Your search keyword '"Zhenfu Cao"' showing total 180 results

1. Encryption Switching Service: Securely Switch Your Encrypted Data to Another Format

Author

Zhenfu Cao, Kaitai Liang, Peng Jiang, Jianting Ning, Changyu Dong, and Jiageng Chen

Subjects

021110 strategic, defence & security studies, Information Systems and Management, Data collection, Computer Networks and Communications, business.industry, Computer science, Big data, 0211 other engineering and technologies, 02 engineering and technology, Encryption, Computer security, computer.software_genre, Electronic mail, Computer Science Applications, Data aggregator, Public-key cryptography, Hardware and Architecture, Secrecy, Scalability, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, business, computer

Abstract

Big data analytics has been regarded as a promising technology to yield better insights into future development by government and industry. Data collection and aggregation are necessary pre-steps to enable data analysis. However, data may be dispersed across multiple places and in different formats. Even worse, data can be encrypted under various encryption mechanisms when data owners try to secure the confidentiality of the data. This makes data aggregation extremely challenging, if not impossible, especially when the encryption keys cannot be shared for various reasons. In this paper, we take the first step in addressing this problem. More specifically, we propose a new notion of cross-domain encryption switching service that securely bridges two well-studied encryption mechanisms, namely traditional public key encryption and identity-based encryption. As of independent interest, our notion supports keyword search over encrypted data, i.e., after encryption switching one may search over the (outsourced) data without loss of data and query secrecy. We provide a provably-secure instantiation satisfying the notion, and further present the efficiency analysis to show the scalability. Our proposed scheme may be applicable in multi-domain cloud storage system.

Published

2021

2. SESCF: A Secure and Efficient Supply Chain Framework via Blockchain-Based Smart Contracts

Author

Zhenfu Cao, Jiachen Shen, Xiaolei Dong, and Menghui Lou

Subjects

Science (General), Blockchain, Article Subject, Traceability, Computer Networks and Communications, Computer science, media_common.quotation_subject, Supply chain, 02 engineering and technology, Computer security, computer.software_genre, Q1-390, Distributed data store, 0202 electrical engineering, electronic engineering, information engineering, T1-995, Radio-frequency identification, Information flow (information theory), Technology (General), media_common, business.industry, 020206 networking & telecommunications, 020207 software engineering, Payment, business, computer, Information Systems, Communication channel

Abstract

The demands for the fairness, security, and efficiency of the supply chain have grown significantly due to the rise of globalization. However, some problems of the information flow, logistics, and capital flow in the supply chain remain a challenge, such as the information asymmetry between upstream and downstream, substandard quality of goods, difficulty in traceability, and default of payment. Therefore, this paper proposes a blockchain-based supply chain framework (SESCF), which solves the supply chain problems securely and efficiently. First, the use of blockchain and smart contracts ensures the information symmetry in the supply chain system. Second, the radio frequency identification (RFID) provides a unique identity of goods, which helps in real-time quality monitoring. Additionally, the immutability and distributed storage of the blockchain play an important role in tracking the origin of goods. Third, the efficient payment channel is used to solve the problem of payment defaults. Furthermore, simulations of smart contracts along with the security analyses are presented in this paper. We also implement a blockchain-based supply chain system (SescfDapp), which is built upon a Consortium blockchain. Large-scale experiments and detailed analysis prove the feasibility and efficiency of our proposed system.

Published

2021

3. Multi-Value-Independent Ciphertext-Policy Attribute Based Encryption with Fast Keyword Search

Author

Xiaolei Dong, Haijiang Wang, and Zhenfu Cao

Subjects

020203 distributed computing, 021110 strategic, defence & security studies, Information Systems and Management, Plaintext-aware encryption, Computer Networks and Communications, business.industry, Computer science, 0211 other engineering and technologies, 02 engineering and technology, Encryption, Computer security, computer.software_genre, Computer Science Applications, Multiple encryption, Ciphertext indistinguishability, Hardware and Architecture, Probabilistic encryption, Ciphertext, 0202 electrical engineering, electronic engineering, information engineering, Attribute-based encryption, business, Semantic security, computer

Abstract

ABKS has drawn much attention from research and industry in recent years, an ABKS scheme is an encryption scheme that supports keyword search and access control. Attribute-Based Encryption is a public key encryption that enables users to encrypt and decrypt message based on attributes. In a typical implementation, the size of the ciphertext is proportional to the number of attributes associated with it and the decryption time is proportional to the number of attributes used during decryption. Inherit from ABE technology, the computation cost and ciphertext size in most ABKS schemes grow with the complexity of the access policy. On the other hand, we found that the traditional ABKS schemes cannot resist our secret-key-recovery attack. To deal with the above problems, we present new ciphertext policy attribute based encryption with fast keyword search constructions. Our constructions preserve the fine-grained access control inherited from the ABE system while supporting hidden policy and fast keyword search. Our constructions feature multi-value-independent compared with the existing attribute based searchable encryption schemes. The performance analysis demonstrates the efficiency of our constructions. We offer rigorous security proof of our second scheme, which is IND-CKA and IND-CPA secure.

Published

2020

4. Blockchain-Based Lightweight Certificate Authority for Efficient Privacy-Preserving Location-Based Service in Vehicular Social Networks

Author

Xiaolei Dong, Shen Huajie, Kim-Kwang Raymond Choo, Jun Zhou, and Zhenfu Cao

Subjects

021110 strategic, defence & security studies, Authentication, Security analysis, Blockchain, Computer Networks and Communications, Computer science, 0211 other engineering and technologies, 020206 networking & telecommunications, 02 engineering and technology, Computer security, computer.software_genre, Computer Science Applications, Hardware and Architecture, Signal Processing, Certificate authority, Location-based service, 0202 electrical engineering, electronic engineering, information engineering, Key (cryptography), computer, Information Systems, Anonymity

Abstract

Blockchain can be utilized to enhance both security and efficiency for location-based service (LBS) in vehicular social networks (VSNs), due to its inherent decentralization, anonymity, and trust properties. Unfortunately, the existing approaches either lack effective authentication, which is vulnerable to the man-in-the-middle attack, or require an online certificate authority (CA) where frequent interactions with resource-constrained vehicles are required. To address these challenging issues, in this article, a lightweight threshold CA for consortium blockchain along with a privacy-preserving LBS protocol in blockchain enforced VSNs is proposed. First, a lightweight threshold CA framework LTCA is proposed by devising a threshold proxy signature, where the proxy signing key is issued by a coalition of threshold number of CAs playing the roles of authorized nodes in the consortium blockchain. Without the intervene of an online CA, each vehicle in the online phase can authenticate its identity by itself each time its blockchain address (i.e., account address) is updated. Then, based on the proposed LTCA, an efficient privacy-preserving LBS protocol PPVC is contrived to protect each vehicle’s conditional identity privacy with a moderate cost. Finally, both security analysis and performance evaluation demonstrate the effectiveness and efficiency of our proposed LTCA and PPVC in blockchain enforced VSNs.

Published

2020

5. PPHR: Blockchain-based Privacy Protection House Rental System

Author

Xiaolei Dong, Jiachen Shen, Mingchong Li, and Zhenfu Cao

Subjects

Blockchain, Smart contract, Computer science, media_common.quotation_subject, Computer security, computer.software_genre, Sharing economy, restrict, Order (business), Commitment scheme, computer, Reputation, media_common, Anonymity

Abstract

In recent years, the sharing economy is developing rapidly and has become a popular economic model. For example, sharing platforms such as Airbnb have gradually entered people ’s field of vision and obtained high economic benefits. However, the information managed by such a centralized platform may be used by criminals and people’s privacy may be violated. In order to achieve the goal of decentralization, we propose a blockchain-based house sharing platform. Users can directly conduct transactions on the blockchain by running smart contracts. Our scheme guarantees the anonymity of users through commitment scheme and zero-knowledge technology. In order to deal with the problems that may be encountered in reality, we propose a trusted authority to trace malicious users. In addition, our platform has reputation mechanism to restrict the behavior of users. We analyze its security and performance, and the result shows that it is feasible in reality.

Published

2021

6. Unbounded Key-Policy Attribute-Based Encryption with Black-Box Traceability

Author

Jiachen Shen, Yunxiu Ye, and Zhenfu Cao

Subjects

Black box (phreaking), 021110 strategic, defence & security studies, Traceability, business.industry, Computer science, 0211 other engineering and technologies, 02 engineering and technology, Tracing, Computer security, computer.software_genre, Encryption, Public-key cryptography, Traitor tracing, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Attribute-based encryption, business, Broadcast encryption, computer

Abstract

Attribute-based encryption received widespread attention as soon as it proposes. However, due to its specific characteristics, the attribute-based access control method is not flexible enough in actual operation. In addition, since access authorities are determined according to users' attributes, users sharing the same attributes are difficult to distinguish. Once a malicious user makes illicit gains by their decryption authorities, it is difficult to trace specific users. This paper follows the practical demand to propose a more flexible key-policy attribute-based encryption scheme with black-box traceability. The scheme has a constant number of constant parameters which can be utilized to construct attribute-related parameters flexibly, and the method of traitor tracing in broadcast encryption is introduced to achieve effective malicious user tracing. In addition, the security and feasibility can be proved by the security proofs and performance evaluation in this paper.

