Your search keyword '"Chunfu Jia"' showing total 40 results

1. Forward and Backward Secure Searchable Encryption Scheme Supporting Conjunctive Queries Over Bipartite Graphs

Author

Ruizhong Du, Mingyue Li, Chunfu Jia, and Wei Shao

Subjects

Scheme (programming language), Theoretical computer science, Computer Networks and Communications, business.industry, Computer science, Cloud computing, Encryption, Computer Science Applications, Hardware and Architecture, Bipartite graph, Conjunctive query, business, computer, Software, Information Systems, computer.programming_language

Published

2023

2. IoT-FBAC: Function-based access control scheme using identity-based encryption in IoT

Author

Yu Wang, Witold Pedrycz, Yang Xiang, Hongyang Yan, Jin Li, and Chunfu Jia

Subjects

Scheme (programming language), Authentication, Security analysis, Residential gateway, Computer Networks and Communications, business.industry, Computer science, 020206 networking & telecommunications, Access control, 02 engineering and technology, Encryption, Hardware and Architecture, Home automation, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, The Internet, business, computer, Software, Computer network, computer.programming_language

Abstract

The Internet of Things (IoT) has become one of critical parts in our daily life. As a large number of smart things connecting to the Internet, terminals are vulnerable to various attacks. Thus the security of IoT becomes important before they are widely applied. Smart home, as an interesting application of IoT, has attracted more and more attention. However, most of the existing works have focused on the authentication between devices and the home gateway, which are only able to realize coarse-grained access control. In another word, once a device is authenticated, the user can access all the functions of the device. This leads to the over-privilege access behavior. To solve this problem, we propose a Function-based Access Control scheme in IoT (IoT-FBAC), that uses an Identity-based Encryption (IBE) scheme. The proposed scheme provides fine-grained access control, prevents applications from accessing unauthorized functions. Meanwhile, the cost of each access operation is a constant in IoT-FBAC scheme. The security analysis indicates that the IoT-FBAC scheme is secure, which can prevent over-privilege access. The experiment results demonstrate that the proposed scheme is effective.

Published

2019

3. A Multi-user Shared Searchable Encryption Scheme Supporting SQL Query

Author

Ruizhong Du, Chunfu Jia, and Mingyue Li

Subjects

Public-key cryptography, Information privacy, business.industry, Computer science, Ciphertext, Key (cryptography), Cloud computing, Encryption, business, Access control list, Secure channel, Computer network

Abstract

Due to the tremendous benefits of cloud computing, organizations are highly motivated to store electronic records on clouds. However, outsourcing data to cloud servers separates it from physical control, resulting in data privacy disclosure. Although encryption enhances data confidentiality, it also complicates the execution of encrypted database operations. In this paper, we propose a multi-user shared searchable encryption scheme that supports multi-user selective authorization and secure access to encrypted databases. First, we apply the Diffie-Hellman protocol to a trapdoor generate algorithm to facilitate fine-grained search control without incremental conversions. Second, we utilize a private key to generate an encrypted index by bilinear mapping, which makes it impossible for an adversary to obtain trapdoor keywords by traversing the keyword space and to carry out keyword guessing attacks. Third, we use double-layered encryption to encrypt a symmetric decryption key. Only the proxies whose attributes are matched with access control list can obtain the key of decrypted data. Through theoretical security analysis and experimental verifications, we show that our scheme can provide secure and efficacious ciphertext retrieval without the support of a secure channel.

Published

2021

4. Provably Secure Security-Enhanced Timed-Release Encryption in the Random Oracle Model

Author

Li Zheng, Chunfu Jia, Wenlei Ouyang, Yuan Ke, Yingming Zeng, and Wang Yahui

Subjects

Cryptographic primitive, Science (General), Article Subject, Computer Networks and Communications, business.industry, Computer science, 020206 networking & telecommunications, 0102 computer and information sciences, 02 engineering and technology, Bidding, Encryption, 01 natural sciences, Random oracle, Public-key cryptography, Q1-390, Mode (computer interface), 010201 computation theory & mathematics, 0202 electrical engineering, electronic engineering, information engineering, Network Time Protocol, T1-995, business, Technology (General), Information Systems, Computer network, Anonymity

Abstract

Cryptographic primitive of timed-release encryption (TRE) enables the sender to encrypt a message which only allows the designated receiver to decrypt after a designated time. Combined with other encryption technologies, TRE technology is applied to a variety of scenarios, including regularly posting on the social network and online sealed bidding. Nowadays, in order to control the decryption time while maintaining anonymity of user identities, most TRE solutions adopt a noninteractive time server mode to periodically broadcast time trapdoors, but because these time trapdoors are generated with fixed time server’s private key, many “ciphertexts” related to the time server’s private key that can be cryptanalyzed are generated, which poses a big challenge to the confidentiality of the time server’s private key. To work this out, we propose a concrete scheme and a generic scheme of security-enhanced TRE (SETRE) in the random oracle model. In our SETRE schemes, we use fixed and variable random numbers together as the time server’s private key to generate the time trapdoors. We formalize the definition of SETRE and give a provably secure concrete construction of SETRE. According to our experiment, the concrete scheme we proposed reduces the computational cost by about 10.8% compared to the most efficient solution in the random oracle model but only increases the almost negligible storage space. Meanwhile, it realizes one-time pad for the time trapdoor. To a large extent, this increases the security of the time server’s private key. Therefore, our work enhances the security and efficiency of the TRE.

Published

2021

5. Blockchain Based Multi-keyword Similarity Search Scheme over Encrypted Data

Author

Mingyue Li, Chunfu Jia, and Wei Shao

Subjects

Scheme (programming language), Focus (computing), Information retrieval, Correctness, Smart contract, business.industry, Computer science, Nearest neighbor search, Access control, Encryption, Index (publishing), business, computer, computer.programming_language

Abstract

Traditional searchable encryption schemes focus on preventing an honest-but-curious server. In practice, cloud servers may delete user data, perform partial queries and even falsify search results to save computing and storage resources. Although there is some previous work to verify the correctness of search results, these verification mechanisms are highly dependent on the specially appointed index structures.

