Showing papers on "Client-side encryption published in 2017"
TL;DR: A new cryptographic primitive called attribute-based encryption scheme with outsourcing key-issuing and outsourcing decryption, which can implement keyword search function (KSF-OABE) and is proved secure against chosen-plaintext attack (CPA).
Abstract: Cloud computing becomes increasingly popular for data owners to outsource their data to public cloud servers while allowing intended data users to retrieve these data stored in cloud. This kind of computing model brings challenges to the security and privacy of data stored in cloud. Attribute-based encryption (ABE) technology has been used to design fine-grained access control system, which provides one good method to solve the security issues in cloud setting. However, the computation cost and ciphertext size in most ABE schemes grow with the complexity of the access policy. Outsourced ABE (OABE) with fine-grained access control system can largely reduce the computation cost for users who want to access encrypted data stored in cloud by outsourcing the heavy computation to cloud service provider (CSP). However, as the amount of encrypted files stored in cloud is becoming very huge, which will hinder efficient query processing. To deal with above problem, we present a new cryptographic primitive called attribute-based encryption scheme with outsourcing key-issuing and outsourcing decryption, which can implement keyword search function (KSF-OABE). The proposed KSF-OABE scheme is proved secure against chosen-plaintext attack (CPA). CSP performs partial decryption task delegated by data user without knowing anything about the plaintext. Moreover, the CSP can perform encrypted keyword search without knowing anything about the keywords embedded in trapdoor.
246 citations
TL;DR: This article provides a ciphertext-policy attribute based encryption (CP-ABE) scheme with efficient user revocation for cloud storage system that can withstand collusion attack performed by revoked users cooperating with existing users and proves the security of the scheme under the divisible computation Diffie-Hellman assumption.
Abstract: With the development of cloud computing, outsourcing data to cloud server attracts lots of attentions. To guarantee the security and achieve flexibly fine-grained file access control, attribute based encryption (ABE) was proposed and used in cloud storage system. However, user revocation is the primary issue in ABE schemes. In this article, we provide a ciphertext-policy attribute based encryption (CP-ABE) scheme with efficient user revocation for cloud storage system. The issue of user revocation can be solved efficiently by introducing the concept of user group. When any user leaves, the group manager will update users’ private keys except for those who have been revoked. Additionally, CP-ABE scheme has heavy computation cost, as it grows linearly with the complexity for the access structure. To reduce the computation cost, we outsource high computation load to cloud service providers without leaking file content and secret keys. Notably, our scheme can withstand collusion attack performed by revoked users cooperating with existing users. We prove the security of our scheme under the divisible computation Diffie-Hellman assumption. The result of our experiment shows computation cost for local devices is relatively low and can be constant. Our scheme is suitable for resource constrained devices.
242 citations
30 Oct 2017
TL;DR: In this paper, the notion of backward privacy for searchable encryption was introduced and several schemes achieving both forward and backward privacy, with various efficiency trade-offs, were presented, based on constrained pseudo-random functions and puncturable encryption schemes.
Abstract: Using dynamic Searchable Symmetric Encryption, a user with limited storage resources can securely outsource a database to an untrusted server, in such a way that the database can still be searched and updated efficiently. For these schemes, it would be desirable that updates do not reveal any information a priori about the modifications they carry out, and that deleted results remain inaccessible to the server a posteriori. If the first property, called forward privacy, has been the main motivation of recent works, the second one, backward privacy, has been overlooked. In this paper, we study for the first time the notion of backward privacy for searchable encryption. After giving formal definitions for different flavors of backward privacy, we present several schemes achieving both forward and backward privacy, with various efficiency trade-offs. Our constructions crucially rely on primitives such as constrained pseudo-random functions and puncturable encryption schemes. Using these advanced cryptographic primitives allows for a fine-grained control of the power of the adversary, preventing her from evaluating functions on selected inputs, or decrypting specific ciphertexts. In turn, this high degree of control allows our SSE constructions to achieve the stronger forms of privacy outlined above. As an example, we present a framework to construct forward-private schemes from range-constrained pseudo-random functions. Finally, we provide experimental results for implementations of our schemes, and study their practical efficiency.
232 citations
TL;DR: Simulations result shows the algorithm provides substantial security in just five encryption rounds, and the results of code size, memory utilization and encryption/decryption execution cycles are compared with benchmark encryption algo-rithms.
