Private Keyword-Search for Database Systems Against Insider Attacks

The notion of searchable encrypted keywords introduced an elegant approach to retrieve encrypted data without the need of decryption. Since the introduction of this notion, there are two main searchable encrypted keywords techniques, symmetric searchable encryption (SSE) and public key encryption with keyword search (PEKS). Due to the complicated key management problem in SSE, a number of concrete PEKS constructions have been proposed to overcome it. However, the security of these PEKS schemes was only weakly defined in presence of outsider attacks; therefore they suffer from keyword guessing attacks from the database server as an insider. How to resist insider attacks remains a challenging problem. We propose the first searchable encrypted keywords against insider attacks (SEK-IA) framework to address this problem. The security model of SEK-IA under public key environment is rebuilt. We give a concrete SEK-IA construction featured with a constant-size trapdoor and the proposed scheme is formally proved to be secure against insider attacks. The performance evaluations show that the communication cost between the receiver and the server in our SEK-IA scheme remains constant, independent of the sender identity set size, and the receiver needs the minimized computational cost to generate a trapdoor to search the data from multiple senders.     

Constructing PEKS schemes secure against keyword guessing attacks is possible?

Byun et al. suggested keyword guessing attacks and showed that some PEKS (public-key encryption with keyword search) schemes are not secure to keyword guessing attacks, when the number of possible keywords is bounded by some polynomial. Abdalla et al. showed that robust PEKS schemes should satisfy consistency which ensures the PEKS schemes fulfil their functions. In the paper, we show a negative result about the open problem to construct secure PEKS schemes against keyword guessing attacks. Our result shows that consistency implies insecurity to keyword guessing attacks in PEKS. This means that constructing secure and consistent PEKS schemes against keyword guessing attacks is impossible, when the number of possible keywords is bounded by some polynomial.     

Trapdoor security in a searchable public-key encryption scheme with a designated tester

We study a secure searchable public-key encryption scheme with a designated tester (dPEKS). The contributions of this paper are threefold. First, we enhance the existing security model to incorporate the realistic abilities of dPEKS attackers. Second, we introduce the concept of “trapdoor indistinguishability” and show that trapdoor indistinguishability is a sufficient condition for thwarting keyword-guessing attacks. This answers the open problem of how to construct PEKS (dPEKS) schemes that are provably secure against keyword-guessing attacks. Finally, we propose a dPEKS scheme that is secure in the enhanced security model. The scheme is the first dPEKS scheme that is secure against keyword-guessing attacks.     

Secure Channel Free ID-Based Searchable Encryption for Peer-to-Peer Group

Data sharing and searching are important functionalities in cloud storage. In this paper, we show how to securely and flexibly search and share cloud data among a group of users without a group manager. We formalize a novel cryptosystem: secure channel free searchable encryption in a peer-to-peer group, which features with the secure cloud data sharing and searching for group members in an identity-based setting. Our scheme allows group members to join or leave the group dynamically. We present two schemes: basic scheme and enhanced scheme. We formally prove that our basic scheme achieves consistency and indistinguishability against the chosen keyword and ciphertext attack and the outsider’s keyword guessing attack, respectively. An enhanced scheme is also proposed to achieve forward secrecy, which allows to revoke user search right over the former shared data.     

安全的指定发送者的基于身份的可搜索加密方案

云存储技术发展非常迅速,用户能高效地共享数据、便捷地处理数据,但是不能保证不会外泄用户的敏感信息。带关键字搜索的公钥加密(PEKS)方案能在不解密的情况下对关键字进行搜索,但PEKS存在管理证书的问题。它的变体,即基于身份的可搜索加密方案(IBEKS)能简化公钥基础设施中证书的管理,然而,大多数的方案都不能抵抗内部敌手的关键字猜测攻击。因此提出一个安全的指定发送者的基于身份的可搜索加密,能同时满足陷门不可区分性和密文不可区分性。与已有方案相比,该方案的存储和计算的代价较低,保证了使用性和效率。     

Privacy-preserving conjunctive keyword search on encrypted data with enhanced fine-grained access control