Published

2020

7. A Blockchain-Based Privacy-Preserving Scheme for Smart Grids

Author

Jiachen Shen, Xin Chen, Zhenfu Cao, and Xiaolei Dong

Subjects

Network congestion, Electric power system, Security analysis, Smart grid, Computer science, Group signature, Computer security, computer.software_genre, Wireless sensor network, computer, Private information retrieval, Anonymity

Abstract

The application of smart grids helps optimize electric dispatching and troubleshoot power interruption. Although it provides convenience to our lives, it also causes certain security risks. At present, open wireless sensor network is adopted in smart grids and is vulnerable to cyber attacks, resulting in network congestion and leakage of users' private information. Therefore, an attacker may infer users' identities, behavior and preferences by analyzing the real-time power consumption, which is an immediate threat to the users' privacy. To address this issue, we propose a privacy-preserving scheme based on blockchain and group signature to protect the privacy of users' identities while enhancing the security of power systems. On one hand, smart meters serve as nodes in the blockchain system and ensure data consistency through consensus mechanism. On the other hand, as group members, smart meters make sure of the anonymity of end-users by generating group signatures for power data. Security analysis shows that, our scheme achieves security in terms of privacy preserving, transaction verification and traceability, and is secure against common cyber attacks. In addition, the performance analysis shows that the proposed scheme is practical in the sense of consensus delay and throughput.

Published

2020

8. Blockchain Based Digital Evidence Chain of Custody

Author

Jiachen Shen, Xiaolei Dong, Wenqi Yan, and Zhenfu Cao

Subjects

Traceability, Computer science, business.industry, Access control, Computer security, computer.software_genre, Encryption, Authentication (law), Digital evidence, Confidentiality, business, computer, Protocol (object-oriented programming), Chain of custody

Abstract

With the development of technology, the preservation of digital evidence becomes increasingly important in case investigations. To maintain the authenticity of an evidence, its entire lifecycle has to be recorded. In addition, traditional database technologies are not able to maintain the integrity and authenticity of digital evidence. In order to achieve authentication and integrity, as well as confidentiality, of digital evidence, we propose a protocol for digital evidence chain of custody based on revocable ciphertextpolicy attribute-based encryption, BLS signature, and blockchain technology. In our protocol, attribute-based encryption is used to achieve fine-grained access control and BLS signature is used to verify digital evidence. Besides, we use blockchain technology to ensure the integrity and traceability of digital evidence. Analysis and experimental results show that the proposed protocol, which well balances the privacy and the traceability, guarantees the integrity and validity of evidence.

Published

2020

9. Smart contract for secure billing in ride-hailing service via blockchain

Author

Erdong Deng, Huajun Zhang, Haojin Zhu, and Zhenfu Cao

Subjects

020203 distributed computing, Service (systems architecture), Blockchain, Smart contract, Computer Networks and Communications, Computer science, media_common.quotation_subject, ComputerApplications_COMPUTERSINOTHERSYSTEMS, 0102 computer and information sciences, 02 engineering and technology, Computer security, computer.software_genre, Payment, 01 natural sciences, 010201 computation theory & mathematics, Micropayment, 0202 electrical engineering, electronic engineering, information engineering, computer, Protocol (object-oriented programming), Software, Reputation, media_common, Communication channel

Abstract

Ride-hailing service is gaining an increasing popularity due to its great advantages on fare estimation, automatic payments, and reputation ratings. However, how to build the trust between the driver and the passenger and achieve the secure billing still remains an open challenge. This paper proposes a novel secure billing protocol which removes the presence of the online third party by a smart contract on a publicly-verifiable two-party blockchain. In the proposed secure billing protocol, the driver and the passenger generate a blockchain which contains information about the ride. The driver and the passenger measure their own trajectories respectively in rounds. At the end of each round, they exchange their trajectories of the current round. If the difference of trajectories is within a threshold, they jointly compute the fare of current round. After completing the computation, the passenger pays the driver the fare of the current round via a micropayment channel. The driver and the passenger end each round by adding the information generated in this round into the blockchain. The blockchain can be considered as an evidence of the ride since it contains all the information of the ride. We evaluate the performance and the effectiveness of the proposed protocol via extensive experiments and detailed analysis.

Published

2018

10. White-Box Traceable CP-ABE for Cloud Storage Service: How to Catch People Leaking Their Access Credentials Effectively

Author

Xiaolei Dong, Jianting Ning, Lifei Wei, and Zhenfu Cao

Subjects

Cloud computing security, Computer science, business.industry, Client-side encryption, 020206 networking & telecommunications, Cloud computing, Access control, 02 engineering and technology, computer.software_genre, Computer security, Traitor tracing, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Attribute-based encryption, Electrical and Electronic Engineering, On-the-fly encryption, business, Cloud storage, computer

Abstract

Ciphertext-policy attribute-based encryption (CP-ABE) has been proposed to enable fine-grained access control on encrypted data for cloud storage service. In the context of CP-ABE, since the decryption privilege is shared by multiple users who have the same attributes, it is difficult to identify the original key owner when given an exposed key. This leaves the malicious cloud users a chance to leak their access credentials to outsourced data in clouds for profits without the risk of being caught, which severely damages data security. To address this problem, we add the property of traceability to the conventional CP-ABE. To catch people leaking their access credentials to outsourced data in clouds for profits effectively, in this paper, we first propose two kinds of non-interactive commitments for traitor tracing. Then we present a fully secure traceable CP-ABE system for cloud storage service from the proposed commitment. Our proposed commitments for traitor tracing may be of independent interest, as they are both pairing-friendly and homomorphic. We also provide extensive experimental results to confirm the feasibility and efficiency of the proposed solution.

Published

2018

11. An Effective Verifiable Symmetric Searchable Encryption Scheme in Cloud Computing

Author

Xiaolei Dong, Zhenfu Cao, Kangle Wang, and Jiachen Shen

Subjects

Correctness, Computer science, business.industry, Data_MISCELLANEOUS, 020206 networking & telecommunications, Cloud computing, 02 engineering and technology, Computer security, computer.software_genre, Encryption, Upload, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Verifiable secret sharing, The Internet, business, computer, Cloud storage, Private information retrieval

Abstract

With the booming Internet industry, users' demand for resources is also increasing. In order to meet the needs of users, cloud computing came into being. In today's era, cloud storage is already the most popular application in cloud computing, and users are increasingly inclined to store important and private information in the cloud. One of the most common methods is to encrypt the information before uploading it to the cloud, but searching the information it needs in the cloud server becomes an obstacle, and symmetric searchable encryption can help users achieve this. In this paper, we design a verifiable method based on an efficient symmetric searchable encryption scheme to verify the correctness of search results returned by the cloud server. Through safety analysis and performance evaluation tests, we demonstrate that our solutions are safe and effective.

Published

2019

12. A Revocable Publish-Subscribe Scheme Using CP-ABE with Efficient Attribute and User Revocation Capability for Cloud Systems

Author

Xiaolei Dong, Wenhua Zhao, Jiachen Shen, and Zhenfu Cao

Subjects

Scheme (programming language), 020203 distributed computing, Revocation, business.industry, Computer science, Cloud systems, 020206 networking & telecommunications, Cloud computing, 02 engineering and technology, Computer security, computer.software_genre, Encryption, Upload, 0202 electrical engineering, electronic engineering, information engineering, business, Cloud server, computer, Publication, computer.programming_language

Abstract

With the increasing popularity of publish-subscribe systems in the cloud environment, it is of great value to implement an efficient and secure searchable and encrypted publishing subscription scheme with dynamic attributes in a cloud environment. In a publish-subscribe system, it is very important that the user's attributes can be dynamically changed. Most existing schemes which combine searchable encryption with attribute base encryption do not take real-time changes to user attributes into account or are inefficient. To address these problems, we propose a revocable publish-subscribe scheme (RPS) using CP-ABE with efficient attribute and user revocation capability for cloud systems. RPS supports multiple publishers and subscribers, and protects data from access of unauthorized users and cloud server. In addition, it also protects the privacy of the subscription policy, privacy of the uploaded data and keywords, and is forward and backward secure.

Published

2019

13. Secure and efficient encrypted keyword search for multi-user setting in cloud computing

Author

Zhenfu Cao, Xiaolei Dong, and Haijiang Wang

Subjects

020203 distributed computing, Computer Networks and Communications, business.industry, Computer science, 020206 networking & telecommunications, Cloud computing, 02 engineering and technology, Shared secret, Security token, Computer security, computer.software_genre, Encryption, Multi-user, 0202 electrical engineering, electronic engineering, information engineering, Overhead (computing), business, Broadcast encryption, computer, Software, Group key

Abstract

A key challenge to design searchable encryption in multi-user setting lies in the efficient management of encryption and search keys. Existing multi-user searchable encryption schemes either extend the single-user searchable encryption framework with broadcast encryption or require search user refers to the data owner and get the search token. However, this implies the necessity that the data owner distributes a single shared secret key among the group of users or requires the data owner stay online to authorize other users to search. In this paper, we address this practical problem, which is neglected in the literature. We also study secret-key-recovery attack where a malicious user can deduce a valid secret when given a search token. We show such attack violates secret key privacy, which is important in the whole system. Inspired by asymmetric group key agreement and multilinear map technology, we provide a secure and efficient encrypted keyword search scheme for multi-user setting, in which a data owner can share data with a group users without knowing which user in the group. In the proposed scheme, (a) each user has his own secret key, (b) each user generates trapdoors without getting any help from data owner or the third party, (c) our scheme features constant communication overhead, and (d) our scheme resist the secret-key-recovery attack. Our scheme preserves the traceability inherited from the asymmetric group key agreement system. We offer rigorous security proof of our scheme, and the performance analysis demonstrates the efficiency of our scheme.