Abstract: The Internet of Things (IoT) being a promising technology of the future is expected to connect billions of devices. The increased number of communication is expected to generate mountains of data and the security of data can be a threat. The devices in the architecture are essentially smaller in size and low powered. Conventional encryption algorithms are generally computationally expensive due to their complexity and requires many rounds to encrypt, essentially wasting the constrained energy of the gadgets. Less complex algorithm, however, may compromise the desired integrity. In this paper we propose a lightweight encryption algorithm named as Secure IoT (SIT). It is a 64-bit block cipher and requires 64-bit key to encrypt the data. The architecture of the algorithm is a mixture of feistel and a uniform substitution-permutation network. Simulations result shows the algorithm provides substantial security in just five encryption rounds. The hardware implementation of the algorithm is done on a low cost 8-bit micro-controller and the results of code size, memory utilization and encryption/decryption execution cycles are compared with benchmark encryption algo-rithms. The MATLAB code for relevant simulations is available online at https://goo.gl/Uw7E0W.
191 citations
TL;DR: The developed encryption algorithm has higher Avalanche Effect and for instance, AES in the proposed system has an Avalanche Effect of %52.50, therefore, such system is able to secure the multimedia big data against real-time attacks.
Abstract: Nowadays, multimedia is considered to be the biggest big data as it dominates the traffic in the Internet and mobile phones. Currently symmetric encryption algorithms are used in IoT but when considering multimedia big data in IoT, symmetric encryption algorithms incur more computational cost. In this paper, we have designed and developed a resource-efficient encryption system for encrypting multimedia big data in IoT. The proposed system takes the advantages of the Feistel Encryption Scheme, an Advanced Encryption Standard (AES), and genetic algorithms. To satisfy high throughput, the GPU has also been used in the proposed system. This system is evaluated on real IoT medical multimedia data to benchmark the encryption algorithms such as MARS, RC6, 3-DES, DES, and Blowfish in terms of computational running time and throughput for both encryption and decryption processes as well as the avalanche effect. The results show that the proposed system has the lowest running time and highest throughput for both encryption and decryption processes and highest avalanche effect with compared to the existing encryption algorithms. To satisfy the security objective, the developed algorithm has better Avalanche Effect with compared to any of the other existing algorithms and hence can be incorporated in the process of encryption/decryption of any plain multimedia big data. Also, it has shown that the classical and modern ciphers have very less Avalanche Effect and hence cannot be used for encryption of confidential multimedia messages or confidential big data. The developed encryption algorithm has higher Avalanche Effect and for instance, AES in the proposed system has an Avalanche Effect of %52.50. Therefore, such system is able to secure the multimedia big data against real-time attacks.
164 citations
06 Feb 2017
TL;DR: This paper introduces homomorphic encryption to the bioinformatics community, and presents an informal “manual” for using the Simple Encrypted Arithmetic Library (SEAL), which has been made publicly available for bioinformatic, genomic, and other research purposes.
Abstract: Biological data science is an emerging field facing multiple challenges for hosting, sharing, computing on, and interacting with large data sets. Privacy regulations and concerns about the risks of leaking sensitive personal health and genomic data add another layer of complexity to the problem. Recent advances in cryptography over the last five years have yielded a tool, homomorphic encryption, which can be used to encrypt data in such a way that storage can be outsourced to an untrusted cloud, and the data can be computed on in a meaningful way in encrypted form, without access to decryption keys. This paper introduces homomorphic encryption to the bioinformatics community, and presents an informal “manual” for using the Simple Encrypted Arithmetic Library (SEAL), which we have made publicly available for bioinformatic, genomic, and other research purposes.
144 citations
30 Oct 2017
TL;DR: In this paper, the first fully secure ciphertext-policy and key-policy ABE schemes are proposed based on a standard assumption on Type-III pairing groups, which do not put any restriction on policy type or attributes.
Abstract: Time and again, attribute-based encryption has been shown to be the natural cryptographic tool for building various types of conditional access systems with far-reaching applications, but the deployment of such systems has been very slow. A central issue is the lack of an encryption scheme that can operate on sensitive data very efficiently and, at the same time, provides features that are important in practice. This paper proposes the first fully secure ciphertext-policy and key-policy ABE schemes based on a standard assumption on Type-III pairing groups, which do not put any restriction on policy type or attributes. We implement our schemes along with several other prominent ones using the Charm library, and demonstrate that they perform better on almost all parameters of interest.
125 citations
TL;DR: The security analysis shows that the proposed scheme is secure against known attacks, and the experimental results show that the fog nodes perform most of the computation operations of encryption, dec encryption, and signing, and hence, the time of encryption for data owner, decryption, re-encryption, and sign for users is small and constant.