Published

2020

6. Security-Enhanced Timed-Release Encryption in the Random Oracle Model

Author

Li Zheng, Chunfu Jia, Yingming Zeng, Wenlei Ouyang, Wang Yahui, and Yuan Ke

Subjects

Scheme (programming language), Cryptographic primitive, business.industry, Computer science, 020206 networking & telecommunications, 0102 computer and information sciences, 02 engineering and technology, Encryption, 01 natural sciences, One-time pad, law.invention, Random oracle, Public-key cryptography, 010201 computation theory & mathematics, law, 0202 electrical engineering, electronic engineering, information engineering, business, Cryptanalysis, computer, Computer network, computer.programming_language

Abstract

Timed-release encryption (TRE) is a cryptographic primitive that the sender specifies the future decryption time of the receiver. At present, most TRE schemes implement the control of decryption time based on non-interactive time server to publish time trapdoors periodically. However, the generation of a large number of time trapdoors depend on the generation of the fixed private keys of the time server, so a large number of public parameters about the private keys of the time server can then be used for cryptanalysis, which poses a great threat to the security of the private keys of the time server. To solve this problem, a concrete scheme of TRE in the random oracle model are proposed. In our scheme, time trapdoors published by the time server are generated by the private key of the time server and the random number generated in advance. Compared with the most efficient scheme in the random oracle model, our concrete scheme reduces the time consumption by about 10.8%, at the same time it has achieved the one-time-pad of the time trapdoor, which greatly enhances the security of the private key of the time server, and thus enhances the security and effectiveness of the TRE.

Published

2020

7. Secureweb: Protecting sensitive information through the web browser extension with a security token

Author

Yue Zhang, Shuang Liang, Chunfu Jia, Bo Li, Xiaojie Guo, and Zheli Liu

Subjects

Password, Information privacy, Multidisciplinary, Computer science, business.industry, Computer security, computer.software_genre, Security token, Encryption, Information sensitivity, Format-preserving encryption, Information leakage, Web application, business, computer

Abstract

The leakage of sensitive data occurs on a large scale and with increasingly serious impact. It may cause privacy disclosure or even property damage. Password leakage is one of the fundamental reasons for information leakage, and its importance is must be emphasized because users are likely to use the same passwords for different Web application accounts. Existing approaches use a password manager and encrypted Web application to protect passwords and other sensitive data; however, they may be compromised or lack accessibility. The paper presents SecureWeb, which is a secure, practical, and user-controllable framework for mitigating the leakage of sensitive data. SecureWeb protects users' passwords and aims to provide a unified protection solution to diverse sensitive data. The efficiency of the developed schemes is demonstrated and the results indicate that it has a low overhead and are of practical use.

Published

2018

8. Outsourced privacy-preserving classification service over encrypted data

Author

Chunfu Jia, Tong Li, Zhengan Huang, Ping Li, and Zheli Liu

Subjects

Delegate, Database, Computer Networks and Communications, business.industry, Computer science, 020206 networking & telecommunications, Cloud computing, 02 engineering and technology, Service provider, Encryption, computer.software_genre, Computer Science Applications, Outsourcing, Statistical classification, Hardware and Architecture, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, business, Remote Data Services, Classifier (UML), computer

Abstract

With the diversity of cloud services, remote data services based on the machine learning classification have been provided in many applications including risk assessment and image recognition. In a classification service, a classifier owner that acts a service provider establishes a protocol to allow a user to query for the evaluation of his/her data. However, such an owner has to keep on-line continuously and equip with enough bandwidth and computing resources. Although the owner can outsource the service to a powerful service, there remains a challenge that is protecting the privacy of the data and the classifier. In this paper, we propose a novel scheme for a classifier owner to delegate a remote server to provide the privacy-preserving classification service for users. In the proposed scheme, we design efficient classification protocols for two concrete classifiers respectively. We implement the prototype of the scheme and conduct experiments. The experimental results show that the scheme is practical.

Published

2018

9. Verifiable searchable encryption with aggregate keys for data sharing system

Author

Ping Li, Zheli Liu, Jin Li, Tong Li, and Chunfu Jia

Subjects

Scheme (programming language), Web search query, Database, Computer Networks and Communications, business.industry, Computer science, Aggregate (data warehouse), 020206 networking & telecommunications, 02 engineering and technology, computer.software_genre, Encryption, Data sharing, Hardware and Architecture, Order (business), 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Verifiable secret sharing, business, computer, Cloud storage, Software, computer.programming_language

Abstract

In a secure data sharing system, the keyword search over encrypted files is a basic need of a user with appropriate privileges. Although the traditional searchable encryption technique can provide the privacy protection, two critical issues still should be considered. Firstly, a cloud server may be selfish in order to save its computing resources, and thus returns only a fragment of results to reply a search query. Moreover, since different keys are always used for different document sets, making a search query over massive sets and verifying the search results are both impractical for a user with massive keys. In this paper, we propose a scheme named “verifiable searchable encryption with aggregate keys”. In the scheme, a data owner need only distribute a single aggregate key to other users to selectively share both search and verification privileges over his/her document sets. After obtaining such a key, a user can use it not only for generating a single trapdoor as a keyword search query, but for verifying whether the server just conducts a part of computing for the search request. Then, we give an advance scheme under the multi-owner setting. Finally, our analysis and performance evaluation demonstrate that the scheme are both practical and secure.

Published

2018

10. Towards Privacy-Preserving Storage and Retrieval in Multiple Clouds

Author

Jingwei Li, Anna Squicciarini, Jin Li, Chunfu Jia, and Dan Lin

Subjects

020203 distributed computing, Database, Computer Networks and Communications, business.industry, Computer science, Reliability (computer networking), Data_MISCELLANEOUS, Cloud computing, 02 engineering and technology, Cloud service provider, Encryption, computer.software_genre, Secret sharing, Computer Science Applications, Privacy preserving, Hardware and Architecture, Computer data storage, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Confidentiality, business, computer, Software, Information Systems

Abstract

Cloud computing is growing exponentially, whereby there are now hundreds of cloud service providers (CSPs) of various sizes. While the cloud consumers may enjoy cheaper data storage and computation offered in this multi-cloud environment, they are also in face of more complicated reliability issues and privacy preservation problems of their outsourced data. Though searchable encryption allows users to encrypt their stored data while preserving some search capabilities, few efforts have sought to consider the reliability of the searchable encrypted data outsourced to the clouds. In this paper, we propose a privacy-preserving STorage and REtrieval (STRE) mechanism that not only ensures security and privacy but also provides reliability guarantees for the outsourced searchable encrypted data. The STRE mechanism enables the cloud users to distribute and search their encrypted data across multiple independent clouds managed by different CSPs, and is robust even when a certain number of CSPs crash. Besides the reliability, STRE also offers the benefit of partially hidden search pattern. We evaluate the STRE mechanism on Amazon EC2 using a real world dataset and the results demonstrate both effectiveness and efficiency of our approach.

