Location privacy preserving scheme against attack from friends in SNS

In order to enrich the performance of the user's location information and to meet the diverse needs of users,a location privacy protection scheme based on attribute encryption was designed,which provided precise,more accurate,fuzzy and private four modes to manage the location information.The scheme was based on the algorithm of WT-CP-ABE.The location information was divided into three parts according to a close friend of grade,then the key infor-mation and position information was encrypted with attribute-based encryption and symmetric encryption method respec-tively and the ciphertext was published to the social network.The security of the scheme is analyzed,which shows that the scheme has the advantage of user attribute information confidentiality,data confidentiality and can resist the collusion attack.     

Algorithm of blockchain data provenance based on ABE

To solve the problem that the blockchain-based traceability algorithm mainly used homomorphic encryption and zero-knowledge proof for privacy protection,making it difficult to achieve dynamic sharing of traceability information,a blockchain data traceability algorithm based on attribute encryption was proposed.In order to realize the dynamic protection of transaction privacy,the strategy update algorithm applicable to block chain was designed based on the CP-ABE scheme proposed by Waters to achieve dynamic protection of transaction privacy.In order to realize the dynamic update of the visibility about block content,based on the strategy update algorithm,the block structure was designed to achieve the dynamic update about the content visibility of the block.The security and experimental simulation analysis show that the proposed algorithm can realize the dynamic sharing of traceability information while completing the protection transaction privacy.     

一种金融级安全的区块链资产交易系统

提出了一种基于同态加密和环签名的区块链资产交易系统,通过同态加密技术可以对用户交易信息进行加密,使其对其他用户不可见,而环签名可以对同态加密后的密文进行业务合法性校验,保证交易合法性。该方法可以使区块链上原本公开透明的用户资产交易信息得到保护,具有去中心化、安全可靠和易用性高的特点,可以有效地起到保护用户隐私的作用,有利于促进增强区块链在金融资产交易场景中的用户交易信息隐私保护功能,有利于促进区块链隐私保护技术在金融场景中的落地和发展。     

A novel attributes anonymity scheme in continuous query

In location-based service (LBS), the un-trusted LBS server can preserve lots of information about the user. Then the information can be used as background knowledge and initiated the inference attack to get user’s privacy. Among the background knowledge, the profile attribute of users is the especial one. The attribute can be used to correlate the real location in uncertain location set in both of the snapshot and continuous query, and then the location privacy of users will be revealed. In most of the existing scheme, the author usually assumes a trusted third party (TTP) to achieve the profile anonymity. However, as the TTP disposes all anonymous procedure for each user, it will become the center of attacks and the bottleneck of the query service. Furthermore, the TTP may be curious about user’s privacy just because of the commercial consideration. In order to deal with the inference attack and remedy the drawback of TTP scheme, we propose a similar attributes anonymous scheme which based on the CP-ABE, and with the help of center server and collaborative users, our scheme can resist the inference attack as well as the privacy detection of any entity in the service of query. At last, security analysis and experimental results further verify the effectiveness of our scheme in privacy protection as well as efficiency of the algorithm execution.     

基于内积谓词的属性基隐私保护加密方案

隐私保护是信息安全中的热点话题,其中属性基加密(ABE)中的隐私问题可分为数据内容隐私、策略隐私及属性隐私。针对数据内容、策略和属性3方面隐私保护需求,该文提出基于内积谓词的属性基隐私保护加密方案(PPES)。所提方案利用加密算法的机密性保障数据内容隐私,并通过向量承诺协议构造策略属性及用户属性盲化方法,实现策略隐私及属性隐私。基于混合论证技术,该文证明了所提方案满足标准模型下适应性选择明文安全,且具备承诺不可伪造性。性能分析结果显示,与现有方法相比,所提方案具有更优的运行效率。     

CP-ABE based users collaborative privacy protection scheme for continuous query

In location-based services (LBS),as the untrusted LBS server can be seen as an adversary,and it can utilize the attribute as background knowledge to correlate the real location of the user in the set of uncertain locations.Then the adversary can gain the location privacy when the user enjoys the snapshot and continuous query through the correlation inference attack.In order to cope with this attack,the main scheme in privacy protection is to generalize the attribute and achieve attribute anonymity.However,algorithms of this type usually assumes a trusted third party (TTP) which provides the service of similarity attribute finding and comparing,and it is unpractical in the real environment,as the TTP may become the point of attack or the bottleneck of service and it cannot be considered as the trusted one all the time.Thus,to cope with the correlation inference attack as well as the semi-trusted third party,ciphertext policy attribute based encryption (CP-ABE) and users collaboration based attribute anonymous scheme was proposed.In this scheme,the user coupled achieve location and attribute anonymity.Furthermore,this scheme could also provide security for attacks from the semi-trusted third party as well as semi-trusted collaborative users.At last,security analysis and the experiment results further verify the effectiveness of privacy protection and the efficiency of algorithm execution.     