Published

2018

14. Auditable $\sigma $ -Time Outsourced Attribute-Based Encryption for Access Control in Cloud Computing

Author

Xiaolei Dong, Zhenfu Cao, Kaitai Liang, Hui Ma, Jianting Ning, and Lifei Wei

Subjects

021110 strategic, defence & security studies, Computer Networks and Communications, Computer science, business.industry, 0211 other engineering and technologies, Access control, Cloud computing, Data_CODINGANDINFORMATIONTHEORY, 02 engineering and technology, Service provider, Encryption, Computer security, computer.software_genre, Server, Pairing, Ciphertext, Scalability, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Attribute-based encryption, Key encapsulation, Safety, Risk, Reliability and Quality, business, computer

Abstract

As a sophisticated mechanism for secure fine-grained access control over encrypted data, ciphertext-policy attribute-based encryption (CP-ABE) is one of the highly promising candidates for cloud computing applications. However, there exist two main long-lasting open problems of CP-ABE that may limit its wide deployment in commercial applications. One is that decryption yields expensive pairing cost which often grows with the increase of access policy size. The other is that one is granted access privilege for unlimited times as long as his attribute set satisfies the access policy of a given ciphertext. Such powerful access rights, which are provided by CP-ABE, may be undesirable in real-world applications (e.g., pay-as-you-use). To address the above drawbacks, in this paper, we propose a new notion called auditable $\sigma $ -time outsourced CP-ABE , which is believed to be applicable to cloud computing. In our notion, expensive pairing operation incurred by decryption is offloaded to cloud and meanwhile, the correctness of the operation can be audited efficiently. Moreover, the notion provides $\sigma $ -time fine-grained access control . The cloud service provider may limit a particular set of users to enjoy access privilege for at most $\sigma $ times within a specified period. As of independent interest, the notion also captures key-leakage resistance . The leakage of a user’s decryption key does not help a malicious third party in decrypting the ciphertexts belonging to the user. We design a concrete construction (satisfying our notion) in the key encapsulation mechanism setting based on Rouselakis and Waters (prime order) CP-ABE, and further present security and extensive experimental analysis to highlight the scalability and efficiency of our construction.

Published

2018

15. Accountable CP-ABE with Public Verifiability: How to Effectively Protect the Outsourced Data in Cloud

Author

Gang Yu, Guang Zeng, Wenbao Han, Xiaoxiao Ma, and Zhenfu Cao

Subjects

021110 strategic, defence & security studies, business.industry, Computer science, 0211 other engineering and technologies, 020206 networking & telecommunications, Access control, Cloud computing, Data_CODINGANDINFORMATIONTHEORY, 02 engineering and technology, Computer security, computer.software_genre, Encryption, Public-key cryptography, Set (abstract data type), Scalability, 0202 electrical engineering, electronic engineering, information engineering, Computer Science (miscellaneous), Identity (object-oriented programming), business, Cloud storage, computer

Abstract

Ciphertext-policy attribute-based encryption, denoted by CP-ABE, extends identity based encryption by taking a set of attributes as users’ public key which enables scalable access control over outsourced data in cloud storage services. However, a decryption key corresponding to an attribute set may be owned by multiple users. Then, malicious users are subjectively willing to share their decryption keys for profits. In addition, the authority who issues decryption keys in CP-ABE system is able to generate arbitrary decryption key for any (including unauthorized) user. Key abuses of both malicious users and the authority have been regarded as one of the major obstacles to deploy CP-ABE system in real-world commercial applications. In this paper, we try to solve these two kinds of key abuses in CP-ABE system, and propose two accountable CP-ABE schemes supporting any LSSS realizable access structures. Two proposed accountable CP-ABE schemes allow any third party (with the help of authorities if necessary) to publicly verify the identity of an exposed decryption key, allow an auditor to publicly audit whether a malicious user or authorities should be responsible for an exposed decryption key, and the key abuser can’t deny it. At last, we prove the two schemes can achieve publicly verifiable traceability and accountability.

Published

2017

16. Security and Privacy for Cloud-Based IoT: Challenges

Author

Zhenfu Cao, Xiaolei Dong, Athanasios V. Vasilakos, and Jun Zhou

Subjects

Authentication, Cloud computing security, Ubiquitous computing, Computer Networks and Communications, business.industry, Computer science, Privacy software, 0805 Distributed Computing, 0906 Electrical and Electronic Engineering, 1005 Communications Technologies, 020206 networking & telecommunications, Cloud computing, 02 engineering and technology, Computer security, computer.software_genre, Computer Science Applications, Public-key cryptography, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Mobile technology, Electrical and Electronic Engineering, Networking & Telecommunications, business, computer

Abstract

The Internet of Things is increasingly becoming a ubiquitous computing service, requiring huge volumes of data storage and processing. Unfortunately, due to the unique characteristics of resource constraints, self-organization, and shortrange communication in IoT, it always resorts to the cloud for outsourced storage and computation, which has brought about a series of new challenging security and privacy threats. In this article, we introduce the architecture and unique security and privacy requirements for the next generation mobile technologies on cloud-based IoT, identify the inappropriateness of most existing work, and address the challenging issues of secure packet forwarding and efficient privacy preserving authentication by proposing new efficient privacy preserving data aggregation without public key homomorphic encryption. Finally, several interesting open problems are suggested with promising ideas to trigger more research efforts in this emerging area.

Published

2017

17. Revocable Public Key Encryption with Authorized Keyword Search

Author

Xiaolei Dong, Wujing xu, Jiachen Shen, and Zhenfu Cao

Subjects

Scheme (programming language), Security analysis, Revocation, business.industry, Computer science, Encryption, Computer security, computer.software_genre, Public-key cryptography, Constant (computer programming), Server, business, Semantic security, computer, computer.programming_language

Abstract

In this paper, we propose a revocable public key encryption with authorized keyword search (RPEAKS) scheme. In RPEAKS, data and keywords are encrypted with one public key, users without corresponding private key need authorization from the manager if they want to search through the ciphertexts. The manager authorizes users by distributing authorized tokens to them and is able to revoke a user’s search right when needed. Then we present a concrete RPEAKS construction, which is featured with constant size tokens and efficient revocation. Security analysis shows that the scheme is semantically secure against chosen keyword attack and is trapdoor unforgeability.

Published

2019

18. SDKSE-KGA: A Secure Dynamic Keyword Searchable Encryption Scheme Against Keyword Guessing Attacks

Author

Xiaolei Dong, Hongyuan Chen, Jiachen Shen, Zhenfu Cao, East China Normal University [Shangaï] (ECNU), Pengcheng Laboratory = Peng Cheng Laboratory [Shenzhen], Tongji University, Weizhi Meng, Piotr Cofta, Christian Damsgaard Jensen, Tyrone Grandison, TC 11, and WG 11.11

Subjects

Scheme (programming language), Computer science, Dynamic, InformationSystems_INFORMATIONSTORAGEANDRETRIEVAL, Data_MISCELLANEOUS, 0211 other engineering and technologies, Cloud computing, 02 engineering and technology, Encryption, Computer security, computer.software_genre, Mathematical proof, Trapdoor-IND-CKA, Domain (software engineering), Ciphertext, Keyword guessing attack, 0202 electrical engineering, electronic engineering, information engineering, Search problem, [INFO]Computer Science [cs], computer.programming_language, Standard model (cryptography), 020203 distributed computing, 021110 strategic, defence & security studies, business.industry, Index-IND-CKA, Searchable encryption, business, computer

Abstract

International audience; A number of searchable encryption schemes have been widely proposed to solve the search problem in ciphertext domain. However, most existing searchable encryption schemes are vulnerable to keyword guessing attacks. During keyword guessing attacks, with the help of the cloud, an adversary will learn what keyword a given trapdoor is searching for, which leads to the disclosure of users’ privacy information. To address this issue, we propose SDKSE-KGA: a secure dynamic keyword searchable encryption scheme which resists keyword guessing attacks. SDKSE-KGA has constant-size indexes and trapdoors and supports functionalities such as dynamic updating of keywords and files. Formal proofs show that it is Trapdoor-IND-CKA and Index-IND-CKA secure in the standard model.

