Showing total 6 results

1. Order-Hiding Range Query over Encrypted Data without Search Pattern Leakage.

Author

Dou, Yi, Chan, Henry C B, and Au, Man Ho

Subjects

COMPUTER security, DATA encryption, COMPUTER network security, ACCESS control, DATABASE management

Abstract

For cloud data storage, data privacy and security are two key concerns. Although sensitive data can be encrypted before they are stored in the cloud, the encrypted data can hardly be processed efficiently. Hence, a lightweight solution is required to satisfy both high security and high efficiency requirements. In this paper, we study the problem of range query over encrypted data. The main idea is to transform the range comparison to a privacy-preserving set intersection operation. To protect record privacy, our scheme builds searchable encrypted indexes for records that are secure against inference attack. To ensure the privacy of range queries, non-deterministic encryption, which has not been achieved in range query before, is proposed to hide the search pattern of queries. During range comparison, our scheme neither leaks the order relationship between the upper/lower bound of a range query and the encrypted index, nor produces false positives in the query results. We have implemented our scheme and evaluated its performance in comparison with other schemes. The comparison results indicate that our scheme has a shorter index size and search time than the order-revealing encryption (ORE) scheme when the processing unit is large. Meanwhile, our scheme only leaks the access pattern, and is proved to be more secure than existing schemes. [ABSTRACT FROM AUTHOR]

Published

2018

2. Enforcing Role-Based Access Control for Secure Data Storage in the Cloud.

Author

Zhou, Lan, Varadharajan, Vijay, and Hitchens, Michael

Subjects

ELECTRONIC information resources, ACCESS control, CLOUD computing, INFORMATION storage & retrieval systems, DATA security, DATA encryption, ALGORITHMS

Abstract

In recent times, there has been increasing interest in storing data securely in the cloud environment. To provide owners of data stored in the cloud with flexible control over access to their data by other users, we propose a role-based encryption (RBE) scheme for secure cloud storage. Our scheme allows the owner of data to store it in an encrypted form in the cloud and to grant access to that data for users with specific roles. The scheme specifies a set of roles to which the users are assigned, with each role having a set of permissions. The data owner can encrypt the data and store it in the cloud in such a way that only users with specific roles can decrypt the data. Anyone else, including the cloud providers themselves, will not be able to decrypt the data. We describe such an RBE scheme using a broadcast encryption algorithm. The paper describes the security analysis of the proposed scheme and gives proofs showing that the proposed scheme is secure against attacks. We also analyse the efficiency and performance of our scheme and show that it has superior characteristics compared with other previously published schemes. [ABSTRACT FROM AUTHOR]

Published

2011

3. Securing Outsourced Data in the Multi-Authority Cloud with Fine-Grained Access Control and Efficient Attribute Revocation.

Author

JUNWEI ZHOU, HUI DUAN, LIANG, KAITAI, QIAO YAN, FEI CHEN, YU, F. RICHARD, JIEMING WU, and JIANYONG CHEN

Subjects

CLOUD storage, ACCESS control, DATA encryption, COMPUTER security, SECURITY systems

Abstract

Data outsourcing is a promising service for data owners, where their data are stored on a cloud storage provider. Since the cloud is not fully trusted, data access control has become a challenging issue in the Cloud Storage System (CSS). Ciphertext-Policy Attribute-Based Encryption (CP-ABE) is a feasible technique for ensuring access control in the CSS, where an attribute authority is responsible to manage attributes and distribute keys. In this paper, we propose a novel revocable Multi-Authority CP-ABE scheme, in which the access policy can be constructed as an arbitrary tree rather than a matrix used by existing schemes. The tree-like policy makes our scheme more flexible. Consequently, the encryption, decryption and attribute revocation operations are also more efficient. Our scheme is also proved to be secure under the standard assumption. It can resist user collusion attack, while the attribute revocation operation also achieves both forward security and backward security. Simulation results show that our scheme is highly efficient. [ABSTRACT FROM AUTHOR]

Published

2017

4. Matrix FHE and Its Application in Optimizing Bootstrapping.

Author

Wang, Biao, Wang, Xueqing, Xue, Rui, and Huang, Xinyi

Subjects

HOMOMORPHISMS, COMPUTER security, CRYPTOGRAPHY, DATA encryption, COMPUTER network security, CLOUD computing, ACCESS control