支持属性撤销的可验证多关键词搜索加密方案

近年来,可搜索加密技术及细粒度访问控制的属性加密在云存储环境下得到广泛应用。考虑到现存的基于属性的可搜索加密方案存在仅支持单关键词搜索而不支持属性撤销的问题,以及单关键词搜索可能造成返回搜索结果部分错误并导致计算和宽带资源浪费的缺陷,该文提出一种支持属性撤销的可验证多关键词搜索加密方案。该方案允许用户检测云服务器搜索结果的正确性,同时在细粒度访问控制结构中支持用户属性的撤销,且在属性撤销过程中不需要更新密钥和重加密密文。该文在随机预言机模型下基于判定性线性假设被证明具有抵抗选择关键词集攻击安全性及关键词隐私性,同时从理论和实验两方面分析验证了该方案具有较高的计算效率与存储效率。     

A based on blinded CP‐ABE searchable encryption cloud storage service scheme

Cloud computing has great economical advantages and wide application, more and more data owners store their data in the cloud storage server (CSS) to avoid tedious local data management and insufficient storage resources. But the privacy of data owners faces enormous challenges. The most recent searchable encryption technology adopts the ciphertext‐policy attribute‐based encryption (CP‐ABE), which is one good method to deal with this security issue. However, the access attributes of the users are transmitted and assigned in plaintext form. In this paper, we propose a based on blinded CP‐ABE searchable encryption cloud storage service (BCP‐ABE‐SECSS) scheme, which can blind the access attributes of the users in order to prevent the collusion attacks of the CSS and the users. Data encryption and keyword index generation are performed by the data owners; meanwhile, we construct that CSS not only executes the access control policy of the data but also performs the pre‐decryption operation about the encrypted data to solve higher time cost of decryption calculation to the data users. Security proof results show that this scheme has access attribute security, data confidentiality, indistinguishable security against chosen keyword attack, and resisting the collusion attack between the data user and the CSS. Performance analysis and the experimental results show that this scheme can effectively reduce the computation time cost of the data owners and the data users.     

Privacy-preserving and efficient user matching based on attribute encryption in mobile social networks

With the rapid popularity of social networking platforms, users can be matched when sharing their profiles. However, there is a risk of leakage of sensitive user information during the user matching process, which leads to the lack of user privacy protection. In this paper, we propose a privacy protection scheme based on the encryption of hidden attributes during user matching in mobile social networks, which uses linear secret sharing scheme (LSSS) as the access structure based on ciphertext policy attribute-based encryption (CP-ABE), and the match server can perform friend recommendation by completing bi-directional attribute matching determination without disclosing user attribute information. In addition, the use of selective keywords protects the privacy of requesters and publishers in selecting keywords and selecting plaintext attacks. The scheme reduces the encryption and decryption overhead for users by dividing encryption into a preparation phase and an online phase and shifting most of the decryption overhead from the requester to the match server. The experimental results show that the scheme ensures user privacy while effectively reducing communication overhead.     

基于协作信誉和设备反馈的物联网边缘服务器信任评估算法

针对边缘服务器的安全问题,提出了一种集成了服务器协作信誉以及设备用户反馈的信任评估算法来提高边缘计算上下文的安全性.交互过程中,使用了一种基于客观信息熵理论的融合算法来聚合服务器间的协作信誉,同时采用了部分同态加密算法来防止交互过程中用户数据的泄露.交互结束后,选择高可信的设备节点计算反馈信任,克服了传统机制的恶意反馈...     

