scholarly journals Multiuser Searchable Encryption with Token Freshness Verification

2017 ◽  
Vol 2017 ◽  
pp. 1-16 ◽  
Author(s):  
Dhruti Sharma ◽  
Devesh C. Jinwala
Keyword(s):  
Empirical Analysis ◽  
Security Analysis ◽  
Searchable Encryption ◽  
Functional Encryption ◽  
Search Query ◽  
Search Activity ◽  
Replay Attack ◽  
Encrypted Data ◽  
Practical Applications

A Multiuser Searchable Encryption (MUSE) can be defined with the notion of Functional Encryption (FE) where a user constructs a search token from a search key issued by an Enterprise Trusted Authority (ETA). In such scheme, a user possessing search key constructs search token at any time and consequently requests the server to search over encrypted data. Thus, an FE based MUSE scheme is not suitable for the applications where a log of search activities is maintained at the enterprise site to identify dishonest search query from any user. In addition, none of the existing searchable schemes provides security against token replay attack to avoid reuse of the same token. In this paper, therefore we propose an FE based scheme, Multiuser Searchable Encryption with Token Freshness Verification (MUSE-TFV). In MUSE-TFV, a user prepares one-time usable search token in cooperation with ETA and thus every search activity is logged at the enterprise site. Additionally, by verifying the freshness of a token, the server prevents reuse of the token. With formal security analysis, we prove the security of MUSE-TFV against chosen keyword attack and token replay attack. With theoretical and empirical analysis, we justify the effectiveness of MUSE-TFV in practical applications.

Aggregate Searchable Encryption With Result Privacy

2020 ◽  
Vol 14 (2) ◽  
pp. 62-82
Author(s):  
Dhruti P. Sharma ◽  
Devesh C. Jinwala
Keyword(s):  
Count Data ◽  
Data Extraction ◽  
Searchable Encryption ◽  
Primary Concern ◽  
Conjunctive Query ◽  
Search Query ◽  
Encrypted Data ◽  
Storage Server ◽  
Partial Data ◽  
Aggregate Query

With searchable encryption (SE), the user is allowed to extract partial data from stored ciphertexts from the storage server, based on a chosen query of keywords. A majority of the existing SE schemes support SQL search query, i.e. 'Select * where (list of keywords).' However, applications for encrypted data analysis often need to count data matched with a query, instead of data extraction. For such applications, the execution of SQL aggregate query, i.e. 'Count * where (list of keywords)' at server is essential. Additionally, in case of semi-honest server, privacy of aggregate result is of primary concern. In this article, the authors propose an aggregate searchable encryption with result privacy (ASE-RP) that includes ASearch() algorithm. The proposed ASearch() performs aggregate operation (i.e. Count *) on the implicitly searched ciphertexts (for the conjunctive query) and outputs an encrypted result. The server, due to encrypted form of aggregate result, would not be able to get actual count unless having a decryption key and hence ASearch() offers result privacy.

OSM-DSSE: A Searchable Encryption Scheme with Hidden Search Patterns and Access Patterns

2021 ◽  
Author(s):  
Hong Liu ◽  
Xueqin Li ◽  
Erchuan Guo ◽  
Yunpeng Xiao ◽  
Tun Li
Keyword(s):  
Incidence Matrix ◽  
Differential Privacy ◽  
Security Analysis ◽  
Searchable Encryption ◽  
Search Pattern ◽  
Communication Overhead ◽  
Encrypted Data ◽  
Searchable Symmetric Encryption ◽  
Search Patterns ◽  
Access Patterns

Abstract Dynamic searchable encryption methods allow a client to perform searches and updates over encrypted data stored in the cloud. However, existing researches show that the general dynamic searchable symmetric encryption (DSSE) scheme is vulnerable to statistical attacks due to the leakage of search patterns and access patterns, which is detrimental to protecting the users’ privacy. Although the traditional Oblivious Random Access Machine (ORAM) can hide the access pattern, it also incurs significant communication overhead and cannot hide the search pattern. These limitations make it difficult to deploy the ORAM method in real cloud environments. To overcome this limitation, a DSSE scheme called obliviously shuffled incidence matrix DSSE (OSM-DSSE) is proposed in this paper to access the encrypted data obliviously. The OSM-DSSE scheme realizes efficient search and update operations based on an incidence matrix. In particular, a shuffling algorithm using Paillier encryption is combined with 1-out-of-n obliviously transfer (OT) protocol and local differential privacy to obfuscate the search targets. Besides, a formalized security analysis and performance analysis on the proposed scheme is provided, which indicates that the OSM-DSSE scheme achieves high security, efficient searches, and low storage overhead. Also, this scheme not only completely hides the search and access patterns but also provides adaptive security against malicious attacks by adversaries. Furthermore, experimental results show that the OSM-DSSE scheme obtains 3-4x better execution efficiency than the state-of-art solutions.