Published

2019

19. Multi-proxy multi-signature binding positioning protocol

Author

Huajun Zhang, Huafeng Chen, Qingshui Xue, Fengying Li, and Zhenfu Cao

Subjects

Scheme (programming language), 0209 industrial biotechnology, Correctness, Computer Networks and Communications, business.industry, Computer science, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, 02 engineering and technology, Computer security, computer.software_genre, Signature (logic), 020901 industrial engineering & automation, Proxy signature, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, business, Multi proxy, computer, Protocol (object-oriented programming), Information Systems, computer.programming_language, Computer network

Abstract

For the first time, one new conception, multi-proxy multi-signature binding positioning protocol, is proposed. Based on the secure positioning protocol, one model of multi-proxy multi-signature binding positioning protocol is proposed. In the model, positioning protocol is bound to multi-proxy multi-signature tightly, not loosely. Further, we propose one scheme of multi-proxy multi-signature binding positioning protocol, its correctness is proved, and its security is analyzed. Copyright © 2016 John Wiley & Sons, Ltd.

Published

2016

20. Secure and privacy-preserving pattern matching in outsourced computing

Author

Dongmei Li, Zhenfu Cao, and Xiaolei Dong

Subjects

Scheme (programming language), Computer Networks and Communications, Computer science, business.industry, Computation, 020206 networking & telecommunications, Cloud computing, 02 engineering and technology, Computer security, computer.software_genre, 020202 computer hardware & architecture, Outsourcing, Privacy preserving, 0202 electrical engineering, electronic engineering, information engineering, Pattern matching, business, Protocol (object-oriented programming), computer, Information Systems, Computer network, computer.programming_language

Abstract

Nowaday, secure cloud computation has become more and more attractive. We propose a protocol for privacy-preserving pattern matching. Then, we prove that the construction is simulation-based secure in the semi-honest setting. Finally, the efficiency analysis shows our scheme outperforms the previous works. Specially, compared with Fast' protocol our scheme is more efficient and the text owner does not need real-time online in the query phase. Thus, this protocol is flexible to query by light weight equipments such as mobile phones. Copyright © 2016 John Wiley & Sons, Ltd.

Published

2016

21. VEPP:A Verifiable, Highly Efficient and Privacy-Preserving Protocol for Outsourcing Large Matrix Multiplication

Author

Yunong Liang, Hongyuan Chen, Xiaolei Dong, Jiachen Shen, Zhenfu Cao, and Liang Hui

Subjects

Exploit, business.industry, Computer science, Cloud computing, Computer security, computer.software_genre, Matrix multiplication, Outsourcing, Adaptive chosen-ciphertext attack, The Internet, Verifiable secret sharing, business, Protocol (object-oriented programming), computer

Abstract

The highly development of Internet and cloud computing technology makes it possible to share computing power, storage and data. Cloud computing makes users with limited computing resources be able to carry out large computational tasks with the help of cloud. but security is a major concern that hinders the widespread use of outsourcing computing. We focus on outsourcing large matrix multiplication in this paper. Firstly, we exploit Chinese Remainder Theorem(CRT) to construct a large matrix multiplication outsourcing protocol which is highly efficient in the malicious cloud model. Then formal security proof and extensive performance evaluation show that our protocol achieves a higher security level i.e., information-theoretic security for input privacy and adaptive chosen ciphertext attack (CCA2) security for output privacy). Compared with previous works, users in the proposed protocol are able to verify the results received from the cloud with tiny error rate.

Published

2018

22. SDKSE:A Secure Dynamic Keyword Searchable Encryption Scheme for Email Systems

Author

Xiaolei Dong, Zhenfu Cao, Jiachen Shen, and Hongyuan Chen

Subjects

Scheme (programming language), Cloud computing security, business.industry, Computer science, Data_MISCELLANEOUS, Cloud computing, Computer security, computer.software_genre, Encryption, Public-key cryptography, Upload, Constant (computer programming), business, computer, computer.programming_language, Standard model (cryptography)

Abstract

Cloud computing has an significant impact on both academia and industry with its rapid development. by moving expensive operations like search to cloud, we are able to carry out complicated tasks efficiently. At the same time, cloud security has become a major concern. Malicious clouds are likely to sell privacy information for extra benefit. In order to protect privacy, data are encrypted before being uploaded to cloud. So how to handle encrypted data becomes a new challenge. In this paper we propose SDKSE: a secure dynamic keyword searchable encryption scheme for email systems under cloud computing environment. It is able to update files and keywords at any time. The indexes and the trapdoors generated in the scheme are constant size. In addition, we prove that it is adaptively Trapdoor-IND-CKA and Index-IND-CKA in the standard model.

Published

2018

23. Efficient White-Box Traceable ABE for Vehicular Networks

Author

Zhenfu Cao, Xiaolei Dong, Jiachen Shen, and Siyuan Lai

Subjects

Scheme (programming language), Vehicular ad hoc network, Traceability, Computer science, Data security, Data_CODINGANDINFORMATIONTHEORY, Privilege (computing), Computer security, computer.software_genre, Transmission (telecommunications), White box, computer, computer.programming_language, Data transmission

Abstract

With rapid development and wide application of vehicular networks, data security is gradually valued. CP-ABE could be adopted based on the characteristics of vehicular networks data transmission. And short decryption keys generated in CP-ABE can reduce storage and transmission costs, as vehicles have limited storage capacity. In addition, the decryption keys are shared by multiple users whose attributes satisfy access policy in CP-ABE. So there may exist malicious key owners who have the intention to leak their decryption privilege for profit, especially when traitors cannot be traced. In this paper, we propose a traceable CP-ABE with short keys for vehicular networks. Our scheme not only provides short decryption keys and traceability of traitors, the cost of implementing traceability is also very low. Therefore, it is particularly appropriate for vehicular networks.

Published

2018

24. Server-Aided Directly Revocable Ciphertext-Policy Attribute-Based Encryption with Verifiable Delegation

Author

Weihua Zhu, Zhenfu Cao, Guang Zeng, Xiaoxiao Ma, and Gang Yu

Subjects

020203 distributed computing, Revocation list, Software_OPERATINGSYSTEMS, Revocation, Delegation, business.industry, Computer science, media_common.quotation_subject, Access control, Data_CODINGANDINFORMATIONTHEORY, 02 engineering and technology, Computer security, computer.software_genre, Encryption, Ciphertext, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Verifiable secret sharing, Attribute-based encryption, business, computer, media_common

Abstract

Ciphertext-policy attribute-based encryption (CP-ABE) is a promising primitive for enforcing access control policies defined by data owner on outsourced data. We propose a novel primitive called server-aided directly revocable CP-ABE with verifiable delegation, denoted by sarCP-ABE. In sarCP-ABE, the workloads about revocation are delegated to an aide-server, and the data owner only needs to generate a normal ciphertext as in a pure CP-ABE system. A user can be directly revoked by updating a public revocation list. To prevent a revoked user from decrypting, the aide server can update the aide-ciphertext with current revocation list, and an auditor can publicly check the correctness of the updated aide-ciphertext. At last, the proposed scheme can be proved selectively secure against chosen-plaintext attack on both original and updated ciphertext.

Published

2018

25. Attribute-based signcryption with hybrid access policy

Author

Zhenfu Cao and Gang Yu

Subjects

021110 strategic, defence & security studies, Theoretical computer science, Computer Networks and Communications, business.industry, Computer science, 0211 other engineering and technologies, Data_CODINGANDINFORMATIONTHEORY, 02 engineering and technology, Encryption, Computer security, computer.software_genre, Ciphertext indistinguishability, Malleability, Ciphertext, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Attribute-based encryption, business, Semantic security, computer, Software, Standard model (cryptography), Signcryption

Abstract

Attribute-based signcryption (ABSC) can fulfill the functionality of attribute-based signature (ABS) and attribute-based encryption (ABE) in a logical step. Depending on whether the access policy is embedded in the keys or ciphertexts, ABS and ABE are generally divided into two types: key policy and ciphertext policy. In this paper, we propose an ABSC scheme supporting key policy signature and ciphertext policy encryption, called KCP-ABSC, which is the first ABSC scheme with hybrid access policy to our known. The proposed KCP-ABSC scheme is proven to be ciphertext indistinguishability under chosen ciphertext attacks and achieves existential unforgeability under chosen message attack in the standard model. Furthermore, the size of the ciphertext in the new KCP-ABSC scheme is constant, i.e., independent of the number of attributes used in the system.

Published

2015

26. PPDM: A Privacy-Preserving Protocol for Cloud-Assisted e-Healthcare Systems

Author

Zhenfu Cao, Xiaolei Dong, Xiaodong Lin, and Jun Zhou

Subjects

Computer science, business.industry, Feature extraction, Homomorphic encryption, Cloud computing, Cryptography, Computer security, computer.software_genre, Data aggregator, Adaptive chosen-ciphertext attack, Signal Processing, Overhead (computing), Data mining, Electrical and Electronic Engineering, business, Mobile device, computer

Abstract

E-healthcare systems have been increasingly facilitating health condition monitoring, disease modeling and early intervention, and evidence-based medical treatment by medical text mining and image feature extraction. Owing to the resource constraint of wearable mobile devices, it is required to outsource the frequently collected personal health information (PHI) into the cloud. Unfortunately, delegating both storage and computation to the untrusted entity would bring a series of security and privacy issues. The existing work mainly focused on fine-grained privacy-preserving static medical text access and analysis, which can hardly afford the dynamic health condition fluctuation and medical image analysis. In this paper, a secure and efficient privacy-preserving dynamic medical text mining and image feature extraction scheme PPDM in cloud-assisted e-healthcare systems is proposed. Firstly, an efficient privacy-preserving fully homomorphic data aggregation is proposed, which serves the basis for our proposed PPDM. Then, an outsourced disease modeling and early intervention is achieved, respectively by devising an efficient privacy-preserving function correlation matching PPDM1 from dynamic medical text mining and designing a privacy-preserving medical image feature extraction PPDM2. Finally, the formal security proof and extensive performance evaluation demonstrate our proposed PPDM achieves a higher security level (i.e., information-theoretic security for input privacy and adaptive chosen ciphertext attack (CCA2) security for output privacy) in the honest but curious model with optimized efficiency advantage over the state-of-the-art in terms of both computational and communication overhead.