云计算环境中支持隐私保护的数字版权保护方案简

针对云计算环境中数字内容安全和用户隐私保护的需求,提出了一种云计算环境中支持隐私保护的数字版权保护方案。设计了云计算环境中数字内容版权全生命周期保护和用户隐私保护的框架,包括系统初始化、内容加密、许可授权和内容解密4个主要协议;采用基于属性基加密和加法同态加密算法的内容加密密钥保护和分发机制,保证内容加密密钥的安全性;允许用户匿名向云服务提供商订购内容和申请授权,保护用户的隐私,并且防止云服务提供商、授权服务器和密钥服务器等收集用户使用习惯等敏感信息。与现有的云计算环境中数字版权保护方案相比,该方案在保护内容安全和用户隐私的同时,支持灵活的访问控制,并且支持在线和超级分发应用模式,在云计算环境中具有较好的实用性。     

Multiuser access control searchable privacy‐preserving scheme in cloud storage

Searchable encryption scheme‐based ciphertext‐policy attribute‐based encryption (CP‐ABE) is a effective scheme for providing multiuser to search over the encrypted data on cloud storage environment. However, most of the existing search schemes lack the privacy protection of the data owner and have higher computation time cost. In this paper, we propose a multiuser access control searchable privacy‐preserving scheme in cloud storage. First, the data owner only encrypts the data file and sets the access control list of multiuser and multiattribute for search data file. And the computing operation, which generates the attribute keys of the users' access control and the keyword index, is given trusted third party to perform for reducing the computation time of the data owner. Second, using CP‐ABE scheme, trusted third party embeds the users' access control attributes into their attribute keys. Only when those embedded attributes satisfy the access control list, the ciphertext can be decrypted accordingly. Finally, when the user searches data file, the keyword trap door is no longer generated by the user, and it is handed to the proxy server to finish. Also, the ciphertext is predecrypted by the proxy sever before the user performs decryption. In this way, the flaw of the client's limited computation resource can be solved. Security analysis results show that this scheme has the data privacy, the privacy of the search process, and the collusion‐resistance attack, and experimental results demonstrate that the proposed scheme can effectively reduce the computation time of the data owner and the users.     

Privacy preserving friend discovery cross domain scheme using re-encryption in mobile social networks

In order to guarantee the users’ privacy in the process of making friends in the mobile social networks,a new scheme of proxy re-encryption privacy protection in the cross-domain environment was introduced.The scheme employed the cross-domain multi-authority to sharing secret keys,so as to realize the access and shave of the cross-domain users data.And the secret keys of users’ attributes were re-encrypted,based on the technology of the proxy re-encryption and attribute encryption,to achieve the friends matching under the conditions of extending the access policy.Meanwhile,in purpose of enhancing the privacy of users’ data,the technology which contained the separation of users’ privacy ciphertext and secret keys was adopted.Based on that,problems in the existing system such as user data’s inability to be shared cross-cloud,less matching during the process of making friends and users’ inability to make friends when offline had been addressed.Security and experimental analysis show that this scheme can achieve chosen plaintext attack (CPA) security,ensure the privacy of friend discovery,and that is more effective than existing solutions.     

云计算平台下基于属性加密的动态版权使用控制方案（英文）

In order to achieve fine-grained access control in cloud computing,existing digital rights management(DRM) schemes adopt attribute-based encryption as the main encryption primitive.However,these schemes suffer from inefficiency and cannot support dynamic updating of usage rights stored in the cloud.In this paper,we propose a novel DRM scheme with secure key management and dynamic usage control in cloud computing.We present a secure key management mechanism based on attribute-based encryption and proxy re-encryption.Only the users whose attributes satisfy the access policy of the encrypted content and who have effective usage rights can be able to recover the content encryption key and further decrypt the content.The attribute based mechanism allows the content provider to selectively provide fine-grained access control of contents among a set of users,and also enables the license server to implement immediate attribute and user revocation.Moreover,our scheme supports privacy-preserving dynamic usage control based on additive homomorphic encryption,which allows the license server in the cloud to update the users' usage rights dynamically without disclosing the plaintext.Extensive analytical results indicate that our proposed scheme is secure and efficient.     

