Your search keyword '"DATA encryption"' showing total 211 results

1. A Pairing-free Dynamic Multi-receiver Certificateless Authenticated Searchable Encryption for cloud storage.

Author

Chenam, Venkata Bhikshapathi and Ali, Syed Taqi

Subjects

*CLOUD storage, *DATA encryption, *DATA privacy, *COMPUTER access control, *CRYPTOGRAPHY

Abstract

In the current age of constrained local storage capacity, ensuring the security and privacy of user data against unauthorized third-party access has grown significantly more vital. Searchable Encryption (SE) has arisen as a promising method for preserving the confidentiality of user data while also enabling efficient search capabilities. Certificateless Searchable Encryption (CLSE) stands out among a range of SE cryptosystems by effectively addressing issues related to certification management and key escrow. Nevertheless, the majority of current CLSE approaches heavily depend on computationally intensive bilinear pairings and do not offer robust support for conjunctive keyword searches in multi-receiver scenarios. To address these limitations, we propose a Pairing-free Dynamic Multi-receiver Certificateless Authenticated Searchable Encryption (PDMCLASE) scheme. PDMCLASE focuses on three essential features: (1) Dynamic multi-receiver functionality, enabling new data receivers to access documents while revoking access for existing receivers; (2) Conjunctive subset keyword search, empowering data receivers to perform efficient conjunctive searches on subsets of keywords; and (3) Data sender authentication, ensuring the authenticity of keyword encryption by the data sender. Furthermore, PDMCLASE attains keyword privacy by leveraging elliptic curve hardness problems within the standard model. Through our performance analysis, we establish that PDMCLASE not only delivers improved functionality but also demonstrates reduced computational overhead when compared to alternative schemes. [ABSTRACT FROM AUTHOR]

Published

2024

2. GR-NTRU: Dihedral group over ring of Eisenstein integers.

Author

Kumar, Vikas, Das, Rohan, and Gangopadhyay, Aditi Kar

Subjects

*INTEGERS, *CRYPTOSYSTEMS, *POLYNOMIALS, *NONCOMMUTATIVE rings, *DATA encryption

Abstract

NTRU is a lattice-based cryptosystem built on a convolutional ring of polynomials. There are many generalizations of NTRU in the literature; however, group ring NTRU, or GR-NTRU, is the most reasonable description of NTRU as a general framework to design its variants. Most versions are commutative and are obtained by changing the ring of coefficients while keeping the cyclic structure intact. In this work, we analyze the noncommutative version of GR-NTRU designed with the group ring of dihedral group over the ring of Eisenstein integers. We experimentally test the size of the keyspace of this new variant and find that it is comparable and even larger for certain parameters compared to the existing commutative counterpart. We observe that although it is slightly slow in terms of speed of encryption and decryption, it has higher lattice security. [ABSTRACT FROM AUTHOR]

Published

2024

3. The implementation of polynomial multiplication for lattice-based cryptography: A survey.

Author

Zeng, Chenkai, He, Debiao, Feng, Qi, Peng, Cong, and Luo, Min

Subjects

*PUBLIC key cryptography, *MULTIPLICATION, *QUANTUM computing, *FACTORIZATION, *DATA encryption

Abstract

The advent of quantum computing threatens the security of traditional public-key cryptography. Algorithms for quantum computing have the ability to solve the large prime factorization and the discrete logarithm problem in polynomial time. To deal with the threat, post-quantum cryptography (PQC) primitives and protocols were proposed. Lattice-based cryptography (LBC) is the promising post-quantum cryptography, both in traditional and emerging security scenarios such as public-key encryption, homomorphic encryption and oblivious transfer. Theoretically, the algebraic structure of the lattice provides a secure fundamental for LBC. In contrast, the implementation should consider the balance of time, space, and resources for realization on various programmable platforms. In the implementation of lattice-based cryptography, polynomial multiplication is the primary operation accounting for about 30% of the execution. To improve the performance of LBC schemes, various efficient algorithms have been proposed over decades. This work focuses on approaches to accelerate polynomial multiplication used in LBC schemes. First, we review and compare three polynomial multiplication algorithms, Number Theory Transform (NTT), Karatsuba algorithm and Toom–Cook algorithm. Then we present a comprehensive survey of implementation on programmable platforms such as Graphics Processing Unit (GPU) and Field-Programmable Gate Array (FPGA). At last, we summarize the future trend of implementing polynomial multiplication and provide recommendations. [ABSTRACT FROM AUTHOR]

Published

2024

4. Designated server proxy re-encryption with boolean keyword search for E-Health Clouds.

Author

Hu, Boli, Zhang, Kai, Gong, Junqing, Wei, Lifei, and Ning, Jianting

Subjects

*DATA encryption, *CLOUD computing, *INFORMATION services, *DATA security, *DATA privacy

Abstract

E-Health Cloud can provide remote, accurate, real-time, intelligent information services for healthcare. Despite the benefits brought by data outsourcing, it may also cause data breaches and compromise user privacy. Searchable encryption can provide data security and search services in the encrypted data domain. However, in E-Health Cloud, users may have some other special needs, such as sharing their health information with doctors during the treatment period and updating the data access right when they transfer from one hospital to another. Some works introduced the primitive proxy re-encryption with public keyword search (Re-PEKS) to meet the above needs. However, the state-of-the-art solutions cannot support expressive boolean query, and its search cost time increases linearly with total number of outsourced documents, this is very impractical in huge E-Health Cloud system. An efficient Re-PEKS scheme termed PRTDs is proposed in this article to address this problem. PRTDs supports sub-linear boolean query, time controlled data sharing, and re-encryption to change data users simultaneously. To compare PRTDs with the most advanced time-enabled Re-PEKS scheme, we also implement exhaustive comparative experiments on HUAWEI Cloud with the Enron dataset, and the results show that PRTDs has a better performance on encryption and searching. [ABSTRACT FROM AUTHOR]

Published

2024

5. A randomized encryption deduplication method against frequency attack.

Author

Wu, Xinyan, Li, Jin, Wang, Huanwei, Liu, Xiaoguang, Wu, Weifeng, and Li, Fagen

Subjects

*DATA encryption, *CLOUD storage, *CLIENT/SERVER computing, *STOCHASTIC convergence, *DATA security

Abstract

Encryption deduplication technology first encrypts the file or chunks of data, then detects and removes duplicate ciphertexts, storing only one copy on the cloud storage server (CSP). Although traditional encryption deduplication schemes have the function of ciphertext deduplication, they also have a serious problem. Since the key generation algorithm and the encryption algorithm are deterministic, the frequency of plaintext chunking will be leaked. It is possible for the attacker to infer the information of the plaintext. We propose a Randomized Encryption deduplication method against Frequency Attack (REFA) that provides high randomness in ciphertexts. The core idea of REFA is that after obtaining a convergence key generated with the aid of a key server, the user randomizes the convergence key with a random value of the same length. Then, REFA encrypts the plaintext chunk with a randomized key. Our scheme hides the random value in the ciphertext and encrypts the convergence key for user ownership verification. REFA perfectly masks the frequency of plaintext chunks and has high storage efficiency and data security. Furthermore, the CSP performs ciphertext updates with ciphertexts uploaded by subsequent users. REFA can effectively protect against frequency analysis attacks. [ABSTRACT FROM AUTHOR]

Published

2024

6. An easy-to-implement construction for [formula omitted]-threshold progressive visual secret sharing schemes.

Author

Chen, Hong-Bin, Hsu, Hsiang-Chun, Huang, Cang-Wei, and Juan, Justie Su-Tzu

Subjects

*CRYPTOGRAPHY, *DATA encryption, *INFORMATION sharing, *PASCAL'S triangle, *BINOMIAL coefficients

Abstract

Visual cryptography encrypts the secret image into n shares (transparency) so that only stacking a qualified number of shares can recover the secret image by the human visual system while no information can be revealed without a large enough number of shares. This paper investigates the (k , n) -threshold Visual Secret Sharing (VSS) model, where one can decrypt the original image by stacking at least k shares and get nothing with less than k shares. There are two main approaches, which have been showed equivalent in some sense, in the literature: codebook-based schemes and random-grid-based schemes; the former is the case of this paper. In general, given any positive integers k and n , it is not easy to design a valid scheme for the (k , n) -threshold VSS model. In this paper, we propose a simple strategy to construct an efficient scheme for the (k , n) -threshold VSS model for any positive integers 2 ≤ k ≤ n. The crucial idea is to establish a seemingly unrelated connection between the (k , n) -threshold VSS scheme and a mathematical structure — the generalized Pascal's triangle. This paper improves and extends previous results in four aspects: • Our construction offers a unified viewpoint and covers several known results. • The resulting scheme has a progressive-viewing property that means the more shares being stacked together the clearer the secret image would be revealed. • The proposed scheme can be constructed explicitly and efficiently based on the generalized Pascal's triangle without a computer. • Performance of the proposed scheme is comparable with known results. [ABSTRACT FROM AUTHOR]