Published

2015

27. 4S: A secure and privacy-preserving key management scheme for cloud-assisted wireless body area network in m-healthcare social networks

Author

Zhenfu Cao, Athanasios V. Vasilakos, Naixue Xiong, Xiaolei Dong, and Jun Zhou

Subjects

Security analysis, Information Systems and Management, Proactive secret sharing, Computer science, business.industry, Cloud computing, Computer security, computer.software_genre, Computer Science Applications, Theoretical Computer Science, Symmetric-key algorithm, Artificial Intelligence, Control and Systems Engineering, Body area network, Key (cryptography), Overhead (computing), Wireless, business, Key management, computer, Software, Computer network

Abstract

Cloud-assisted wireless body area networks (WBANs) significantly facilitate efficient patient treatment of high quality, unfortunately in the meanwhile greatly challenge the patient’s data confidentiality and privacy. The existing work mainly focused on the traditional scenario where patients securely stay indoors. In this paper, we consider a more practical situation of cloud-assisted WBANs in m-healthcare social networks where patients traverse among blocks outdoors and WBANs are more vulnerable to sophisticated attacks including even node compromise attack. To solve the problem, a secure and privacy-preserving key management scheme resilient to both time-based and location-based mobile attacks is proposed by the cooperation of the mobile patients in the same social group for both hierarchical and distributed environment. It also protects patient’s identity privacy, sensor deployment privacy and location privacy by exploiting the blinding technique and embedding human body’s symmetric structure into Blom’s symmetric key mechanism with modified proactive secret sharing. Especially, the computationally-intensive privacy-preserving key material updating is outsourced to the cloud server and the unchanged pairwise keys after key material updating dramatically saves the resources for energy-constrained WBANs. Finally, the security analysis and simulation results show our scheme far outperforms the previous ones in terms of resisting mobile attacks and storage, computation and communication overhead.

Published

2015

28. White-Box Traceable Ciphertext-Policy Attribute-Based Encryption Supporting Flexible Attributes

Author

Lifei Wei, Jianting Ning, Zhenfu Cao, Xiaolei Dong, and Xiaodong Lin

Subjects

Computer Networks and Communications, Computer science, business.industry, Access control, Data_CODINGANDINFORMATIONTHEORY, computer.software_genre, Encryption, Computer security, Traitor tracing, Ciphertext, Overhead (computing), Attribute-based encryption, On-the-fly encryption, Safety, Risk, Reliability and Quality, business, computer

Abstract

Ciphertext-policy attribute-based encryption (CP-ABE) enables fine-grained access control to the encrypted data for commercial applications. There has been significant progress in CP-ABE over the recent years because of two properties called traceability and large universe, greatly enriching the commercial applications of CP-ABE. Traceability is the ability of ABE to trace the malicious users or traitors who intentionally leak the partial or modified decryption keys for profits. Nevertheless, due to the nature of CP-ABE, it is difficult to identify the original key owner from an exposed key since the decryption privilege is shared by multiple users who have the same attributes. On the other hand, the property of large universe in ABE enlarges the practical applications by supporting flexible number of attributes. Several systems have been proposed to obtain either of the above properties. However, none of them achieve the two properties simultaneously in practice, which limits the commercial applications of CP-ABE to a certain extent. In this paper, we propose two practical large universe CP-ABE systems supporting white-box traceability. Compared with existing systems, both the two proposed systems have two advantages: 1) the number of attributes is not polynomially bounded and 2) malicious users who leak their decryption keys could be traced. Moreover, another remarkable advantage of the second proposed system is that the storage overhead for traitor tracing is constant, which are suitable for commercial applications.

Published

2015

29. PSMPA: Patient Self-Controllable and Multi-Level Privacy-Preserving Cooperative Authentication in Distributedm-Healthcare Cloud Computing System

Author

Xiaolei Dong, Xiaodong Lin, Jun Zhou, and Zhenfu Cao

Subjects

Information privacy, Authentication, Cloud computing security, Privacy by Design, business.industry, Computer science, Privacy software, Access control, Cloud computing, Computer security, computer.software_genre, Designated verifier signature, Public-key cryptography, Computational Theory and Mathematics, Hardware and Architecture, Signal Processing, business, computer, Computer network

Abstract

Distributed m-healthcare cloud computing system significantly facilitates efficient patient treatment for medical consultation by sharing personal health information among healthcare providers. However, it brings about the challenge of keeping both the data confidentiality and patients’ identity privacy simultaneously. Many existing access control and anonymous authentication schemes cannot be straightforwardly exploited. To solve the problem, in this paper, a novel authorized accessible privacy model (AAPM) is established. Patients can authorize physicians by setting an access tree supporting flexible threshold predicates. Then, based on it, by devising a new technique of attribute-based designated verifier signature, a patient self-controllable multi-level privacy-preserving cooperative authentication scheme (PSMPA) realizing three levels of security and privacy requirement in distributed m-healthcare cloud computing system is proposed. The directly authorized physicians, the indirectly authorized physicians and the unauthorized persons in medical consultation can respectively decipher the personal health information and/or verify patients’ identities by satisfying the access tree with their own attribute sets. Finally, the formal security proof and simulation results illustrate our scheme can resist various kinds of attacks and far outperforms the previous ones in terms of computational, communication and storage overhead.

Published

2015

30. Security and privacy in cloud-assisted wireless wearable communications: Challenges, solutions, and future directions

Author

Zhenfu Cao, Xiaodong Lin, Xiaolei Dong, and Jun Zhou

Subjects

Cloud computing security, Computer science, Wireless ad hoc network, business.industry, Data_MISCELLANEOUS, Wearable computer, Cloud computing, Computer security, computer.software_genre, Computer Science Applications, Key distribution in wireless sensor networks, Body area network, Wireless, Electrical and Electronic Engineering, business, computer, Wearable technology

Abstract

Cloud-assisted wireless wearable communications have been increasingly pervasive with the profound development of sensor, wireless communication, and cloud computing technologies, in addition to the wide adoption of e-health, location-based service, and mobile smart communities. In this article we mainly focus on the goals and tactics of privacy-preserving data aggregation in cloud-assisted wireless wearable communications. With respect to the unique security and privacy requirements and the efficiency consideration for resource-constrained wearable devices, we identify the inappropriateness of secure multiparty computation and fully homomorphic encryption and give new generalized solutions to tackle the challenging issue of efficient privacy-preserving data aggregation and outsourced computation in wireless wearable communications. Last but not least, a series of interesting open problems are suggested along with potential solutions to cast light on the research in this emerging area.

Published

2015

31. Traceable CP-ABE: How to Trace Decryption Devices Found in the Wild

Author

Zhen Liu, Zhenfu Cao, and Duncan S. Wong

Subjects

Scheme (programming language), Theoretical computer science, Computer Networks and Communications, business.industry, Computer science, Access control, Data_CODINGANDINFORMATIONTHEORY, Privilege (computing), Computer security, computer.software_genre, Encryption, Set (abstract data type), ComputingMethodologies_SYMBOLICANDALGEBRAICMANIPULATION, Overhead (computing), Safety, Risk, Reliability and Quality, business, computer, computer.programming_language, Standard model (cryptography)

Abstract

In Ciphertext-policy attribute-based encrypt- ion (CP-ABE), ciphertexts are associated with access policies, which do not have to contain the identities of eligible receivers, and attributes are shared by multiple users. CP-ABE is useful for providing fine-grained access control on encrypted data. However, it also has a practicality concern that a malicious user, with his attributes shared with other users, might leak his decryption privilege as a decryption blackbox, for some financial gain or other incentives, as there is little risk of getting caught. There are two types of decryption blackboxes that reflect different practical scenarios. A key-like decryption blackbox is associated with an attribute set $S_{\cal D}$ and can decrypt ciphertexts with access policies satisfied by $S_{\cal D}$ . A policy-specific decryption blackbox is associated with an access policy $\mathbb {A}_{\cal D}$ and can decrypt ciphertexts with ${\mathbb {A}}_{\cal D}$ . Policy-specific decryption blackbox has weaker decryption capacity than key-like decryption blackbox, but tracing it is deemed to be more difficult. In the preliminary version (in CCS 2013) of this paper, we proposed a new CP-ABE scheme which is adaptively traceable against key-like decryption blackbox. The scheme has sublinear overhead, which is the most efficient one to date supporting fully collusion-resistant blackbox traceability. The scheme is fully secure in the standard model, and supports any monotonic access structures. In this paper, we further show that the scheme is also selectively traceable against policy-specific decryption blackbox. Furthermore, and more importantly, we prove a general statement that if a CP-ABE scheme is (selectively) traceable against policy-specific decryption blackbox, it is also (selectively) traceable against key-like decryption blackbox, which implies that we now only need to focus on building CP-ABE schemes which are traceable against policy-specific decryption blackbox.