Published

2017

11. A Rekeying Scheme for Encrypted Deduplication Storage based on NTRU

Author

Hang Chen, Wei Shao, Chunfu Jia, GuanXiong Ha, and Ruiqi Li

Subjects

Scheme (programming language), NTRU, business.industry, Computer science, Testbed, Access control, Encryption, Key (cryptography), Rekeying, Data deduplication, business, computer, Computer network, computer.programming_language

Abstract

Rekeying is a common way to protect outsourced data against key compromise and to enable data owners to enforce access control on their data. However, existing rekeying schemes are difficult to apply to the encryption dedu plication system which uses message-locked encryption for allowing the server to perform deduplication on users’ outsourced data. In this paper, we propose a new rekeying scheme named REEDBN, which leverages a proxy re-encryption based on NTRU to reduce thecommunicational cost for the system and the com putational overheads for clients during rekeying. We implement the prototype of our scheme and conduct testbed experiments. The results show that our system has much less communicational effort and computational overhead for clients than the previous scheme. Users can even rekey their outsourced data on some mobile terminals which only have limited computation power.

Published

2021

12. New order preserving encryption model for outsourced databases in cloud environments

Author

Chunfu Jia, Jun Yang, Zheli Liu, Xiaofeng Chen, and Ilsun You

Subjects

Database server, Security analysis, Database, Computer Networks and Communications, Computer science, business.industry, 020206 networking & telecommunications, Plaintext, 02 engineering and technology, Adversary, Encryption, computer.software_genre, User-defined function, Computer Science Applications, Hardware and Architecture, Ciphertext, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, business, Ciphertext-only attack, computer

Abstract

The order of the plaintext remains in the ciphertext, so order-preserving encryption (OPE) scheme is under threat if the adversary is allowed to query for many times. To hide the order in the ciphertext, the only ideal-security OPE scheme (Popa et al., 2013) requires the database server to maintain extra information and realize comparison or range query by user defined functions (UDFs). However, order operations will no longer be performed directly on the ciphertext. It will affect the efficiency and make this scheme to be not suitable for some cases.In this paper, we aim at constructing efficient and programmable OPE scheme for outsourced databases. Firstly, we introduce the system model of outsourced database where OPE scheme will be used, show that ciphertext-only attack is basic and practical security goal. Secondly, we discuss the statistical attack for OPE schemes, point out how to hide data distribution and data frequency is important when designing OPE schemes. Thirdly, we propose a new simple OPE model, which uses message space expansion and nonlinear space split to hide data distribution and frequency and further analyze its security against two kinds of attack in details. Finally, we discuss implementation details including how to use our OPE scheme in the database applications. And we also evaluate its performance through the experiment. The security analysis and performance evaluation show that our OPE scheme is secure enough and more efficient.

Published

2016

13. Secure video retrieval using image query on an untrusted cloud

Author

Mengqi Chen, Chunfu Jia, Hongyang Yan, and Li Hu

Subjects

0209 industrial biotechnology, Information retrieval, Range query (data structures), Computer science, business.industry, Homomorphic encryption, Cloud computing, Plaintext, 02 engineering and technology, Encryption, Object detection, 020901 industrial engineering & automation, Ciphertext, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, business, Software

Abstract

Video retrieval has been widely used in many applications such as video surveillance, object detection. Recently, the security of video retrieval systems has attracted much attention of researchers. However, the most of the previous works focus on secure image search, which usually utilize homomorphic encryption (HE) or order-preserving encryption (OPE) to achieve privacy-preserving. Specially, few works pay attention to secure video retrieval. In this paper, we propose a novel secure video retrieval (SVR, for simplicity) scheme by utilizing comparable encryption with a vector extending mechanism. The distance between images could be presented as range query. Security analysis demonstrate that the proposed scheme can preserve the privacy of data. The experimental results show that the ciphertext search results are consistent with the plaintext form.

Published

2020

14. Centralized Duplicate Removal Video Storage System with Privacy Preservation in IoT

Author

Hongyang Yan, Xuan Li, Yu Wang, and Chunfu Jia

Subjects

cloud storage environment, Computer science, cryptosystem, Internet of Things, Cloud computing, 02 engineering and technology, Encryption, lcsh:Chemical technology, Biochemistry, Article, Analytical Chemistry, Upload, Server, Ciphertext, 0202 electrical engineering, electronic engineering, information engineering, Data deduplication, Cryptosystem, lcsh:TP1-1185, Electrical and Electronic Engineering, Instrumentation, business.industry, 020206 networking & telecommunications, Plaintext, Atomic and Molecular Physics, and Optics, data deduplication, privacy preservation, Computer data storage, 020201 artificial intelligence & image processing, business, Personally identifiable information, Computer network

Abstract

In recent years, the Internet of Things (IoT) has found wide application and attracted much attention. Since most of the end-terminals in IoT have limited capabilities for storage and computing, it has become a trend to outsource the data from local to cloud computing. To further reduce the communication bandwidth and storage space, data deduplication has been widely adopted to eliminate the redundant data. However, since data collected in IoT are sensitive and closely related to users&rsquo, personal information, the privacy protection of users&rsquo, information becomes a challenge. As the channels, like the wireless channels between the terminals and the cloud servers in IoT, are public and the cloud servers are not fully trusted, data have to be encrypted before being uploaded to the cloud. However, encryption makes the performance of deduplication by the cloud server difficult because the ciphertext will be different even if the underlying plaintext is identical. In this paper, we build a centralized privacy-preserving duplicate removal storage system, which supports both file-level and block-level deduplication. In order to avoid the leakage of statistical information of data, Intel Software Guard Extensions (SGX) technology is utilized to protect the deduplication process on the cloud server. The results of the experimental analysis demonstrate that the new scheme can significantly improve the deduplication efficiency and enhance the security. It is envisioned that the duplicated removal system with privacy preservation will be of great use in the centralized storage environment of IoT.

