A certificateless signcryption with proxy re-encryption for practical access control in cloud-based reliable smart grid

Cloud computing has proven to be applicable in smart grid systems with the help of the cloud-based Internet of things (IoT) technology. In this concept, IoT is deployed as a front-end enabling the acquisition of smart grid-related data and its outsourcing to the cloud for data storage purposes. It is obvious that data storage is a pertinent service in cloud computing. However, its wide adoption is hindered by the concern of having a secure access to data without a breach on confidentiality and authentication. To address this problem, we propose a novel data access control scheme that simultaneously accomplishes confidentiality and authentication for cloud-based smart grid systems. Our scheme can enable the storing of encrypted smart grid-related data in the cloud. When a user prefers to access the data, the data owner issues a delegation command to the cloud for data re-encryption. The cloud is unable to acquire any plaintext information on the data. Only authorized users are capable of decrypting the data. Moreover, the integrity and authentication of data can only be verified by the authorized user. We obtain the data access control scheme by proposing a pairing free certificateless signcryption with proxy re-encryption (CLS-PRE) scheme. We prove that our CLS-PRE scheme has indistinguishability against adaptive chosen ciphertext attack under the gap Diffie–Hellman problem and existential unforgeability against adaptive chosen message attack under elliptic curve discrete logarithm problem in the random oracle model.

     

SecCloudSharing: Secure data sharing in public cloud using ciphertext‐policy attribute‐based proxy re‐encryption with revocation

An efficient cryptography mechanism should enforce an access control policy over the encrypted data to provide flexible, fine‐grained, and secure data access control for secure sharing of data in cloud storage. To make a secure cloud data sharing solution, we propose a ciphertext‐policy attribute‐based proxy re‐encryption scheme. In the proposed scheme, we design an efficient fine‐grained revocation mechanism, which enables not only efficient attribute‐level revocation but also efficient policy‐level revocation to achieve backward secrecy and forward secrecy. Moreover, we use a multiauthority key attribute center in the key generation phase to overcome the single‐point performance bottleneck problem and the key escrow problem. By formal security analysis, we illustrate that our proposed scheme achieves confidentiality, secure key distribution, multiple collusions resistance, and policy‐ or attribute‐revocation security. By comprehensive performance and implementation analysis, we illustrate that our proposed scheme improves the practical efficiency of storage, computation cost, and communication cost compared to the other related schemes.     

Privacy-Preserving Public Auditing for Non-manager Group Shared Data

By the widespread use of cloud storage service, users get a lot of conveniences such as low-price file remote storage and flexible file sharing. The research points in cloud computing include the verification of data integrity, the protection of data privacy and flexible data access. The integrity of data is ensured by a challenge-and-response protocol based on the signatures generated by group users. Many existing schemes use group signatures to make sure that the data stored in cloud is intact for the purpose of privacy and anonymity. However, group signatures do not consider user equality and the problem of frameability caused by group managers. Therefore, we propose a data sharing scheme PSFS to support user equality and traceability meanwhile based on our previous work HA-DGSP. PSFS has some secure properties such as correctness, traceability, homomorphic authentication and practical data sharing. The practical data sharing ensures that the data owner won’t loss the control of the file data during the sharing and the data owner will get effective incentive of data sharing. The effective incentive is realized by the technology of blockchain. The experimental results show that the communication overhead and computational overhead of PSFS is acceptable.     

Secure‐aware and privacy‐preserving electronic health record searching in cloud environment

Cloud storage has become a trend of storage in modern age. The cloud‐based electronic health record (EHR) system has brought great convenience for health care. When a user visits a doctor for a treatment, the doctor may be necessary to access the history health records generated at other medical institutions. Thus, we present a secure EHR searching scheme based on conjunctive keyword search with proxy re‐encryption to realize data sharing between different medical institutions. Firstly, we propose a framework for health data sharing among multiple medical institutions based on cloud storage. We explore the public key encryption with conjunctive keyword search to encrypt the original data and store it in the cloud. It ensures data security with searchability. Furthermore, we adopt the identity‐based access control mechanism and proxy re‐encryption scheme to guarantee the legitimacy of access and the privacy of the original data. Generally speaking, our work can achieve authentication, keyword privacy, and privacy preservation. Moreover, the performance evaluation shows that the scheme can achieve high computational efficiency.     