Attribute-based encryption scheme supporting attribute revocation in cloud storage environment

Attribute-based encryption (ABE) scheme is widely used in the cloud storage due to its fine-grained access control.Each attribute in ABE may be shared by multiple users at the same time.Therefore,how to achieve attribute-level user revocation is currently facing an important challenge.Through research,it has been found that some attribute-level user revocation schemes currently can’t resist the collusion attack between the revoked user and the existing user.To solve this problem,an attribute-based encryption scheme that supported the immediate attribute revocation was proposed.The scheme could achieve attribute-level user revocation and could effectively resist collusion attacks between the revoked users and the existing users.At the same time,this scheme outsourced complex decryption calculations to cloud service providers with powerful computing ability,which reduced the computational burden of the data user.The scheme was proved secure based on computational Diffie-Hellman assumption in the standard model.Finally,the functionality and efficiency of the proposed scheme were analyzed and verified.The experimental results show that the proposed scheme can safely implement attribute-level user revocation and has the ability to quickly decrypt,which greatly improves the system efficiency.     

基于隐私匹配的服务代理发现方法

针对代理发现中用户对代理的性能、成本和安全性等方面的需求,以及需求匹配过程中的隐私保护问题,基于Paillier同态加密算法,提出一种新的综合考虑代理和用户属性及其偏好的私有数据信息匹配算法,包括建立基于欧氏距离的相似度函数、利用加密算法进行匹配、计算相似度和确定匹配的代理链4个步骤。该算法引入半可信主代理从全局层面管理所有子代理的业务类型和连接状况,并承担主要的计算开销,同时将欧氏距离与Paillier同态加密算法有机结合,支持具有偏好信息的多元属性数据匹配,能够有效保障用户和子代理的安全性。最终,通过安全性分析与性能仿真,证明所提出方案的安全性和有效性。     

医疗社交网络中基于云计算的属性基签密方案

移动医疗社交网络的出现为患者之间互相交流病情提供了极大的便利,促进了患者之间高效、高质量的沟通与交流,但与此同时也产生了患者数据的保密性和隐私性问题。针对此问题,该文提出一种基于云计算的属性基签密方案,能够有效地保护患者数据的隐私性。患者将自己的病情信息签密后上传至云服务器,当数据用户要访问患者的信息时,云服务器帮助数据用户进行部分解密并验证数据的完整性,这在一定程度上减少了数据用户的计算量。同时,在随机预言机模型下,证明了该方案满足选择消息攻击下的不可伪造性、选择密文攻击下的不可区分性以及属性隐私安全性。理论分析和数值模拟实验结果表明,该方案在签密和解签密阶段比现存的方案有更高的效率。     

Multi-dimensional secure query scheme for fog-enhanced IIoT

In view of the fact that most of the existing range query schemes for fog-enhanced IoT cannot achieve both multi-dimensional query and privacy protection,a privacy-preserving multi-dimensional secure query scheme for fog-enhanced IIoT was proposed.Firstly,the multiple ranges to be queried were mapped into a certain query matrix.Then,auxiliary vectors were constructed to decompose the query matrix,and then the auxiliary vector was processed by BGN homomorphic encryption to form a query trapdoor.Finally,with the homomorphic computation utilized by an IoT device terminal,the query trapdoor could be matched to its sensor data.Spatial complexity could be effectively reduced with the used specific auxiliary vectors.The confidentiality of sensor data could be ensured and the privacy of user’s query mode could be protected by the homomorphic encryption property.Experiments results show that the computational and communication costs are relatively low.     

Attribute-based fully homomorphic encryption scheme over rings

The fully homomorphic encryption has important applications in the area of data security and privacy security of cloud computing,but the size of secret keys and ciphertext in most of current homomorphic encryption schemes were too large,which restricted its practical.To improve these drawbacks,a recoding scheme and a attribute-based encryption scheme based on learning with errors problem over rings were provided,then a attribute-based fully homomorphic encryption was constructed.The new scheme overcame the above mentioned drawbacks,because it did't need public key certificate,meanwhile,it can achieve the fine-grained access control to the ciphertext.Compared with similar results,proposed method decreases the size of keys and ciphertext greatly.     

基于同态加密的DBSCAN聚类隐私保护方案

为了降低数据外包聚类运算过程中存在的隐私泄露风险,提出了一个基于同态加密的DBSCAN聚类隐私保护方案.为了加密实际场景中的浮点型数据,给出了针对不同数据精度的3种数据预处理方式,并提出了一种基于数据特点且综合考虑数据精度和计算开销等方面的数据预处理方式的选择策略.由于同态加密不支持密文比较运算,设计了一个用户端与云服...