A Proxy Re-Encryption with Keyword Search Scheme in Cloud Computing

With the widespread use of cloud computing technology, more and more users and enterprises decide to store their data in a cloud server by outsourcing. However, these huge amounts of data may contain personal privacy, business secrets and other sensitive information of the users and enterprises. Thus, at present, how to protect, retrieve, and legally use the sensitive information while preventing illegal accesses are security challenges of data storage in the cloud environment. A new proxy re-encryption with keyword search scheme is proposed in this paper in order to solve the problem of the low retrieval efficiency of the encrypted data in the cloud server. In this scheme, the user data are divided into files, file indexes and the keyword corresponding to the files, which are respectively encrypted to store. The improved scheme does not need to re-encrypt partial file cipher-text as in traditional schemes, but re-encrypt the cipher-text of keywords corresponding to the files. Therefore the scheme can improve the computational efficiency as well as resist chosen keyword attack. And the scheme is proven to be indistinguishable under Hash Diffie-Hellman assumption. Furthermore, the scheme does not need to use any secure channels, making it more effective in the cloud environment.     

Paillier-Based Fuzzy Multi-Keyword Searchable Encryption Scheme with Order-Preserving

Efficient multi-keyword fuzzy search over encrypted data is a desirable technology for data outsourcing in cloud storage. However, the current searchable encryption solutions still have deficiencies in search efficiency, accuracy and multiple data owner support. In this paper, we propose an encrypted data searching scheme that can support multiple keywords fuzzy search with order preserving (PMS). First, a new spelling correction algorithm-(Possibility-Levenshtein based Spelling Correction) is proposed to correct user input errors, so that fuzzy keywords input can be supported. Second, Paillier encryption is introduced to calculate encrypted relevance score of multiple keywords for order preserving. Then, a queue-based query method is also applied in this scheme to break the linkability between the query keywords and search results and protect the access pattern. Our proposed scheme achieves fuzzy matching without expanding the index table or sacrificing computational efficiency. The theoretical analysis and experiment results show that our scheme is secure, accurate, error-tolerant and very efficient.     

Chosen-Ciphertext Attack Secure Public-Key Encryption with Keyword Search

As the use of cloud storage for various services increases, the amount of private personal information along with data stored in the cloud storage is also increasing. To remotely use the data stored on the cloud storage, the data to be stored needs to be encrypted for this reason. Since “searchable encryption” is enable to search on the encrypted data without any decryption, it is one of convenient solutions for secure data management. A public key encryption with keyword search (for short, PEKS) is one of searchable encryptions. Abdalla et al. firstly defined IND-CCA security for PEKS to enhance it’s security and proposed consistent IND-CCA secure PEKS based on the “robust” ANO-CCA secure identity-based encryption(IBE). In this paper, we propose two generic constructions of consistent IND-CCA secure PEKS combining (1) a hierarchical identity based encryption (for short, HIBE) and a signature scheme or (2) a HIBE, an encapsulation, and a message authentication code (for short, MAC) scheme. Our generic constructions identify that HIBE requires the security of a signature or a MAC as well as the weaker “ANO-CPA security (resp., IND-CPA security)” of HIBE than “ANO-CCA security (resp., IND-CCA security)” of IBE required in for achieving IND-CCA secure (resp., consistent) PEKS. Finally, we prove that our generic constructions satisfy IND-CCA security and consistency under the security models.     

Lattice-Based Searchable Encryption Scheme against Inside Keywords Guessing Attack

To save the local storage, users store the data on the cloud server who offers convenient internet services. To guarantee the data privacy, users encrypt the data before uploading them into the cloud server. Since encryption can reduce the data availability, public-key encryption with keyword search (PEKS) is developed to achieve the retrieval of the encrypted data without decrypting them. However, most PEKS schemes cannot resist quantum computing attack, because the corresponding hardness assumptions are some number theory problems that can be solved efficiently under quantum computers. Besides, the traditional PEKS schemes have an inherent security issue that they cannot resist inside keywords guessing attack (KGA). In this attack, a malicious server can guess the keywords encapsulated in the search token by computing the ciphertext of keywords exhaustively and performing the test between the token and the ciphertext of keywords. In the paper, we propose a lattice-based PEKS scheme that can resist quantum computing attacks. To resist inside KGA, this scheme adopts a lattice-based signature technique into the encryption of keywords to prevent the malicious server from forging a valid ciphertext. Finally, some simulation experiments are conducted to demonstrate the performance of the proposed scheme and some comparison results are further shown with respect to other searchable schemes.     