Cloud storage over the internet gives opportunities for easy data sharing. To preserve the privacy of sharing data, the outsourced data is usually encrypted. The searchable encryption technique provides a solution to find the target data in the encrypted form. And the public-key encryption with keyword search is regarded as a major approach for the searchable encryption technique. However, there are still several privacy leakage challenges for the further adoption of these major schemes. One is how to resist the keyword guessing attack which still leaks data user’s keywords privacy. Another is how to construct the access control policy to prevent illegal access of outsourced data sharing since illegal access always leak the privacy of user’s attribute. In our paper, we firstly try to design a novel secure keyword index to resist the keyword guessing attack from access pattern and search pattern. Second, we propose an attribute-based encryption scheme which supports an enhanced fine-grained access control search. This allows the authenticated users to access different data although their searching request contains the same queried keywords, and meanwhile unauthenticated users cannot get any attribute privacy information. Third, we give security proofs to show that the construction of keyword index is against keyword guessing attack from the access pattern and search pattern, and our scheme is proved to be IND-CPA secure (the indistinguishability under chosen plaintext attack) under the standard model. Finally, theoretical analyses and a series of experiments are conducted to demonstrate the efficiency of our scheme.

     

标准模型下增强的无需安全信道的带关键词搜索的公钥加密

Baek,Safavi-Naini和Susilo提出了无需安全信道的带关键词搜索的公钥加密方案。该方案中的安全模型限制了攻击者的能力,并且方案是在随机预言模型下可证安全的。然而在随机预言模型下证明安全的方案在实际执行中会导致不安全。通过改进安全模型使得攻击者能力更强,即允许攻击者获得非挑战密文和陷门之间的关系,同时构造了在增强的安全模型下不使用随机预言机可证安全的带关键词搜索的公钥加密方案。     

结合公钥加密和关键字可搜索加密的加密方案

带关键字搜索的公钥加密(PEKS)是一种有用的加密原语，它允许用户将在加密数据上搜索的功能委托给不可信的第三方服务器，而不影响原始数据的安全性和隐私性。但是，由于缺乏对于数据的加密以及解密能力，PEKS方案不能单独进行使用，必须与标准的公钥加密方案(PKE)相结合。因此，Baek等人在2006年引入了一种新的加密原语，称为结合PKE和PEKS的加密方案(PKE+PEKS)，它同时提供了PKE和PEKS的功能。目前，已有文献提出了几种PKE+PEKS方案。然而，他们都没有考虑关键字猜测攻击的问题。本文提出一个新的高效且能够抵抗关键字猜测攻击的PKE+PEKS方案，与已有方案相比，该方案在性能上有很大的提升，并且在生成关键字和数据密文时，不需要使用双线性对，极大地降低了计算和存储成本。安全性分析表明，本文中所提出的方案能够满足密文隐私安全性、陷门不可区分性和抗关键字猜测攻击的安全性。效率分析表明，本分提出的方案更加高效。     

Secure Dynamic Identity-Based Authentication Scheme Using Smart Cards

ABSTRACT

In 2004, Das et al. proposed a dynamic identity-based remote user authentication scheme using smart cards. This scheme allows users to choose and change their passwords freely, and the server does not maintain any verification table. Das et al. claimed that their scheme is secure against stolen verifier attack, replay attack, forgery attack, dictionary attack, insider attack and identity theft. However, many researchers have demonstrated that Das et al.'s scheme is susceptible to various attacks. Furthermore, this scheme does not achieve mutual authentication and thus cannot resist malicious server attack. In 2009, Wang et al. argued that Das et al.'s scheme is susceptible to stolen smart card attack. If an attacker obtains the smart card of the user and chooses any random password, the attacker gets through the authentication process to get access of the remote server. Therefore, Wang et al. suggested an improved scheme to preclude the weaknesses of Das et al.'s scheme. However, we found that Wang et al.'s scheme is susceptible to impersonation attack, stolen smart card attack, offline password guessing attack, denial of service attack and fails to preserve the user anonymity. This paper improves Wang et al.'s scheme to resolve the aforementioned problems, while keeping the merits of different dynamic identity based smart card authentication schemes.     

Generic Certificateless Encryption Secure Against Malicious-but-Passive KGC Attacks in the Standard Model

Despite the large number of certificateless encryption schemes proposed recently, many of them have been found insecure under a practical attack, called malicious-but-passive KGC (Key Generation Center) attack. In this work we propose the first generic construction of certificateless encryption, which can be proven secure against malicious-but-passive KGC attacks in the standard model. In order to encrypt a message of any length, we consider the KEM/DEM (key encapsulation mechanism/data encapsulation mechanism) framework in the certificateless setting, and propose a generic construction of certificateless key encapsulation mechanism (CL-KEM) secure against malicious-but-passive KGC attacks in the standard model. It is based on an identity-based KEM, a public key encryption and a message authentication code. The high efficiency of our construction is due to the efficient implementations of these underlying building blocks, and is comparable to Bentahar et al.’s CL-KEMs, which have only been proven secure under the random oracle model with no consideration of the malicious-but-passive KGC attack. We also introduce the notion of certificateless tag-based KEM (CL-TKEM), which is an extension of Abe et al.’ s work to the certificateless setting. We show that an efficient CL-TKEM can be constructed by modifying our CL-KEM scheme. We also show that with a CL-TKEM and a data encapsulation mechanism secure under our proposed security model, an efficient certificateless hybrid encryption can be constructed by applying Abe et al.'s transformation in the certificateless setting.     

