Dynamic searchable encryption with privacy protection for cloud computing

The dynamic searchable encryption schemes generate search tokens for the encrypted data on a cloud server periodically or on a demand. With such search tokens, a user can query the encrypted data whiles preserving the data's privacy; ie, the cloud server can retrieve the query results to the user but do not know the content of the encrypted data. A framework DSSE with Forward Privacy (dynamic symmetric searchable encryption [DSSE] with forward privacy), which consists of Internet of Things and Cloud storage, with the attributes of the searchable encryption and the privacy preserving are proposed. Compared with the known DSSE schemes, our approach supports the multiusers query. Furthermore, our approach successfully patched most of the security flaws related to the sensitive information's leakage in the DSSE schemes. Both security analysis and simulations show that our approach outperforms other DSSE schemes with respect to both effectiveness and efficiency.     

云存储中一种支持可验证的模糊查询加密方案

针对当前可查询加密方案大多不支持模糊查询的不足,并且无法应对恶意服务器的威胁,云计算亟需为用户提供一种允许拼写错误并且可以验证查询结果正确性的加密方案。同时考虑到云存储中数据经常更新,提出一种动态云存储中支持可验证的模糊查询加密方案。该方案通过编辑距离生成模糊关键词集,并基于伪随机函数、随机排列函数等技术构建安全索引,从而保护用户的数据隐私。通过RSA累加器和哈希函数验证查询结果的正确性,用于检测恶意攻击者的非法行为。安全分析证明该方案能够保护用户的隐私安全,并具有可验证性。实验结果表明该方案具有可行性与有效性。     

SensIR: Towards privacy-sensitive image retrieval in the cloud

With the advance in content-based image retrieval and the popularity of Data-as-a-Service, enterprises can outsource their image retrieval systems on cloud platforms to reduce heavy storage, computation, and communication burdens. However, this brings many privacy problems. Although several privacy-preserving image retrieval schemes have been proposed to protect users’ privacy, they have two major drawbacks: i) the outsourced images are fully encrypted and thus cannot be used for other applications, which makes them impractical; ii) they mainly focus on traditional image retrieval systems and do not use new techniques such as convolutional neural network (CNN) to improve the accuracy. To address the above problems, we propose a novel privacy-sensitive image retrieval scheme, named SensIR, to search for similar images from an outsourced image database. In particular, we propose a privacy region detection, PRDet, to prevent private regions of images from exposing. We also propose a partial CNN (PCNN) to reduce the impact of the encrypted pseudorandom pixels. Further, we use similarity-preserving hash encoding and propose a systematic methodology to improve the accuracy of PCNN-based image retrieval when the privacy regions are large. Extensive experiments are conducted to illustrate the efficiency of privacy protection and the superior of the proposed scheme.     

On Secure and Privacy-Aware Sybil Attack Detection in Vehicular Communications

The foreseen dream of Vehicular Ad Hoc NETwork (VANET) deployment is obstructed by long-chased security and privacy nightmares. Despite of the increasing demand for perfect privacy, it conflicts with rather more serious security threat called ‘Sybil Attack’ which refers to, impersonation of one physical entity for many, namely Sybil nodes. In such circumstances, data received from malicious Sybil attacker may seem as if it was received from many distinct physical nodes. Sybil nodes may deliberately mislead other neighbors, resulting in catastrophic situations like traffic jams or even deadly accidents. Preventing such attacks in a privacy-enabled environment is not a trivial task. In this paper, we aim at two conflicting goals, i.e. privacy and Sybil attack in VANET. We leverage pseudonymless beaconing in order to preserve privacy. To cope with Sybil attack, we put forth a twofold strategy. In order to avoid Sybil attack through scheduled beacons, we employ tamper resistant module (TRM) to carry out a pre-assembly data analysis on data that is used to assemble beacons whereas for event reporting message (ERM), we employ road side units (RSUs) to localize Sybil nodes in VANET and report them to the revocation authority(s). RSUs distribute authorized tokens among the benign vehicular nodes which in turn are consumed to report ERMs. RSUs collect ERMs for certain event and figures out if more than one ERM for the same event includes identical token or, if an ERM is sent more than once by the same source. Our proposed scheme preserves privacy in both beacons and ERMs, and provides conditional anonymity where in case of a dispute; malicious attackers are subject to revocation. We also show that our proposed scheme outperforms the previously proposed scheme from security and computational complexity standpoint.     