Dynamic Proofs of Retrievability Based on Partitioning-Based Square Root Oblivious RAM

With the development of cloud storage, the problem of efficiently checking and proving data integrity needs more consideration. Therefore, much of growing interest has been pursed in the context of the integrity verification of cloud storage. Provable data possession (PDP) and Proofs of retrievablity (POR) are two kinds of important scheme which can guarantee the data integrity in the cloud storage environments. The main difference between them is that POR schemes store a redundant encoding of the client data on the server so as to she has the ability of retrievablity while PDP does not have. Unfortunately, most of POR schemes support only static data. Stefanov et al. proposed a dynamic POR, but their scheme need a large of amount of client storage and has a large audit cost. Cash et al. use Oblivious RAM (ORAM) to construct a fully dynamic POR scheme, but the cost of their scheme is also very heavy. Based on the idea which proposed by Cash, we propose dynamic proofs of retrievability via Partitioning-Based Square Root Oblivious RAM (DPoR-PSR-ORAM). Firstly, the notions used in our scheme are defined. The Partitioning-Based Square Root Oblivious RAM (PSR-ORAM) protocol is also proposed. The DPOR-PSR-ORAM Model which includes the formal definitions, security definitions and model construction methods are described in the paper. Finally, we give the security analysis and efficiency analysis. The analysis results show that our scheme not only has the property of correctness, authenticity, next-read pattern hiding and retrievabiltiy, but also has the high efficiency.     

Verifiable Diversity Ranking Search Over Encrypted Outsourced Data

Data outsourcing has become an important application of cloud computing. Driven by the growing security demands of data outsourcing applications, sensitive data have to be encrypted before outsourcing. Therefore, how to properly encrypt data in a way that the encrypted and remotely stored data can still be queried has become a challenging issue. Searchable encryption scheme is proposed to allow users to search over encrypted data. However, most searchable encryption schemes do not consider search result diversification, resulting in information redundancy. In this paper, a verifiable diversity ranking search scheme over encrypted outsourced data is proposed while preserving privacy in cloud computing, which also supports search results verification. The goal is that the ranked documents concerning diversification instead of reading relevant documents that only deliver redundant information. Extensive experiments on real-world dataset validate our analysis and show that our proposed solution is effective for the diversification of documents and verification.     

Enabling Comparable Search Over Encrypted Data for IoT with Privacy-Preserving

With the rapid development of cloud computing and Internet of Things (IoT) technology, massive data raises and shuttles on the network every day. To ensure the confidentiality and utilization of these data, industries and companies users encrypt their data and store them in an outsourced party. However, simple adoption of encryption scheme makes the original lose its flexibility and utilization. To address these problems, the searchable encryption scheme is proposed. Different from traditional encrypted data search scheme, this paper focuses on providing a solution to search the data from one or more IoT device by comparing their underlying numerical values. We present a multi-client comparable search scheme over encrypted numerical data which supports range queries. This scheme is mainly designed for keeping the confidentiality and searchability of numeric data, it enables authorized clients to fetch the data from different data owners by a generated token. Furthermore, to rich the scheme’s functionality, we exploit the idea of secret sharing to realize cross-domain search which improves the data’s utilization. The proposed scheme has also been proven to be secure through a series of security games. Moreover, we conduct experiments to demonstrate that our scheme is more practical than the existed similar schemes and achieves a balance between functionality and efficiency.     

A Weighted Threshold Secret Sharing Scheme for Remote Sensing Images Based on Chinese Remainder Theorem

The recent advances in remote sensing and computer techniques give birth to the explosive growth of remote sensing images. The emergence of cloud storage has brought new opportunities for storage and management of massive remote sensing images with its large storage space, cost savings. However, the openness of cloud brings challenges for image data security. In this paper, we propose a weighted image sharing scheme to ensure the security of remote sensing in cloud environment, which takes the weights of participants (i.e., cloud service providers) into consideration. An extended Mignotte sequence is constructed according to the weights of participants, and we can generate image shadow shares based on the hash value which can be obtained from gray value of remote sensing images. Then we store the shadows in every cloud service provider, respectively. At last, we restore the remote sensing image based on the Chinese Remainder Theorem. Experimental results show the proposed scheme can effectively realize the secure storage of remote sensing images in the cloud. The experiment also shows that no matter weight values, each service providers only needs to save one share, which simplifies the management and usage, it also reduces the transmission of secret information, strengthens the security and practicality of this scheme.     

