改进的高效动态可搜索加密方案

为解决云存储环境下加密数据的安全检索问题,对现有算法进行改进,提出一种高效且安全的可搜索加密方案。该方案利用哈希链表构建三个索引表：文件索◢引表γ▼f▽、搜索索引表γ▼w▽、删除索引表γ▼d▽,后两者是在每次搜索过程中根据搜索凭证和访问格式逐渐建立的,有效分摊了总的搜索时间,且关键词二次搜索的时间消耗为常量。为提高◣更新效率,与原算法相比,增加了删除索引表,测试结果表明,改进后的方案删除操作的时间消耗一般可减少30%~60%。通过泄露函数证明在更新过程中不会泄露访问格式外的更多信息,安全性较高。     

Efficient searchable symmetric encryption supporting range queries

International Journal of Information Security - The demand for cloud storage services continuously increases putting at risk the privacy of the outsourced data. Data encryption is the obvious...     

具有高效授权的无证书公钥认证可搜索加密方案

设计了1个高效授权的无证书密码环境下的公钥认证可搜索加密方案的安全模型,并提出了具体的具有高效授权的无证书公钥认证可搜索加密方案。该方案中云服务器利用数据属主对密文关键词索引的签名进行数据属主的身份验证;其次,数据用户对授权服务器进行授权,授权服务器可以对数据用户进行验证,若数据用户合法,则协助数据用户对云服务器返回的密文执行有效性的验证;同时,数据属主与数据用户利用云服务器公钥生成的密文关键词索引与陷门搜索凭证,可以保证密文关键词索引与陷门搜索凭证满足公开信道中的传输安全。最后使用仿真验证了所提方案的效率。     

Multi keyword searchable attribute based encryption for efficient retrieval of health Records in Cloud

Personal Health Record (PHR) is an online electronic application used by patients to store, retrieve and share their health information in a private and secure environment. While outsourcing the PHR into cloud environment, there exist issues in privacy while storing, searching and sharing of health information. To overcome these issues, an efficient retrieval of health records using Multi Keyword Searchable Attribute Based Encryption (MK-SABE) is proposed. To manage the increasing PHR data in the cloud, an Authorized File Level Deduplication technique is adopted. It eliminates redundant files, thereby reducing the communication overhead. Moreover, PHR data is encrypted before outsourcing and to perform searching over encrypted data, the proposed MK-SABE introduces Conjunctive Multi Keyword Searchable Attribute Based Encryption (CM-SABE). This maintains the searchable property after encryption for efficient retrieval of health files using range query. Further to ensure the trustworthiness while sharing the sensitive data, MK-SABE introduces the Location Based Encryption (LBE) and Dynamic Location Based ReEncryption (DLBRE) technique to provide additional security. From the experimental analysis, it is proved that the proposed MK-SABE reduces the storage complexity by 5%, keyword search time by 25% and improves the overall performance of PHR by 40% compared to the existing schemes.

     

可撤销的多关键字公钥可搜索加密方案

在云计算应用中,为保证隐私数据安全,用户需要将数据在本地加密后再上传至云服务器。可搜索加密技术允许用户直接检索服务器上的加密数据,获得检索权限的用户往往可以无限制地检索密文。在现实应用中,用户密钥的丢失及恶意攻击容易对隐私数据产生安全威胁,用户不应该持续保持对数据的检索能力。为此,提出了一个支持用户检索权限撤销的公钥可搜索加密方案。将系统的整个生命周期划分为不同时段,下个时段的密文由上个时段的密文进化而来,通过密文进化及时间密钥的分发控制实现用户权限的撤销。方案在支持多关键字检索的同时降低方案的计算开销,并且撤销用户对此前时刻所有密文的检索能力,保证密文的前向安全性。     

Extending metric index structures for efficient range query processing

Databases are getting more and more important for storing complex objects from scientific, engineering, or multimedia applications. Examples for such data are chemical compounds, CAD drawings, or XML data. The efficient search for similar objects in such databases is a key feature. However, the general problem of many similarity measures for complex objects is their computational complexity, which makes them unusable for large databases. In this paper, we combine and extend the two techniques of metric index structures and multi-step query processing to improve the performance of range query processing. The efficiency of our methods is demonstrated in extensive experiments on real-world data including graphs, trees, and vector sets.     