连续服务请求下基于假位置的用户隐私增强方法

基于假位置的隐私保护方案在为用户提供准确位置服务查询结果的同时,还无需第三方和共享密钥。然而,当用户连续请求位置服务时,由于现有保护单次查询的假位置方案未考虑相邻位置集合间的时空关系,使攻击者能推断出假位置,降低用户的位置隐私保护等级。针对上述问题,采用现有假位置方案生成候选假位置,并通过连续合理性检查和单次隐私增强对其进行筛选,提出一个适用于连续请求的假位置隐私保护增强方法。安全性分析表明,所提方法能保证连续请求中形成的移动路径在时空上不可区分,有效保护连续请求中的用户位置隐私。大量实验表明,所提方法在不增加用户计算开销的同时,与采用的候选假位置生成方案相比,还能提高用户单次查询的隐私保护等级。     

On the Security of “Secure and Lightweight Authentication with Key Agreement for Smart Wearable Systems”

Over the years, the performance of devices used to gather sensitive medical information about individuals has increased substantially. These include implanted devices in the body, placed on or around the body, creating a Wireless body area network. Security and privacy have been a greater concern over a period of time due to the sensitive nature of the data collected and transmitted by the network. It has been noticed that various techniques have been applied to secure the data and provide privacy in WBANs but with a tradeoff of execution overhead. Although the latest available anonymous authentication schemes provide privacy and security but due to the limited computation capacity of WBAN devices, these schemes show greater time cost for authentication and consume more processing time. We review two latest anonymous authentication schemes for the WBAN environment in terms of computation cost. These two schemes provide anonymous authentication and use encryption to secure the data and ensure privacy. Then we analyze a recent lightweight authentication scheme proposed for wearable devices which provides anonymity and privacy along with security with very low computation cost. This scheme uses hash functions in order to obtain authentication and anonymity and doesn’t use encryption in the authentication process. This scheme is not proposed for the WBAN environment, but it can be applied on the WBAN environment with necessary variations. The comparison of these available schemes shows clearly that the computation cost is considerably decreased by applying the latest authentication scheme in the WBAN environment. We propose a new authentication scheme for the WBAN environment based on the light-weight scheme proposed for wearable devices. The detailed analysis shows that our proposed scheme minimizes the computation cost and maintains the privacy and security along with anonymous authentication.

     

PRA-TPE: Perfectly Recoverable Approximate Thumbnail-Preserving Image Encryption

With the popularity of cloud servers, an increasing number of people are willing to store their images in the cloud due to many conveniences such as online browsing and managing images. On the other hand, this inevitably causes users’ concerns about image privacy leakage. Many image encryption schemes are proposed to prevent privacy leakage, while most of them focus only on privacy protection and ignore the usability of encrypted images. For this purpose, Marohn et al. (2017) designed two approximate thumbnail-preserving encryption (TPE) schemes to balance image privacy and usability. However, the decrypted image in these two schemes are only perceptually close to the original one and the original image cannot be perfectly recovered. To this end, we design a perfectly recoverable approximate TPE scheme in this paper, which combines reversibledata hiding (RDH) with encryption schemes. The thumbnails of the original and processed images are similar to balance image privacy and usability well. Meanwhile, the reversibility of RDH and encryption schemes is utilized to ensure the perfect recoverability in the proposed scheme. Experiments show that the proposed approximate TPE scheme is no longer limited to balancing usability and privacy but attains perfect recovery.     

An independent three‐factor mutual authentication and key agreement scheme with privacy preserving for multiserver environment and a survey

In the past decades, the demand for remote mutual authentication and key agreement (MAKA) scheme with privacy preserving grows rapidly with the rise of the right to privacy and the development of wireless networks and Internet of Things (IoT). Numerous remote MAKA schemes are proposed for various purposes, and they have different properties. In this paper, we survey 49 three‐factor–based remote MAKA schemes with privacy preserving from 2013 to 2019. None of them can simultaneously achieve security, suitability for multiserver environments, user anonymity, user untraceability, table free, public key management free, and independent authentication. Therefore, we propose an efficient three‐factor MAKA scheme, which achieves all the properties. We propose a security model of a three‐factor–based MAKA scheme with user anonymity for multiserver environments and formally prove that our scheme is secure under the elliptic curve computational Diffie‐Hellman problem assumption, decisional bilinear Diffie‐Hellman problem assumption, and hash function assumption. We compare the proposed scheme to relevant schemes to show our contribution and also show that our scheme is sufficiently efficient for low‐power portable mobile devices.     

Efficient and secure message authentication scheme for VANET

A new efficient identity-based message authentication scheme for VANET was proposed. The proposed scheme decreased the complexity of cryptographic operations on signature by using elliptic curve cryptosystem (ECC) to construct authentication protocol without bilinear pairing and provided the function of conditional privacy-preserving. Security analysis demonstrated that the proposed scheme satisfies all security and privacy requirements for VANET. Per-formance analysis show that compared with the most recent proposed schemes the proposed scheme decreases the com-putation cost and communication cost.     