Towards Privacy-Preserving Cloud Storage: A Blockchain Approach

With the rapid development of cloud computing technology, cloud services have now become a new business model for information services. The cloud server provides the IT resources required by customers in a self-service manner through the network, realizing business expansion and rapid innovation. However, due to the insufficient protection of data privacy, the problem of data privacy leakage in cloud storage is threatening cloud computing. To address the problem, we propose BC-PECK, a data protection scheme based on blockchain and public key searchable encryption. Firstly, all the data is protected by the encryption algorithm. The privacy data is encrypted and stored in a cloud server, while the ciphertext index is established by a public key searchable encryption scheme and stored on the blockchain. Secondly, based on the characteristics of trusted execution of smart contract technology, a control mechanism for data accessing and sharing is given. Data transaction is automatically recorded on the blockchain, which is fairer under the premise of ensuring the privacy and security of the data sharing process. Finally, we analyzed the security and fairness of the current scheme. Through the comparison with similar schemes, we have shown the advantages of the proposed scheme.     

Distributed Secure Storage Scheme Based on Sharding Blockchain

Distributed storage can store data in multiple devices or servers to improve data security. However, in today's explosive growth of network data, traditional distributed storage scheme is faced with some severe challenges such as insufficient performance, data tampering, and data lose. A distributed storage scheme based on blockchain has been proposed to improve security and efficiency of traditional distributed storage. Under this scheme, the following improvements have been made in this paper. This paper first analyzes the problems faced by distributed storage. Then proposed to build a new distributed storage blockchain scheme with sharding blockchain. The proposed scheme realizes the partitioning of the network and nodes by means of blockchain sharding technology, which can improve the efficiency of data verification between nodes. In addition, this paper uses polynomial commitment to construct a new verifiable secret share scheme called PolyVSS. This new scheme is one of the foundations for building our improved distributed storage blockchain scheme. Compared with the previous scheme, our new scheme does not require a trusted third party and has some new features such as homomorphic and batch opening. The security of VSS can be further improved. Experimental comparisons show that the proposed scheme significantly reduces storage and communication costs.     

A Novel Anonymous Authentication Scheme Based on Edge Computing in Internet of Vehicles

The vehicular cloud computing is an emerging technology that changes vehicle communication and underlying traffic management applications. However, cloud computing has disadvantages such as high delay, low privacy and high communication cost, which can not meet the needs of real-time interactive information of Internet of vehicles. Ensuring security and privacy in Internet of Vehicles is also regarded as one of its most important challenges. Therefore, in order to ensure the user information security and improve the real-time of vehicle information interaction, this paper proposes an anonymous authentication scheme based on edge computing. In this scheme, the concept of edge computing is introduced into the Internet of vehicles, which makes full use of the redundant computing power and storage capacity of idle edge equipment. The edge vehicle nodes are determined by simple algorithm of defining distance and resources, and the improved RSA encryption algorithm is used to encrypt the user information. The improved RSA algorithm encrypts the user information by reencrypting the encryption parameters . Compared with the traditional RSA algorithm, it can resist more attacks, so it is used to ensure the security of user information. It can not only protect the privacy of vehicles, but also avoid anonymous abuse. Simulation results show that the proposed scheme has lower computational complexity and communication overhead than the traditional anonymous scheme.     

On the Privacy-Preserving Outsourcing Scheme of Reversible Data Hiding over Encrypted Image Data in Cloud Computing

Advanced cloud computing technology provides cost saving and flexibility of services for users. With the explosion of multimedia data, more and more data owners would outsource their personal multimedia data on the cloud. In the meantime, some computationally expensive tasks are also undertaken by cloud servers. However, the outsourced multimedia data and its applications may reveal the data owner’s private information because the data owners lose the control of their data. Recently, this thought has aroused new research interest on privacy-preserving reversible data hiding over outsourced multimedia data. In this paper, two reversible data hiding schemes are proposed for encrypted image data in cloud computing: reversible data hiding by homomorphic encryption and reversible data hiding in encrypted domain. The former is that additional bits are extracted after decryption and the latter is that extracted before decryption. Meanwhile, a combined scheme is also designed. This paper proposes the privacy-preserving outsourcing scheme of reversible data hiding over encrypted image data in cloud computing, which not only ensures multimedia data security without relying on the trustworthiness of cloud servers, but also guarantees that reversible data hiding can be operated over encrypted images at the different stages. Theoretical analysis confirms the correctness of the proposed encryption model and justifies the security of the proposed scheme. The computation cost of the proposed scheme is acceptable and adjusts to different security levels.     