抗关键词猜测攻击的可搜索属性基加密方案

可搜索属性基加密能够让属性满足访问控制策略(或用来加密关键词的属性满足用户私钥指定的访问控制策略)的用户搜索加密文件。但是,现有的方案不能抵抗关键词猜测攻击。外部攻击者可以生成若干关键词密文上传到云服务器,侦测云服务器将这些密文返回给哪些用户,进而获取这些用户的搜索信息。因此,提出一种可以抵抗关键词猜测攻击的可搜索属性基加密方案。基于DBDH困难问题,该方案在选择安全模型中被证明是选择明文攻击安全的。     

区块链上支持多关键字检索的可搜索加密方案

在基于云存储的单关键字可搜索加密中,云服务器不是完全可信的,且现有的单关键字检索不能精确地返回搜索结果。基于此, 结合区块链技术提出了区块链上的多关键字可搜索加密方案。该方案采用对称加密算法提高了加密效率;利用区块链技术解决了云服务器不诚实搜索的问题;采用多关键字的索引结构提高了搜索结果的精确性。在随机预言模型下,证明了该方案在选择关键字攻击下是不可区分IND CKA安全的,通过效率分析表明该方案具有更高的效率。     

A provably secure and efficient two‐party password‐based explicit authenticated key exchange protocol resistance to password guessing attacks

Password‐based two‐party authenticated key exchange (2PAKE) protocol enables two or more entities, who only share a low‐entropy password between them, to authenticate each other and establish a high‐entropy secret session key. Recently, Zheng et al. proposed a password‐based 2PAKE protocol based on bilinear pairings and claimed that their protocol is secure against the known security attacks. However, in this paper, we indicate that the protocol of Zheng et al. is insecure against the off‐line password guessing attack, which is a serious threat to such protocols. Consequently, we show that an attacker who obtained the users' password by applying the off‐line password guessing attack can easily obtain the secret session key. In addition, the protocol of Zheng et al. does not provide the forward secrecy of the session key. As a remedy, we also improve the protocol of Zheng et al. and prove the security of our enhanced protocol in the random oracle model. The simulation result shows that the execution time of our 2PAKE protocol is less compared with other existing protocols. Copyright © 2015 John Wiley & Sons, Ltd.     

无安全信道的注册用户公钥可搜索加密方案

现有的无安全信道公钥可搜索加密（SCF-PEKS）方案架构中,在服务器关键词公钥加密时依赖于用户公钥,此缺陷会将服务器的数据搜索服务仅限于某一用户。因为没有该公钥对应私钥的用户无法对数据进行搜索,这使得可搜索加密的使用受到极大限制。基于合数阶双线性群,提出一个可以允许用户注册使用的高效的SCF-PEKS方案。该方案允许多个用户在无安全信道情况下对数据进行搜索,需要数据搜索服务的用户通过注册方式来完成服务,服务器的关键词公钥加密不再依赖于用户的公钥。在标准模型下基于判定性子群的假设验证了方案可以抵抗选择关键词攻击(IND-SCF-CKA),与现有的SCF-PEKS方案相比,具有更高的计算效率。     

对两种无需证书的数字签名方案的分析及改进

指出樊睿等人的基于无证书的代理签名方案和明洋等人的基于无证书的广义指定验证者签名方案都无法抵抗替换公钥攻击,同时樊睿等人的方案也无法抵抗原始签名人改变攻击,攻击者可以伪造一个他授权代理签名人对相同消息的代理签名,此外,还指出明洋等人在安全性证明中将重放技术直接应用在无证书环境中是不正确的。通过将代理授权证书和用户的公钥作为密码哈希函数的输入,使攻击者无法替换用户的公钥及更改代理授权证书,改进方案有效提高了原方案的安全性,同时保留了原方案的其他优点。     

Privacy leakage of certificateless public key authenticated searchable encryption via frequency analysis: Attacks and revises