QMLFD Based RSA Cryptosystem for Enhancing Data Security in Public Cloud Storage System

Nowadays sharing secure data turns out to be a challenging task for the data owner due to its privacy and confidentiality. Several IT companies stores their important information in the cloud since computing has developed immense power in sharing the data. On the other hand, privacy is considered a serious issue in cloud computing as there are numerous privacy concerns namely integrity, authentication as well as confidentiality. Among all those concerns, this paper focuses on enhancing the data integrity in the public cloud environment using Qusai modified levy flight distribution for the RSA cryptosystem (QMLFD-RSA). An effective approach named QMLFD for the RSA cryptosystem is proposed for resolving the problem based on data integrity in public cloud environment. A secured key generation and data encryption are done by employing the RSA cryptosystem thus the data is secured from unauthorized users. The key selection is done by using quasi based modified Levy flight distribution algorithm. Thus the proposed approach provides an effective model to enhance the integrity of data in cloud computing thus checking the data integrity uploaded in the public cloud storage system. In addition to this, ten optimization benchmark functions are calculated to determine the performances and the functioning of the newly developed QMLFD algorithm. The simulation results and comparative performances are carried out and the analysis reveals that the proposed QMLFD for the RSA cryptosystem provides better results when compared with other approaches.

     

ACDAS: Authenticated controlled data access and sharing scheme for cloud storage

Cloud storage services require cost‐effective, scalable, and self‐managed secure data management functionality. Public cloud storage always enforces users to adopt the restricted generic security consideration provided by the cloud service provider. On the contrary, private cloud storage gives users the opportunity to configure a self‐managed and controlled authenticated data security model to control the accessing and sharing of data in a private cloud. However, this introduces several new challenges to data security. One critical issue is how to enable a secure, authenticated data storage model for data access with controlled data accessibility. In this paper, we propose an authenticated controlled data access and sharing scheme called ACDAS to address this issue. In our proposed scheme, we employ a biometric‐based authentication model for secure access to data storage and sharing. To provide flexible data sharing under the control of a data owner, we propose a variant of a proxy reencryption scheme where the cloud server uses a proxy reencryption key and the data owner generates a credential token during decryption to control the accessibility of the users. The security analysis shows that our proposed scheme is resistant to various attacks, including a stolen verifier attack, a replay attack, a password guessing attack, and a stolen mobile device attack. Further, our proposed scheme satisfies the considered security requirements of a data storage and sharing system. The experimental results demonstrate that ACDAS can achieve the security goals together with the practical efficiency of storage, computation, and communication compared with other related schemes.     

面向敏感数据共享环境下的融合访问控制机制

为解决敏感数据共享应用中的数据分发问题和提高数据共享的安全性,将属性基加密机制和使用控制技术相结合,提出一种融合访问控制机制。该机制一方面采用属性基加密机制保证了数据在存储和分发过程中的机密性,通过灵活且可扩展的访问控制策略控制敏感数据的共享范围;另一方面,通过使用控制技术实现对用户的权限控制,防止合法用户对敏感数据进行非法操作,解决共享用户中的权限滥用问题。最后,对机制的安全性和性能进行了分析,显著地降低了服务端的工作负荷,并通过实验测试了该机制的有效性。     

基于区块链的细粒度云数据安全存储与删除方案

在基于云计算的存储与删除服务中,由于外包数据所有权和管理分离,现有的逻辑删除机制使云上的数据很容易暴露给未经授权的用户,甚至云服务器可能未遵循用户要求删除相应数据。为此,该文提出一种细粒度的安全云端数据存储与删除方案。基于椭圆曲线构造了基于密文策略的属性基加密以实现外包数据细粒度访问控制,应用区块链实现可公开验证的安全数据删除。该文方案具有责任可追踪性以及两方删除与可验证性等特性。理论分析与实验结果表明该文方案具有较好的安全性和较高的性能,能够满足云数据共享与安全删除的需求。     

智慧医疗中基于属性加密的云存储数据共享

在电子病历系统中,为了实现多用户环境下的数据搜索,该文提出一种属性基可搜索加密方案。该文将密文和安全索引存储在医疗云,当用户请求医疗数据时,利用属性基可搜索加密算法进行数据搜索,实现了细粒度访问控制。同时方案引入了密文验证算法,解决了半诚实且好奇的云服务器模型下搜索结果不正确的问题。利用数据去重技术实现了重复数据的消除,减少占用医疗云的存储空间。方案同时实现了访问策略的隐藏,保证了数据用户的隐私安全。安全性分析表明,所提方案能很好地保护用户的隐私以及数据的安全。性能分析表明,该方案具有较好的性能,更加适用于智慧医疗等多对多应用场景,有效实现了医生和第三方数据用户在不侵犯患者隐私的前提下共享患者电子病历。     

Design of a Guitar Shaped UWB Antenna with Wide Band Notched Characteristics for Wireless Applications