Published

2024

7. A decentralized multi-authority CP-ABE scheme from LWE.

Author

Yao, Yun-Fei, Chen, Hui-Yan, Gao, You, Wang, Ke, and Yu, Hao-Yang

Subjects

*DATA encryption, *CLOUD computing, *DATA security, *CRYSTAL defects, *DISTRIBUTED computing

Abstract

As a cryptographic primitive supporting finer and richer access control, attribute-based encryption can provide more efficient, concise, secure and highly adaptive access control policies for cloud data, which has attracted the attention of many researchers. However, in a standard ABE scheme, the key can only be generated and issued by a central authority. The single authorization center has a heavy load and is vulnerable to attack. Once the center is paralyzed, it will bring serious security consequences. Multi-authorization center attribute encryption (MA-ABE) allows multiple parties to play an authoritative role, which can solve this problem. In this paper, we propose a MA-ABE scheme, which combines a global ID model, a two-stage sampling technique on a lattice and a monotonous linear secret sharing schemes (M-LSSS) to achieve a static security against arbitrary collusion in the random oracle model, in which the access policy of the scheme is expressed by DNF formula. Technically, our scheme is an improvement on the work of Datta et al. (2021), through this improvement, we can get shorter ciphertext and smaller key size. [ABSTRACT FROM AUTHOR]

Published

2024

8. Homomorphic encrypted Yara rules evaluation.

Author

Petrean, Diana-Elena and Potolea, Rodica

Subjects

*MALWARE, *DATA encryption, *DATA security, *PATTERN matching, *STATISTICS

Abstract

Malware signatures represent a powerful tool for malware detection and classification, widely used by security researchers and security solution providers. Yara rules describe malware based on string patterns that are evaluated on targeted files. Generally, the security provider sends signatures to the client endpoints and the rule evaluation is performed locally, such that the scanned files do not leave the client machines. However, if a zero-day vulnerability is discovered and the security provider exposes the corresponding signature, there is a considerable risk to also disclose the unpatched vulnerability. A solution is represented by homomorphic encrypted Yara rules, which can be evaluated on targeted files without being decrypted. In this article, we propose a homomorphic Yara rules evaluation method and do a comparative analysis with the HENFA method (Homomorphic Encryption for Finite Automata (Genise et al., 2019)). For our method, we propose a fully homomorphic exact string matching algorithm based on the TFHE scheme (Fully Homomorphic Encryption over the Torus (Chillotti et al., 2020)). In order to determine how suitable is the exact string matching approach in practice, we analyze a public Yara rules repository and generate various statistics about the patterns used in the Yara rules. For the two homomorphic Yara rules matching methods, both theoretical and experimental comparative evaluations are presented. Our proposed method implies ciphertexts with smaller sizes and has better efficiency in the average testing scenarios compared to the HENFA method. [ABSTRACT FROM AUTHOR]

Published

2024

9. Fingerprint image encryption based on chaos and nonlinear dynamic "X" model diffusion.

Author

Liu, Huipeng, Teng, Lin, Unar, Salahuddin, Liu, Pengbo, and Wang, Xingyuan

Subjects

*HUMAN fingerprints, *IMAGE encryption, *ALGORITHMS, *PERFORMANCE evaluation, *DATA encryption

Abstract

It is analyzed that the important part of the fingerprint image is concentrated in one part of the image, and the gray image is the part with useful information in the whole image. Therefore, this paper combines a new fingerprint image encryption algorithm proposed by combining two new one-dimensional chaotic systems, nonlinear functions, and rules with a dynamic "X" model. We propose two new one-dimensional chaotic systems, one is Sin-Cos chaotic system (SCCS) and the other is Cos-Cos chaotic system (CCCS). Firstly, the fingerprint image is binarized and the contour is extracted to get the area of the fingerprint in the image. Then, for the fingerprint area, a round of encryption is carried out by using nonlinear rules and 24 rules of the dynamic X model. Then the whole image is separated into several parts according to the fingerprint position, read into a sequence at one time, and the whole fingerprint image is scrambled and diffused synchronously by using nonlinear rules and functions. The entropy, NPCR, and UACI of the algorithm are very close to the ideal value, and the performance in time efficiency is passable. The algorithm is extremely secure in a large number of test performance analysis results. [ABSTRACT FROM AUTHOR]

Published

2024

10. On the security of JPEG image encryption with RS pairs permutation.

Author

Yuan, Yuan, He, Hongjie, Chen, Fan, and Qu, Lingfeng

Subjects

*DATA encryption, *COMBINED sewer overflows, *NEURAL circuitry, *PERMUTATION indexes, *COMPUTER security

Abstract

Recently, a JPEG encryption scheme with RS (run/size) pairs multi-permutation and block permutation has been proposed, which mainly improves security by extracting the expected number of RS pairs for global permutations that need overflow processing. However, it still has the risk of information leakage under the chosen plaintext attack. This is because the limited embedding capacity in overflow processing makes the overflow blocks (OBs) less. On the one hand, a few OBs make the sketch generated by non-zero coefficients count after RS pair multi-permutation visually indistinguishable from the original sketch. On the other hand, a few OBs limit the number of extracted RS pairs that can participate in global permutation, so there are many partially extracted blocks (PEBs) containing unextracted RS pairs. More PEBs make the accuracy of the estimated block permutation sequence high, because the unique plaintext block can be constructed as long as there is an unextracted RS pair in an encrypted block. Simulation results show that the correct ratio of block permutation sequence is not less than 60 %. The highest and average PSNRs between the attacked sketch and the original one reach up to 47.07 dB and 27.42 dB, respectively. [ABSTRACT FROM AUTHOR]

Published

2024

11. Encryption-based sub-string matching for privacy-preserving record linkage.

Author

Vaiwsri, Sirintra, Ranbaduge, Thilina, and Christen, Peter

Subjects

*DATA encryption, *PRIVACY, *CIPHER & telegraph codes, *BIOINFORMATICS, *CRIMINAL investigation

Abstract

Accurate and secure string matching in record linkage is increasingly important in application domains such as bioinformatics, healthcare, and crime detection. Most existing privacy-preserving string matching techniques provide an overall similarity between a pair of strings. As a result, these techniques cannot identify the longest common sub-string between the strings in a pair leading to lower linkage quality, while existing techniques that can identify the longest common sub-string from a pair of strings have long runtimes. While blocking techniques that can be used in the record linkage pipeline improve the time complexity, each string is generally inserted into several blocks making it vulnerable to frequency based attacks. In this paper, we propose two encryption-based approaches to improve the effectiveness and efficiency of string matching in record linkage. Our approaches compare strings based on their lengths of sub-strings. In the first approach, we encrypt the sub-string lengths into individual ciphertexts and compare a pair of ciphertexts based on the corresponding sub-string. In the second approach, we encrypt multiple lengths of sub-strings into a single ciphertext that allows efficient comparison of ciphertexts. We evaluate our approaches on real-world datasets and validate the accuracy, complexity, and privacy compared to four baselines, showing that our approaches outperform all baselines in terms of complexity and privacy while providing higher linkage quality than a standard privacy-preserving record linkage technique. • Accurate and secure string matching based on longest common sub-string is increasingly important in application domains such as bioinformatics, healthcare, and crime detection. • We propose two privacy-preserving string matching approaches based on lengths of sub-strings that can identify common sub-strings between databases. • In our first approach we compare the lengths of sub-strings between databases using a list of hash values generated using a special 1- and 0-encoding, while in our second approach we use an efficient encryption technique to conduct the comparison between pairs of ciphertexts from two databases efficiently. • We empirically evaluate our approaches under the linkage quality, time complexity, and privacy guarantees against several state-of-the-art privacy-preserving string matching approaches using several real datasets. • Our evaluation shows that our approaches can achieve a high linkage quality and efficiency while providing stronger privacy compared to baselines. [ABSTRACT FROM AUTHOR]

Published

2024

12. Quantum image encryption algorithm via optimized quantum circuit and parity bit-plane permutation.

Author

He, Jinwen, Zhu, Hegui, and Zhou, Xv

Subjects

*IMAGE encryption, *CONVERGENT evolution, *DATA encryption, *ROBUST statistics, *COMPUTER security

Abstract

Quantum image encryption technology employs the unique features of superposition, entanglement, and quantum state instability, offering advantages like high efficiency, parallelism, and robust resistance to decryption attempts. In this work, we propose a quantum image encryption algorithm via an optimized quantum circuit and parity bit-plane permutation named OCPBP. Our research commences with applying an optimization algorithm to BRQI image preparation. This optimization significantly reduces the number of auxiliary qubits from n +3 to 2 in the preparation of (n +5)-CNOT gate preparation. This reduction makes a significant simplification of the complexity and memory space required for BRQI image preparation. Moreover, we introduce an innovative operation based on parity pixel bit-planes for permutation, which provides a fresh perspective on quantum image encryption based on the BRQI model. Furthermore, we generate quantum key images for XOR operations using the improved logistic map, effectively tackling the challenge of non-random keys that can be a concern in conventional BRQI encryption techniques. We also perform a row-column-based permutation operation to enhance the algorithm's resilience against potential attacks. Through extensive theoretical analysis and comparative experiments, we confirm the heightened security and reduced complexity of the proposed OCPBP algorithm compared to BRQI-based and chaotic image encryption methods. It holds significant promise for improving quantum image communication and application. [ABSTRACT FROM AUTHOR]

Published

2024

13. Certificate-based authenticated encryption with keyword search: Enhanced security model and a concrete construction for Internet of Things.