Certificateless public key authenticated searchable encryption (CLPASE) is a versatile asymmetric searchable encryption that enables ciphertext retrieval, resists inside keyword guessing attacks, and avoids both certificate management problem and key escrow problem. However, most existing CLPASE schemes are vulnerable to frequency analysis which can extract keywords from user-generated trapdoors (i.e., search queries) and thus compromise user’s search privacy.In this paper, we give a detailed analysis showing that most CLPASE schemes reveal the underlying frequency distribution of the target keywords in the trapdoors searched by users, regardless of whether the trapdoor generation algorithm is deterministic or not. The analysis shows that frequency analysis has become a significant threat to users’ search privacy in the CLPASE system. To address this issue, we provide a concrete CLPASE scheme against frequency analysis. We then compare our scheme with previous CLPASE schemes in terms of features and performance evaluation. As a result, our scheme provides higher guarantee for user’s search privacy with comparable efficiency.     

指定服务器的基于身份加密连接关键字搜索方案

公钥加密关键字搜索(PEKS)允许用户发送关键字陷门给服务器,服务器可以通过陷门定位到包含用户搜索的关键字的密文。为了消除已有基于身份加密的关键字搜索(IBEKS)方案中服务器和接收者之间的安全信道,Wu等人提出了一种指定服务器基于身份加密的关键字搜索(dIBEKS)方案。可是,Wu等人提出的dIBEKS方案不满足密文不可区分性。为了克服Wu等人方案的不足,本文提出一种指定服务器基于身份加密的多关键字搜索方案。安全性分析表明,本文所提方案同时满足了密文不可区分、陷门不可区分和离线关键字猜测攻击的安全性。效率分析显示,本文的方案更高效。      

云环境下基于属性策略隐藏的可搜索加密方案

基于属性的可搜索加密技术可以实现对数据的细粒度访问控制,但现有的可搜索加密方案,关键字的搜索、访问控制、文件加密基本上是分别执行的,导致攻击者可能跳过访问策略直接进行关键字索引匹配或文件解密;其次,现有方案中数据拥有者需将加密文件的密钥以安全通道传给用户,增加了数据拥有者的开销;此外,大多基于树型的访问控制策略是公开的,容易造成隐私泄露。因此,基于线性秘密分享（LSSS,linear secret sharing schemes）访问结构,提出了一种云环境下基于属性策略隐藏的可搜索加密方案。通过将策略秘密值嵌入关键字加密与文件存储加密,实现访问控制、关键字搜索与文件加密的有机结合;通过聚合密钥技术实现用户无须与数据拥有者交互,即可对文件进行解密的功能,减轻了密钥管理的负担,存储空间提高约30%。实验结果及安全性分析表明,所提方案具有数据存储的安全性、访问策略的隐私性、陷门的不可连接性等功能,具有较高的密文检索效率,与已有主流方案相比,检索效率提高至20%以上。     

一种可抵抗关键词猜测攻击的动态非对称可搜索加密方案

密文搜索可以用于保护用户存储在云端的文件,防止隐私的泄露,允许用户在不泄露明文信息的情况下进行搜索,根据使用密钥体制的不同,可分为对称可搜索加密和非对称可搜索加密.但是现有大多数的PEKS方案的索引构造都是基于文件-关键词对,每次搜索都需要遍历所有文件,这会使方案的搜索效率较为低下,并且现有的PEKS方案大都只支持静态...     

A secure and efficient ECC-based user anonymity-preserving session initiation authentication protocol using smart card

The Session Initiation Protocol (SIP) is a signaling communications protocol, which has been chosen for controlling multimedia communication in 3G mobile networks. The proposed authentication in SIP is HTTP digest based authentication. Recently, Tu et al. presented an improvement of Zhang et al.’s smart card-based authenticated key agreement protocol for SIP. Their scheme efficiently resists password guessing attack. However, in this paper, we analyze the security of Tu et al.’s scheme and demonstrate their scheme is still vulnerable to user’s impersonation attack, server spoofing attack and man-in-the middle attack. We aim to propose an efficient improvement on Tu et al.’s scheme to overcome the weaknesses of their scheme, while retaining the original merits of their scheme. Through the rigorous informal and formal security analysis, we show that our scheme is secure against various known attacks including the attacks found in Tu et al.’s scheme. Furthermore, we simulate our scheme for the formal security analysis using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool and show that our scheme is secure against passive and active attacks including the replay and man-in-the-middle attacks. Additionally, the proposed scheme is comparable in terms of the communication and computational overheads with Tu et al.’s scheme and other related existing schemes.