Merkle Hash Tree Method

Many organizations apply cloud computing to store and effectively process data for various applications. The user uploads the data in the cloud has less security due to the unreliable verification process of data integrity. In this research, an enhanced Merkle hash tree method of effective authentication model is proposed in the multi-owner cloud to increase the security of the cloud data. Merkle Hash tree applies the leaf nodes with a hash tag and the non-leaf node contains the table of hash information of child to encrypt the large data. Merkle Hash tree provides the efficient mapping of data and easily identifies the changes made in the data due to proper structure. The developed model supports privacy-preserving public auditing to provide a secure cloud storage system. The data owners upload the data in the cloud and edit the data using the private key. An enhanced Merkle hash tree method stores the data in the cloud server and splits it into batches. The data files requested by the data owner are audit by a third-party auditor and the multi-owner authentication method is applied during the modification process to authenticate the user. The result shows that the proposed method reduces the encryption and decryption time for cloud data storage by 2–167 ms when compared to the existing Advanced Encryption Standard and Blowfish.     

Two Layer Symmetric Cryptography Algorithm for Protecting Data fromAttacks

Many organizations have insisted on protecting the cloud server from the outside, although the risks of attacking the cloud server are mostly from the inside. There are many algorithms designed to protect the cloud server from attacks that have been able to protect the cloud server attacks. Still, the attackers have designed even better mechanisms to break these security algorithms. Cloud cryptography is the best data protection algorithm that exchanges data between authentic users. In this article, one symmetric cryptography algorithm will be designed to secure cloud server data, used to send and receive cloud server data securely. A double encryption algorithm will be implemented to send data in a secure format. First, the XOR function will be applied to plain text, and then salt technique will be used. Finally, a reversing mechanism will be implemented on that data to provide more data security. To decrypt data, the cipher text will be reversed, salt will be removed, and XOR will be implemented. At the end of the paper, the proposed algorithm will be compared with other algorithms, and it will conclude how much better the existing algorithm is than other algorithms.     

High Capacity Data Hiding in Encrypted Image Based on Compressive Sensing for Nonequivalent Resources

To fulfill the requirements of data security in environments with nonequivalent resources, a high capacity data hiding scheme in encrypted image based on compressive sensing (CS) is proposed by fully utilizing the adaptability of CS to nonequivalent resources. The original image is divided into two parts: one part is encrypted with traditional stream cipher; the other part is turned to the prediction error and then encrypted based on CS to vacate room simultaneously. The collected non-image data is firstly encrypted with simple stream cipher. For data security management, the encrypted non-image data is then embedded into the encrypted image, and the scrambling operation is used to further improve security. Finally, the original image and non-image data can be separably recovered and extracted according to the request from the valid users with different access rights. Experimental results demonstrate that the proposed scheme outperforms other data hiding methods based on CS, and is more suitable for nonequivalent resources.