Published

2018

15. New access control systems based on outsourced attribute-based encryption1

Author

Chunfu Jia, Jianfeng Ma, Xiaofeng Chen, Jin Li, Jingwei Li, and Wenjing Lou

Subjects

Cryptographic primitive, Database, Computer Networks and Communications, Computer science, business.industry, Data security, Access control, Cloud computing, Service provider, Computer security, computer.software_genre, Encryption, Outsourcing, Hardware and Architecture, Safety, Risk, Reliability and Quality, business, Private information retrieval, computer, Software

Abstract

As cloud computing becomes prevalent, more and more sensitive data is being centralized into the cloud for sharing, which brings forth new challenges for outsourced data security and privacy. Attribute-based encryption (ABE) is a promising cryptographic primitive, which has been widely applied to design fine-grained access control system recently. However, ABE is criticized for its high scheme overhead as the computational cost grows with the complexity of the access formula. This disadvantage becomes more serious for mobile devices with constrained computing resources. Aiming at tackling the challenge above, we present a generic and efficient solution to implement attribute-based access control system by introducing secure outsourcing techniques into ABE. More precisely, two cloud service providers (CSPs), namely key generation-cloud service provider (KG-CSP) and decryption-cloud service provider (D-CSP) are introduced to perform the outsourced key-issuing and decryption on behalf of attribute authority and users respectively. In order to outsource heavy computation to both CSPs without private information leakage, we formalize an underlying primitive called outsourced ABE (OABE) and propose several constructions with outsourced decryption and key-issuing. Finally, extensive experiment demonstrates that with the help of KG-CSP and D-CSP, efficient key-issuing and decryption are achieved in our constructions.

Published

2015

16. Cloud-based electronic health record system supporting fuzzy keyword search

Author

Chunfu Jia, Jun Yang, Chuan Fu, Jin Li, Jian Weng, and Zheli Liu

Subjects

Information privacy, Database, business.industry, Computer science, 020206 networking & telecommunications, Cloud computing, Cryptography, 02 engineering and technology, Encryption, computer.software_genre, Theoretical Computer Science, Data sharing, Upload, Information sensitivity, Symmetric-key algorithm, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Geometry and Topology, Data mining, business, computer, Software

Abstract

As cloud computing becomes prevalent, electronic health record (EHR) system has appeared in the form of patient centric, in which more and more sensitive information from patients is being uploaded into the cloud. To protect patients' privacy, sensitive EHR information has to be encrypted before outsourcing. However, this makes effective data utilization, such as fuzzy keyword search and data sharing, a very challenging problem. In this paper, aiming at allowing for securely storing, sharing and effectively utilizing the EHR, a new cloud-based EHR system is proposed. A binary tree is utilized to store the encrypted records in the proposed scheme, and an attribute-based encryption scheme is applied to encrypt the secret keys. The proposed system is very efficient because only symmetric encryption is introduced to encrypt the records. To support effectively retrieve patients' records, an efficient fuzzy keyword search over encrypted data is proposed without reliance on heavy cryptographic operations, which greatly enhances system usability by returning the matching files. With rigorous security analysis, we show that the proposed scheme is secure, while it realized privacy-preserving data sharing and fuzzy keyword search. Extensive experimental results illustrate the efficiency of the proposed solution.

Published

2015

17. Identity-Based Encryption with Outsourced Revocation in Cloud Computing

Author

Jin Li, Chunfu Jia, Wenjing Lou, Xiaofeng Chen, and Jingwei Li

Subjects

Key generation, Authentication, Revocation, Delegation, business.industry, Computer science, computer.internet_protocol, media_common.quotation_subject, Key distribution, Public key infrastructure, Encryption, Certificate Management Protocol, Computer security, computer.software_genre, Theoretical Computer Science, Public-key cryptography, Computational Theory and Mathematics, Hardware and Architecture, Key (cryptography), business, computer, Software, media_common

Abstract

Identity-Based Encryption (IBE) which simplifies the public key and certificate management at Public Key Infrastructure (PKI) is an important alternative to public key encryption. However, one of the main efficiency drawbacks of IBE is the overhead computation at Private Key Generator (PKG) during user revocation. Efficient revocation has been well studied in traditional PKI setting, but the cumbersome management of certificates is precisely the burden that IBE strives to alleviate. In this paper, aiming at tackling the critical issue of identity revocation, we introduce outsourcing computation into IBE for the first time and propose a revocable IBE scheme in the server-aided setting. Our scheme offloads most of the key generation related operations during key-issuing and key-update processes to a Key Update Cloud Service Provider, leaving only a constant number of simple operations for PKG and users to perform locally. This goal is achieved by utilizing a novel collusion-resistant technique: we employ a hybrid private key for each user, in which an AND gate is involved to connect and bound the identity component and the time component. Furthermore, we propose another construction which is provable secure under the recently formulized Refereed Delegation of Computation model. Finally, we provide extensive experimental results to demonstrate the efficiency of our proposed construction.

Published

2015

18. CombinedPWD: A New Password Authentication Mechanism Using Separators Between Keystrokes

Author

Wantong Zheng and Chunfu Jia

Subjects

Password, Authentication, Dictionary attack, Computer science, business.industry, computer.internet_protocol, 010401 analytical chemistry, Password cracking, 020206 networking & telecommunications, Cryptography, 02 engineering and technology, Encryption, Computer security, computer.software_genre, Keystroke logging, 01 natural sciences, 0104 chemical sciences, Password strength, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Brute-force attack, 0202 electrical engineering, electronic engineering, information engineering, Message authentication code, Password authentication protocol, business, computer

Abstract

The password security has been paid much attention to by many scholars. The conventional password cracking methods are based on probabilistic models leveraging the leaked password datasets. In order to reduce this risk, our study proposes a new online password authentication mechanism, combinedPWD, through inserting separators (e.g. blanks) into the passwords to strengthen the existing password authentication system. This scheme utilizes the custom of users' input. In our research, website users can insert spaces in their password where they want to pause when they register an account and the website back-end records the number of spaces in every gap. Only input the correct password and the corresponding number of separators matching accounts to be admitted into the system. Any trials with wrong password or correct password but with a wrong number of spaces will be rejected by the system. Through the experiments verification, the proposed mechanism can resist brute force attack and dictionary attack effectively. To avoid keyloggers, we further propose to use two-dimensional code to store the encrypted password. And this scheme has better operability and security.

Published

2017

19. Efficient Format-Preserving Encryption Mode for Integer

Author

Jiansheng Guo, Changqing Dong, Shuang Liang, Yanan Zhang, Zheli Liu, and Chunfu Jia

Subjects

Plaintext-aware encryption, business.industry, Computer science, Distributed computing, 05 social sciences, Client-side encryption, 02 engineering and technology, Encryption, Disk encryption hardware, Disk encryption theory, Deterministic encryption, Watermarking attack, Multiple encryption, Probabilistic encryption, Format-preserving encryption, 0502 economics and business, 0202 electrical engineering, electronic engineering, information engineering, 40-bit encryption, 56-bit encryption, 050211 marketing, 020201 artificial intelligence & image processing, Attribute-based encryption, business, Block cipher

Abstract

To protect the confidentiality of information system, encryption techniques are essential and widely used. However, the encryption with a traditional block cipher may cause a damage to the application or database due to the format changing. Format-preserving encryption (FPE) plays an important role in practice, especially for the integer. We studied the problems on applying FPE for integer, specifically the low performance caused by cycle-walking. In this paper, we suggest a construction for integer which is based on the unbalanced Feistel network. It improves the performance by reducing the probability of cycle-walking. Besides, we analyze the security and performance. The result shows that it's practical and secure.