Published

2015

32. Accountable Multi-authority Ciphertext-Policy Attribute-Based Encryption Without Key Escrow and Key Abuse

Author

Zhenfu Cao, Weihua Zhu, Xiaoxiao Ma, Gang Yu, and Zeng Junjie

Subjects

Key generation, business.industry, Computer science, 05 social sciences, Internet privacy, 02 engineering and technology, Shared secret, Encryption, Computer security, computer.software_genre, Public-key cryptography, 0502 economics and business, Ciphertext, 0202 electrical engineering, electronic engineering, information engineering, Key (cryptography), ComputingMilieux_COMPUTERSANDSOCIETY, 020201 artificial intelligence & image processing, Attribute-based encryption, business, computer, 050203 business & management, Key escrow

Abstract

Ciphertext-policy attribute-based encryption (CP-ABE) is a promising public key encryption primitive enabling fine-grained access control on shared data in public cloud. However, two quite challenging issues, the prevention of key escrow and key abuse, still exist in CP-ABE system. In this paper, we propose a multi-authority CP-ABE scheme without key escrow and key abuse. To prevent key escrow, multiple authorities are employed to perform the same procedure of key generation for an attribute. Thus, no individual authority or colluded authorities that manage no common attribute can decrypt any ciphertext, and it can also resist collusion attack from curious authority with the help of dishonest users. To prevent key abuse of dishonest users, user’s global identifier along with a signature is embedded into the secret key. Thus, any third party can learn the identity from a shared secret key and publicly verify its validity. An advantage of simultaneously preventing key escrow and key abuse is that the proposed scheme can achieve accountability, i.e. an auditor can publicly audit a user or authorities abuse the secret key. At last, the proposed scheme is fully secure in the random oracle model, and due to a key aggregate algorithm its efficiency is comparable to the decentralizing CP-ABE scheme [18] on which it is based.

Published

2017

33. ReDD: recommendation-based data dissemination in privacy-preserving mobile social networks

Author

Khalid Alharbi, Le Chen, Xiaodong Lin, Zhenfu Cao, and Rongxing Lu

Subjects

Security analysis, Computer Networks and Communications, business.industry, Computer science, Network packet, media_common.quotation_subject, Internet privacy, Computer security, computer.software_genre, Mobile social network, Order (business), Confidentiality, Quality (business), business, Dissemination, Protocol (object-oriented programming), computer, Information Systems, media_common

Abstract

Mobile social network (MSN), which is built upon popular smart phone devices and enables mobile users with similar interests to connect with one another, has received considerable attention in recent years. A common phenomenon that makes the MSN vivid today is mobile users often like to share attractive things to their friends in MSN. In this paper, based on this common phenomenon, we propose an efficient recommendation-based data dissemination (ReDD) protocol for MSN, which can efficiently disseminate high-quality messages in a privacy-preserving way. Specifically, in the proposed ReDD protocol, each mobile user, based on both his or her own view and his or her friends' recommendations, will form his or her personal estimation on the quality of a message. Only if the estimation of quality reaches a threshold, the message will be disseminated. In this way, high-quality messages can be widely spread in the network and occupy more network resources than low-quality ones. In order to check the validity of friends' recommendations, ReDD also employs an efficient anonymous authentication technique, which ensures that only the friends of a user can verify recommendations made by the user. Detailed security analysis demonstrates that ReDD can effectively resist various attacks launched by attackers and ensure identity privacy of nodes, confidentiality of shared keys and integrity of data packets. In addition, extensive simulations are also conducted to evaluate the performance of ReDD in terms of the number of active nodes and the average active time, and the simulation results show that high-quality messages can be disseminated widely and efficiently, while low-quality ones will be eliminated shortly to avoid occupying network resources. Copyright © 2014 John Wiley & Sons, Ltd.

Published

2014

34. Human-Factor-Aware Privacy-Preserving Aggregation in Smart Grid

Author

Xiaolei Dong, Zhenfu Cao, Chengxin Xiao, Haojin Zhu, and Weiwei Jia

Subjects

Security analysis, Engineering, Exploit, Computer Networks and Communications, business.industry, Data_MISCELLANEOUS, computer.software_genre, Encryption, Computer security, Computer Science Applications, News aggregator, Data aggregator, Upload, Smart grid, Control and Systems Engineering, Electrical and Electronic Engineering, business, computer, Protocol (object-oriented programming), Information Systems, Computer network

Abstract

Privacy-preserving metering aggregation is regarded as an important research topic in securing a smart grid. In this paper, we first identify and formalize a new attack, in which the attacker could exploit the information about the presence or absence of a specific person to infer his meter readings. This attack, coined as human-factor-aware differential aggregation (HDA) attack, cannot be addressed in existing privacy-preserving aggregation protocols proposed for smart grids. We give a formal definition on it and propose two novel protocols, including basic scheme and advanced scheme, to achieve privacy-preserving smart metering data aggregation and to resist the HDA attack. Our protocol ensures that smart meters periodically upload encrypted measurements to a (electricity) supplier/aggregator such that the aggregator is able to derive the aggregated statistics of all meter measurements but is unable to learn any information about the human activities. We present the formal security analysis for the proposed protocol to guarantee the strong privacy. Moreover, we evaluate the performance of our protocol in a Java-based implementation under different parameters. The performance and utility analysis shows that our protocol is simple, efficient, and practical.

Published

2014

35. PDAFT: A privacy-preserving data aggregation scheme with fault tolerance for smart grid communications

Author

Rongxing Lu, Zhenfu Cao, and Le Chen

Subjects

Computer Networks and Communications, business.industry, Computer science, Homomorphic encryption, Fault tolerance, Computer security, computer.software_genre, Encryption, Paillier cryptosystem, Data aggregator, Smart grid, Server, Overhead (computing), business, computer, Software, Computer network

Abstract

Smart grid, as the next generation of power grid featured with efficient, reliable, and flexible characteristics, has received considerable attention in recent years. However, the full flourish of smart grid is still hindered by how to efficiently and effectively tackle with its security and privacy challenges. In this paper, we propose a privacy-preserving data aggregation scheme with fault tolerance, named PDAFT, for secure smart grid communications. Specifically, PDAFT uses the homomorphic Paillier Encryption technique to encrypt sensitive user data such that the control center can obtain the aggregated data without knowing individual ones, and a strong adversary who aims to threaten user privacy can learn nothing even though he has already compromised a few servers at the control center. In addition, PDAFT also supports the fault-tolerant feature, i.e., PDAFT can still work well even when some user failures and server malfunctions occur. Through extensive analysis, we demonstrate that PDAFT not only resists various security threats and preserves user privacy, but also has significantly less communication overhead compared with those previously reported competitive approaches.

Published

2014

36. Security and privacy for storage and computation in cloud computing

Author

Athanasios V. Vasilakos, Zhenfu Cao, Xiaolei Dong, Yunlu Chen, Haojin Zhu, Lifei Wei, and Weiwei Jia

Subjects

Information Systems and Management, Cloud computing security, business.industry, Computer science, Distributed computing, Quality of service, Cloud computing, Audit, Computer security, computer.software_genre, Designated verifier signature, Computer Science Applications, Theoretical Computer Science, Artificial Intelligence, Control and Systems Engineering, Secure two-party computation, Cloud testing, Storage security, Secure multi-party computation, business, computer, Software

Abstract

Cloud computing emerges as a new computing paradigm that aims to provide reliable, customized and quality of service guaranteed computation environments for cloud users. Applications and databases are moved to the large centralized data centers, called cloud. Due to resource virtualization, global replication and migration, the physical absence of data and machine in the cloud, the stored data in the cloud and the computation results may not be well managed and fully trusted by the cloud users. Most of the previous work on the cloud security focuses on the storage security rather than taking the computation security into consideration together. In this paper, we propose a privacy cheating discouragement and secure computation auditing protocol, or SecCloud, which is a first protocol bridging secure storage and secure computation auditing in cloud and achieving privacy cheating discouragement by designated verifier signature, batch verification and probabilistic sampling techniques. The detailed analysis is given to obtain an optimal sampling size to minimize the cost. Another major contribution of this paper is that we build a practical secure-aware cloud computing experimental environment, or SecHDFS, as a test bed to implement SecCloud. Further experimental results have demonstrated the effectiveness and efficiency of the proposed SecCloud.

Published

2014

37. Guest Editors' Introduction: Special Issue on Trust, Security, and Privacy in Parallel and Distributed Systems

Author

Radha Poovendran, Zhenfu Cao, Patrick McDaniel, Guojun Wang, Xu Li, Keqiu Li, and Yang Xiang

Subjects

Cloud computing security, Network security, business.industry, Computer science, Distributed computing, Data_MISCELLANEOUS, Covert channel, Computer security model, Computer security, computer.software_genre, Logical security, Computational Theory and Mathematics, Security service, Distributed System Security Architecture, Hardware and Architecture, Network Access Control, Signal Processing, Computational trust, business, computer

Abstract

The articles in this special section focus on trust, network security, and privacy deployed in parallel and distributed systems.