SEOT: Secure dynamic searchable encryption with outsourced ownership transfer

When one enterprise acquires another, the electronic data of the acquired enterprise will be transferred to the acquiring enterprise. In particular, if the data system of acquired enterprise contains a searchable encryption mechanism, the corresponding searchability will also be transferred. In this paper, we introduce the concept of Searchable Encryption with Ownership Transfer (SEOT), and propose a secure SEOT scheme. Based on the new structure of polling pool, our proposed searchable encryption scheme not only achieves efficient transfer of outsourced data, but also implements secure transfer of data searchability. Moreover, we optimize the storage cost for user to a desirable value. We prove our scheme can achieve the secure characteristics, then carry out the performance evaluation and experiments. The results demonstrate that our scheme is superior in efficiency and practicability.     

基于错误学习的自适应等级可搜索加密方案

针对现有分等级可搜索加密方案存在不能有效抵抗量子攻击以及不能灵活添加与删除等级的问题,提出一种基于错误学习的自适应等级可搜索加密（AHSE）方案。首先,利用格的多维特点并基于格上错误学习（LWE）问题,使该方案能有效抵抗量子攻击;其次,构造条件键对用户进行明确的等级划分,使用户只能搜索其所属等级下的文件,实现有效的等级访问控制;同时,设计一种分段式索引结构,其等级能够灵活添加与删除,具有良好的自适应性,可以满足不同粒度访问控制的需求,并且,该方案中所有用户仅共享一张分段式索引表即可实现搜索,从而有效提高搜索效率;最后,理论分析表明,该方案中用户和文件的更新、删除以及等级变动简单、易于操作,适用于动态的加密数据库、云医疗系统等环境。     

RS-store: RDMA-enabled skiplist-based key-value store for efficient range query

Many key-value stores use RDMA to optimize the messaging and data transmission between application layer and the storage layer, most of which only provide point-wise operations. Skiplist-based store can support both point operations and range queries, but its CPU-intensive access operations combined with the high-speed network will easily lead to the storage layer reaches CPU bottlenecks. The common solution to this problem is offloading some operations into the application layer and using RDMA bypassing CPU to directly perform remote access, but this method is only used in the hash tablebased store. In this paper, we present RS-store, a skiplist-based key-value store with RDMA, which can overcome the CPU handle of the storage layer by enabling two access modes: local access and remote access. In RS-store, we redesign a novel data structure R-skiplist to save the communication cost in remote access, and implement a latch-free concurrency control mechanism to ensure all the concurrency during two access modes. RS-store also supports client-active range query which can reduce the storage layer’s CPU consumption. At last, we evaluate RS-store on an RDMA-capable cluster. Experimental results show that RS-store achieves up to 2x improvements over RDMA-enabled RocksDB on the throughput and application’s scalability.     

Efficient and dynamic verifiable multi-keyword searchable symmetric encryption with full security

Multimedia Tools and Applications - Increasing the popularity of cloud computing raises the importance of efforts to improve the services of this paradigm. Searching over encrypted data is a...     

对称可搜索加密技术研究进展

具有前向隐私和后向隐私的动态对称可搜索加密(dynamic searchable symmetric encryption, DSSE)方案能够支持动态添加和删除密文索引且具有较高的搜索效率,一直是近年来研究的热点. 针对Aura方案中存在密文存储开销大和误删除的问题,给出了对称可撤消加密（symmetric revokable encryption,SRE）原语更严格的正确性定义,从理论上分析了误删除发生的条件,通过设计穿刺密钥位置选择算法,避免了哈希碰撞导致的节点位置重用. 在此基础上,构造了基于SRE对称可搜索加密方案. 方案利用多点可穿刺伪随机函数实现一次穿刺所有未使用节点,既有效降低了搜索时服务器的计算开销,又可避免提前暴露未使用密钥,提高方案的安全性. 最后,从搜索效率、存储开销、通信开销和安全性等方面对方案进行了分析. 理论分析和实验结果表明,所提方案不仅能够减小服务器密文存储时的空间开销,避免误删除索引,而且在大规模节点下具有更高的搜索效率.

     

Trapdoor security in a searchable public-key encryption scheme with a designated tester

We study a secure searchable public-key encryption scheme with a designated tester (dPEKS). The contributions of this paper are threefold. First, we enhance the existing security model to incorporate the realistic abilities of dPEKS attackers. Second, we introduce the concept of “trapdoor indistinguishability” and show that trapdoor indistinguishability is a sufficient condition for thwarting keyword-guessing attacks. This answers the open problem of how to construct PEKS (dPEKS) schemes that are provably secure against keyword-guessing attacks. Finally, we propose a dPEKS scheme that is secure in the enhanced security model. The scheme is the first dPEKS scheme that is secure against keyword-guessing attacks.     

