Verifiable Identity-Based Encryption with Keyword Search for IoT from Lattice

Internet of Things (IoT), which provides the solution of connecting things and devices, has increasingly developed as vital tools to realize intelligent life. Generally, source-limited IoT sensors outsource their data to the cloud, which arises the concerns that the transmission of IoT data is happening without appropriate consideration of the profound security challenges involved. Though encryption technology can guarantee the confidentiality of private data, it hinders the usability of data. Searchable encryption (SE) has been proposed to achieve secure data sharing and searching. However, most of existing SE schemes are designed under conventional hardness assumptions and may be vulnerable to the adversary with quantum computers. Moreover, the untrusted cloud server may perform an unfaithful search execution. To address these problems, in this paper, we propose the first verifiable identity-based keyword search (VIBKS) scheme from lattice. In particular, a lattice-based delegation algorithm is adopted to help the data user to verify both the correctness and the integrity of the search results. Besides, in order to reduce the communication overhead, we refer to the identity-based mechanism. We conduct rigorous proof to demonstrate that the proposed VIBKS scheme is ciphertext indistinguishable secure against the semi-honest-but-curious adversary. In addition, we give the detailed computation and communication complexity of our VIBKS and conduct a series of experiments to validate its efficiency performance.     

An Access Control Scheme Using Heterogeneous Signcryption for IoT Environments

When the Wireless Sensor Network (WSN) is combined with the Internet of Things (IoT), it can be employed in a wide range of applications, such as agriculture, industry 4.0, health care, smart homes, among others. Accessing the big data generated by these applications in Cloud Servers (CSs), requires higher levels of authenticity and confidentiality during communication conducted through the Internet. Signcryption is one of the most promising approaches nowadays for overcoming such obstacles, due to its combined nature, i.e., signature and encryption. A number of researchers have developed schemes to address issues related to access control in the IoT literature, however, the majority of these schemes are based on homogeneous nature. This will be neither adequate nor practical for heterogeneous IoT environments. In addition, these schemes are based on bilinear pairing and elliptic curve cryptography, which further requires additional processing time and more communication overheads that is inappropriate for real-time communication. Consequently, this paper aims to solve the above-discussed issues, we proposed an access control scheme for IoT environments using heterogeneous signcryption scheme with the efficiency and security hardiness of hyperelliptic curve. Besides the security services such as replay attack prevention, confidentiality, integrity, unforgeability, non-repudiations, and forward secrecy, the proposed scheme has very low computational and communication costs, when it is compared to existing schemes. This is primarily because of hyperelliptic curve lighter nature of key and other parameters. The AVISPA tool is used to simulate the security requirements of our proposed scheme and the results were under two backbends (Constraint Logic-based Attack Searcher (CL-b-AtSER) and On-the-Fly Model Checker (ON-t-FL-MCR)) proved to be SAFE when the presented scheme is coded in HLPSL language. This scheme was proven to be capable of preventing a variety of attacks, including confidentiality, integrity, unforgeability, non-repudiation, forward secrecy, and replay attacks.

     

Paillier-Based Fuzzy Multi-Keyword Searchable Encryption Scheme with Order-Preserving

Efficient multi-keyword fuzzy search over encrypted data is a desirable technology for data outsourcing in cloud storage. However, the current searchable encryption solutions still have deficiencies in search efficiency, accuracy and multiple data owner support. In this paper, we propose an encrypted data searching scheme that can support multiple keywords fuzzy search with order preserving (PMS). First, a new spelling correction algorithm-(Possibility-Levenshtein based Spelling Correction) is proposed to correct user input errors, so that fuzzy keywords input can be supported. Second, Paillier encryption is introduced to calculate encrypted relevance score of multiple keywords for order preserving. Then, a queue-based query method is also applied in this scheme to break the linkability between the query keywords and search results and protect the access pattern. Our proposed scheme achieves fuzzy matching without expanding the index table or sacrificing computational efficiency. The theoretical analysis and experiment results show that our scheme is secure, accurate, error-tolerant and very efficient.     

Verifiable Diversity Ranking Search Over Encrypted Outsourced Data

Data outsourcing has become an important application of cloud computing. Driven by the growing security demands of data outsourcing applications, sensitive data have to be encrypted before outsourcing. Therefore, how to properly encrypt data in a way that the encrypted and remotely stored data can still be queried has become a challenging issue. Searchable encryption scheme is proposed to allow users to search over encrypted data. However, most searchable encryption schemes do not consider search result diversification, resulting in information redundancy. In this paper, a verifiable diversity ranking search scheme over encrypted outsourced data is proposed while preserving privacy in cloud computing, which also supports search results verification. The goal is that the ranked documents concerning diversification instead of reading relevant documents that only deliver redundant information. Extensive experiments on real-world dataset validate our analysis and show that our proposed solution is effective for the diversification of documents and verification.     

