An efficient public-key searchable encryption scheme secure against inside keyword guessing attacks
TL;DR: Wang et al. as discussed by the authors proposed the notion of Authenticated Encryption with Keyword Search (PAEKS), in which the data sender not only encrypts a keyword, but also authenticates it, so that a verifier would be convinced that the encrypted keyword can only be generated by the sender.
About: This article is published in Information Sciences.The article was published on 2017-09-01. It has received 190 citations till now. The article focuses on the topics: Encryption & Authenticated encryption.
Citations
More filters
TL;DR: A certificateless public key authenticated encryption with keyword search scheme is proposed, which is provably secure against inside keyword guessing attack (IKGA) and demonstrates that it is more secure and effective compared with other certificatelesspublic key encryption with keywords search schemes.
Abstract: Industrial Internet of Things (IIoT) integrates various types of intelligent terminals, mobile devices, and communication technologies to enable the upgrade of traditional industries to intelligent industries. IIoT relies on the powerful data processing capabilities of cloud computing to reduce the cost of various on-demand services as per the requirements of users. However, the privacy and confidentiality of the outsourced data should be protected in this environment because the data are typically “handled” by a third-party service provider. An encryption technique can guarantee the confidentiality of the data but it limits data retrieval due to its innate “all-or-nothing” decryption feature. To apply encryption to privacy-preserving data retrieval, many public key encryption techniques with keyword search systems have been proposed in the literature. However, most of the existing schemes are vulnerable to inside keyword guessing attack (IKGA), which is caused by a small keyword space. To address this problem, we propose a certificateless public key authenticated encryption with keyword search scheme, which is provably secure against IKGA. A performance analysis of the proposed scheme demonstrates that it is more secure and effective compared with other certificateless public key encryption with keyword search schemes.
153 citations
TL;DR: This work introduces some privacy security risks of cloud computing and proposes a comprehensive privacy security protection framework, and shows and discusses the research progress of several technologies, such as access control; ciphertext policy attribute-based encryption (CP-ABE); key policy attributes based encryption (KP-ABe); and multi-tenant, trust, and a combination of multiple technologies.
109 citations
TL;DR: A Lightweight Sharable and Traceable (LiST) secure mobile health system in which patient data are encrypted end-to-end from a patient's mobile device to data users and it is proved that it is secure without random oracle.
Abstract: Mobile health (mHealth) has emerged as a new patient centric model which allows real-time collection of patient data via wearable sensors, aggregation and encryption of these data at mobile devices, and then uploading the encrypted data to the cloud for storage and access by healthcare staff and researchers. However, efficient and scalable sharing of encrypted data has been a very challenging problem. In this paper, we propose a Lightweight Sharable and Traceable (LiST) secure mobile health system in which patient data are encrypted end-to-end from a patient's mobile device to data users. LiST enables efficient keyword search and fine-grained access control of encrypted data, supports tracing of traitors who sell their search and access privileges for monetary gain, and allows on-demand user revocation. LiST is lightweight in the sense that it offloads most of the heavy cryptographic computations to the cloud while only lightweight operations are performed at the end user devices. We formally define the security of LiST and prove that it is secure without random oracle. We also conduct extensive experiments to access the system's performance.
85 citations
TL;DR: This work introduces the notion of designated-server identity-based authenticated encryption with keyword search (dIBAEKS), in which the email sender authenticates the message while encrypting so that no adversary including the server can launch offline KGA.
77 citations
TL;DR: This paper proposes a forward secure PEKS scheme (FS-PE KS) based on lattice assumptions for cloud-assisted IIoT, which is post-quantum secure, and defines the first formal security model on forward security of PEKS, and proves the security of FS-PEKS under the model.
Abstract: Cloud-assisted Industrial Internet of Things (IIoT) relies on cloud computing to provide massive data storage services. To ensure the confidentiality, sensitive industrial data need to be encrypted before being outsourced to cloud storage server. Public-key encryption with keyword search (PEKS) enables users to search target encrypted data by keywords. However, most existing PEKS schemes are based on conventional hardness assumptions, which are vulnerable to adversaries equipped with quantum computers in the near future. Moreover, they suffer from key exposure, and thus the security would be broken once the keys are compromised. In this paper, we propose a forward secure PEKS scheme (FS-PEKS) based on lattice assumptions for cloud-assisted IIoT, which is post-quantum secure. We integrate a lattice-based delegation mechanism into FS-PEKS to achieve forward security, such that the security of the system is still guaranteed even the keys are compromised by the adversaries. We define the first formal security model on forward security of PEKS, and prove the security of FS-PEKS under the model. As the keywords of industrial data are with inherently low entropy, we further extend FS-PEKS to resist insider keyword guessing attacks (IKGA). The comprehensive performance evaluation demonstrates that FS-PEKS is practical for cloud-assisted IIoT.