A multi-user searchable encryption scheme with keyword authorization in a cloud storage

Multi-user searchable encryption (MSE) allows a user to encrypt its files in such a way that these files can be searched by other users that have been authorized by the user. The most immediate application of MSE is to cloud storage, where it enables a user to securely outsource its files to an untrusted cloud storage provider without sacrificing the ability to share and search over it. Any practical MSE scheme should satisfy the following properties: concise indexes, sublinear search time, security of data hiding and trapdoor hiding, and the ability to efficiently authorize or revoke a user to search over a file. Unfortunately, there exists no MSE scheme to achieve all these properties at the same time. This seriously affects the practical value of MSE and prevents it from deploying in a concrete cloud storage system. To resolve this problem, we propose the first MSE scheme to satisfy all the properties outlined above. Our scheme can enable a user to authorize other users to search for a subset of keywords in encrypted form. We use asymmetric bilinear map groups of Type-3 and keyword authorization binary tree (KABtree) to construct this scheme that achieves better performance. We implement our scheme and conduct performance evaluation, demonstrating that our scheme is very efficient and ready to be deployed.     

基于无证书的具有否认认证的可搜索加密方案

物联网环境下,云存储技术的发展和应用降低用户数据的存储和管理开销并实现资源共享。为了保护用户的身份隐私,提出一种具有否认认证特性的可搜索加密方案。发送方对原始数据进行可否认加密并将密文上传,而接收端在密文的确认阶段无法向第三方证明数据的来源,保障了数据的安全性。相较于基于身份认证的单一设计,提出方案利用无证书密码技术解决了传统方案中密钥托管和密钥撤销阶段中存在的弊端,同时也实现了可否认加密的密态搜索。最后,对提出方案进行了严格的安全性分析。实验结果表明该方案可以较好地完成可搜索加密任务。     

Symmetric quantum fully homomorphic encryption with perfect security

Suppose some data have been encrypted, can you compute with the data without decrypting them? This problem has been studied as homomorphic encryption and blind computing. We consider this problem in the context of quantum information processing, and present the definitions of quantum homomorphic encryption (QHE) and quantum fully homomorphic encryption (QFHE). Then, based on quantum one-time pad (QOTP), we construct a symmetric QFHE scheme, where the evaluate algorithm depends on the secret key. This scheme permits any unitary transformation on any $n$ -qubit state that has been encrypted. Compared with classical homomorphic encryption, the QFHE scheme has perfect security. Finally, we also construct a QOTP-based symmetric QHE scheme, where the evaluate algorithm is independent of the secret key.     

Keyword guessing attacks on secure searchable public key encryption schemes with a designated tester

The first searchable public key encryption scheme with designated testers (dPEKS) known to be secure against keyword guessing attacks was due to Rhee et al. [H.S. Rhee, W. Susilo, and H.J. Kim, Secure searchable public key encryption scheme against keyword guessing attacks, IEICE Electron. Express 6(5) (2009), pp. 237–243]. Recently, some dPEKS schemes, including the Rhee et al. scheme, were found to be vulnerable to keyword guessing attacks by a malicious server. However, the Rhee et al. dPEKS scheme and its improved variants are still known to be secure against keyword guessing attack by the outsider attacker to date. In this paper, we present a keyword guessing attack by the outsider attacker on the existing dPEKS schemes. We first describe the attack scenario which is possible in the current nature of the Internet and public key encryption with keyword search applications, e.g. email routing. We then demonstrate the detailed attack steps on the Rhee et al. scheme as an attack instance. We emphasize that our attack is generic and it equally applies to all existing dPEKS schemes that claim to be secure against keyword guessing attacks by the outsider attacker.     

Symmetric keys image encryption and decryption using 3D chaotic maps with DNA encoding technique

In present digital era, multimedia like images, text, documents and videos plays a vital role, therefore due to increase in usage of digital data; there comes high demand of security. Encryption is a technique used to secure and protect the images from unfair means. In cryptography, chaotic maps play an important role in forming strong and effective encryption algorithm. In this paper 3D chaotic logistic map with DNA encoding is used for confusion and diffusion of image pixels. Additionally, three symmetric keys are used to initialize 3D chaos logistic map, which makes the encryption algorithm strong. The symmetric keys used are 32 bit ASCII key, Chebyshev chaotic key and prime key. The algorithm first applies 3D non-linear logistic chaotic map with three symmetric keys in order to generate initial conditions. These conditions are then used in image row and column permutation to create randomness in pixels. The third chaotic sequence generated by 3D map is used to generate key image. Diffusion of these random pixels are done using DNA encoding; further XOR logical operation is applied between DNA encoded input image and key image. Analysis parameters like NPCR, UACI, entropy, histogram, chi-square test and correlation are calculated for proposed algorithm and also compared with different existing encryption methods.