Secure video distribution scheme based on partial encryption

In TV program distribution, the receiver's identification information is embedded into video data in order to trace illegal distributors, and video data are encrypted in order to protect the confidentiality against unauthorized users. In traditional method, the TV program is firstly fingerprinted, then encrypted, and finally transmitted. For N receivers, N times of encryption, and N times of fingerprinting operations are required, which makes the sender of high loading. In another method, the media content is decrypted and fingerprinted simultaneously by the joint fingerprint embedding and decryption, which is difficult to obtain reasonable performances. In this article, a commutative encryption and fingerprinting scheme is proposed to reduce the sender's loading. In this scheme, the TV program is firstly encrypted, then fingerprinted, and finally transferred. When compared with the traditional method, in the proposed method, only once encryption and N times of fingerprinting are required, which reduces the sender's loading greatly. Based on MPEG2 videos, a commutative encryption and fingerprinting scheme is presented, whose performances including security, efficiency, robustness, and imperceptibility are evaluated. Experimental results show that the scheme obtains good performances and is suitable for TV program distribution. © 2009 Wiley Periodicals, Inc. Int J Imaging Syst Technol, 19, 227–235, 2009     

On the Privacy-Preserving Outsourcing Scheme of Reversible Data Hiding over Encrypted Image Data in Cloud Computing

Advanced cloud computing technology provides cost saving and flexibility of services for users. With the explosion of multimedia data, more and more data owners would outsource their personal multimedia data on the cloud. In the meantime, some computationally expensive tasks are also undertaken by cloud servers. However, the outsourced multimedia data and its applications may reveal the data owner’s private information because the data owners lose the control of their data. Recently, this thought has aroused new research interest on privacy-preserving reversible data hiding over outsourced multimedia data. In this paper, two reversible data hiding schemes are proposed for encrypted image data in cloud computing: reversible data hiding by homomorphic encryption and reversible data hiding in encrypted domain. The former is that additional bits are extracted after decryption and the latter is that extracted before decryption. Meanwhile, a combined scheme is also designed. This paper proposes the privacy-preserving outsourcing scheme of reversible data hiding over encrypted image data in cloud computing, which not only ensures multimedia data security without relying on the trustworthiness of cloud servers, but also guarantees that reversible data hiding can be operated over encrypted images at the different stages. Theoretical analysis confirms the correctness of the proposed encryption model and justifies the security of the proposed scheme. The computation cost of the proposed scheme is acceptable and adjusts to different security levels.     

Lattice-Based Searchable Encryption Scheme against Inside Keywords Guessing Attack

To save the local storage, users store the data on the cloud server who offers convenient internet services. To guarantee the data privacy, users encrypt the data before uploading them into the cloud server. Since encryption can reduce the data availability, public-key encryption with keyword search (PEKS) is developed to achieve the retrieval of the encrypted data without decrypting them. However, most PEKS schemes cannot resist quantum computing attack, because the corresponding hardness assumptions are some number theory problems that can be solved efficiently under quantum computers. Besides, the traditional PEKS schemes have an inherent security issue that they cannot resist inside keywords guessing attack (KGA). In this attack, a malicious server can guess the keywords encapsulated in the search token by computing the ciphertext of keywords exhaustively and performing the test between the token and the ciphertext of keywords. In the paper, we propose a lattice-based PEKS scheme that can resist quantum computing attacks. To resist inside KGA, this scheme adopts a lattice-based signature technique into the encryption of keywords to prevent the malicious server from forging a valid ciphertext. Finally, some simulation experiments are conducted to demonstrate the performance of the proposed scheme and some comparison results are further shown with respect to other searchable schemes.     

Chosen-Ciphertext Attack Secure Public-Key Encryption with Keyword Search

As the use of cloud storage for various services increases, the amount of private personal information along with data stored in the cloud storage is also increasing. To remotely use the data stored on the cloud storage, the data to be stored needs to be encrypted for this reason. Since “searchable encryption” is enable to search on the encrypted data without any decryption, it is one of convenient solutions for secure data management. A public key encryption with keyword search (for short, PEKS) is one of searchable encryptions. Abdalla et al. firstly defined IND-CCA security for PEKS to enhance it’s security and proposed consistent IND-CCA secure PEKS based on the “robust” ANO-CCA secure identity-based encryption(IBE). In this paper, we propose two generic constructions of consistent IND-CCA secure PEKS combining (1) a hierarchical identity based encryption (for short, HIBE) and a signature scheme or (2) a HIBE, an encapsulation, and a message authentication code (for short, MAC) scheme. Our generic constructions identify that HIBE requires the security of a signature or a MAC as well as the weaker “ANO-CPA security (resp., IND-CPA security)” of HIBE than “ANO-CCA security (resp., IND-CCA security)” of IBE required in for achieving IND-CCA secure (resp., consistent) PEKS. Finally, we prove that our generic constructions satisfy IND-CCA security and consistency under the security models.     