Published

2017

20. Privacy-preserving data utilization in hybrid clouds

Author

Jin Li, Zheli Liu, Chunfu Jia, Xiaofeng Chen, and Jingwei Li

Subjects

Scheme (programming language), Computer Networks and Communications, business.industry, Computer science, Interface (Java), Distributed computing, Access control, Cloud computing, Encryption, Fuzzy logic, Outsourcing, Hardware and Architecture, Attribute-based encryption, business, computer, Software, computer.programming_language

Abstract

As cloud computing becomes prevalent, more and more sensitive data is being centralized into the cloud, which raises a new challenge on how to utilize the outsourced data in a privacy-preserving manner. Although searchable encryption allows for privacy-preserving keyword search over encrypted data, it could not work effectively for restricting unauthorized access to the outsourced private data. In this paper, aiming at tackling the challenge of privacy-preserving utilization of data in cloud computing, we propose a practical hybrid architecture in which a private cloud is introduced as an access interface between the data owner/user and the public cloud. Under this architecture, a data utilization system is provided to achieve both exact keyword search and fine-grained access control over encrypted data. Security and efficiency analysis for the proposed system are presented in detail. Then, further enhancements for this system are considered in two steps. (1) We show how to extend our system to support efficient fuzzy keyword search while overcoming the disadvantage of insignificant decryption in the existing privacy-preserving fuzzy keyword search scheme. (2) We demonstrate approaches to realize an outsourcing cryptographic access control mechanism and further reduce the computational cost at the data user side. We propose a hybrid architecture for privacy-preserving data utilization.We propose a system for exact keyword search and access control over encrypted data.We show how to extend our system to support fuzzy keyword search.We demonstrate approaches for outsourcing cryptographic access control.

Published

2014

21. Enabling efficient and secure data sharing in cloud computing

Author

Chunfu Jia, Jingwei Li, Jin Li, and Zheli Liu

Subjects

Computer Networks and Communications, business.industry, Computer science, Client-side encryption, Key distribution, Cloud computing, Access control, computer.software_genre, Computer security, Encryption, Computer Science Applications, Theoretical Computer Science, Data sharing, Public-key cryptography, Computational Theory and Mathematics, File sharing, On-the-fly encryption, business, computer, Broadcast encryption, Software

Abstract

With the rapid development of cloud computing, more and more data are being centralized into remote cloud server for sharing, which raises a challenge on how to keep them both private and accessible. Although searchable encryption provides an efficient solution to support keyword-based search directly on encrypted data, considering its application in file sharing, existing work depends on key sharing among authorized users, which inevitably causes the risks of key exposure and abuse. In this paper, aiming at enabling efficient and secure data sharing in cloud computing, we provide a generic construction for this purpose. The proposed construction is full-featured: i It enables authorized users to perform keyword-based search directly on encrypted data without sharing the unique secret key; and ii it provides two-layered access control to limit unauthorized user's access to the shared data. On the basis of the proposed generic construction, we utilize the existing techniques on identity-based broadcast encryption and public key searchable encryption to instantiate a concrete construction. Copyright © 2013 John Wiley & Sons, Ltd.

Published

2013

22. Verifiable Searchable Encryption with Aggregate Keys for Data Sharing in Outsourcing Storage

Author

Chunfu Jia, Tong Li, Zheli Liu, Ping Li, Jin Li, and Zoe Lin Jiang

Subjects

020203 distributed computing, Web search query, Database, business.industry, Computer science, Aggregate (data warehouse), 02 engineering and technology, computer.software_genre, Encryption, Outsourcing, Data sharing, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Verifiable secret sharing, On-the-fly encryption, business, computer, Cloud storage

Abstract

In a secure data sharing system, the keyword search over encrypted files is a basic need of a user with appropriate privileges. Although the traditional searchable encryption technique can provide the privacy protection, two critical issues still should be considered. Firstly, a cloud server may be selfish in order to save its computing resources, and thus returns only a fragment of results to reply a search query. Secondly, since different keys are always used for different document sets, making a search query over massive sets and verifying the search results are both impractical for a user with massive keys. In this paper, we propose a scheme named "verifiable searchable encryption with aggregate keys". In the scheme, a data owner need only distribute a single aggregate key to other users to selectively share both search and verification privileges over his/her document sets. After obtaining such a key, a user can use it not only for generating a single trapdoor as a keyword search query, but for verifying whether the server just conducts a part of computing for the search request. Then, we define the requirements of the scheme and give a valid construction. Finally, our analysis and performance evaluation demonstrate that the scheme are practical and secure.

Published

2016

23. Cycle-walking revisited: consistency, security, and efficiency

Author

Zongqing Dong, Chunfu Jia, Jingwei Li, and Zheli Liu

Subjects

Theoretical computer science, Computer Networks and Communications, business.industry, Computer science, Cryptography, Plaintext, Computer security, computer.software_genre, Encryption, Credit card, Consistency (database systems), Cipher, Format-preserving encryption, Ciphertext, business, computer, Information Systems

Abstract

Cycle-walking is a method that makes sure ciphertext falls in the acceptable range through encrypting plaintext repeatedly with some underlying cipher. This technology provides a general way to construct cryptographic schemes for various interesting applications, including enhancing existing system security without the change of original structure, encrypting multimedia data with the preservation of scalability, generating credit card numbers for Web transaction, and so on, which have a common feature that ciphertext is required to satisfy certain restrictions in order to allow some operations directly imposed on encrypted data. Nevertheless, as far as we know, there exists little work making rigorous analysis on cycle-walking, especially its undeterministic efficiency, which may limit the application of schemes constructed by such technology or even lead it to unpracticality. In this paper, aiming at filling some gaps about cycle-walking and helping cryptographic theory “catch up” with its application, we present the rigorous analysis on cycle-walking's properties including consistency, security, and efficiency. On consistency, we show that cycle-walking will necessarily arrive back with finite iteration rounds and its decryption reverses encryption. On security, we show that cycle-walking would not degrade the security of underlying ciphers. On efficiency, instead of using “nondeterministic” to describe cycle-walking's performance in previous work, we make precise analysis and provide the answer to “how long is the duration of cycle-walking's encrypting process.” Copyright © 2012 John Wiley & Sons, Ltd.