Anonymous data collection scheme for cloud-aided mobile edge networks

With the rapid spread of smart sensors, data collection is becoming more and more important in Mobile Edge Networks (MENs). The collected data can be used in many applications based on the analysis results of these data by cloud computing. Nowadays, data collection schemes have been widely studied by researchers. However, most of the researches take the amount of collected data into consideration without thinking about the problem of privacy leakage of the collected data. In this paper, we propose an energy-efficient and anonymous data collection scheme for MENs to keep a balance between energy consumption and data privacy, in which the privacy information of senors is hidden during data communication. In addition, the residual energy of nodes is taken into consideration in this scheme in particular when it comes to the selection of the relay node. The security analysis shows that no privacy information of the source node and relay node is leaked to attackers. Moreover, the simulation results demonstrate that the proposed scheme is better than other schemes in aspects of lifetime and energy consumption. At the end of the simulation part, we present a qualitative analysis for the proposed scheme and some conventional protocols. It is noteworthy that the proposed scheme outperforms the existing protocols in terms of the above indicators.     

Research on LBS privacy preservation based on pseudorandom permutation in road network

A method of privacy preservation based on pseudorandom permutation was put forward for the issues of location privacy and query content privacy.Firstly,the distribution information of points of interest (PoI) based on the vertexes in the road network was organized,each single road vertex was taken as the foundational processing object.Based on the pseudorandom permutation,a permutation scheme of the point-of-interest records at the LBS server's end was put forward,a 32-bit random seed was adopted to generate a permuted table in the scheme,and the point-of-interest records were encrypted and permuted according to the table.These processed records were stored in the LBS database.Then a trusted intermediate server,replacing of the user,issued a query request with a record number instead of the query content to the LBS server.The LBS server could not determine which kind of PoI the user was interested in or which road section the user was locating on,and therefore the scheme achieved private information retrieval.Finally,the efficiency in the metrics of query accuracy,communication overhead and processing time was also analyzed.By the performance analysis and extensive experiments,the proposed scheme is proved to be location untraceable and query content uncorrelation.     

Efficient privacy-preserving image retrieval scheme over outsourced data with multi-user

The traditional privacy-preserving image retrieval schemes not only bring large computational and communication overhead,but also cannot protect the image and query privacy in multi-user scenarios.To solve above problems,an efficient privacy-preserving content-based image retrieval scheme was proposed in multi-user scenarios.The scheme used Euclidean distance comparison technique to rank the pictures according to similarity of picture feature vectors and return top-k returned.Meanwhile,the efficient key conversion protocol designed in proposed image retrieval scheme allowed each search user to generate queries based on his own private key so that he can retrieval encrypted images generated by different data owners.Strict security analysis shows that the user privacy and cloud data security can be well protected during the image retrieval process,and the performance analysis using real-world dataset shows that the proposed image retrieval scheme is efficient and feasible in practical applications.     

Privacy‐preserving multireceiver ID‐based encryption with provable security

Multireceiver identity (ID) based encryption and ID‐based broadcast encryption allow a sender to use the public identities of multiple receivers to encrypt messages so that only the selected receivers or a privileged set of users can decrypt the messages. It can be used for many practical applications such as digital content distribution, pay‐per‐view and multicast communication. For protecting the privacy of receivers or providing receiver anonymity, several privacy‐preserving (or anonymous) multireceiver ID‐based encryption and ID‐based broadcast encryption schemes were recently proposed, in which receiver anonymity means that nobody (including any selected receiver), except the sender, knows who the other selected receivers are. However, security incompleteness or flaws were found in these schemes. In this paper, we propose a new privacy‐preserving multireceiver ID‐based encryption scheme with provable security. We formally prove that the proposed scheme is semantically secure for confidentiality and receiver anonymity. Compared with the previously proposed anonymous multireceiver ID‐based encryption and ID‐based broadcast encryption schemes, the proposed scheme has better performance and robust security. Copyright © 2012 John Wiley & Sons, Ltd.     