Abstract: Fog computing is a paradigm that extends cloud computing to the edge of the network. It can provide computation and storage services to end devices in Internet of Things (IoT). Attribute-based cryptography is a well-known technology to guarantee data confidentiality and fine-grained data access control. However, its computational cost in encryption and decryption phase is linear with the complexity of policy. In this paper, we propose a secure and fine-grained data access control scheme with ciphertext update and computation outsourcing in fog computing for IoT. The sensitive data of data owner are first encrypted using attribute-based encryption with multiple policies and then outsourced to cloud storage. Hence, the user whose attributes satisfy the access policy can decrypt the ciphertext. Based on the attribute-based signature technique, authorized user whose attributes integrated in the signature satisfy the update policy can renew the ciphertext. Specifically, most of the encryption, decryption, and signing computations are outsourced from end devices to fog nodes, and thus, the computations for data owners to encrypt, end users to decrypt, re-encrypt, and sign are irrelevant to the number of attributes in the policies. The security analysis shows that the proposed scheme is secure against known attacks, and the experimental results show that the fog nodes perform most of the computation operations of encryption, decryption, and signing, and hence, the time of encryption for data owner, decryption, re-encryption, and signing for users is small and constant.
114 citations
TL;DR: This work presents a searchable CP‐ABE with attribute revocation, where access structures are partially hidden so that receivers cannot extract sensitive information from the ciphertext.
Abstract: Summary
To protect the sensitive data outsourced to cloud server, outsourcing data in an encrypted way has become popular nowadays. However, it is not easy to find the corresponding ciphertext efficiently, especially the large ciphertext stored on cloud server. Besides, some data owners do not want those users who attempt to decrypt to know the sensitive access structure of the ciphertext because of some business or private reasons. In addition, the user attributes revocation and key updating are important issues, which affect application of ciphertext-policy attribute-based encryption (CP-ABE) in cloud storage systems. To overcome the previous problems in cloud storage, we present a searchable CP-ABE with attribute revocation, where access structures are partially hidden so that receivers cannot extract sensitive information from the ciphertext. The security of our scheme can be reduced to the decisional bilinear Diffie–Hellman (DBDH) assumption and decisional linear (DL) assumption. Copyright © 2015 John Wiley & Sons, Ltd.
110 citations
TL;DR: Two ciphertext-policy attribute-based key encapsulation mechanism (CP-AB-KEM) schemes that for the first time achieve both outsourced encryption and outsourced decryption in two system storage models and give corresponding security analysis.
Abstract: We propose two ciphertext-policy attribute-based key encapsulation mechanism (CP-AB-KEM) schemes that for the first time achieve both outsourced encryption and outsourced decryption in two system storage models and give corresponding security analysis. In our schemes, heavy computations are outsourced to Encryption Service Providers (ESPs) or Decryption Service Providers (DSPs), leaving only one modular exponentiation computation for the sender or the receiver. Moreover, we propose a general verification mechanism for a wide class of ciphertext-policy (cf. key-policy) AB-KEM schemes, which can check the correctness of the outsourced encryption and decryption efficiently. Concretely, we introduce a stronger version of verifiability (cf. [1] ) and a new security notion for outsourced decryption called exculpability, which guarantees that a user cannot accuse DSP of returning incorrect results while it is not the case. With all these mechanisms, any dispute between a user and an outsource computation service provider can be easily resolved, furthermore, a service provider will be less motivated to give out wrong results. Finally, we implement our schemes in Charm [2] , and the results indicate that the proposed schemes/mechanisms are efficient and practical.
97 citations
TL;DR: This paper proposes an efficient IBEET scheme with bilinear pairing, which reduces the need for time-consuming HashToPoint function and proves the security of the scheme for one-way secure against chosen identity and chosen ciphertext attacks (OWIDCCA) in the random oracle model (ROM).
TL;DR: This paper proposes a secure architecture composed by two clouds a private cloud dedicated for encryption/decryption and a second public cloudded for storage, implemented using openstack while respecting the encryption as a service concept.