A Secure Rotation Invariant LBP Feature Computation in Cloud Environment

In the era of big data, outsourcing massive data to a remote cloud server is a promising approach. Outsourcing storage and computation services can reduce storage costs and computational burdens. However, public cloud storage brings about new privacy and security concerns since the cloud servers can be shared by multiple users. Privacy-preserving feature extraction techniques are an effective solution to this issue. Because the Rotation Invariant Local Binary Pattern (RILBP) has been widely used in various image processing fields, we propose a new privacy-preserving outsourcing computation of RILBP over encrypted images in this paper (called PPRILBP). To protect image content, original images are encrypted using block scrambling, pixel circular shift, and pixel diffusion when uploaded to the cloud server. It is proved that RILBP features remain unchanged before and after encryption. Moreover, the server can directly extract RILBP features from encrypted images. Analyses and experiments confirm that the proposed scheme is secure and effective, and outperforms previous secure LBP feature computing methods.     

Blockchain-Based Trusted Electronic Records Preservation in Cloud Storage

Cloud storage represents the trend of intensive, scale and specialization of information technology, which has changed the technical architecture and implementation method of electronic records management. Moreover, it will provide a convenient way to generate more advanced and efficient management of the electronic data records. However, in cloud storage environment, it is difficult to guarantee the trustworthiness of electronic records, which results in a series of severe challenges to electronic records management. Starting from the definition and specification of electronic records, this paper firstly analyzes the requirements of the trustworthiness in cloud storage during their long-term preservation according to the information security theory and subdivides the trustworthiness into the authenticity, integrity, usability, and reliability of electronic records in cloud storage. Moreover, this paper proposes the technology framework of preservation for trusted electronic records. Also, the technology of blockchain, proofs of retrievability, the open archival information system model and erasure code are adopted to protect these four security attributes, to guarantee the credibility of the electronic record.     

Privacy Data Management Mechanism Based on Blockchain and Federated Learning

Due to the extensive use of various intelligent terminals and the popularity of network social tools, a large amount of data in the field of medical emerged. How to manage these massive data safely and reliably has become an important challenge for the medical network community. This paper proposes a data management framework of medical network community based on Consortium Blockchain (CB) and Federated learning (FL), which realizes the data security sharing between medical institutions and research institutions. Under this framework, the data security sharing mechanism of medical network community based on smart contract and the data privacy protection mechanism based on FL and alliance chain are designed to ensure the security of data and the privacy of important data in medical network community, respectively. An intelligent contract system based on Keyed-Homomorphic Public Key (KH-PKE) Encryption scheme is designed, so that medical data can be saved in the CB in the form of ciphertext, and the automatic sharing of data is realized. Zero knowledge mechanism is used to ensure the correctness of shared data. Moreover, the zero-knowledge mechanism introduces the dynamic group signature mechanism of chosen ciphertext attack (CCA) anonymity, which makes the scheme more efficient in computing and communication cost. In the end of this paper, the performance of the scheme is analyzed from both asymptotic and practical aspects. Through experimental comparative analysis, the scheme proposed in this paper is more effective and feasible.     

Verifiable Identity-Based Encryption with Keyword Search for IoT from Lattice

Internet of Things (IoT), which provides the solution of connecting things and devices, has increasingly developed as vital tools to realize intelligent life. Generally, source-limited IoT sensors outsource their data to the cloud, which arises the concerns that the transmission of IoT data is happening without appropriate consideration of the profound security challenges involved. Though encryption technology can guarantee the confidentiality of private data, it hinders the usability of data. Searchable encryption (SE) has been proposed to achieve secure data sharing and searching. However, most of existing SE schemes are designed under conventional hardness assumptions and may be vulnerable to the adversary with quantum computers. Moreover, the untrusted cloud server may perform an unfaithful search execution. To address these problems, in this paper, we propose the first verifiable identity-based keyword search (VIBKS) scheme from lattice. In particular, a lattice-based delegation algorithm is adopted to help the data user to verify both the correctness and the integrity of the search results. Besides, in order to reduce the communication overhead, we refer to the identity-based mechanism. We conduct rigorous proof to demonstrate that the proposed VIBKS scheme is ciphertext indistinguishable secure against the semi-honest-but-curious adversary. In addition, we give the detailed computation and communication complexity of our VIBKS and conduct a series of experiments to validate its efficiency performance.     