Author

Shiraly, Danial, Eslami, Ziba, and Pakniat, Nasrollah

Subjects

*INTERNET of things, *COMPUTER security, *CLOUD computing, *DATA encryption

Abstract

The Internet of Things (IoT) devices produce a humongous amount of data frequently stored on cloud servers, and as a result, cryptographic techniques to guarantee the privacy of outsourced data while preserving search ability on servers are becoming indispensable research topics. A prominent example of such topics is the concept of public key authenticated encryption with keyword search (PAEKS). In spite of the large number of PAEKS schemes in the literature, most existing schemes exhibit issues in certificate management, key escrow, or even key distribution. To address these issues, recently, PAEKS schemes in the certificate-based setting have gained attention. To the best of our knowledge, there exist only two Certificate-Based Authenticated Encryption with Keyword Search (CBAEKS) schemes, both presented with rather weak security models based on single keyword challenges. In this paper, we propose an enhanced security model for CBAEKS which captures notions of multi-ciphertext and multi-trapdoor indistinguishability, then proceed to devise a concrete instantiation for a CBAEKS scheme and formally prove its security under our enhanced model. Furthermore, we prove that the existing CBAEKS schemes are insecure under the enhanced security model. Comparisons with related schemes in the literature are also provided to demonstrate that the enhanced security is achieved at some affordable costs. [ABSTRACT FROM AUTHOR]

Published

2024

14. Cryptanalysis of cross-coupled chaotic maps multi-image encryption scheme.

Author

Singh, Laiphrakpam Dolendro, Thingbaijam, Rohit, Patgiri, Ripon, and Singh, Khoirom Motilal

Subjects

*DATA encryption, *LOOPHOLES, *IMAGE encryption, *CRYPTOGRAPHY, *IMAGE analysis

Abstract

Recently, Patro et al. proposed a multiple gray-scale image encryption scheme based on cross-coupled chaotic maps. The authors claimed the scheme could withstand known plain-text attacks and chosen-plaintext attacks. In this paper, we have thoroughly analysed the Patro et al. algorithm and reported the crucial loopholes. Patro et al. algorithm uses a row-wise and column-wise scrambling operation based on a secret sequence followed by a feed-forward XOR operation generating the cipher image. Exploiting the loopholes of feed-forward XOR operation and high correlation of pixels in standard images, a cryptanalysis algorithm is developed that deciphers the ciphered images generated by Patro et al. algorithm based on cipher-text only attack. Without using the secret keys, the proposed cryptanalysis algorithm successfully deciphers the cipher image and reveals the secret images. [ABSTRACT FROM AUTHOR]

Published

2024

15. Batch image encryption using cross image permutation and diffusion.

Author

Song, Wei, Fu, Chong, Zheng, Yu, Zhang, Yanfeng, Chen, Junxin, and Wang, Peipei

Subjects

*DATA encryption, *DIFFUSION, *PRIVACY, *DATA security, *STATISTICAL correlation

Abstract

Chaotic encryption mostly has been proposed to protect a single image or batch images of identical size. Typically, it splices these images into a huge one, and later performs batch image encryption. Yet, this solution may not be feasible given arbitrary-size images, which could not be directly connected one by one. To address it, we propose an arbitrary-size encryption scheme via chaos, for efficiently protecting batch/multiple images at one go. Our scheme supports to automatically read size of images, and then perform cross image permutation and diffusion. The cross image permutation is generic, which could output each permutation with equal expectation. We newly propose a bi-direction cross image diffusion, which has superior performance with only 1 round operation to spread the encryption influence to all images. At last, we conduct extensive experiments and security analyses. The experimental results show that our algorithm can mask the statistical information and resist differential attacks, with metrics such as information entropy, correlation coefficients, NPCR , and UACI closely approximating their theoretical values, namely 8, 0, 99.609%, and 33.464%, respectively. Our code is available at [ https://github.com/TcSong/CrossImgEncryption ]. [ABSTRACT FROM AUTHOR]

Published

2024

16. Ciphertext face recognition system based on secure inner product protocol.

Author

Li, Xuelian, Chen, Zhuohao, and Gao, Juntao

Subjects

*FACE perception, *DATA encryption, *COMPUTER security, *DATA privacy, *PRIVACY

Abstract

User privacy data leakage is a major weakness of current plaintext face recognition systems. This article combines Pallier homomorphic encryption algorithm with inner product protocol and face recognition to construct a ciphertext face recognition system based on inner product protocol. Firstly, we integrate the Pallier homomorphic encryption algorithm into the inner product protocol process and design a secure inner product protocol. Through simulation experiments, it can be seen that the time and communication costs of the secure inner product can be reduced to and respectively at the expense of a portion of the applicable scope, where is the vector length. Secondly, we provide specific steps for combining FaceNet face recognition algorithm with secure inner product protocol, then design a ciphertext face recognition system that does not require a trusted third party and analyze its correctness, security and time cost. Through experiments, it can be concluded that the accuracy of plaintext face recognition and ciphertext face recognition on the test set is 98.78% and 98.78%, respectively. The application of Pallier homomorphic encryption algorithm has not affected its recognition performance, which means that the system can provide high accuracy face recognition services while protecting user privacy. [ABSTRACT FROM AUTHOR]

Published

2024

17. A novel compression-based 2D-chaotic sine map for enhancing privacy and security of biometric identification systems.

Author

Rahman, Mobashshirur, Murmu, Anita, Kumar, Piyush, Moparthi, Nageswara Rao, and Namasudra, Suyel

Subjects

*BIOMETRIC identification, *DATA privacy, *DATA encryption, *STATISTICAL correlation, *COMPARATIVE studies

Abstract

Human biometric images are utilized for cell phone authentication, airport security, and biometric passports. To improve the biometric identification process, this should be protected from cyber attackers because it is sensitive to any minor changes. Thus, security is a major concern in biometric images. Traditional encryption and compression methods are ineffective for encrypting biometric images due to their high execution time and algorithm complexity. In this paper, a novel 2D chaotic sine map is proposed for generating encryption keys and improving security for biometric identification systems. The proposed scheme uses the 2D chaotic map to generate the private key and diffusion process. Here, the Hénon-Sine Map (HSM-512), Secure Hash Algorithm (SHA-256), and DNA computing are also used in the key generation process. The pixel values of the original images in the proposed schemes are shuffled using Mersenne Twister (MT) to improve the security of biometric images. Moreover, the Differential Huffman Compression (DHC) method is used for lossless compression while performing the XOR-based encryption process. The proposed model has been tested on different RGB biometric images, namely the SOCOFing dataset and the COVID-19 chest X-ray dataset. The experiment results have been evaluated using many performance metrics, such as entropy, key space, histogram analysis, key sensitivity, robustness analysis, correlation, and similarity analysis. The outcomes demonstrate that the proposed scheme is more effective than the state-of-the-art schemes. • A 2D-Chaotic Sine Map is used to boost security in biometric identification. • Moreover, Hénon-Sine map and DNA computing are used for secure key generation. • Diffusion and confusion with Differential Huffman Compression are used to cipher images. • Extensive comparative analysis is shown to validate performance of proposed model. [ABSTRACT FROM AUTHOR]

Published

2024

18. System-widely and fine-grained forward secure identity-based signature scheme.

Author

Yang, Dongmei, Wei, Jianghong, Hu, Xuexian, Yang, Kuiwu, and Chen, Yue

Subjects

*SIGNATURES (Writing), *DATA encryption, *SYNTAX in programming languages, *INTERNET security, *INFORMATION technology

Abstract

In an identity-based signature (IBS) system, each user uses individual information as his/her public key, and also holds a private key issued by a fully trusted key generation center (KGC) with a master secret key. This avoids the mandatory requirement of public key infrastructure, and thus motivates the wide deployment of IBS in various fields. In practical scenarios, the premise that IBS can provide the intended security guarantee is to remain secret keys unrevealed. That is, on the one hand, after a user's secret key is leaked, then an adversary can use it to create correct signatures for any messages, which invalidates all signatures produced by this user him/herself. On the other hand, what is worse, after the master secret key is disclosed, then all users' signatures become useless, since the adversary can produce any user's private key with it. In this paper, to reduce the damage of secret key leakage in IBS system, we introduce system-widely and fine-grained forward-secure IBS (SWFG-fs-IBS). In this primitive, the master secret key is immediately punctured after issuing a secret key for a new user, such that it would fail to issue a secret key for the same user again. Similarly, we also perform puncture operations on each user's private key after signing messages, which prevents the exposed private key from creating signatures for previously signed messages. Concretely, we first define the syntax and security notions of SWFG-fs-IBS, and then propose its concrete construction with provable security. The theoretical analysis indicates that our proposal provides stronger and more practical forward security than previous fs-IBS schemes. We also provide an implementation of our proposal, and present extensive experiments to demonstrate its feasibility. [ABSTRACT FROM AUTHOR]

