Showing papers by "Qin Liu published in 2016"

Hierarchical Multi-Authority and Attribute-Based Encryption Friend Discovery Scheme in Mobile Social Networks

Abstract: In mobile social networks, to guarantee the security and privacy in the friend discovery process, we propose a hierarchical multi-authority and attribute-based encryption (ABE) friend discovery scheme based on ciphertext-policy (CP)-ABE. It employs character attribute subsets to achieve flexible fine-grained access control, which solves the problem of single-point failure and performance bottleneck. Performance analysis demonstrates the superiority of our scheme in terms of system initialization time and key generation time.

A Novel Verifiable and Dynamic Fuzzy Keyword Search Scheme over Encrypted Data in Cloud Computing

Abstract: In recent years, cloud computing becomes more and more popular. Users outsource large amount of encrypted documents to the cloud in order to avoid information leakage. Searchable encryption technique is a desirable service to enable users search on encrypted data. In most existing searchable encryption schemes, they only provide exact keyword search. Fuzzy keyword search improves the system usability because it allows users to make spelling errors or format inconsistencies. Besides, verifiable encryption schemes usually consider a semitrusted server and verify the authenticity of the search results. However, the server may be malicious, which may modify/delete some encrypted files or forge erroneous results in order to save its storage space or computation ability. In this paper, we investigate the searchable encryption problem in the presence of a malicious server, the verifiable searchability is needed to provide users the ability to detect the potential misbehavior. We propose a verifiable and dynamic fuzzy keyword search (VDFS) scheme to offer secure fuzzy keyword search, update the outsourced document collection and verify the authenticity of the search result. Our scheme is proved universally composable (UC) security by rigorous security analysis.

Enhancing Location Privacy through User-Defined Grid in Location-Based Services

Abstract: With the increasing popularity of location-based services (LBSs), the concerns for location privacy have also been growing. To address this issue, existing solutions generally introduce a fully-trusted third party between the users and the location service provider (LSP). However, the fully-trusted third party offers limited privacy guarantees and incurs high communication overhead. Once the fully-trusted third party is compromised, it may put the user information in jeopardy. In this paper, we propose an enhanced location privacy-preserving scheme through the user-defined grid in LBSs. Our scheme adopts Order-Preserving Symmetric Encryption (OPSE) and K-anonymity technology, and combines with the user-defined grid to improve the user's location privacy. The anonymizer does not have any knowledge about a user's real location, and it can only implement simple comparison and matching operations. The security analysis proves that our proposal can protect user's location privacy effectively.

A secure hierarchical deduplication system in cloud storage

Abstract: Data deduplication is commonly adopted in cloud storage services to improve storage utilization and reduce transmission bandwidth. It, however, conflicts with the requirement for data confidentiality offered by data encryption. Hierarchical authorized deduplication alleviates the tension between data deduplication and confidentiality and allows a cloud user to perform privilege-based duplicate checks before uploading the data. Existing hierarchical authorized deduplication systems permit the cloud server to profile cloud users according to their privileges. In this paper, we propose a secure hierarchical deduplication system to support privilege-based duplicate checks and also prevent privilege-based user profiling by the cloud server. Our system also supports dynamic privilege changes. Detailed theoretical analysis and experimental studies confirm the security and high efficiency of our system.

A Privacy-Preserving Hybrid Cooperative Searching Scheme over Outsourced Cloud Data

Abstract: With the progress of science and technology, cloud computing has attracted more and more attention. Individuals or companies use cloud computing to save money. The privacy problem has always been a stumbling block for the further development of cloud computing. A key problem is how to provide an efficient cloud service in a privacy-preserving way while preserving good user experience. In order to solve these problems, scientists have proposed several solutions. However these techniques either generate huge computation costs and bandwidth, or reduce the user experience. In this paper, we propose a Privacy-Preserving Hybrid Cooperative Searching (HCPS) scheme. Our scheme allows multiple users to combine their queries in order to reduce the query cost and at the same time to protect their privacy and have a good user experience.

A Caching-Based Privacy-Preserving Scheme for Continuous Location-Based Services

Abstract: With the rapid pervasion of location-based services (LBSs), location privacy protection has become a critical issue. In most previous solutions, the users get the query result data from the LBS server and discard it immediately. However, the data can be cached and reused to answer future queries. In this paper, we propose a caching-based solution to protect location privacy in continuous LBSs. Our scheme adopts a two-level caching mechanism to cache the users’ result data at both the client and the anonymizer sides. Therefore, the continuous query user can directly obtain the query result data from the cache, which can reduce the interaction between the user and the LBS server to reduce the risk of user’s information being exposed to the LBS server. At the same time, we propose the cloaking region mechanism based on the move direction of the user to improve the cache hit ratio. Security analysis shows that our proposal can effectively protect the user’s location privacy.