74 citations
References
More filters
19 Aug 2001
TL;DR: This work proposes a fully functional identity-based encryption scheme (IBE) based on the Weil pairing that has chosen ciphertext security in the random oracle model assuming an elliptic curve variant of the computational Diffie-Hellman problem.
Abstract: We propose a fully functional identity-based encryption scheme (IBE). The scheme has chosen ciphertext security in the random oracle model assuming an elliptic curve variant of the computational Diffie-Hellman problem. Our system is based on the Weil pairing. We give precise definitions for secure identity based encryption schemes and give several applications for such systems.
7,083 citations
02 May 2004
TL;DR: This work defines and construct a mechanism that enables Alice to provide a key to the gateway that enables the gateway to test whether the word “urgent” is a keyword in the email without learning anything else about the email.
Abstract: We study the problem of searching on data that is encrypted using a public key system. Consider user Bob who sends email to user Alice encrypted under Alice’s public key. An email gateway wants to test whether the email contains the keyword “urgent” so that it could route the email accordingly. Alice, on the other hand does not wish to give the gateway the ability to decrypt all her messages. We define and construct a mechanism that enables Alice to provide a key to the gateway that enables the gateway to test whether the word “urgent” is a keyword in the email without learning anything else about the email. We refer to this mechanism as Public Key Encryption with keyword Search. As another example, consider a mail server that stores various messages publicly encrypted for Alice by others. Using our mechanism Alice can send the mail server a key that will enable the server to identify all messages containing some specific keyword, but learn nothing else. We define the concept of public key encryption with keyword search and give several constructions.
3,024 citations
15 Aug 2004
TL;DR: In this article, the authors proposed a group signature scheme based on the Strong Diffie-Hellman assumption and a new assumption in bilinear groups called the Decision Linear assumption.
Abstract: We construct a short group signature scheme. Signatures in our scheme are approximately the size of a standard RSA signature with the same security. Security of our group signature is based on the Strong Diffie-Hellman assumption and a new assumption in bilinear groups called the Decision Linear assumption. We prove security of our system, in the random oracle model, using a variant of the security definition for group signatures recently given by Bellare, Micciancio, and Warinschi.
1,956 citations
Journal Article•
TL;DR: In this paper, the authors proposed a group signature scheme based on the Strong Diffie-Hellman assumption and a new assumption in bilinear groups called the Decision Linear assumption.
Abstract: We construct a short group signature scheme. Signatures in our scheme are approximately the size of a standard RSA signature with the same security. Security of our group signature is based on the Strong Diffie-Hellman assumption and a new assumption in bilinear groups called the Decision Linear assumption. We prove security of our system, in the random oracle model, using a variant of the security definition for group signatures recently given by Bellare, Micciancio, and Warinschi.
1,562 citations
17 Aug 1997
TL;DR: Signcryption as discussed by the authors is a new cryptographic primitive which simultaneously fulfills both the functions of digital signature and public key encryption in a logically single step, and with a cost significantly lower than that required by signature-then-encryption.
Abstract: Secure and authenticated message delivery/storage is one of the major aims of computer and communication security research. The current standard method to achieve this aim is “(digital) signature followed by encryption”. In this paper, we address a question on the cost of secure and authenticated message delivery/storage, namely, whether it is possible to transport/store messages of varying length in a secure and authenticated way with an expense less than that required by “signature followed by encryption”. This question seems to have never been addressed in the literature since the invention of public key cryptography. We then present a positive answer to the question. In particular, we discover a new cryptographic primitive termed as “signcryption” which simultaneously fulfills both the functions of digital signature and public key encryption in a logically single step, and with a cost significantly lower than that required by “signature followed by encryption”. For typical security parameters for high level security applications (size of public moduli = 1536 bits), signcryption costs 50% (31%, respectively) less in computation time and 85% (91%, respectively) less in message expansion than does “signature followed by encryption” based on the discrete logarithm problem (factorization problem, respectively).
1,231 citations