Published

2023

19. Refined statistical attacks against searchable symmetric encryption using non-indexed documents.

Author

Du, Ruizhong, Tai, Yuchi, and Li, Mingyue

Subjects

*KEYWORDS, *DATA encryption, *INFORMATION technology, *CLIENT/SERVER computing, *INFORMATION retrieval

Abstract

Searchable symmetric encryption(SSE) schemes allow clients to search encrypted data stored on remote servers but ensure efficient retrieval by revealing specific information about the queries, such as access patterns. Honest but curious servers can then use these leakages to infer keywords queried by users. However, most attack schemes can only achieve considerable recovery accuracy(over 30%) under favorable conditions. When the auxiliary information is weak, the inference attack schemes using statistical information can achieve the same or even better recovery accuracy. In this paper, an attack based on statistical information is proposed. Our attack iteratively solves the quadratic recovery query problem using a linear optimization solver. With a tiny number of known queries(which can be deleted by the server), the query recovery accuracy can reach about 95% without knowing the exact background knowledge of the documents stored by the client. This process not only makes our scheme outperforms other attack schemes in accuracy but also makes our attack execution more efficient than other schemes, up to a maximum difference of 1000 seconds. The attack can still achieve considerable accuracy even when the defense is applied to the SSE scheme; defenses can help the SSE scheme obfuscate the pattern leakages. [ABSTRACT FROM AUTHOR]

Published

2023

20. Deep learning-based biometric image feature extraction for securing medical images through data hiding and joint encryption–compression.

Author

Singh, Monu, Baranwal, Naman, Singh, K.N., Singh, A.K., and Zhou, Huiyu

Subjects

*DIAGNOSTIC imaging, *DATA encryption, *FEATURE extraction, *BANDWIDTHS, *SIGNAL-to-noise ratio

Abstract

Images are promising information carriers when compared to other media documents in the healthcare domain. However, digital data transmission over unprotected wired or wireless networks poses a threat to the security of healthcare systems. As a result, the issue of copyright violation and identity theft can occur due to the unauthorised use of these data. This paper proposes a new secure method under a framework that embeds biometric fingerprint image features in a medical image without any perceptual distortion. This paper uses ResNet152 for biometric image feature extraction in the first stage and features to generate a secret key for embedding in the second stage. The method combines encryption and compression scheme based on a generated key, novel chaotic map and Huffman coding to enhance the security of medical images while reducing the storage consumption or bandwidth requirements if images are transmitted to remote servers. Experimental results show that the proposed method presents superior security with high imperceptibility and compression performance, ensuring its effectiveness as an image protection mechanism for medical applications. Extensive experimental results show that the proposed method achieves an average peak signal-to-noise ratio (PSNR) that is above 54 dB, a structural similarity index measure (SSIM) close to 1, a bit error rate (BER) of 0 and a normalised correlation (NC) of 1. Moreover, this method compresses the images up to 70% when tested on three standard datasets. • A biometric image feature based secure data hiding technique is proposed. • Joint encryption-compression methods are used to enhance security of medical images. • This method is highly imperceptible, secure and successfully resists various attacks. [Display omitted] [ABSTRACT FROM AUTHOR]

Published

2023

21. Blockchain-based public key encryption with keyword search for medical data sharing in cloud environment.

Author

Banik, Mandira and Kumar, Sanjay

Subjects

*ELECTRONIC health records, *INFORMATION sharing, *DATA privacy, *BLOCKCHAINS, *DATA encryption

Abstract

The cloud-based sharing of electronic health data (EHDs) has great significance in researching diseases, doctors' diagnoses and various fields. In this paper, we applied the potentiality of both blockchain and public key searchable encryption to build a medical data-sharing platform. In recent years, blockchain has emerged as a promising solution for medical data sharing with security and privacy preservation due to its immutability, decentralization, anonymity and verifiability advantages. Two kinds of blockchains, private blockchain and consortium blockchain, are used in our model. In our model, we have designed a consortium blockchain of preselected users. To achieve data security, access control, privacy preservation and secure search, public key encryption with keyword search (PEKS) technology is used here. According to the security proof, our proposed scheme is indistinguishable under the keyword guessing attack. The outcomes of the performance analysis and comparison simulations reveal that the proposed scheme performs better than other related schemes. [ABSTRACT FROM AUTHOR]

Published

2023

22. Conditional privacy-preserving authentication scheme for V2V communication without pseudonyms.

Author

Wang, QingLong, Li, YongYong, Tan, ZhiQiang, Fan, Na, and Yao, GuDi

Subjects

*COMPUTER access control, *ANONYMS & pseudonyms, *DATA privacy, *COMPUTER network security, *DATA encryption

Abstract

Pseudonym is widely used in conditional privacy-preserving authentication (CPPA) scheme for vehicle-to-vehicle (V2V) communication in vehicular ad hoc networks (VANETs) in order to protect user's privacy. The main disadvantage of pseudonym-based CPPA schemes is that the pseudonym has to be frequently updated, which puts a heavy burden on VANETs, due to linkage-attack. To solve this problem, we proposed a CPPA scheme for V2V communication without involving pseudonyms. The vehicle does not use any pseudonym in the proposed scheme, therefore it is immune to pseudonym updating and management problems. Moreover, the scheme enables secure V2V communication, which means that only legal vehicles have access to the transmitted messages. Security analysis shows that the scheme supports secure properties of anonymity, unlinkability, non-repudiation, message integrity, traceability, and revocation. Performance analysis and extensive simulations show that the scheme is computationally efficient and has the lowest average message delay among compared schemes. [ABSTRACT FROM AUTHOR]

Published

2023

23. GAIN: Decentralized Privacy-Preserving Federated Learning.

Author

Jiang, Changsong, Xu, Chunxiang, Cao, Chenchen, and Chen, Kefei

Subjects

*DATA privacy, *FEDERATED learning, *BLOCKCHAINS, *DATA encryption, *CRYPTOGRAPHY, *COMPUTER network security

Abstract

Federated learning enables multiple participants to cooperatively train a model, where each participant computes gradients on its data and a coordinator aggregates gradients from participants to orchestrate training. To preserve data privacy, gradients need to be protected during training. Pairwise masking satisfies the requirement, which allows participants to blind gradients with masks and the coordinator to perform aggregation in the blinded field. However, the solution would leak aggregated results to external adversaries (e.g., an adversarial coordinator), which suffers from quantity inference attacks. Additionally, existing pairwise masking-based schemes rely on a central coordinator and are vulnerable to the single-point-of-failure problem. To address these issues, we propose a decentralized privacy-preserving federated learning scheme called GAIN. GAIN blinds gradients with masks and encrypts blinded gradients using additively homomorphic encryption, which ensures the confidentiality of gradients, and discloses nothing about aggregated results to external adversaries to resist quantity inference attacks. In GAIN, we design a derivation mechanism for generation of masks, where masks are derived from shared keys established by a single key agreement. The mechanism reduces the computation and communication costs of existing schemes. Furthermore, GAIN introduces smart contracts over blockchains to aggregate gradients in a decentralized manner, which addresses the single-point-of-failure problem. Smart contracts also provide verifiability for model training. We present security analysis to demonstrate the security of GAIN, and conduct comprehensive experiments to evaluate its performance. [ABSTRACT FROM AUTHOR]

Published

2023

24. Federated reinforcement learning based intrusion detection system using dynamic attention mechanism.

Author

Vadigi, Sreekanth, Sethi, Kamalakanta, Mohanty, Dinesh, Das, Shom Prasad, and Bera, Padmalochan

Subjects

*INTERNET of things, *REAL-time computing, *CYBERTERRORISM, *DATA encryption, *CLOUD computing

Abstract

Due to the recent advancements in the Internet of Things (IoT) and cloud computing technologies, the detection and prevention of intrusions in enterprise networks have become a crucial and challenging task. Real-time monitoring of network traffic and resources is required to protect those networks from intrusions. An Intrusion Detection System (IDS) analyses the data packets from the network and the system-level applications to detect any malicious activity. However, existing IDSs require all the data, collected at different network nodes, to be collated at one central location to perform the analysis for any model development. This approach hampers the data privacy at the network nodes as the data needs to be shared with other nodes. Furthermore, many of the existing IDSs are unable to adapt to evolving attack patterns, which may result in poor network vulnerability detection and significant degradation in the performance of the systems. To address these limitations, we present a Federated Deep Reinforcement Learning-based IDS in which multiple agents are deployed on the network in a distributed fashion, and each of these agents runs a Deep Q-Network logic. We considered the data privacy concerns of each agent while designing the system. In our system, the data at each agent node is not shared with any other nodes. At the same time, however, all the agents in the system benefit, via the attention weighted model aggregation process, from the distribution and pattern of the data available at all the other agents. We have also developed an attention mechanism that dynamically determines attention value of an agent, which is used in the model aggregation process. Our model can be scaled to large networks and is resistant to hardware or network failures at any agent node. We have tested and evaluated our proposed system on the cloud-based ISOT-CID dataset and the standard benchmark NSL-KDD dataset. The experimental findings demonstrate the performance and robustness of our proposed model in terms of metrics like accuracy, precision, false-positive rate, and area under the ROC curve. [ABSTRACT FROM AUTHOR]