Cloud storage is a cloud based service which delivers scalable on demand on line storage of data and eliminates the need of maintaining local data centre. Storage of data in cloud brings many advantages such as lower-cost, metered service, scalable and ubiquitous access. However, it also raises concerns to its integrity; to save the storage space cloud service provider may delete some rarely access data. Data privacy is another issue which must be addressed to increase data owner’s trust. To address above issues, many researchers have proposed public auditing schemes to validate the integrity of data using third party auditor. These schemes generate metadata using data files on the owner side and store these metadata on the cloud storage along with the file data, which helps in auditing. These schemes address many concerns which arise due to remote data storage. However, computation cost involved for metadata generation at the data owner side is not properly addressed; another issue which is not properly addressed is an iniquitous third party auditor may be the source of denial of service attack by issuing constantly large number of audit request. Our scheme solves these issues by lowering the computation cost at data owner side and controlling the number of times a third party auditor can issue an audit request to the cloud storage. Our Scheme also supports secure access of data using conditional proxy re-encryption scheme and delegation of auditing task by the authorized third party auditor to another auditor for the specified period of times in the case of unavailability of authorized third party auditor.

     

A combined public-key scheme in the case of attribute-based for wireless body area networks

The wireless body area networks (WBANs) is a practical application model of Internet of things. It can be used in many scenarios, especially for e-healthcare. The medical data of patients is collected by sensors and transmitted using wireless communication techniques. Different users can access the patient’s data with different privileges. Access control is a crucial problem in WBANs. In this paper, we design a new security mechanism named combined public-key scheme in the case of attribute-based (CP-ABES) to address the user access control in WBANs. Our scheme combines encryption and digital signatures. It uses ciphertext-policy attribute-based encryption to achieve data confidentially, access control, and ciphertext-policy attribute-based signature to realize the identity authentication. The access policy used in our scheme is threshold. Based on this feature, the length of ciphertext and signature of our scheme is constant. Our scheme provides confidentiality, unforgeability, signer privacy and collusion resistance. We prove the efficiency of our scheme theoretically and analyze the security level and energy consumption of our scheme.

     

Secure personal data sharing in cloud computing using attribute-based broadcast encryption

The ciphertext-policy (CP) attribute-based encryption (ABE) (CP-ABE) emergings as a promising technology for allowing users to conveniently access data in cloud computing. Unfortunately, it suffers from several drawbacks such as decryption overhead, user revocation and privacy preserving. The authors proposed a new efficient and privacy-preserving attribute-based broadcast encryption (BE) (ABBE) named EP-ABBE, that can reduce the decryption computation overhead by partial decryption, and protect user privacy by obfuscating access policy of ciphertext and user's attributes. Based on EP-ABBE, a secure and flexible personal data sharing scheme in cloud computing was presented, in which the data owner can enjoy the flexibly of encrypting personal data using a specified access policy together with an implicit user index set. With the proposed scheme, efficient user revocation is achieved by dropping revoked user's index from the user index set, which is with very low computation cost. Moreover, the privacy of user can well be protected in the scheme. The security and performance analysis show that the scheme is secure, efficient and privacy-preserving.     

一种有效率的方法用于检测云中数据的完整性(英文)

Cloud computing and storage services allow clients to move their data center and applications to centralized large data centers and thus avoid the burden of local data storage and maintenance.However,this poses new challenges related to creating secure and reliable data storage over unreliable service providers.In this study,we address the problem of ensuring the integrity of data storage in cloud computing.In particular,we consider methods for reducing the burden of generating a constant amount of metadata at the client side.By exploiting some good attributes of the bilinear group,we can devise a simple and efficient audit service for public verification of untrusted and outsourced storage,which can be important for achieving widespread deployment of cloud computing.Whereas many prior studies on ensuring remote data integrity did not consider the burden of generating verification metadata at the client side,the objective of this study is to resolve this issue.Moreover,our scheme also supports data dynamics and public verifiability.Extensive security and performance analysis shows that the proposed scheme is highly efficient and provably secure.     

Attribute-Based Access Control with Efficient and Secure Attribute Revocation for Cloud Data Sharing Service

Nowadays, there is the tendency to outsource data to cloud storage servers for data sharing purposes. In fact, this makes access control for the outsourced data a challenging issue. Ciphertext-policy attribute-based encryption (CP-ABE) is a promising cryptographic solution for this challenge. It gives the data owner (DO) direct control on access policy and enforces the access policy cryptographically. However, the practical application of CP-ABE in the data sharing service also has its own inherent challenge with regard to attribute revocation. To address this challenge, we proposed an attribute-revocable CP-ABE scheme by taking advantages of the over-encryption mechanism and CP-ABE scheme and by considering the semi-trusted cloud service provider (CSP) that participates in decryption processes to issue decryption tokens for authorized users. We further presented the security and performance analysis in order to assess the effectiveness of the scheme. As compared with the existing attribute-revocable CP-ABE schemes, our attribute-revocable scheme is reasonably efficient and more secure to enable attribute-based access control over the outsourced data in the cloud data sharing service.     