On Some Near Optimal Low Complexity Detectors for MIMO Fading Channels

We introduce several low complexity sub-optimal MIMO detection schemes based on the List-BLAST algorithm, which exhausts the constellation points in the first layer of a BLAST scheme to generate multiple candidate solutions from which the maximum likelihood solution is determined. The candidates can also be used as initial points for the space alternating generalized expectation-maximization (SAGE) algorithm to further improve performance. The proposed schemes can achieve close to optimal performance for both hard and soft output detection with lower complexity than that of the sphere detection in our simulation settings     

Rayleigh信道多天线系统的酉空时信号识别技术

针对衰落信道中酉空时调制的识别问题,提出两种酉空时信号与传统空时码的识别方案。最大似然识别法利用信道转移概率密度构造平均似然比和广义似然比分类函数,依据不同码字似然比的差异完成分类,在对数域处理从而降低计算复杂度。高阶统计特性识别法利用随机矩阵的矩生成函数产生高阶联合矩和高阶联合累积量,依据酉空时信号特殊的高阶统计特性实现识别。最大似然识别法可在无信道状态信息的条件下完成识别,当已知信道状态信息时识别性能可大幅提高;高阶统计特性识别法需要信道状态信息,同样条件下与最大似然法相比其性能较差,且其准确性会受信道估计的影响,但实现的复杂度低。通过增加接收天线数量在各种方案中均可改善识别性能,4根接收天线相对2根接收天线的增益,无CSI的最大似然法为7-10dB,有CSI的高阶统计特性法可达45dB。仿真结果验证了所提方案的有效性。      

User Authentication Scheme with Privacy-Preservation for Multi-Server Environment

New user authentication schemes for multipleservers environment were proposed by Liao-Wang and Tsai. In their schemes, application servers do not need to maintain a verification table and this admired merit is not addressed by previous scholarship. Besides, the privacy of users is also addressed in Liao-Wang?s scheme. In this article, we show that their schemes are not secure against the server spoofing and the impersonation attacks. Then we propose a robust user authentication scheme to withstand these attacks and keep the same merits.     

一种新的隐私保护型车载网络切换认证协议

该文针对现有车载网络切换认证协议存在的安全性、隐私等方面的不足,在LIAP协议的基础上提出改进方案。首先将随机数与伪标识串联,再用二次模运算对串联的信息进行加密,以生成动态身份标识保护用户位置隐私;与此同时,在移动终端切换过程中,新路侧单元重新生成新会话秘密序列,并与终端伪标识进行异或加密,对LIAP协议中存在的平行会话攻击进行安全防护。理论分析及实验表明,改进协议不仅满足终端匿名性和抵御各种攻击的安全需求,也实现了较快的切换速度,与同类切换认证协议相比,实用中具明显优越性。     

云计算环境下的联盟认证协议

Security has been regarded as one of the hardest problems in the development of cloud computing. This paper proposes an Alliance-Authentication protocol among Hybrid Clouds that include multiple private clouds and/or public clouds. Mutual authentication protocol among entities in the Intra-Cloud and Inter-Cloud is proposed. Blind signature and bilinear mapping of automorphism groups are adopted to achieve the Inter-Cloud Alliance-Authentication, which overcome the complexity of certificate transmission and the problem of communication bottlenecks that happen in traditional certificate-based scheme. Blind key, instead of private key, is adopted for register, which avoids the unauthorized Key Management Center (KMC) faking the members to access the resources in traditional identity-based scheme. Compared with the traditional scheme, our scheme can also achieve anonymity, traceability and privacy protection. Extensive security and performance analysis show that the proposed schemes have an advantage in security, computation consumption and communication consumption.     

Privacy preserving ciphertext-policy attribute-based broadcast encryption in smart city

With the development and application of information technology, the problem of personal privacy leakage is becoming more and more serious. Most attribute-based broadcast encryption (ABBE) schemes focus on data security, while ignoring the protection of the personal privacy of users in access structure and identity. To address this problem, a privacy preserving ABBE scheme is proposed, which ensures the data confidentiality and protects personal privacy as well. In addition, the authenticity of encrypted data can be verified. It is proved that the proposed scheme achieves full security by dual system encryption.     

A secure channel code‐based scheme for privacy preserving data aggregation in wireless sensor networks

Data aggregation is an efficient method to reduce the energy consumption in wireless sensor networks (WSNs). However, data aggregation schemes pose challenges in ensuring data privacy in WSN because traditional encryption schemes cannot support data aggregation. Homomorphic encryption schemes are promising techniques to provide end to end data privacy in WSN. Data reliability is another main issue in WSN due to the errors introduced by communication channels. In this paper, a symmetric additive homomorphic encryption scheme based on Rao‐Nam scheme is proposed to provide data confidentiality during aggregation in WSN. This scheme also possess the capability to correct errors present in the aggregated data. The required security levels can be achieved in the proposed scheme through channel decoding problem by embedding security in encoding matrix and error vector. The error vectors are carefully designed so that the randomness properties are preserved while homomorphically combining the data from different sensor nodes. Extensive cryptanalysis shows that the proposed scheme is secure against all attacks reported against private‐key encryption schemes based on error correcting codes. The performance of the encryption scheme is compared with the related schemes, and the results show that the proposed encryption scheme outperforms the existing schemes.