Published

2023

25. Secret data sharing through coverless video steganography based on bit plane segmentation.

Author

Debnath, Sourabh, Mohapatra, Ramesh Kumar, and Dash, Ratnakar

Subjects

*INFORMATION sharing, *ACCESS to information, *DATA encryption, *COMPUTER security, *CONFIDENTIAL communication access control

Abstract

Recently information hiding is acquiring significance with the rising multimedia content over the web. Coverless steganography has been perceived as quite possibly the most solid way to deal with moving classified information and has turned into a research problem area. Considering video as a transporter, coverless steganography is expanding prominently because of its greater number of features than other transporters like text and images. Usually, the existing scheme hides confidential information based on single-frame features in the video. A secret data sharing through coverless video steganography technique based on bit-plane segmentation has been proposed. After extracting frames from the video, each frame is split into multiple bit-planes using BPCS(Bit-plane complexity segmentation). The hash sequences are obtained from these bit-planes by calculating the mean values of corresponding bit-plane sub-blocks. A retrieval database is constructed, including the relation between obtained hash sequences and bit-plane features. To begin with, the sender altered the secret data into a piece stream and divided it into equivalent lengths. The related retrieval information matching the fragmented secret information is transmitted to the recipient over the insecure channel. The experimental results show that the proposed technique achieves better robustness to various attacks, larger capacity, less time cost for extracting hash sequences, and a higher concealing success rate than existing coverless video steganography techniques. [ABSTRACT FROM AUTHOR]

Published

2023

26. A novel blockchain's private key generation mechanism based on facial biometrics and physical unclonable function.

Author

Wang, Yazhou, Li, Bing, Zhang, Yan, Wu, Jiaxin, Liu, Guozhu, Li, Yuqi, and Mao, Zhen

Subjects

*HUMAN facial recognition software, *BLOCKCHAINS, *CYBERTERRORISM, *DATA encryption, *COMPUTER security, *BIOMETRIC identification

Abstract

Blockchain technology is widely used in the field of digital currency because of its non-tamperability, traceability, and decentralization. Blockchain's private key is usually used to prove the ownership of the cryptocurrency. However, this private key managed by the blockchain wallet faces the challenge of secure storage. Once the private key is leaked or stolen, the user's digital assets will be permanently lost. To solve the storage issue of the private key, we propose a novel approach based on facial biometrics and a physical unclonable function (PUF) device to generate a secure blockchain's private key. Firstly, to protect user anonymity and enhance the security of the private key, a user's facial biometrics is bound with a device's PUF fingerprint to generate the trusted private keys online without being stored in a third-party server or an external device. Secondly, to prevent the leakage of sensitive data, we utilize the correctness and perfectness of secret sharing to protect the helper data to prevent attackers from obtaining sensitive information about the fusion template. Thirdly, we give the formal security proof of our proposed scheme and conduct the informal security analysis. The experiment results demonstrate our scheme achieves a better EER (Equal Error Rate) of 2.02% in terms of accuracy and takes about 1008ms to generate a private key in terms of efficiency. Moreover, our scheme can resist various attacks such as password guessing, stolen mobile device, user impersonation, physical and cloning, and information leakage attacks. Finally, we develop a blockchain wallet prototype without modifying the blockchain protocol to achieve transfer transactions for demonstrating the usability and security of our proposed approach in a real-world scenario. [ABSTRACT FROM AUTHOR]

Published

2023

27. A screen-shooting resilient data-hiding algorithm based on two-level singular value decomposition.

Author

Ma, Bin, Du, Kaixin, Xu, Jian, Wang, Chunpeng, Li, Jian, and Zhou, Linna

Subjects

*DATA encryption, *DATA privacy, *INFORMATION retrieval, *EMBEDDED computer systems, *COMPUTER algorithms

Abstract

This paper presents a screen-shooting resilient data-hiding scheme for JPEG images based on a two-level Singular Value Decomposition (SVD). The mid-to-high frequency coefficients are chosen to balance the data-embedding robustness and the image's visual quality. At the same time, the two-level singular value decomposition (SVD) is additionally utilized to construct the feature matrices, thereby enhancing the robustness of the embedded message. The combination of DCT and two-level SVD enables achieving a high-performance screen-shooting resilient data-hiding algorithm. Moreover, the affine transformation is employed to rectify the distortion that caused by screen-shooting, thus further improving the data extraction accuracy. Experimental results demonstrate a minimum 3 % improvement in confidential information extraction accuracy, with the data extraction rate exceeding 92 % across screen-shooting angles ranging from −40 to 40°. The performance of the proposed algorithm outperforms other state-of-the-art schemes apparently. [ABSTRACT FROM AUTHOR]

Published

2023

28. Role mining under User-Distribution cardinality constraint.

Author

Blundo, Carlo and Cimato, Stelvio

Subjects

*DATA mining, *ACCESS to information, *DATA encryption, *COMPUTER security, *DATA privacy

Abstract

Role-based access control (RBAC) defines the methods complex organizations use to assign their users permissions for accessing restricted resources. RBAC assigns users to roles, where roles determine the resources each user can access. The definition of roles, especially when there is a large number of users and many resources to handle, can be a very difficult and time consuming task. The class of tools and methodologies to elicit roles starting from existing user-permission assignments are referred to as role mining. Sometimes, to let the RBAC model be directly deployable in organizations, role mining can also take into account various constraints, like cardinality and separation of duty. Typically, these constraints are enforced to ease roles' management and their use is justified as role administration becomes convenient. In this paper, we focus on the User-Distribution cardinality constraint which places a restriction the number of users that can be assigned to a given role. In this scenario, we present a simple heuristic that improves over the state-of-the-art. Furthermore, to address a more realistic situation, we provide the User-Distribution model with the additional constraint that avoids the generation of roles sharing identical set of permissions. Similarly, within this context, we describe a heuristic enabling the computation of a solution in the new model. Additionally, we assess both heuristics' performances using real-world datasets. [ABSTRACT FROM AUTHOR]

Published

2023

29. A comprehensive survey of cryptography key management systems.

Author

Rana, Subhabrata, Parast, Fatemeh Khoda, Kelly, Brett, Wang, Yang, and Kent, Kenneth B.

Subjects

*CRYPTOGRAPHY, *COMPUTER algorithms, *DATA encryption, *DATA security, *DATA privacy

Abstract

Cryptographic methods have been extensively employed in various systems to address security objectives, such as data confidentiality, authentication, and secure communication, to name a few. Keys are the most critical parts of any cryptographic system safeguarding the whole underlying infrastructure. Based on the underlying algorithm design, there might be various stages of key generation, exchange, and storage to fulfill an algorithm requirement. In this research, we studied cryptographic techniques along with requirements and corresponding key management systems. Having scrutinized best practices, a taxonomy has been proposed for the key management systems based on the algorithm's requirements, key stages, and applications. This study is a comprehensive literature review on cryptographic key management systems to provide a complete guideline in key management solutions. [ABSTRACT FROM AUTHOR]

Published

2023

30. DL-2P-DDoSADF: Deep learning-based two-phase DDoS attack detection framework.

Author

Mittal, Meenakshi, Kumar, Krishan, and Behal, Sunny

Subjects

*DEEP learning, *CYBERTERRORISM, *DATA encryption, *COMPUTER security, *COMPUTER network architectures

Abstract

In today's tech-driven world, while Internet-based applications drive social progress, their architectural weaknesses, inadequate security measures, lack of network segmentation, unsecured IoT devices etc., offer ample opportunities for attackers to launch a multitude of attacks on their services. Despite numerous security solutions, the frequent changes in the methods employed by attackers present a challenge for security systems to stay up to date. Moreover, the existing machine learning approaches are confined to known attack patterns and necessitate annotated data. This paper proposes a deep learning-based two-phase DDoS attack detection framework named DL-2P-DDoSADF. The proposed framework has been validated using the CICDDoS2019 and DDoS-AT-2022 datasets. In the first phase, Autoencoder (AE) has been trained using the legitimate traffic and threshold value has been set using Reconstruction Error (RE). The test data comprising legitimate and attack traffic has been used to validate the proposed approach efficacy. The initial phase entails utilizing a trained AE model to enable the passage of predicted legitimate traffic through the network. In contrast, the predicted attack traffic proceeds to the second phase to classify the type of attack it represents. The performance and efficacy of various deep learning approaches: Deep Neural Network (DNN), Long Short-Term Memory (LSTM) and Gated Recurrent Units (GRU) are compared as part of the second phase. The autoencoder displayed an accuracy level of 99% in detecting both datasets in the initial phase. It has been observed that the DNN produced an overall accuracy of 97% and 96% for the CICDDoS2019 and DDoS-AT-2022 datasets, respectively, for multiclass classification. The DNN model performed better than LSTM and GRU models in the second phase. [ABSTRACT FROM AUTHOR]

Published

2023

31. A data-driven network intrusion detection system using feature selection and deep learning.

Author

Zhang, Lianming, Liu, Kui, Xie, Xiaowei, Bai, Wenji, Wu, Baolin, and Dong, Pingping

Subjects

*COMPUTER network security, *DATA encryption, *DATA privacy, *DATA quality, *DATA mining