云计算中一种紧凑型的外包访问控制方案

密文策略的属性加密是实现云平台上安全的访问控制方案的最佳选择。然而,在大多数密文策略的属性加密方案中,用户密钥长度与属性的个数之间成线性关系;用户的解密时间与访问结构的复杂度成正比关系。为了减少用户密钥的存储和解密计算开销,本文提出一种面向云计算平台的紧凑型的外包访问控制方案。方案中的访问结构可以支持“与”、“或”以及“门限”三种策略。它仅采用简单的哈希和异或运算就可以验证用户外包解密返回的数据是否正确。在随机预言机模型中,基于aMSE-DDH难题,证明了方案是选择密文攻击安全的。分析表明,本文方案能够安全的实现云计算环境下的访问控制,尤其当用户终端设备受限时实现的访问控制。      

面向云存储的安全密文访问控制方案

存储在云端服务器中的敏感数据的保密和安全访问是云存储安全研究的重要内容.针对真实的云存储环境中云服务提供商不可信的情况,采用基于属性的加密算法,提出了一种安全、高效、细粒度的云存储密文访问控制方案.与现有方案相比,该方案在用户撤销时,通过引入广播加密技术,使得撤销用户即使和云服务提供商共谋,也不能对私钥进行更新,保证了数据的安全性;方案将大部分密文重加密和用户私钥更新工作转移给云服务提供商执行,在保证安全性的前提下,降低了数据属主的计算代价;另外该方案还可支持多用户的同时撤销.最后分析了方案的安全性和计算复杂性,并测试了用户撤销时的运行效率.     

基于授权的多服务器可搜索密文策略属性基加密方案

针对现有属性基可搜索加密方案缺乏对云服务器授权的服务问题,该文提出一种基于授权的可搜索密文策略属性基加密(CP-ABE)方案。方案通过云过滤服务器、云搜索服务器和云存储服务器协同合作实现搜索服务。用户可将生成的授权信息和陷门信息分别发送给云过滤服务器和云搜索服务器,在不解密密文的情况下,云过滤服务器可对所有密文进行检测。该方案利用多个属性授权机构,在保证数据机密性的前提下能进行高效的细粒度访问,解决数据用户密钥泄露问题,提高数据用户对云端数据的检索效率。通过安全性分析,证明方案在提供数据检索服务的同时无法窃取数据用户的敏感信息,且能够有效地防止数据隐私的泄露。     

Heterogeneous signcryption with proxy re-encryption and its application in EHR systems

Electronic health record (EHR) systems provide the platform that enables digital documentation of patients health information. Practically, EHR systems aid in delivering quality medical healthcare and limiting medical errors. However, EHR systems are associated with known technical and security challenges such as interoperability, confidentiality, authentication, auditability, and access control. To overcome these challenges, we first propose a new heterogeneous signcryption with proxy re-encryption (HSC-PRE) scheme. Secondly, via an example design, we demonstrate how our scheme can be utilized to achieve a secure, interoperable, auditable and accessible EHR system using blockchain technology. The blockchain technology is required to assure interoperability and auditability while the HSC-PRE assures confidentiality, authentication and access control. Via comprehensive security analysis (in random oracle model (ROM)), we affirm that the HSC-PRE scheme is secure. Besides, it shows up efficient against other recent related schemes.

     

Slight Homomorphic Signature for Access Controlling in Cloud Computing

With the popularity of cloud computing, how to securely authenticate a user while not releasing user’s sensitive information becomes a challenge. In this paper, we introduce a slight homomorphic signature, which is suitable to implement an access controlling service in cloud computing. In slight homomorphic signature, each user in cloud computing who have a set of identity attributes, firstly computes a full signature on all his identity attributes, and sends it to a semi-trusted access controlling server. The access controlling server verifies the full signature for all identity attributes. After then, if the user wants to require a cloud service, which may have a special requirement on one of the identity attributes, the user only needs to securely send the cloud service’s name to the access controlling server. The access controlling server which does not know the secret key can compute a partial signature on this special identity attribute, and then sends it to the cloud server for authentication. In the paper, we give a formal secure definition of this slight homomorphic signature, and construct a scheme from Boneh–Boyen signature. We prove that our scheme is secure under q-SDH problem with a weak adversary.