Security Analysis of Wireless Authentication Protocols

2019 ◽  
Vol 9 (2) ◽  
pp. 247-252 ◽  
Author(s):  
Ashish Joshi ◽  
Amar Kumar Mohapatra
Keyword(s):  
Execution Time ◽  
Communication Systems ◽  
Security Analysis ◽  
Cryptographic Protocols ◽  
Command Line ◽  
Time Analysis ◽  
Authentication Protocols ◽  
Replay Attack ◽  
Peer Communication ◽  
Digital Communication Systems

Background & Objective: Cryptographic protocols had been evident method for ensuring con dentiality, Integrity and authentication in various digital communication systems. However the validation and analysis of such cryptographic protocols was limited to usage of formal mathematical models until few years back. Methods: In this paper, various popular cryptographic protocols have been studied. Some of these protocols (PAP, CHAP, and EAP) achieve security goals in peer to peer communication while others (RADIUS, DIAMETER and Kerberos) can work in multiparty environment. These protocols were validated and analysed over two popular security validation and analysis tools AVISPA and Scyther. The protocols were written according to their documentation using the HLPSL and SPDL for analysis over AVISPA and Scyther respectively. The results of these tools were analysed to nd the possible attack an each protocol. Afterwards The execution time analysis of the protocols were done by repeating the experiment for multiple iterations over the command line versions of these tools.As the literature review suggested, this research also validates that using password based protocols (PAP) is faster in terms of execution time as compared to other methods, Usage of nonces tackles the replay attack and DIAMETER is secure than RADIUS. Results and Conclusion: The results also showed us that DIAMETER is faster than RADIUS. Though Kerberos protocol was found to safe, the results tell us that it is compromisable under particular circumstances.

scholarly journals What If Keys Are Leaked? towards Practical and Secure Re-Encryption in Deduplication-Based Cloud Storage

Information ◽  
2021 ◽  
Vol 12 (4) ◽  
pp. 142
Author(s):  
Weijing You ◽  
Lei Lei ◽  
Bo Chen ◽  
Limin Liu
Keyword(s):  
Experimental Evaluation ◽  
Cloud Storage ◽  
Security Analysis ◽  
Encrypted Data ◽  
Cloud Data ◽  
Storage Cost ◽  
Outsourced Data ◽  
Proof Of Ownership ◽  
Client Side ◽  
Over Time

By only storing a unique copy of duplicate data possessed by different data owners, deduplication can significantly reduce storage cost, and hence is used broadly in public clouds. When combining with confidentiality, deduplication will become problematic as encryption performed by different data owners may differentiate identical data which may then become not deduplicable. The Message-Locked Encryption (MLE) is thus utilized to derive the same encryption key for the identical data, by which the encrypted data are still deduplicable after being encrypted by different data owners. As keys may be leaked over time, re-encrypting outsourced data is of paramount importance to ensure continuous confidentiality, which, however, has not been well addressed in the literature. In this paper, we design SEDER, a SEcure client-side Deduplication system enabling Efficient Re-encryption for cloud storage by (1) leveraging all-or-nothing transform (AONT), (2) designing a new delegated re-encryption (DRE), and (3) proposing a new proof of ownership scheme for encrypted cloud data (PoWC). Security analysis and experimental evaluation validate security and efficiency of SEDER, respectively.

scholarly journals Privacy-Preserving Sorting Algorithms Based on Logistic Map for Clouds

2018 ◽  
Vol 2018 ◽  
pp. 1-10
Author(s):  
Hua Dai ◽  
Hui Ren ◽  
Zhiye Chen ◽  
Geng Yang ◽  
Xun Yi
Keyword(s):  
Data Privacy ◽  
Logistic Map ◽  
Security Analysis ◽  
Privacy Preserving ◽  
Service Recommendation ◽  
Sensitive Data ◽  
Encrypted Data ◽  
Sorting Algorithms ◽  
Common Operation ◽  
Cloud Servers

Outsourcing data in clouds is adopted by more and more companies and individuals due to the profits from data sharing and parallel, elastic, and on-demand computing. However, it forces data owners to lose control of their own data, which causes privacy-preserving problems on sensitive data. Sorting is a common operation in many areas, such as machine learning, service recommendation, and data query. It is a challenge to implement privacy-preserving sorting over encrypted data without leaking privacy of sensitive data. In this paper, we propose privacy-preserving sorting algorithms which are on the basis of the logistic map. Secure comparable codes are constructed by logistic map functions, which can be utilized to compare the corresponding encrypted data items even without knowing their plaintext values. Data owners firstly encrypt their data and generate the corresponding comparable codes and then outsource them to clouds. Cloud servers are capable of sorting the outsourced encrypted data in accordance with their corresponding comparable codes by the proposed privacy-preserving sorting algorithms. Security analysis and experimental results show that the proposed algorithms can protect data privacy, while providing efficient sorting on encrypted data.