Published

2014

38. Traceable and undeniable ciphertext-policy attribute-based encryption for cloud storage service

Author

Jian Lin, Xiangyu Wang, Yongjuan Wang, Gang Yu, and Zhenfu Cao

Subjects

Computer Networks and Communications, business.industry, Computer science, Data_MISCELLANEOUS, General Engineering, 020206 networking & telecommunications, Access control, Cloud computing, 02 engineering and technology, Computer security, computer.software_genre, Encryption, lcsh:QA75.5-76.95, Ciphertext, 0202 electrical engineering, electronic engineering, information engineering, Key (cryptography), 020201 artificial intelligence & image processing, lcsh:Electronic computers. Computer science, Attribute-based encryption, business, computer, Cloud storage, Key escrow

Abstract

Ciphertext-policy attribute-based encryption is a promising mechanism with fine-grained access control for cloud storage system. However, there is a long-lasting problem of key abuse that a user may share its decryption key and a semi-honest authority may illegally issue decryption keys for unauthorized users for profits. To address this problem, we propose an accountable ciphertext-policy attribute-based encryption scheme. In our construction, there are two authorities to issue keys for users, but they cannot decrypt any ciphertexts without collusion. A shared key can be effectively traced, and if the traced identity claims that it is innocent, an auditor can publicly audit who will be responsible for the shared key. Compared with existing accountable ciphertext-policy attribute-based encryption schemes, the proposed scheme is more practical from the two aspects: (1) a user can normally request for a decryption key along with a short signature, and no additional interaction between users and authorities is needed; and (2) the complexity of tracing a masked secret key is reduced to | U | exponent computation, where | U | denotes the number of users in the system. At last, we give the security and experimental analysis.

Published

2019

39. CryptCloud+: Secure and Expressive Data Access Control for Cloud Storage

Author

Lifei Wei, Xiaolei Dong, Kaitai Liang, Jianting Ning, Kim-Kwang Raymond Choo, and Zhenfu Cao

Subjects

Information privacy, Information Systems and Management, Computer Networks and Communications, business.industry, Computer science, 020206 networking & telecommunications, Cryptography, Cloud computing, Access control, Data_CODINGANDINFORMATIONTHEORY, 02 engineering and technology, Encryption, Computer security, computer.software_genre, Credential, Computer Science Applications, Data access, Hardware and Architecture, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, business, Cloud storage, computer

Abstract

Secure cloud storage, which is an emerging cloud service, is designed to protect the confidentiality of outsourced data but also to provide flexible data access for cloud users whose data is out of physical control. Ciphertext-Policy Attribute-Based Encryption (CP-ABE) is regarded as one of the most promising techniques that may be leveraged to secure the guarantee of the service. However, the use of CP-ABE may yield an inevitable security breach which is known as the misuse of access credential (i.e., decryption rights), due to the intrinsic “all-or-nothing” decryption feature of CP-ABE. In this paper, we investigate the two main cases of access credential misuse: one is on the semi-trusted authority side, and the other is on the side of cloud user. To mitigate the misuse, we propose the first accountable authority and revocable CP-ABE based cloud storage system with white-box traceability and auditing, referred to as CryptCloud $^+$ + . We also present the security analysis and further demonstrate the utility of our system via experiments.

Published

2019

40. Generalized (identity-based) hash proof system and its applications

Author

Zongyang Zhang, Yu Chen, Dongdai Lin, and Zhenfu Cao

Subjects

Theoretical computer science, Membership problem, Computer Networks and Communications, business.industry, Computer science, Keyword search, Hash function, 0102 computer and information sciences, 02 engineering and technology, Leakage resilience, Encryption, Security token, Computer security, computer.software_genre, 01 natural sciences, Key leakage, 010201 computation theory & mathematics, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Hardware_CONTROLSTRUCTURESANDMICROPROGRAMMING, business, computer, Information Systems, Anonymity

Abstract

In this work, we generalize the paradigm of the hash proof system HPS proposed by Cramer and Shoup EUROCRYPT 2002. In the center of our generalization, we lift a subset membership problem to a distribution-distinguishing problem. Our generalized HPS clarifies and encompasses all the known public-key encryption PKE schemes that essentially implement the idea of an HPS. Moreover, besides the existing smoothness property, we introduce an additional property named anonymity for HPS. As a natural application, we consider anonymity for PKE in the presence of key leakage and provide a generic construction of leakage-resilient anonymous PKE from an anonymous HPS. We then extend our generalization to the identity-based setting. Concretely, we generalize the paradigm of the identity-based HPS IB-HPS proposed by Bonehet al. FOCS 2007 and Alwenet al. EUROCRYPT 2010 and introduce anonymity for it. As an interesting application of the anonymous IB-HPS, we consider security for PKE with keyword search PEKS in the presence of token leakage and provide a generic construction of leakage-resilient secure PEKS from leakage-resilient anonymous identity-based encryption, which in turn is based on anonymous IB-HPS. Copyright © 2013 John Wiley & Sons, Ltd.

Published

2013

41. On the Privacy of Khan et al.'s Dynamic ID-Based Remote Authentication Scheme with User Anonymity

Author

Da-Zhi Sun and Zhenfu Cao

Subjects

Scheme (programming language), Authentication, Computer science, Network security, business.industry, Applied Mathematics, Eavesdropping, Computer security, computer.software_genre, Computer Science Applications, law.invention, law, Session (computer science), Smart card, business, Cryptanalysis, computer, computer.programming_language, Anonymity

Abstract

Very recently, Khan, Kim, and Alghathbar [6] proposed a dynamic ID-based remote user authentication scheme and claimed that their scheme can provide user anonymity. However, in this article, the authors demonstrate that either a malicious user or an adversary with a valid smart card can trace any user by eavesdropping on his normal authentication session over the public channel. Therefore, Khan et al.'s scheme fails to provide the privacy service as claimed. Hence, the authors present an improved scheme to overcome its flaw and examine the privacy of the improved scheme by using the smart card-based privacy model. In addition, the security and efficiency of the improved scheme are scrutinized. The conclusive result is that the design of the improved scheme is reasonable in not only both privacy and security aspects but also the performance aspect.

Published

2013

42. Certificate-based proxy decryption systems with revocability in the standard model

Author

Lihua Wang, Licheng Wang, Zhenfu Cao, Masahiro Mambo, Jun Shao, and Akihiro Yamamura

Subjects

Information Systems and Management, Delegation, business.industry, Computer science, media_common.quotation_subject, Data_CODINGANDINFORMATIONTHEORY, Computer security, computer.software_genre, Certificate, Computer Science Applications, Theoretical Computer Science, Public-key cryptography, Artificial Intelligence, Control and Systems Engineering, Pairing, Ciphertext, Chosen-plaintext attack, Semantic security, business, Proxy (statistics), computer, Software, Standard model (cryptography), media_common

Abstract

We present the concept of a certificate-based proxy decryption (CBPd) system with revocability, which has the following properties: (1) key-escrow freeness; (2) implicit certification; (3) revocability without public key change; and (4) fine-grained delegation. A concrete CBPd scheme is also proposed. The scheme is semantically secure against adaptive chosen plaintext attack (IND-CBPd-Rev-CPA) under the decisional bilinear Diffie-Hellman assumption in the standard model. We also give an enhanced scheme that is secure against adaptive chosen ciphertext attacks (IND-CBPd-Rev-CCA) in the standard model.

Published

2013

43. Efficient Trust Based Information Sharing Schemes over Distributed Collaborative Networks

Author

Xiaoyan Zhu, Dongsheng Xing, Chi Zhang, Yugang Fang, Huang Lin, and Zhenfu Cao

Subjects

Computer Networks and Communications, business.industry, Computer science, Information sharing, Data_MISCELLANEOUS, Client-side encryption, Encryption, Computer security, computer.software_genre, Public-key cryptography, Trust management (information system), Overhead (computing), Computational trust, Electrical and Electronic Engineering, business, Broadcast encryption, computer, Computer network

Abstract

In distributed collaborative networks such as peer-to-peer systems, privacy preserving information sharing and dissemination heavily relies on effective trust management. Trust based encryption (TBE) has been proposed to be a solution to enabling privacy preserving information sharing and dissemination for such networks. Unfortunately, the previously proposed schemes are not efficient in terms of communications overhead, and require a constantly online trust authority. In this paper, we propose two trust based encryption schemes with significantly improved efficiency. In the first scheme, we develop a generic transformation approach based on the recently proposed identity based broadcast encryption (IBBE) technique, which can significantly reduce both memory space and communication overhead when static reputation is considered. For the dynamic reputation scenarios, we present a trust based encryption scheme which is based on a recently proposed revocable identity based encryption technique, resulting in significantly reduced communication overhead at the central trust authority.