Abstract

Network intrusion detection system (NIDS) is an important line of defense for network security as network attacks become more frequent. In this paper, we propose a data-driven NIDS based on feature selection and deep learning, named FS-DL. FS-DL focuses on improving data quality, using methods such as standard deviation and association rule mining to remove a large number of redundant features, reduce computational load, and improve detection accuracy. To balance detection accuracy and time cost, FS-DL uses a simple neural network structure with only three layers and minimizes the number of neurons as much as possible. Experimental results show that FS-DL only requires a small number of traffic features to obtain better detection performance. In addition, we have designed an NIDS based on FS-DL, deployed in the software-defined networking (SDN) controller for online detection of abnormal traffic. [ABSTRACT FROM AUTHOR]

Published

2023

32. A provably secure collusion-resistant identity-based proxy re-encryption scheme based on NTRU.

Author

Yang, Nan, Tian, Youliang, Zhou, Zhou, and Zhang, Qijia

Subjects

*DATA encryption, *DATA privacy, *DATA modeling, *INFORMATION retrieval, *CYBERTERRORISM

Abstract

Proxy re-encryption (PRE) technology realizes the transformation of decryption right from a delegator to a delegatee. In response to the rapid development of quantum attack technology, scholars have proposed the lattice-based PRE schemes, and the underlying encryption scheme of most lattice-based PRE schemes is the dual cryptosystem, which has the defects of large storage overhead, computational overhead and low efficiency. To address these deficiencies, we present a novel identity-based proxy re-encryption (IB-PRE) scheme based on NTRU. By means of the underlying efficient NTRU scheme, the proposed scheme reduces the storage overhead and computational overhead on key size and computational complexity, and improves efficiency. Our scheme possesses desired properties such as multi-hop property, unidirectionality and collusion-resistance. Meanwhile, based on the decisional Hermite normal form of ring learning with errors (D-RLWE H N F) hard problem, it is carefully designed and demonstrated to be secure under selective identity and chosen plaintext attacks in the standard model. [ABSTRACT FROM AUTHOR]

Published

2023

33. Searchable encryption algorithm based on key aggregation of multiple data owners in data sharing.

Author

Xu, Guangwei, Ji, Wenrui, Wang, Yan, Shi, Xiujin, Huang, Qiubo, and Gan, Yanglan

Subjects

*DATA encryption, *CLOUD computing, *CLIENT/SERVER computing, *COMPUTER algorithms, *BIG data

Abstract

Searchable encryption allows data owners to outsource their encrypted data to cloud servers and provide a searchable encryption service without exposing their sensitive information. Existing searchable encryption schemes provide the service for users to query the encrypted data of a single data owner. However, these schemes ignore the problem of query matching efficiency when users query the encrypted data of multiple data owners simultaneously. Specifically, for the same content encrypted by different data owners, users need to generate different query trapdoors in the query phase and match the different query trapdoors and indexes in the matching phase. In this paper, we propose a searchable encryption algorithm based on the key aggregation of multiple data owners. The algorithm first generates keys for multiple data owners using the mutual inversion of elements in a finite field to ensure the consistency of ciphertext processing. Then, it generates index keys to build encrypted indexes and ensure the searchability of the ciphertext. Finally, it generates query trapdoors based on multi-key aggregation to match the encrypted indexes of multiple data owners. The theoretical analysis and simulation results show that the proposed algorithm improves the query efficiency and protects the query indexes and trapdoors. [ABSTRACT FROM AUTHOR]

Published

2023

34. Concurrent encryption and lossless compression using inversion ranks.

Author

Koc, Basar, Arnavut, Ziya, and Koçak, Hüseyin

Subjects

*LOSSLESS data compression, *DATA encryption, *COMPUTER files, *COMPUTER algorithms

Abstract

For secure and efficient transmission or storage, data files are commonly compressed and encrypted. In this work, we introduce a cost-effective encryption method of files as a built-in component of a lossless compression algorithm, thus avoiding the added cost of employing two separate processes. We have shown in earlier studies that preprocessing data with Burrows–Wheeler Transformation followed by Inversion Ranking transformation in advance of the utilization of an entropy coder resulted in an extremely effective general-purpose lossless compression technique. In our proposed algorithm, we isolate the inversion frequency vector obtained from the Inversion Ranking transformation and transmit the compressed file. Since the inversion frequency vector is necessary for decompression, we use it as our secret key and transmit it over a secure channel. Compared to the size of a data file, its frequency vector is rather small. Thus, encrypting only the inversion frequency vector, instead of the entire compressed file, results in substantial savings in computational cost. We demonstrate that the proposed technique is effective and resistant to common attacks on image and audio data sets. [Display omitted] • BWIC is an effective general-purpose lossless data compression algorithm. • Each input data set generates its unique inversion frequency vector, thus a unique secret key. • Our proposed technique does not negatively affect compression efficiency. • Compared to the size of a data file, its frequency vector is rather small. • Resistance of our algorithm to common attacks is demonstrated on image and audio data sets. [ABSTRACT FROM AUTHOR]

Published

2023

35. Multi-party anonymous authentication scheme in heterogeneous network slicing.

Author

Niu, Shufen, Liu, Qi, Liu, Wei, Dong, Runyuan, and Ge, Peng

Subjects

*CRYPTOSYSTEMS, *DATA encryption, *COMPUTER network architectures, *INTERNET of things, *CRYPTOGRAPHY

Abstract

Network slicing is a logical network function that supports communication service requirements for specific usage scenarios or business models. It has become an essential factor in solving future network architecture. In recent years, heterogeneous network slicing between multiple autonomous domains has emerged, with significant limitations compared to single-domain networks. Data sharing in heterogeneous network slices challenge the confidentiality of sensitive data significantly. Preventing sensitive data from leaking and protecting core data have become urgent problems to be solved. Therefore, we propose a multi-party (multi-sender to multi-receiver) anonymous authentication scheme on certificateless cryptography(CLC) and identity-based cryptosystem(IBC) institutional domain Internet of Vehicles(IoV) to smart healthcare. Our scheme realizes heterogeneous communication between multiple senders and multiple receivers, and uses different system parameters for heterogeneous cryptographic systems. In this work, the limitation of one-to-many or many-to-one communication in existing heterogeneous networks is broken through. The proposed work utilizes the pseudo-identity generated by the trusted authority to communicate in IoV slices, ensuring the anonymity of the sender; The authorization Center TA can uniquely determine the true identity of the vehicle through pseudo-random values for traceability. What is more, the Lagrange interpolation formula is employed to prevent the leakage of the identities of smart healthcare slices, ensuring the anonymity of the receiver. Under the random oracle model, the proposed scheme has proved to satisfy unforgeability, confidentiality, and anonymity under the computational Diffie–Hellman problem. Experimental results indicate that our proposal achieves better performance than existing schemes. [ABSTRACT FROM AUTHOR]

Published

2023

36. Efficient identity-based traceable cloud data broadcasting with outsider anonymity and simultaneous individual transmission.

Author

Mandal, Mriganka and Sarkar, Ramprasad

Subjects

*CLOUD computing, *INTERNET of things, *DATA encryption, *DATA security, *BANDWIDTHS

Abstract

In recent years, cloud data broadcasting system has attracted intensive attention due to its universal applicability in various Internet-of-Things enabled real-life scenarios. Cloud data broadcasting with simultaneous individual transmission is an exciting data broadcasting variant that empowers any data broadcaster to distribute encrypted broadcast data to a subscribed consumer group and the personalized transmission to each group member simultaneously. Recently [IEEE Transactions on Broadcasting (2020)], a certificate-based data broadcasting with simultaneous individual transmission scheme (Chen et al., 2020) is proposed with the aim to solve both key-escrow problem and certificate management problem, and it is claimed to provide subscriber's outsider anonymity under the nonstandard q -type security assumption with the existence of random oracles. Unfortunately, we can show that this most recent work of Chen et al. (2020) is not secure against insider attacks, meaning that their protocol cannot trace the system's traitor consumers who can resell the sensitive information for their own profit without valid authorization. Besides, the design of Chen et al. (2020) has significantly high communication bandwidth that is approvingly inconvenient for the Internet-of-Things facilitated low-powerful multimedia devices to reduce unnecessary burden on the encryption costs. We design a provably secure adaptive identity-based data broadcasting technique having simultaneous individual transmission with unbounded number of consumers that can concatenate two mutually orthogonal functionalities, namely consumer's outsider anonymity and traitor consumer traceability, in a cost-efficient way. Our framework exploits the most secure and advanced asymmetric Type-3 bilinear maps to defend against fault attacks and realizes security in the standard provable security model without the existence of any random oracle. On a positive note, our construction eliminates the q -type security assumption that is so far a plausible achievement compared to all the existing schemes in this area. [ABSTRACT FROM AUTHOR]

Published

2023

37. A review of different prediction methods for reversible data hiding.

Author

Kumar, Rajeev, Sharma, Deepak, Dua, Amit, and Jung, Ki-Hyun

Subjects

*DATA encryption, *PREDICTION models, *INFORMATION retrieval, *IMAGE quality analysis, *MATHEMATICAL optimization