Published

2012

24. An efficient format-preserving encryption mode for practical domains

Author

Chunfu Jia, Li Xu, Zheli Liu, and Jingwei Li

Subjects

Multidisciplinary, Theoretical computer science, business.industry, Cryptography, Plaintext, Encryption, Domain (software engineering), Probabilistic encryption, Format-preserving encryption, Ciphertext, business, Algorithm, Computer Science::Cryptography and Security, Block cipher, Mathematics

Abstract

Format-preserving encryption (FPE), which makes sure that ciphertext has the same format as plaintext, has been widely used in protecting sensitive data in a database. Aiming at efficiently solving the FPE problem on a collection of practical domains, we propose the RREM (random reference-based encryption mode), which constructs bijection between the original domain and integer set through distance computation. If an appropriate distance function is predefined, the proposed mode can solve the FPE problem on linear equidistance domain in a more efficient way than previous methods. Furthermore, we make a classification on various types of domains, show the application of RREM in some practical domains, and specify RREM’s capability of solving the FPE problem on frequently-used fields in database quite efficiently.

Published

2012

25. General Multi-key Searchable Encryption

Author

Nan Shen, Zheli Liu, Jun Yang, Jin Li, Chuan Fu, and Chunfu Jia

Subjects

Computer science, Access control, Computer security, computer.software_genre, Encryption, Disk encryption hardware, Multiple encryption, Email encryption, Filesystem-level encryption, Ciphertext, Information retrieval, business.industry, Client-side encryption, Disk encryption theory, Deterministic encryption, Disk encryption, Probabilistic encryption, 40-bit encryption, 56-bit encryption, Keyfile, Homomorphism, Link encryption, Attribute-based encryption, On-the-fly encryption, business, computer

Abstract

We analysis outsourced server with multi-users and classify the data sharing into two main types. We focus on the data sharing between users in Searchable Encryption and the corresponding security goal. Then we present a general scheme for Searchable Encryption in which the cipher text can be generated from parameter by authorized users. With the concept of homomorphism and one-way function, we construct a general model to illustrate and fulfill the goals involved. We also promote such a model to a general Multi-Key Searchable Encryption which enables only a single submission for the retrievals in the documents encrypted by different keys. We also give two concrete examples to illustrate the feasibility and security in such a general model.

Published

2015

26. STRE: Privacy-Preserving Storage and Retrieval over Multiple Clouds

Author

Jingwei Li, Anna Squicciarini, Dan Lin, and Chunfu Jia

Subjects

Privacy preserving, business.industry, Computer science, Reliability (computer networking), Data_MISCELLANEOUS, Computer data storage, Cloud computing, Cloud service provider, business, Encryption, Computer security, computer.software_genre, computer

Abstract

Cloud computing is growing exponentially, whereby there are now hundreds of cloud service providers (CSPs) of various sizes. While the cloud consumers may enjoy cheaper data storage and computation offered in this multi-cloud environment, they are also in face of more complicated reliability issues and privacy preservation problems of their outsourced data. In this paper, we propose a privacy-preserving STorage and REtrieval (STRE) mechanism that not only ensures security and privacy but also provides reliability guarantees for the outsourced searchable encrypted data. The STRE mechanism enables the cloud users to distribute and search their encrypted data in multiple cloud service providers (CSPs), and is robust even when a certain number of CSPs crash. Besides the reliability, STRE also offers the benefit of partially hidden search pattern.

Published

2015

27. Multi-key Searchable Encryption without Random Oracle

Author

Chunfu Jia, Zheli Liu, Jin Li, Jun Yang, and Baojiang Cui

Subjects

Theoretical computer science, Computer science, business.industry, computer.software_genre, Encryption, Computer security, Multiple encryption, Filesystem-level encryption, Probabilistic encryption, 40-bit encryption, 56-bit encryption, Attribute-based encryption, On-the-fly encryption, business, computer

Abstract

Multi-Key Searchable Encryption (MKSE) is a new application scenario of searchable encryption, in which any user can search over all encrypted documents stored in untrusted server by submitting only one trapdoor. Firstly, we describe a general model of multi-key searchable encryption and introduce its system model and attack model. Secondly, we define its formulized model and the corresponding security with no ideal Hash function required. Furthermore, we construct a feasible and efficient MKSE scheme without random oracle. Security analysis shows that our scheme is secure.

Published

2014

28. TMDS: Thin-Model Data Sharing Scheme Supporting Keyword Search in Cloud Storage

Author

Jin Li, Jun Yang, Chunfu Jia, Xiaofeng Chen, and Zheli Liu

Subjects

Security analysis, Database, business.industry, Computer science, Cloud computing, Access control, Construct (python library), computer.software_genre, Encryption, Bottleneck, Data sharing, business, Cloud storage, computer

Abstract

Data sharing systems based on cloud storage have attracted much attention recently. In such systems, encryption techniques are usually utilized to protect the privacy of outsourced sensitive data. However, to support data sharing while keeping data confidentiality, encryption keys should be shared by authorized users. As a result, many keys have to be stored and shared by the users in the data sharing system, which would be a bottleneck for users. To tackle the challenges above, we propose a secure thin-model data sharing scheme supporting a keyword search scheme called TMDS, where only a user’s master key is utilized and the keys used for keyword search are not required to be stored at the user side. Furthermore, the cloud server is assumed to be an honest-but-curious entity in our construction. TMDS offers many attractive features as follows: 1) users are able to encrypt and share data without distributing shared encryption keys; 2) each user can flexibly retrieve and decrypt data from the cloud with only a master key; 3) secure data sharing and keyword search are both supported in a single system. Furthermore, we explain how to construct a data sharing system based on TMDS. Security analysis and performance evaluation show that our scheme is secure and practical.