Key-space analysis of double random phase encryption technique

We perform a numerical analysis on the double random phase encryption/decryption technique. The key-space of an encryption technique is the set of possible keys that can be used to encode data using that technique. In the case of a strong encryption scheme, many keys must be tried in any brute-force attack on that technique. Traditionally, designers of optical image encryption systems demonstrate only how a small number of arbitrary keys cannot decrypt a chosen encrypted image in their system. However, this type of demonstration does not discuss the properties of the key-space nor refute the feasibility of an efficient brute-force attack. To clarify these issues we present a key-space analysis of the technique. For a range of problem instances we plot the distribution of decryption errors in the key-space indicating the lack of feasibility of a simple brute-force attack.     

Selective and adaptive signal hiding technique for security of JPEG2000

In this article, we proposed a selective partial image encryption scheme of Secure JPEG2000 (JPSEC) for digital cinema or any other JPEG2000‐based applications. It makes a scalable encryption scheme possible on the basis of a trade‐off relationship between the encryption effect and the encryption cost. The encryption scheme was designed to activate during the image compression process, which is between quantization and entropy coding. Three data selection schemes were involved to select the parts of data to be encrypted: subband selection, data bit selection, and random selection of coefficients. The experimental results with over 3000 test images revealed that the PSNRs were between about 9.5 to 7.5 dB when the portion of the encrypted data by this scheme was between 1/4096 and 1/256. As the encryption effect is reasonably high with very low cost, the proposed scheme has high potential to provide secure communications in a variety of wired/wireless scenarios. © 2010 Wiley Periodicals, Inc. Int J Imaging Syst Technol, 20, 277‐284, 2010     

Two-Stage High-Efficiency Encryption Key Update Scheme for LoRaWAN Based IoT Environment

Secure data communication is an essential requirement for an Internet of Things (IoT) system. Especially in Industrial Internet of Things (IIoT) and Internet of Medical Things (IoMT) systems, when important data are hacked, it may induce property loss or life hazard. Even though many IoT-related communication protocols are equipped with secure policies, they still have some security weaknesses in their IoT systems. LoRaWAN is one of the low power wide-area network protocols, and it adopts Advanced Encryption Standard (AES) to provide message integrity and confidentiality. However, LoRaWAN's encryption key update scheme can be further improved. In this paper, a Two-stage High-efficiency LoRaWAN encryption key Update Scheme (THUS for short) is proposed to update LoRaWAN's root keys and session keys in a secure and efficient way. The THUS consists of two stages, i.e., the Root Key Update (RKU) stage and the Session Key Update (SKU) stage, and with different update frequencies, the RKU and SKU provide higher security level than the normal LoRaWAN specification does. A modified AES encryption/decryption process is also utilized in the THUS for enhancing the security of the THUS. The security analyses demonstrate that the THUS not only protects important parameter during key update stages, but also satisfies confidentiality, integrity, and mutual authentication. Moreover, The THUS can further resist replay and eavesdropping attacks.     

Hybrid structured phase mask in frequency plane for optical double image encryption in gyrator transform domain

This paper proposes a method of double image encryption based on hybrid structured phase mask (HSPM) in the gyrator transform (GT) domain. The scheme becomes more secure by parameters used in the HSPM. These HSPMs are generated by using the combination of the optical vortex phase masks and secondary images after taking Fourier transform (FT). The input images are encrypted and recovered with correct values of HSPMs, rotation angles of GT and their keys used during the encryption. The use of an HSPM-based phase mask increases the security and key space for encryption. It can also be implemented opto-electronically. The mean square error calculated between the input and retrieved images shows the efficacy of scheme. The proposed method has also been investigated for its sensitivity to encryption parameters and its security against occlusion and noise attacks under a number of iterations. A set of numerical simulation results support the feasibility and security of the proposed scheme.     