Abstract

In recent times, prediction error expansion (PEE) based reversible data hiding (RDH) schemes have gained significant traction due to their performance in terms of embedding capacity and image quality. However, the major part of their performance is dependent on how good the prediction has been. For a good prediction, various predictors such as median edge detection (MED), rhombus mean, least square, convolution neural network based predictor (CNNP) have been introduced. In this paper, a review of the working predictors being used in PEE-RDH is presented and discussed. In addition, a new predictor using extreme gradient boosting (XGBoost) is introduced in reversible data hiding. The XGBoost predictor makes use of a machine learning algorithm, where several optimization techniques are combined to get accurate results. To evaluate the performance comprehensively, experimental results considering different test images have been used and analyzed. From the analysis, it has been found that the XGBoost provides better prediction accuracy than some of the existing predictors. However, its performance is not up to the level of some other popular predictors such as least square, CNNP. • The paper first presents a detailed a review of various predictors being used in RDH. • The rhombus mean predictor is found to be the simplest with prediction accuracy. • A new XGBoost predictor has also been introduced for RDH. • The performance analysis and comparisons are also presented. • Further, future research directions have been recommended. [ABSTRACT FROM AUTHOR]

Published

2023

38. Efficient implementation of lightweight block ciphers on volta and pascal architecture.

Author

Li, Pei, Zhou, Shihao, Ren, Bingqing, Tang, Shuman, Li, Ting, Xu, Chang, and Chen, Jiageng

Subjects

*INTERNET of things, *DATA security, *DATA encryption, *DATA transmission systems, *GRAPHICS processing units

Abstract

Lightweight block ciphers based on symmetric cipher are tailored to addressing security issues for highly constrained Internet of things devices. In this article, we explore general software implementations of lightweight ciphers on GPU architectures, with a special focus on LED, Piccolo and PRESENT. First, we implement the lightweight block ciphers using lookup table based technique. Then we analyze the effect of different factors on the encryption performance, such as the size of lookup table, the parallelism level, the use of different type of memory and the idle state caused by data transmission. We evaluated the three lightweight block ciphers on Nvidia Tesla V100 and Nvidia GTX1060 GPUs. Finally, the experimental result shows a great improvement on all the investigated ciphers compared to the unoptimized implementations. [ABSTRACT FROM AUTHOR]

Published

2019

39. Reversible data hiding in encrypted images with somewhat homomorphic encryption based on sorting block-level prediction-error expansion.

Author

Xiong, Lizhi and Dong, Danping

Subjects

*DATA encryption, *HOMOMORPHISMS, *SORTING (Electronic computers), *DIGITAL watermarking, *DATA extraction

Abstract

This paper proposes a reversible data hiding scheme for encrypted images with SHE (Somewhat Homomorphic Encryption) based on sorting block-level prediction-error expansion (SBPEE). The image provider divides the image into 2 × 2 image blocks and uses SHE to protect the content of the image. In encrypted images, the data hider embeds the secret data with the method of SBPEE, which is based on the pixel redundancy within each block. And the sorting technique shows a good performance at low embedding rate. With the watermarked encrypted image, if the receiver has only the data hiding key, he can extract the additional data. If the receiver has both the data hiding key and the encryption key, he can extract the additional data correctly and recover the original image without loss. The experimental results show that the performance of the method is better than that of the existing similar methods when the embedding rate is low and is consistent with the existing methods when the embedding rate is high. [ABSTRACT FROM AUTHOR]

Published

2019

40. An improved simple flexible cryptosystem for 3D objects with texture maps and 2D images.

Author

Mizher, Manal A., Sulaiman, Riza, Abdalla, Ayman M., and Mizher, Manar A.

Subjects

*CRYPTOSYSTEMS, *DATA encryption, *CELLULAR automata, *POINT cloud, *DATA management

Abstract

With the continued evolution of three dimensional (3D) object presentation and usage, the security of such objects has become an increasingly desirable research area. Previous efforts mostly concentrated on the encryption of point clouds, solid models, meshes, and 3D textured models. The (texture map) part of meshed 3D objects was overlooked by previous encryption techniques of 3D meshed objects in spite of its importance because they require preprocessing to be extracted. Therefore, this paper provides a system for the full encryption of 3D textured objects with their texture maps. It provides an improved system based on an existing flexible cryptosystem named Flexible cryptosystem based on Cellular Automata (FcCA). The FcCA system has two drawbacks. One drawback is shuffling plain data without changing their values, which yields the same histogram and nonstandard encryption ratios. The other drawback is the need for many generations to make the keyspace very large, which is unsuitable for the large size of textured object data. This work overcomes these drawbacks of FcCA and fully encrypts 3D textured objects with their texture maps. The improvements to FcCA include making intersect start points change with every generation and encrypting the values of plain data while shuffling them using cellular automata. At first, the plain 3D object is extracted to vertices, faces, and texture, in addition to its texture map. After that, extracted data are encrypted using the proposed improved FcCA (iFcCA) cryptosystem. Implementation and analysis of this new system showed its preponderance as it can encrypt and decrypt 3D textured objects better than FcCA and other existing methods. Moreover, it reduces the need for many generations of cellular automata, and consequently, reduces execution time. In addition, iFcCA has a very robust key, and it can resist different types of attacks. [ABSTRACT FROM AUTHOR]

Published

2019

41. A high capacity reversible data hiding scheme for encrypted covers based on histogram shifting.

Author

Zhang, Ru, Lu, Chunjing, and Liu, Jianyi

Subjects

*HISTOGRAMS, *DATA encryption, *HOMOMORPHISMS, *DATA security, *DATA protection

Abstract

Reversible data hiding in encrypted domain has been discussed for years. However, the performance of the existing algorithms is generally not satisfactory for the difficulty in signal processing in encrypted domain. In this paper, a high capacity reversible data hiding scheme for encrypted covers is proposed. The cover is first partitioned into non-overlapping blocks and encrypted effectively with homomorphism but without data expansion. Then a histogram shifting algorithm based on prediction error extension is introduced to achieve high embedding capacity of the scheme. The parameters in embedding process can not only adjust the embedding rate but also provide pretty good support for the security of the embedded data. The algorithm can achieve full reversibility at high embedding rate without extra data, and the embedding rate can reach to 2 bpp (bit per pixel). The experimental results verify the effectiveness of our solution, and show that the proposed scheme has outstanding performance in both capacity and quality compared with similar algorithms. [ABSTRACT FROM AUTHOR]

Published

2019

42. A CCA-secure multi-conditional proxy broadcast re-encryption scheme for cloud storage system.

Author

Liu, Yepeng, Ren, Yongjun, Ge, Chunpeng, Xia, Jinyue, and Wang, Qirun

Subjects

*CLOUD computing, *DATA encryption, *DATA security, *DATA protection, *DATA management

Abstract

Conditional proxy re-encryption allows a semi-trusted third-party proxy to convert Alice's ciphertext that meets a certain condition into another set of ciphertext. Meanwhile, the proxy cannot obtain any valuable information in the process. Nevertheless, a single re-encryption condition is difficult to meet the needs of practical applications, and the existing conditional proxy re-encryption scheme cannot flexibly control the conversion conditions. To solve this problem, this paper proposes a multi-conditional proxy broadcast re-encryption (MC-PBRE) scheme for file sharing systems. In our scheme, a single user can delegate the decryption rights of the encrypted file to a group of users. At the same time, users can set any number of conditions to control the user group decryption permissions. This paper demonstrates the security of the scheme for chosen-ciphertext attacks in the standard model. Furthermore, the program can resist collusion attacks, which means that the agent cannot collude with the user group to get the private key of the principal. [ABSTRACT FROM AUTHOR]

Published

2019

43. Secure and efficient arithmetic-based multi-secret image sharing scheme using universal share.

Author

Meghrajani, Yogesh K., Desai, Laxmi S., and Mazumdar, Himanshu S.