scholarly journals A Secure Ciphertext Retrieval Scheme against Insider KGAs for Mobile Devices in Cloud Storage

2018 ◽  
Vol 2018 ◽  
pp. 1-7 ◽  
Author(s):  
Run Xie ◽  
Chanlian He ◽  
Dongqing Xie ◽  
Chongzhi Gao ◽  
Xiaojun Zhang
Keyword(s):  
Cloud Computing ◽  
Mobile Devices ◽  
Data Privacy ◽  
Security Analysis ◽  
Data Retrieval ◽  
Sensitive Data ◽  
Encrypted Data ◽  
Security Issues ◽  
Efficiency Comparison ◽  
Cloud Servers

With the advent of cloud computing, data privacy has become one of critical security issues and attracted much attention as more and more mobile devices are relying on the services in cloud. To protect data privacy, users usually encrypt their sensitive data before uploading to cloud servers, which renders the data utilization to be difficult. The ciphertext retrieval is able to realize utilization over encrypted data and searchable public key encryption is an effective way in the construction of encrypted data retrieval. However, the previous related works have not paid much attention to the design of ciphertext retrieval schemes that are secure against inside keyword-guessing attacks (KGAs). In this paper, we first construct a new architecture to resist inside KGAs. Moreover we present an efficient ciphertext retrieval instance with a designated tester (dCRKS) based on the architecture. This instance is secure under the inside KGAs. Finally, security analysis and efficiency comparison show that the proposal is effective for the retrieval of encrypted data in cloud computing.

scholarly journals Balancing Access Control and Privacy for Data Deduplication via Functional Encryption

2020 ◽  
Vol 2020 ◽  
pp. 1-11
Author(s):  
Bo Mi ◽  
Ping Long ◽  
Yang Liu ◽  
Fengtian Kuang
Keyword(s):  
Access Control ◽  
Security Analysis ◽  
Functional Encryption ◽  
Data Deduplication ◽  
Paper Briefly ◽  
Storage Security ◽  
Redundancy Removal ◽  
Proof Of Ownership ◽  
Learning With Errors ◽  
And Storage

Data deduplication serves as an effective way to optimize the storage occupation and the bandwidth consumption over clouds. As for the security of deduplication mechanism, users’ privacy and accessibility are of utmost concern since data are outsourced. However, the functionality of redundancy removal and the indistinguishability of deduplication labels are naturally incompatible, which bring about a lot of threats on data security. Besides, the access control of sharing copies may lead to infringement on users’ attributes and cumbersome query overheads. To balance the usability with the confidentiality of deduplication labels and securely realize an elaborate access structure, a novel data deduplication scheme is proposed in this paper. Briefly speaking, we drew support from learning with errors (LWE) to make sure that the deduplication labels are only differentiable during the duplication check process. Instead of authority matching, the proof of ownership (PoW) is then implemented under the paradigm of inner production. Since the deduplication label is light-weighted and the inner production is easy to carry out, our scheme is more efficient in terms of computation and storage. Security analysis also indicated that the deduplication labels are distinguishable only for duplication check, and the probability of falsifying a valid ownership is negligible.

scholarly journals R-OO-KASE: Revocable Online/Offline Key Aggregate Searchable Encryption

2020 ◽  
Vol 5 (4) ◽  
pp. 391-418
Author(s):  
Mukti Padhya ◽  
Devesh C. Jinwala
Keyword(s):  
Radio Frequency Identification ◽  
Keyword Search ◽  
Electrical Power ◽  
Computational Cost ◽  
Security Analysis ◽  
Searchable Encryption ◽  
Resource Constrained ◽  
Encryption Decryption ◽  
Resource Constrained Devices ◽  
Constrained Devices

Abstract The existing Key Aggregate Searchable Encryption (KASE) schemes allow searches on the encrypted dataset using a single query trapdoor, with a feature to delegate the search rights of multiple files using a constant size key. However, the operations required to generate the ciphertext and decrypt it in these schemes incur higher computational costs, due to the computationally expensive pairing operations in encryption/decryption. This makes the use of such schemes in resource-constrained devices, such as Radio Frequency Identification Devices, Wireless Sensor Network nodes, Internet of Things nodes, infeasible. Motivated with the goal to reduce the computational cost, in this paper, we propose a Revocable Online/Offline KASE (R-OO-KASE) scheme, based on the idea of splitting the encryption/decryption operations into two distinct phases: online and offline. The offline phase computes the majority of costly operations when the device is on an electrical power source. The online phase generates final output with the minimal computational cost when the message (or ciphertext) and keywords become known. In addition, the proposed scheme R-OO-KASE also offers multi-keyword search capability and allows the data owners to revoke the delegated rights at any point in time, the two features are not supported in the existing schemes. The security analysis and empirical evaluations show that the proposed scheme is efficient to use in resource-constrained devices and provably secure as compared to the existing KASE schemes.

Sign in / Sign up

Export Citation Format

Share Document