Single-channel color image encryption using a modified Gerchberg-Saxton algorithm and mutual encoding in the Fresnel domain

A single-channel color image encryption is proposed based on the modified Gerchberg-Saxton algorithm (MGSA) and mutual encoding in the Fresnel domain. Similar to the double random phase encoding (DRPE), this encryption scheme also employs a pair of phase-only functions (POFs) as encryption keys. But the two POFs are generated by the use of the MGSA rather than a random function generator. In the encryption process, only one color component is needed to be encrypted when these POFs are mutually served as the second encryption keys. As a result, a more compact and simple color encryption system based on one-time-pad, enabling only one gray cipheretext to be recorded and transmitted when holographic recording is used, is obtained. Moreover, the optical setup is lensless, thus easy to be implemented and the system parameters and wavelength can be served as additional keys to further enhance the security of the system. The feasibility and effectiveness of the proposed method are demonstrated by numerical results.     

Cogent and Energy Efficient Authentication Protocol for WSN in IoT

Given the accelerating development of Internet of things (IoT), a secure and robust authentication mechanism is urgently required as a critical architectural component. The IoT has improved the quality of everyday life for numerous people in many ways. Owing to the predominantly wireless nature of the IoT, connected devices are more vulnerable to security threats compared to wired networks. User authentication is thus of utmost importance in terms of security on the IoT. Several authentication protocols have been proposed in recent years, but most prior schemes do not provide sufficient security for these wireless networks. To overcome the limitations of previous schemes, we propose an efficient and lightweight authentication scheme called the Cogent Biometric-Based Authentication Scheme (COBBAS). The proposed scheme is based on biometric data, and uses lightweight operations to enhance the efficiency of the network in terms of time, storage, and battery consumption. A formal security analysis of COBBAS using Burrows–Abadi–Needham logic proves that the proposed protocol provides secure mutual authentication. Formal security verification using the Automated Validation of Internet Security Protocols and Applications tool shows that the proposed protocol is safe against man-in-the-middle and replay attacks. Informal security analysis further shows that COBBAS protects wireless sensor networks against several security attacks such as password guessing, impersonation, stolen verifier attacks, denial-of-service attacks, and errors in biometric recognition. This protocol also provides user anonymity, confidentiality, integrity, and biometric recovery in acceptable time with reasonable computational cost.     

Privacy Preserving Blockchain Technique to Achieve Secure and Reliable Sharing of IoT Data

In present digital era, an exponential increase in Internet of Things (IoT) devices poses several design issues for business concerning security and privacy. Earlier studies indicate that the blockchain technology is found to be a significant solution to resolve the challenges of data security exist in IoT. In this view, this paper presents a new privacy-preserving Secure Ant Colony optimization with Multi Kernel Support Vector Machine (ACOMKSVM) with Elliptical Curve cryptosystem (ECC) for secure and reliable IoT data sharing. This program uses blockchain to ensure protection and integrity of some data while it has the technology to create secure ACOMKSVM training algorithms in partial views of IoT data, collected from various data providers. Then, ECC is used to create effective and accurate privacy that protects ACOMKSVM secure learning process. In this study, the authors deployed blockchain technique to create a secure and reliable data exchange platform across multiple data providers, where IoT data is encrypted and recorded in a distributed ledger. The security analysis showed that the specific data ensures confidentiality of critical data from each data provider and protects the parameters of the ACOMKSVM model for data analysts. To examine the performance of the proposed method, it is tested against two benchmark dataset such as Breast Cancer Wisconsin Data Set (BCWD) and Heart Disease Data Set (HDD) from UCI AI repository. The simulation outcome indicated that the ACOMKSVM model has outperformed all the compared methods under several aspects.     

Reversible Data Hiding in Encrypted Image Based on Block Classification Permutation

Recently, reversible data hiding in encrypted image (RDHEI) has attracted extensive attention, which can be used in secure cloud computing and privacy protection effectively. In this paper, a novel RDHEI scheme based on block classification and permutation is proposed. Content owner first divides original image into non-overlapping blocks and then set a threshold to classify these blocks into smooth and non-smooth blocks respectively. After block classification, content owner utilizes a specific encryption method, including stream cipher encryption and block permutation to protect image content securely. For the encrypted image, data hider embeds additional secret information in the most significant bits (MSB) of the encrypted pixels in smooth blocks and the final marked image can be obtained. At the receiver side, secret data will be extracted correctly with data-hiding key. When receiver only has encryption key, after stream cipher decryption, block scrambling decryption and MSB error prediction with threshold, decrypted image will be achieved. When data hiding key and encryption key are both obtained, receiver can find the smooth and non-smooth blocks correctly and MSB in smooth blocks will be predicted correctly, hence, receiver can recover marked image losslessly. Experimental results demonstrate that our scheme can achieve better rate-distortion performance than some of state-of-the-art schemes.     