Subjects

*INFORMATION sharing, *COMPUTATIONAL complexity, *DECODING algorithms, *DATA encryption, *INFORMATION storage & retrieval systems

Abstract

• Multi-secret image sharing schemes have high computational complexity in decoding. • Arithmetic modulo-based scheme has low computational complexity but is not secure. • To overcome these issues, arithmetic operation-based scheme is proposed. • Proposed scheme fulfills security criterion and reduces computational complexity. • Company organizer can utilize universal share for managing multiple secrets. Visual secret sharing (VSS) scheme is an encryption technique to hide secret message into two or more meaningless images, called as shares. Shares are stack together to decrypt the secret message using human visual system. To share many secrets, multi-secret image sharing schemes are often used. Diversity in sharing multiple secrets is using the universal share. Company organizer shares multiple secret images using this common share. Computation cost is the major drawback of such scheme. This study presents computationally efficient arithmetic-based multi-secret image sharing scheme using the universal share. Binary arithmetic-based scheme utilizes distinct value selecting function while encoding and decoding of secret images. Distinct value selecting function enhances randomness property of shares and fulfills threshold property. Thus, the proposed method provides computationally efficient method while satisfying threshold security criteria. [ABSTRACT FROM AUTHOR]

Published

2019

44. Design of compressed sensing fault-tolerant encryption scheme for key sharing in IoT Multi-cloudy environment(s).

Author

Zhang, Peng, Gao, Juntao, Jia, Wenjuan, and Li, Xuelian

Subjects

*INTERNET of things, *DATA encryption, *COMPRESSED sensing, *BANDWIDTHS, *FAULT tolerance (Engineering)

Abstract

The booming growth of the Internet of things(IoT) has improved the productivity of companies and improved people's quality of life. However, as a growing number and variety of connected devices are introduced into the IoT networks, not only are communication bandwidth and storage severely challenged, but potential security threats are escalating. Therefore, we consider using compressive sensing(CS) in the IoT system to solve this problem. The solution we designed solves three main security threats in the IoT, the perception layer, the transport layer and the application layer. In our work, the gateway node of the perception layer provides the function of anonymous identity authentication and information authentication, which can not only prevent external attackers from obtaining private information from the gateway node, but also solve security problems such as identity authentication and man-in-the-middle attack in the transmission layer. Meanwhile, our scheme handles the ciphertext integrity protection and energy leakage in existing CS encryption(CSE) schemes, protecting the security of application layer privacy data. And our scheme provides a secure key sharing method, which improves the security of the system. In addition, we designed two fault-tolerant models to ensure that the ciphertext can still be decrypted correctly when the cloud server fails in the IoT environment. The use of the replaced sparse vector instead of the random matrix method in the traditional CSE scheme improves the quality of recovery while saving a large amount of storage space. Simulation results show that our scheme improves the overall compression and recovery performance compared to other CSE schemes. [ABSTRACT FROM AUTHOR]

Published

2019

45. Privacy-preserving decentralized ABE for secure sharing of personal health records in cloud storage.

Author

Liang, Pengfei, Zhang, Leyou, Kang, Li, and Ren, Juan

Subjects

*CLOUD computing, *MEDICAL records, *ELECTRONIC health records, *HEALTH information exchanges, *DATA encryption

Abstract

Personal health record (PHR) system has become an important platform for health information exchange, in which patients can effectively manage and share personal health information in cloud storage. In general, all health information will be encrypted before they are uploaded to the cloud server. However, the cloud server is unreliable and the sensitive information of users may be disclosed in this process. The general encryption algorithm cannot protect both confidentiality and privacy of the uploaded information. Attribute-based encryption (ABE) provides a solution to it. In this paper, we propose a privacy-preserving decentralized ABE scheme for secure sharing of PHR based on Lewko and Waters′s scheme, in which an anonymous secret key issuing protocol is used to hide GIDs. This protocol can make the authorities generate the correct decryption key for users without knowing their GIDs. In addition, the one-way anonymous key agreement is used to hide the attributes in the access policy. The presented scheme keeps the security of the Lewko and Waters′s scheme and removes the random oracle. Finally, we show that the security of the proposed scheme is reduced to static assumptions based on dual system encryption instead of other strong assumptions. [ABSTRACT FROM AUTHOR]

Published

2019

46. Efficient identity-based multi-bit proxy re-encryption over lattice in the standard model.

Author

Hou, Jinqiu, Jiang, Mingming, Guo, Yuyan, and Song, Wangan

Subjects

*DATA encryption, *QUANTUM computing, *CLOUD computing, *CRYPTOGRAPHY, *INFORMATION technology

Abstract

Proxy re-encryption (PRE) can share ciphertext data without leaking the decryption key of the data owner in cloud computing. Because of the special property, PRE achieves good reliability and secrecy. Nevertheless, most of the proposed proxy re-encryption schemes are based on the number theoretic problem and cannot resist quantum attacks. In addition, most existing researches over lattice focus on the single bit encryption, which leads to low efficiency. Therefore, according to these problems, an efficient identity-based multi-bit proxy re-encryption over lattice in the standard model is constructed, which enlarges the plaintext space and improves the efficiency. What's more, the proposed multi-use and bidirectional scheme is proved to be CPA secure in the standard model. [ABSTRACT FROM AUTHOR]

Published

2019

47. Design of a chaos-based encryption scheme for sensor data using a novel logarithmic chaotic map.

Author

Nesa, Nashreen, Ghosh, Tania, and Banerjee, Indrajit

Subjects

*CHAOS theory, *DATA encryption, *INTERNET of things, *DATA security

Abstract

This paper introduces a novel Logarithmic Chaotic Map (LCM) that is inspired by the well known quadratic map. The chaotic dynamic of the proposed map LCM is thoroughly investigated and its chaotic properties are found to be superior in comparison with the existing maps in the literature. In addition, a new encryption algorithm is proposed that is based on LCM. The chaotic output generated from LCM passed through all 15 National Institute of Standards and Technology (NIST) statistical tests thus confirming its randomness. The proposed encryption algorithm is best suited for encrypting numeric sensor data values preferably for IoT applications and has been found to be highly resilient to security attacks. [ABSTRACT FROM AUTHOR]

Published

2019

48. Reversible data hiding in encrypted image using two-pass pixel value ordering.

Author

Rai, Arun Kumar, Om, Hari, Chand, Satish, and Agarwal, Saurabh

Subjects

*PIXELS, *IMAGE quality analysis, *DATA encryption, *INFORMATION retrieval, *DATA analysis

Abstract

In recent years, reversible data hiding in encrypted images (RDHEI) has gained popularity as it enables the concealing of confidential information in anonymized host image. Because of this, conventional reversible data hiding (RDH) methods that utilize the spatial correlation of natural host images cannot be employed in RDHEI where the embedding is done in the encrypted image without reserving a room. To address this concern, this paper proposes a new RDHEI method based on popular pixel value ordering (PVO) strategy of the conventional high fidelity RDH. For this, the image pixels are first encrypted in blocks using novel difference-preserving encryption for maintaining the original difference among the pixels of each block. Next, a two-pass PVO (TPPVO) is employed for embedding. The TPPVO first sorts the pixels and then performs the embedding in two passes in such a way that high embedding capacity (EC) can be obtained while also ensuring reversibility. Experimental evaluations also demonstrate that the proposed TPPVO-RDHEI not only enlarges the EC approximately by 0.1130 bpp and 0.01 bpp for the smooth and complex images, respectively in comparison to the best performing related method, but also maintain the visual security while ensuring the complete reversibility. [ABSTRACT FROM AUTHOR]

Published

2023

49. Searchable encryption over encrypted speech retrieval scheme in cloud storage.

Author

Zhang, Qiuyu, Fu, Minrui, Zhao, Zhenyu, and Huang, Yibo

Subjects

*DATA encryption, *CLOUD storage, *FEATURE extraction, *COMPUTER algorithms, *DATA analysis

Abstract

Aiming at the privacy and security issues of sensitive speech data in cloud storage, and how to achieve efficient retrieval with privacy-preserving for encrypted speech data in cloud storage, a searchable encryption over encrypted speech retrieval scheme in cloud storage was proposed. Firstly, the data owner encrypts the original speech data adopting symmetric encryption algorithm Lorenz chaotic mapping. Secondly, the encrypted speech data is uploaded to the cloud server for storage, and meanwhile the Mel frequency cepstrum coefficient (MFCC) features of original speech are extracted as the input of the convolutional neural network (CNN) to execute the deep semantic feature extraction, which is taken as the speech keywords. Finally, the extracted speech keywords are encrypted and stored in the cloud. When the authorized user sends a retrieval request, the trained CNN is utilized to extract the keywords of the speech to be retrieved, and the search trapdoor is generated and sent to the cloud server. In the process of retrieval, the Euclidean distance is used to match the encrypted keywords with the search trapdoor. The theoretical analysis and experimental results show that the proposed scheme has higher security and retrieval accuracy, and can be suitable for the encrypted storage of speech data and efficient secure retrieval. [ABSTRACT FROM AUTHOR]

Published

2023

50. VMSE: Verifiable multi-keyword searchable encryption in multi-user setting supporting keywords updating.

Author

Liang, Yanrong, Li, Yanping, Zhang, Kai, and Wu, Zhenqiang

Subjects

*KEYWORDS, *CLOUD storage, *DATA encryption, *DATA analysis, *PRIVACY

Abstract

Since the powerful storage capacity of the cloud platform, more and more people are willing to store their files on the cloud service provider (CSP). In order to prevent the privacy of outsourced files from being leaked, data owners will encrypt files before uploading. However, encryption will significantly limit the accurate location of the files. Therefore, this paper mainly introduces a verifiable multi-keyword searchable encryption scheme supporting keywords updating (VMSE). First of all, our proposed VMSE scheme can achieve multiple keywords search while protecting the privacy of the outsourced files and users. Then, our VMSE scheme can also implement the integrity verification and decryption of search results, which are not considered in many existing multi-keyword searchable encryption schemes. Currently, the dynamics in search schemes mostly refer to the dynamic update of outsourced files or user's search permissions. We consider the keyword dynamic update of outsourced files in this paper, which is a design challenge for searchable encryption schemes and achieved by few searchable encryption schemes. Finally, performance evaluation shows our scheme is efficient and feasible in practical application. [ABSTRACT FROM AUTHOR]

Published

2023