Published

2014

29. Public Key Timed-Release Searchable Encryption

Author

Chunfu Jia, Ke Yuan, Zheli Liu, Jun Yang, and Shuwang Lv

Subjects

Provable security, business.industry, Computer science, Encryption, Computer security, computer.software_genre, Random oracle, Public-key cryptography, Probabilistic encryption, Ciphertext, Message authentication code, Link encryption, business, computer

Abstract

This paper introduces and explores a new concept of timed-release searchable encryption (TRSE) which can be used to solve the time-sensitive cipher text retrieval problem. In this paper, we preliminarily focus on the PKTRSE which is a kind of public key TRSE. In our PKTRSE model, the sender encrypts a message so that only the intended receiver can search target cipher text containing specified keywords after a pre-set release time in the future. We begin by explaining what is PKTRSE and introducing the application scenario of PKTRSE. Then, we show the preconditions of timed-release public key encryption combining other asymmetric crypto-graphic mechanisms. Afterwards, we formalize the notion of PKTRSE and its security game model. Finally, we give two construction schemes of PKTRSE: A generic scheme and a concrete scheme which are secure under the BDH assumption in the random oracle model.

Published

2013

30. Multi-user Public Key Timed-Release Searchable Encryption

Author

Zheli Liu, Chunfu Jia, Ke Yuan, Shuwang Lv, and Jun Yang

Subjects

Computer science, business.industry, Client-side encryption, Encryption, Computer security, computer.software_genre, Multiple encryption, Probabilistic encryption, Ciphertext, Link encryption, Attribute-based encryption, On-the-fly encryption, business, computer

Abstract

Public key timed-release searchable encryption (PKTRSE) can be used to solve the time-dependent cipher text retrieval problem. In one to one PKTRSE, the sender transmits the encrypted message to the server and wants it to be searched and decrypted by the unique appointed receiver after the release time. When such PKTRSE is applied to encrypt a message for multiple recipients with the same release time, its cipher text size depends on the user scale. To achieve PKTRSE with constant costs from the encryptor's and decryptor's point of view, by borrowing the technique of identity-based broad-cast encryption, we propose a cryptosystem of one to many PKTRSE which we call multi-user PKTRSE (MUPKTRSE). In our MUPKTRSE model, the sender transmits an encrypted message so that only the intended authorized user group member can search the target cipher text containing specified keywords before a pre-set release time, but each authorized receiver cannot decrypt it until the release time in the future. In this paper, we begin by explaining what is MUPKTRSE and introducing the application scenario of MUPKTRSE. Then, we formalize the notion of MUPKTRSE and its security game model. Finally, we give a concrete scheme which is secure under the q-DBDHI assumption without random oracles.

Published

2013

31. Format Compliant Degradation for PNG Image

Author

Chunfu Jia, Xiaochun Cheng, Zheli Liu, and Jun Yang

Subjects

Scheme (programming language), Security analysis, Theoretical computer science, Computer science, business.industry, Portable Network Graphics, computer.file_format, Encryption, computer.software_genre, Format-preserving encryption, ComputingMethodologies_DOCUMENTANDTEXTPROCESSING, Noise (video), On-the-fly encryption, business, computer, Computer hardware, Degradation (telecommunications), computer.programming_language

Abstract

This paper proposes format compliant degradation method for Portable Network Graphics (PNG). For PNG degradation, improved prefix method and noise generation method are developed. Security analysis showed proposed scheme is secure, and experiments results showed expected functionality and efficiency.

Published

2013

32. Multi-user Searchable Encryption with Coarser-Grained Access Control in Hybrid Cloud

Author

Chunfu Jia, Ke Yuan, Xiaochun Cheng, Zhi Wang, and Zheli Liu

Subjects

business.industry, Computer science, Client-side encryption, computer.software_genre, Encryption, Computer security, Multiple encryption, Probabilistic encryption, 40-bit encryption, Attribute-based encryption, On-the-fly encryption, business, computer, Broadcast encryption

Abstract

In consideration of feasibility, searchable encryption schemes in multi-user setting have to handle the problem of dynamical user injection and revocation, especially to make sure that user revocation will not cause security issues, such as secret key leakage. Recently, fine-grained access control using trusted third party is proposed to resolve this issue, however, it increases the management complexity for maintaining massive authentication information of users. In this paper, we for the first time present new concept of coarse-grained access control and use it to construct a multi-user searchable encryption model in hybrid cloud. In our construction, two typical schemes are used, one is broadcast encryption (BE) scheme to simplify access control, and the other is single-user searchable encryption scheme, which can support two-phase operation and be secure when untrusted server colludes with the adversary. Furthermore, we implement such a practical scheme using an improved searchable symmetric encryption scheme, and security analysis shows that our scheme is secure.

Published

2013

33. Fine-Grained Access Control System Based on Outsourced Attribute-Based Encryption

Author

Jianfeng Ma, Wenjing Lou, Xiaofeng Chen, Jingwei Li, Jin Li, and Chunfu Jia

Subjects

Cryptographic primitive, business.industry, Computer science, Data security, Access control, Cloud computing, Computer security, computer.software_genre, Encryption, Overhead (computing), Attribute-based encryption, business, Mobile device, computer

Abstract

As cloud computing becomes prevalent, more and more sensitive data is being centralized into the cloud for sharing, which brings forth new challenges for outsourced data security and privacy. Attribute-based encryption (ABE) is a promising cryptographic primitive, which has been widely applied to design fine-grained access control system recently. However, ABE is being criticized for its high scheme overhead as the computational cost grows with the complexity of the access formula. This disadvantage becomes more serious for mobile devices because they have constrained computing resources.

Published

2013

34. Secure Storage and Fuzzy Query over Encrypted Databases

Author

Haoyu Ma, Jingwei Li, Jin Li, Chunfu Jia, Zheli Liu, and Ke Yuan

Subjects

Database, Relation (database), business.industry, Computer science, View, InformationSystems_DATABASEMANAGEMENT, Homomorphic encryption, Cloud computing, computer.software_genre, Data structure, Encryption, Fuzzy logic, Outsourcing, business, computer

Abstract

Outsourcing database has attracted much attention recently due to the emergence of Cloud Computing. However, there are still two problems to solve, 1) how to encipher and protect the sensitive information before outsourcing while keeping the database structure, and 2) how to enable better utilization of the database like fuzzy queries over the encrypted information. In this paper we propose a new solution based on format-preserving encryption, which protects the privacy of the sensitive data and keeps the data structure as well in the encrypted database. We also show how to perform fuzzy queries over such enciphered data. Specially, our scheme supports fuzzy queries by simply exploiting the internal storing and query mechanism of the databases, thus the influence on both the inner relation of databases and the construction of applications are minimized. Evaluation indicates that our scheme is able to efficiently perform fuzzy query on encrypted database.