A Secure Method for Data Storage and Transmission in Sustainable Cloud Computing

Cloud computing is a technology that provides secure storage space for the customer’s massive data and gives them the facility to retrieve and transmit their data efficiently through a secure network in which encryption and decryption algorithms are being deployed. In cloud computation, data processing, storage, and transmission can be done through laptops and mobile devices. Data Storing in cloud facilities is expanding each day and data is the most significant asset of clients. The important concern with the transmission of information to the cloud is security because there is no perceivability of the client’s data. They have to be dependent on cloud service providers for assurance of the platform’s security. Data security and privacy issues reduce the progression of cloud computing and add complexity. Nowadays; most of the data that is stored on cloud servers is in the form of images and photographs, which is a very confidential form of data that requires secured transmission. In this research work, a public key cryptosystem is being implemented to store, retrieve and transmit information in cloud computation through a modified Rivest-Shamir-Adleman (RSA) algorithm for the encryption and decryption of data. The implementation of a modified RSA algorithm results guaranteed the security of data in the cloud environment. To enhance the user data security level, a neural network is used for user authentication and recognition. Moreover; the proposed technique develops the performance of detection as a loss function of the bounding box. The Faster Region-Based Convolutional Neural Network (Faster R-CNN) gets trained on images to identify authorized users with an accuracy of 99.9% on training.     

Pipeline Defect Detection Cloud System Using Role Encryption and Hybrid Information

Pipeline defect detection systems collect the videos from cameras of pipeline robots, however the systems always analyzed these videos by offline systems or humans to detect the defects of potential security threats. The existing systems tend to reach the limit in terms of data access anywhere, access security and video processing on cloud. There is in need of studying on a pipeline defect detection cloud system for automatic pipeline inspection. In this paper, we deploy the framework of a cloud based pipeline defect detection system, including the user management module, pipeline robot control module, system service module, and defect detection module. In the system, we use a role encryption scheme for video collection, data uploading, and access security, and propose a hybrid information method for defect detection. The experimental results show that our approach is a scalable and efficient defection detection cloud system.     

Privacy-Preserving Content-Aware Search Based on Two-Level Index

Nowadays, cloud computing is used more and more widely, more and more people prefer to using cloud server to store data. So, how to encrypt the data efficiently is an important problem. The search efficiency of existed search schemes decreases as the index increases. For solving this problem, we build the two-level index. Simultaneously, for improving the semantic information, the central word expansion is combined. The purpose of privacy-preserving content-aware search by using the two-level index (CKESS) is that the first matching is performed by using the extended central words, then calculate the similarity between the trapdoor and the secondary index, finally return the results in turn. Through experiments and analysis, it is proved that our proposed schemes can resist multiple threat models and the schemes are secure and efficient.     

Building a Trust Model for Secure Data Sharing (TM-SDS) in Edge Computing Using HMAC Techniques

With the rapid growth of Internet of Things (IoT) based models, and the lack amount of data makes cloud computing resources insufficient. Hence, edge computing-based techniques are becoming more popular in present research domains that makes data storage, and processing effective at the network edges. There are several advanced features like parallel processing and data perception are available in edge computing. Still, there are some challenges in providing privacy and data security over networks. To solve the security issues in Edge Computing, Hash-based Message Authentication Code (HMAC) algorithm is used to provide solutions for preserving data from various attacks that happens with the distributed network nature. This paper proposed a Trust Model for Secure Data Sharing (TM-SDS) with HMAC algorithm. Here, data security is ensured with local and global trust levels with the centralized processing of cloud and by conserving resources effectively. Further, the proposed model achieved 84.25% of packet delivery ratio which is better compared to existing models in the resulting phase. The data packets are securely transmitted between entities in the proposed model and results showed that proposed TM-SDS model outperforms the existing models in an efficient manner.