Dynamic Verifiable Search Over Encrypted Data in Untrusted Clouds

Abstract: The scalable and elastic storage capabilities of cloud computing motivate enterprises and individuals to outsource their data and query services to cloud platforms. Since the cloud service provider (CSP) is outside the trusted domain of cloud users, existing research suggests encrypting data before outsourcing and employing searchable symmetric encryption (SSE) to facilitate keyword-based search on the ciphertexts. To make SSE be more applicable in cloud computing, Kurosawa et al. proposed a dynamic verifiable SSE (DVSSE) scheme, which employed inverted indexes and the RSA accumulator to enable the user to search and update files in a verifiable way. However, their scheme works only under the assumption of an honest but curious CSP. In this paper, we propose a secure DVSSE scheme, \(\hbox {DVSSE}_{S}\), for the untrusted cloud environments. Specifically, \(\hbox {DVSSE}_{S}\) is constructed in two different ways. The basic \(\hbox {DVSSE}_{S}\), called \(\hbox {DVSSE}_{S}\)-1, is constructed based on the Merkle hash tree (MHT) and BLS signatures, which can be easily extended from DVSSE. Since \(\hbox {DVSSE}_{S}\)-1 incurs a heavy cost during the update phase, the advanced \(\hbox {DVSSE}_{S}\), called \(\hbox {DVSSE}_{S}\)-2, utilizes random permutations to improve the performance. Extensive experiments on real data set demonstrate the efficiency and effectiveness of our proposed scheme.

Privacy Preserving Scheme for Location and Content Protection in Location-Based Services

Abstract: Location-Based Services (LBSs) have been facilitating and enriching people’s daily lives. While users enjoy plenty of conveniences, privacy disclosure in terms of both location information and query contents is common. Most of the existing solutions mainly focus on location privacy and adopt K-anonymity principle to preserve user’s privacy. However, these methods are vulnerable to protect user’s query content. In this paper, we propose a Privacy Preserving and Content Protection (PPCP) scheme for LBSs users. Unlike most of researches requiring a trusted third party (TTP), our scheme is based on a semi-trusted middle entity, which is unaware of both the exact location information about issuer and query content in the user’s requirement. We utilize space filling curve to transform user location and protect user query content based on encryption technology, so that the proposed scheme can provide enhanced location privacy and query privacy protection in both snapshot and continuous LBSs.

File Dynamic Integrity in a Multi-user Environment

Abstract: In a Dynamic Verifiable Searchable Symmetric Encryption (DVSSE) scheme, a client Alice can perform keyword-based searches on ciphertexts, and update (modify, delete and add) documents in a verifiable way. However, the DVSSE scheme is not suitable for the multi-user environment, where Alice may authorize many users to update documents. The reason is that it is hard to achieve traceability based on the symmetric key. Furthermore, the DVSSE scheme cannot distinguish incomplete search results from incomplete document set. In this paper, we propose a Multi-user Dynamic Verifiable Searchable Encryption (MDVSE) scheme, which utilizes the Proxy Re-Encryption with keyword Search (PRES) to achieve multi-user envrionment, and applies the Merkle Hash Tree (MHT) to achieve integrity verification on both search results and document set. We analyze and conduct experiments to verify its feasibility.

Community-Based Adaptive Buffer Management Strategy in Opportunistic Network

Abstract: Networks composed of devices, which having short-range wireless communications capabilities and carried by people, is a major application scenarios in opportunistic network, whose nodes movement has the characteristics of community. In this paper, we combine nodes meeting frequency with nodes separation duration time to assign nodes to communities, and present a community-based self-adaptive buffer management strategy in opportunistic network. The strategy makes decisions of buffered messages discarding and message transmission scheduling based on nodes’ community attribute. At the same time, it generates message feedback adaptively according to the message delivery status, to remove unnecessary redundancy copies of messages in nodes buffer timely, then to reduce buffer overflow and avoid many unnecessary messages transmission. Simulation results show that the strategy can effectively improve the message delivery ratio and has significant lower network overhead.