Reversible Data Hiding in Classification-Scrambling Encrypted-Image Based on Iterative Recovery

To improve the security and quality of decrypted images, this work proposes a reversible data hiding in encrypted image based on iterative recovery. The encrypted image is firstly generated by the pixel classification scrambling and bit-wise exclusive-OR (XOR), which improves the security of encrypted images. And then, a pixel-type-mark generation method based on block-compression is designed to reduce the extra burden of key management and transfer. At last, an iterative recovery strategy is proposed to optimize the marked decrypted image, which allows the original image to be obtained only using the encryption key. The proposed reversible data hiding scheme in encrypted image is not vulnerable to the ciphertext-only attack due to the fact that the XOR-encrypted pixels are scrambled in the corresponding encrypted image. Experimental results demonstrate that the decrypted images obtained by the proposed method are the same as the original ones, and the maximum embedding rate of proposed method is higher than the previously reported reversible data hiding methods in encrypted image.     

Performance Analysis of Multi-Channel CR Enabled IoT Network with Better Energy Harvesting

Wireless Sensor Networks (WSNs) can be termed as an auto-configured and infrastructure-less wireless networks to monitor physical or environmental conditions, such as temperature, sound, vibration, pressure and motion etc. WSNs may comprise thousands of Internet of Things (IoT) devices to sense and collect data from its surrounding, process the data and take an automated and mechanized decision. On the other side the proliferation of these devices will soon cause radio spectrum shortage. So, to facilitate these networks, we integrate Cognitive Radio (CR) functionality in these networks. CR can sense the unutilized spectrum of licensed users and then use these empty bands when required. In order to keep the IoT nodes functional all time, continuous energy is required. For this reason the energy harvested techniques are preferred in IoT networks. Mainly it is preferred to harvest Radio Frequency (RF) energy in the network. In this paper a region based multi-channel architecture is proposed. In which the coverage area of primary node is divided as Energy Harvesting Region and Communication Region. The Secondary User (SU) that are the licensed user is IoT enabled with Cognitive Radio (CR) techniques so we call it CR-enabled IoT node/device and is encouraged to harvest energy by utilizing radio frequency energy. To harvest energy efficiently and to reduce the energy consumption during sensing, the concept of overlapping region is given that supports to sense multiple channels simultaneously and help the SU to find best channel for transmitting data or to harvest energy from the ideal channel. From the experimental analysis, it is proved that SU can harvest more energy in overlapping region and this architecture proves to consume less energy during data transmission as compared to single channel. We also show that channel load can be highly reduced and channel utilization is proved to be more proficient. Thus, this proves the proposed architecture cost-effective and energy-efficient.     

Towards Privacy-Preserving Cloud Storage: A Blockchain Approach

With the rapid development of cloud computing technology, cloud services have now become a new business model for information services. The cloud server provides the IT resources required by customers in a self-service manner through the network, realizing business expansion and rapid innovation. However, due to the insufficient protection of data privacy, the problem of data privacy leakage in cloud storage is threatening cloud computing. To address the problem, we propose BC-PECK, a data protection scheme based on blockchain and public key searchable encryption. Firstly, all the data is protected by the encryption algorithm. The privacy data is encrypted and stored in a cloud server, while the ciphertext index is established by a public key searchable encryption scheme and stored on the blockchain. Secondly, based on the characteristics of trusted execution of smart contract technology, a control mechanism for data accessing and sharing is given. Data transaction is automatically recorded on the blockchain, which is fairer under the premise of ensuring the privacy and security of the data sharing process. Finally, we analyzed the security and fairness of the current scheme. Through the comparison with similar schemes, we have shown the advantages of the proposed scheme.     

Error-reduction techniques and error analysis for fully phase- and amplitude-based encryption

The performance of fully phase- and amplitude-based encryption processors is analyzed. The effects of noise perturbations on the encrypted information are considered. A thresholding method of decryption that further reduces the mean-squared error (MSE) for the fully phase- and amplitude-based encryption processes is provided. The proposed thresholding scheme significantly improves the performance of fully phase- and amplitude-based encryption, as measured by the MSE metric. We obtain analytical MSE bounds when thresholding is used for both decryption methods, and we also present computer-simulation results. These results show that the fully phase-based method is more robust. We also give a formal proof of a conjecture about the decrypted distribution of distorted encrypted information. This allows the analytical bounds of the MSE to be extended to more general non-Gaussian, nonadditive, nonstationary distortions. Computer simulations support this extension.