Published

2013

35. A Novel Framework for Outsourcing and Sharing Searchable Encrypted Data on Hybrid Cloud

Author

Chunfu Jia, Jingwei Li, Zheli Liu, and Jin Li

Subjects

business.industry, Computer science, Client-side encryption, Cryptography, Access control, Cloud computing, Encryption, Computer security, computer.software_genre, Public-key cryptography, Server, Key (cryptography), business, computer

Abstract

With the rapid growth of data, it is desirable to outsource data on remote storage server. The emergency of cloud computing makes the dream true and more and more sensitive data are being centralized into cloud for sharing. Since the public cloud server cannot be fully trusted in protecting them, encryption is a promising way to keep confidentiality but leads to high communication and computation overhead for some useful data operations. Searchable encryption initiated by Song et al. provides an efficient solution to support for keyword-based search directly on encrypted data. Nevertheless, existing work depends on key sharing among authorized users, which inevitably causes the risks of key exposure and abuse. In this paper, the keyword search over encrypted data with differential privileges is addressed. We provide a novel framework for secure outsourcing and sharing of encrypted data on hybrid cloud. The framework is full-featured: i) it enables authorized users to perform keyword-based search directly on encrypted data without sharing the same private key, ii) it provides two-layered access control to achieve fine-grained sharing of encrypted data. The security analysis shows that the proposed generic construction satisfies the requirements of message privacy and keyword privacy.

Published

2012

36. Format-Preserving Encryption for Character Data

Author

Jingwei Li, Chunfu Jia, Min Li, and Zheli Liu

Subjects

Theoretical computer science, Computer Networks and Communications, business.industry, Computer science, Encryption, Multiple encryption, Filesystem-level encryption, Probabilistic encryption, 56-bit encryption, 40-bit encryption, Link encryption, Attribute-based encryption, business, Computer Science::Cryptography and Security

Abstract

This paper presents FPE (Formatpreserving Encryption) for character data in both fixed-width and variable-width encoding. Previous researches only studied FPE for fixed-width character data. In this paper, FPE for character data is categorized into NPE (Number-preserving Encryption) and LPE (Length-preserving Encryption). The schemes related to NPE and LPE are proposed to encrypt fixed-width and variable-width character data, respectively. Furthermore, the paper provides a general solution for both data types. The security and efficiency of these schemes are analyzed and verified.

Published

2012

37. Outsourcing Encryption of Attribute-Based Encryption with MapReduce

Author

Chunfu Jia, Jingwei Li, Jin Li, and Xiaofeng Chen

Subjects

business.industry, Computer science, Distributed computing, Client-side encryption, computer.software_genre, Encryption, Multiple encryption, Filesystem-level encryption, Probabilistic encryption, 40-bit encryption, Attribute-based encryption, On-the-fly encryption, business, computer, Computer network

Abstract

Attribute-based encryption (ABE) is a promising cryptographic tool for fine-grained access control. However, the computational cost in encryption commonly grows with the complexity of access policy in existing ABE schemes, which becomes a bottleneck limiting its application. In this paper, we formulize the novel paradigm of outsourcing encryption of ABE to cloud service provider to relieve local computation burden. We propose an optimized construction with MapReduce cloud which is secure under the assumption that the master node as well as at least one of the slave nodes is honest. After outsourcing, the computational cost at user side during encryption is reduced to approximate four exponentiations, which is constant. Another advantage of the proposed construction is that the user is able to delegate encryption for any policy.

Published

2012

38. A New Integer FPE Scheme Based on Feistel Network

Author

Zongqing Dong, Xiaoying You, Zheli Liu, Jingwei Li, and Chunfu Jia

Subjects

Differential cryptanalysis, Theoretical computer science, Symmetric-key algorithm, business.industry, Format-preserving encryption, Ciphertext, Plaintext, business, Encryption, Algorithm, Integer (computer science), Mathematics, Block cipher

Abstract

Format-preserving encryption implies a block cipher which encrypts a plaintext of some specified format into a ciphertext of identical format. In the paper, we make an overview of various types of Feistel networks used in FPE schemes and show that all Feistel networks divide the input into two sub-blocks. Then we present an integer FPE scheme based on type-2 Feistel network which divides the input into k sub-blocks (here k=4) to provide better diffusion and be better immunity to differential cryptanalysis.

Published

2012

39. Efficient Keyword Search over Encrypted Data with Fine-Grained Access Control in Hybrid Cloud

Author

Jin Li, Chunfu Jia, Xiaofeng Chen, Jingwei Li, and Zheli Liu

Subjects

Scheme (programming language), Database, business.industry, Computer science, Interface (Java), Access control, Cloud computing, computer.software_genre, Encryption, Outsourcing, Information sensitivity, Overhead (computing), business, computer, Computer network, computer.programming_language

Abstract

As cloud computing becomes prevalent, more and more sensitive information is being centralized into the cloud, which raises a new challenge on how to efficiently share the outsourced data in a fine-grained manner. Although searchable encryption allows for privacy-preserving keyword search over encrypted data in public cloud, it could not work effectively for supporting fine-grained access control over encrypted data simultaneously. In this paper, we consider to tackle the challenge above under a hybrid architecture in which a private cloud is introduced as an access interface between users and public cloud. We firstly propose a basic scheme allowing both exact keyword search and fine-grained access control over encrypted data. Furthermore, an advanced scheme supporting fuzzy keyword search is presented. In both schemes, overhead computation is securely outsourced to private cloud but only left behind the file encryption and decryption at user side. Finally, we demonstrate approaches to realize outsourcing cryptographic access control mechanism and further relieve the computational cost at user side.

Published

2012

40. Format-preserving encryption for DateTime

Author

Xiaochun Cheng, Chunfu Jia, Zheli Liu, and Jingwei Li

Subjects

Offset (computer science), Theoretical computer science, business.industry, Format-preserving encryption, Algorithm design, Cryptography, Alphabet, business, Encryption, Mathematics, Block cipher

Abstract

In many applications, such as encryption of DateTime field in database, it is desirable to encrypt items from an arbitrarily sized set with the specified format described as “YYYY-MM-DD HH:MM:SS” onto that same set. Unfortunately, conventional block ciphers such as DES, 3DES or AES are unsuitable for this purpose. The solution to it belongs to the format-preserving encryption (FPE) category. In the paper, we present an FPE scheme for DateTime based on “rank-then-cipher” mode, and then analyze its security and efficiency. We further propose a new more efficient approach named “reference-based offset encryption” to resolve the FPE problem on DateTime domain, which can be applied in message space comprised of fixed-length strings taken over some alphabet as well.

Published

2010