Published

2013

44. Securing m-healthcare social networks: challenges, countermeasures and future directions

Author

Xiaodong Lin, Jun Zhou, Xiaolei Dong, Zhenfu Cao, and Athanasios V. Vasilakos

Subjects

Information privacy, Privacy by Design, business.industry, Computer science, Internet privacy, Mobile computing, Computer security, computer.software_genre, Computer Science Applications, Mobile social network, Next-generation network, Health care, Wireless, Electrical and Electronic Engineering, business, computer, Healthcare system

Abstract

M-healthcare mobile social network has emerged as a promising next-generation healthcare system increasingly adopted by the US and European governments, with the rapid development of sensor and wireless communication technologies. In this paper, we describe the goals and tactics, and present a distributed architecture of m-healthcare social networks. Following each kind of security and privacy challenge, we define a series of basic and sophisticated cyber attacks and give substantial and promising solutions to satisfy the unique security and privacy requirements in m-healthcare social networks. Last but not least, several interesting open problems are pointed out with possible addressing ideas to trigger more research efforts in this emerging area.

Published

2013

45. Practical identity-based encryption in multiple private key generator (PKG) environments

Author

Zhenfu Cao, Shengbao Wang, Wenhao Liu, and Qi Xie

Subjects

Theoretical computer science, Computer Networks and Communications, Computer science, business.industry, Bilinear interpolation, Encryption, Computer security, computer.software_genre, Random oracle, Public-key cryptography, Multiple encryption, Probabilistic encryption, Ciphertext, Attribute-based encryption, business, computer, Information Systems

Abstract

In this paper, we present a new identity-based encryption IBE scheme using bilinear pairings. Compared with the famous IBE scheme of Boneh and Franklin, ours is more practical in the multiple private key generator multiple-PKG environment. We prove that our scheme meets chosen ciphertext security in the random oracle model, assuming the intractability of the standard bilinear Diffie-Hellman problem. Copyright © 2013 John Wiley & Sons, Ltd.

Published

2013

46. White-Box Traceable Ciphertext-Policy Attribute-Based Encryption Supporting Any Monotone Access Structures

Author

Zhen Liu, Zhenfu Cao, and Duncan S. Wong

Subjects

Computer Networks and Communications, Computer science, business.industry, Cryptography, Data_CODINGANDINFORMATIONTHEORY, Privilege (computing), computer.software_genre, Encryption, Computer security, Symmetric-key algorithm, Ciphertext, Attribute-based encryption, On-the-fly encryption, Safety, Risk, Reliability and Quality, business, computer

Abstract

In a ciphertext-policy attribute-based encryption (CP-ABE) system, decryption keys are defined over attributes shared by multiple users. Given a decryption key, it may not be always possible to trace to the original key owner. As a decryption privilege could be possessed by multiple users who own the same set of attributes, malicious users might be tempted to leak their decryption privileges to some third parties, for financial gain as an example, without the risk of being caught. This problem severely limits the applications of CP-ABE. Several traceable CP-ABE (T-CP-ABE) systems have been proposed to address this problem, but the expressiveness of policies in those systems is limited where only and gate with wildcard is currently supported. In this paper we propose a new T-CP-ABE system that supports policies expressed in any monotone access structures. Also, the proposed system is as efficient and secure as one of the best (non-traceable) CP-ABE systems currently available, that is, this work adds traceability to an existing expressive, efficient, and secure CP-ABE scheme without weakening its security or setting any particular trade-off on its performance.

Published

2013

47. Outsourcing attribute-based encryption with multi-keywords and similarity ranking search

Author

Dan Wang, Xiaolei Dong, and Zhenfu Cao

Subjects

020203 distributed computing, business.industry, Computer science, Cloud computing, 02 engineering and technology, Computer security, computer.software_genre, Encryption, Outsourcing, Ranking (information retrieval), World Wide Web, Upload, Broadcasting (networking), Ciphertext, 0202 electrical engineering, electronic engineering, information engineering, Attribute-based encryption, business, computer

Abstract

With the increasing popularity of cloud computing, a huge amount of documents are stored on the cloud for reduced management cost and ease of access. Although data encryption offers help in some ways, it leaves other privacy concerns behind when users want to share documents with others. Otherwise, the users often share documents in the ABE settings in order to support broadcasting, error-tolerace, etc, however, the Attribute Authority will bear mounts of computations. In this paper, we combine the secure outsourced ABE systems with the keywords search while supporting multi-keyword search and search result ranking, which let the data owner securely uploads the data to a third organization and the data user can search over the ciphertext with multi-keywords and decrypt it without much computation with the help of a third server.

Published

2016

48. PPOPM: More Efficient Privacy Preserving Outsourced Pattern Matching

Author

Zhenfu Cao, Xiaolei Dong, and Jun Zhou

Subjects

021110 strategic, defence & security studies, Database, business.industry, Computer science, 0211 other engineering and technologies, Homomorphic encryption, Cloud computing, 0102 computer and information sciences, 02 engineering and technology, computer.software_genre, Computer security, Encryption, 01 natural sciences, Public-key cryptography, 010201 computation theory & mathematics, Trapdoor function, Pattern matching, business, computer, Protocol (object-oriented programming), Block (data storage)

Abstract

Secure outsourced pattern matching permits both the sender and receiver with resource-constrained mobile devices to respectively delegate text T and pattern P to the cloud for the computationally-intensive task of pattern matching. Unfortunately, outsourcing both the computation and storage to the semi-trusted or malicious cloud has brought a series of security and privacy issues. Most of the state-of-the-art exploited the technique of computationally-intensive public key (fully) homomorphic encryption (FHE) as primitives which is inappropriate for resource-constrained devices and the work not depending on FHE cannot well guarantee either text privacy or pattern privacy. To well address this problem, a more efficient privacy preserving outsourced pattern matching PPOPM is proposed in this paper. As a building block, a privacy preserving outsourced discrete fourier transform protocol OFFT is firstly devised to allow the cloud perform OFFT in the encrypted domain, without disclosing either the coefficient privacy or the input privacy. Based on OFFT, we propose an efficient secure outsourced polynomial multiplication protocol OPMUL which is further exploited in designing the final efficient outsourced pattern matching protocol PPOPM. Without exploiting public key FHE, the proposed PPOPM achieves secure outsourced pattern matching with well protected text privacy and pattern privacy against the collusion between the cloud and the receiver or the sender, by performing any one-way trapdoor permutation only once. Finally, the universal composable (UC) technique is adopted to formally prove the security of our proposed PPOPM under the semi-honest environment. The extensive evaluations demonstrate the efficiency and practicability of our proposed PPOPM.

Published

2016

49. Traceable CP-ABE with Short Ciphertexts: How to Catch People Selling Decryption Devices on eBay Efficiently

Author

Jie Chen, Junqing Gong, Xiaolei Dong, Zhenfu Cao, and Jianting Ning

Subjects

021110 strategic, defence & security studies, business.industry, Computer science, Internet privacy, 0211 other engineering and technologies, Cloud computing, Access control, Data_CODINGANDINFORMATIONTHEORY, 02 engineering and technology, Privilege (computing), Encryption, Computer security, computer.software_genre, Public-key cryptography, Traitor tracing, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Attribute-based encryption, business, Cloud storage, computer

Abstract

Ciphertext-policy attribute-based encryption (CP-ABE) is a highly promising solution for cloud computing, which has been widely applied to provide fine-grained access control in cloud storage services recently. However, for CP-ABE based cloud storage systems, if a decryption device appears on eBay described and advertised to be able to decrypt any ciphertexts with policies satisfied by an attribute set or even with a specific access policy only, no one can trace the malicious user(s) who built such a decryption device using their private key(s). This has been known as a major obstacle to deploying CP-ABE systems in real-world commercial applications. Due to the one-to-many encryption mechanism of CP-ABE, the same decryption privilege is shared by multiple users who have the same attributes. It is difficult to identity the malicious user(s) who built such a decryption device. To track people selling decryption devices on eBay efficiently, in this paper, we develop a new methodology for constructing traitor tracing functionality, and present the first black-box traceable CP-ABE (BT-CP-ABE) with short ciphertexts which are independent of the number of users \(\mathcal {N}\). The black-box traceability is public, fully collusion-resistant, and adaptively traceable against both key-like decryption black-box and policy-specific decryption black-box.

Published

2016

50. Efficient Asymmetric Index Encapsulation Scheme for Named Data

Author

Zhenfu Cao and Rong Ma

Subjects

Computer science, business.industry, 020206 networking & telecommunications, 0102 computer and information sciences, 02 engineering and technology, Computer security, computer.software_genre, Security token, 01 natural sciences, Random oracle, Encapsulation (networking), 010201 computation theory & mathematics, Header, 0202 electrical engineering, electronic engineering, information engineering, business, computer, Computer network

Abstract

We are studing the problem of searching on hidden index in asymmetric setting. We define a mechanism that enables receiver to provide a token to the server and enables the server to test whether an encapsulated index matches the token without learning anything else about them. We refer to this mechanism as Asymmetric Index Encapsulation. We suggest to using the AIE as the core protocol of anonymous content-oriented networking. A construction of AIE which strikes a balance between efficiency and security is also given. Our scheme is proved secure base on the DBDH/CDH assumption in the random oracle with tight reduction, while the encapsulated header and the token in our system consists of only three elements.

Published

2016