Abstract

We propose a fully homomorphic encryption (FHE) scheme that encrypts matrices. Our scheme supports homomorphic matrix addition, multiplication and Hadamard product. In PKC 2015, Hiromasa et al. constructed the only FHE scheme that encrypts matrices and supports homomorphic matrix addition and multiplication. Compared with their work, the advantages of our scheme are the following: (1) Small ciphertext size : For a plaintext matrix M ∈ {0,1} r × r ⁠, the size of ciphertext matrix is r × (n + r) ⁠, in contrast to (n + r) × (n + r) ⌈ log q ⌉ in their work. (2) Standard assumption : The security is based on LWE assumption merely, while the security of scheme in their work depends additionally on some special kind of circular security assumption. (3) Supporting homomorphic matrix Hadamard product. We show how to apply the proposed scheme to optimize the bootstrapping procedure of Alperin-Sheriff and Peikert, in a way similar to the work of Hiromasa, Abe and Okamoto. Due to smaller ciphertext matrices, the bootstrapping key of our optimized bootstrapping procedure is smaller than that in the work of Hiromasa, Abe and Okamoto by a factor of (n / r + 1) ⌈ log q ⌉ ⁠. [ABSTRACT FROM AUTHOR]

Published

2018

5. Defense Mechanism for Malicious and Selective Forwarding Attacks in Large and Mobile Wireless Networks.

Author

Chuang, Yung-Ting and Lee, Yi-Fan

Subjects

COMPUTER security, SECURITY systems, ACCESS control, DATA encryption, INTERNET security

Abstract

People are constantly using mobile technologies to exchange perspectives across the world. The search services they use, however, belong to centralized systems that may be easily censored. The Peer-to-Peer retrieval system was created to impede censorship of online information, but the decentralized nature of P2P makes it difficult to infer information that cannot be measured directly, such as the proportion of subversion, selfish nodes, network size, or churn rate. Recent advances have pushed providers toward large-scale wireless networks where data retrieval is difficult. Thus, we propose a defense mechanism that can: (1) tackle censorship issues; (2) employ probability density function, exponential weighted moving average and modified Chi-squared tests to estimate the proportion of malicious and selfish nodes; (3) defend against malicious and selective-forwarding attacks by adjusting the number of forwarding levels and requests to ensure high-match probability; (4) maintain high-retrieval rates even in large and highly mobile networks; and (5) guarantee robustness compared to other search systems. A series of experiments demonstrated our algorithm's high-retrieval rate, reasonable costs, mobility resilience, and robustness, demonstrating that the algorithm can work well when the network size is large and/or has a large proportion of selfish nodes, malicious nodes and mobile nodes. [ABSTRACT FROM AUTHOR]

Published

2018

6. Secure and Efficient Attribute-Based Encryption with Keyword Search.

Author

Wang, Haijiang, Dong, Xiaolei, Cao, Zhenfu, and Li, Dongmei

Subjects

KEYWORD searching, DATA encryption, ACCESS control, DATA warehousing, ALGORITHMS

Abstract

Attribute-based encryption with keyword search (ABKS) is a system that supports keyword search and access control. By inheriting from attribute-based encryption technology, most current ABKS schemes incur large computation costs in encryption phase and keyword search phase. In a typical implementation, the size of ciphertext is proportional to the number of attributes associated with the access policy, so that the keyword search time and the decryption time are proportional to the number of attributes used in the access policy. To deal with the above problem, we present a new ciphertext-policy attribute-based encryption with fast keyword search scheme. Our scheme preserves the fine-grained access control inherited from the ABE system while supporting hidden policy and fast keyword search. In particular, the proposed scheme can efficiently support AND-gate access policy with multiple attribute values. Moreover, our scheme features multi-value-independent which have constant computation costs compared with the existing ABKS schemes. With the “aggregation” technique, the keyword search phase only needs three pairings, which is a great advantage over previous ABKS schemes. We offer rigorous security proof of our scheme, and the performance analysis demonstrates the efficiency of our scheme. [ABSTRACT FROM AUTHOR]

Published

2018