Abstract: The integration of cloud computing with mobile computing and internet has given birth to mobile cloud computing. This technology offers many advantages to users, like Storage capacity, Reliability, Scalability and Real time data availability. Therefore, it is s increasing fast and it is inevitably integrated into everyday life. In MCC, data processing and data storage can be migrated into the cloud servers. However, the confidentiality of images and data is most important in today's environment. In this paper, we mainly focus on secure outsourcing of images. For this purpose, we propose a secure architecture composed by two clouds a private cloud dedicated for encryption/decryption and a second public cloud dedicated for storage. We have implemented the first cloud using openstack while respecting the encryption as a service concept. As an encryption scheme, we have used paillier's homomorphic cryptosystem designed specifically for images. The test of the homomorphic property is done by applying the Watermarking algorithm DWT.
TL;DR: A new RSA-based CP-ABE scheme with constant size secret keys and ciphertexts (CSKC) and has $\mathcal {O}(1)$ time-complexity for each decryption and encryption is proposed, which is suitable for deployment on battery-limited mobile devices.
Abstract: Designing lightweight security protocols for cloud-based Internet-of-Things (IoT) applications for battery-limited mobile devices, such as smart phones and laptops, is a topic of recent focus. Ciphertext-policy attribute-based encryption (CP-ABE) is a viable solution, particularly for cloud deployment, as an encryptor can “write” the access policy so that only authorized users can decrypt and have access to the data. However, most existing CP-ABE schemes are based on the costly bilinear maps, and require long decryption keys, ciphertexts and incur significant computation costs in the encryption and decryption (e.g. costs is at least linear to the number of attributes involved in the access policy). These design drawbacks prevent the deployment of CP-ABE schemes on battery-limited mobile devices. In this paper, we propose a new RSA-based CP-ABE scheme with constant size secret keys and ciphertexts (CSKC) and has $\mathcal {O}(1)$ time-complexity for each decryption and encryption. Our scheme is then shown to be secure against a chosen-ciphertext adversary, as well as been an efficient solution with the expressive AND gate access structures (in comparison to other related existing schemes). Thus, the proposed scheme is suitable for deployment on battery-limited mobile devices.
TL;DR: In this article, the authors proposed Fulmine, a system-on-chip (SoC) based on a tightly-coupled multi-core cluster augmented with specialized blocks for compute-intensive data processing and encryption functions.
Abstract: Near-sensor data analytics is a promising direction for internet-of-things endpoints, as it minimizes energy spent on communication and reduces network load - but it also poses security concerns, as valuable data are stored or sent over the network at various stages of the analytics pipeline. Using encryption to protect sensitive data at the boundary of the on-chip analytics engine is a way to address data security issues. To cope with the combined workload of analytics and encryption in a tight power envelope, we propose Fulmine , a system-on-chip (SoC) based on a tightly-coupled multi-core cluster augmented with specialized blocks for compute-intensive data processing and encryption functions, supporting software programmability for regular computing tasks. The Fulmine SoC, fabricated in 65-nm technology, consumes less than 20mW on average at 0.8V achieving an efficiency of up to 70pJ/B in encryption, 50pJ/px in convolution, or up to 25MIPS/mW in software. As a strong argument for real-life flexible application of our platform, we show experimental results for three secure analytics use cases: secure autonomous aerial surveillance with a state-of-the-art deep convolutional neural network (CNN) consuming 3.16pJ per equivalent reduced instruction set computer operation, local CNN-based face detection with secured remote recognition in 5.74pJ/op, and seizure detection with encrypted data collection from electroencephalogram within 12.7pJ/op.
TL;DR: This paper suggests Shifted Adaption Homomorphism Encryption (SAHE), which is regarded as the better option for all the current research going on and is appropriate for mobile learning since the suggested algorithm will not use the mobile memory or power.
TL;DR: This paper propses the efficient homomorphic encryption algorithm to encrypt the medical images and to perform useful operations on them without breaking the confidentiality.
TL;DR: This work proposes a hierarchical comparison-based encryption (HCBE) scheme that incorporates an attribute hierarchy into CBE, and develops a dynamic policy updating (DPU) scheme by utilizing the proxy re-encryption (PRE) technique.
TL;DR: This work proposes a fully outsourced ciphertext-policy ABE scheme that for the first time achieves outsourced key generation, encryption and decryption simultaneously and the experimental results indicate that the scheme is efficient and practical.
05 Jun 2017
TL;DR: This work proposes a privacy preserving user-based CF technique based on homomorphic encryption, which is capable of determining similarities among users followed by generating recommendations without revealing any private information.
Abstract: With the rapid development of the social networks, Collaborative Filtering (CF)-based recommender systems have been increasingly prevalent and become widely accepted by users. The CF-based techniques generate recommendations by collecting privacy sensitive data from users. Usually, the users are sensitive to disclosure of personal information and, consequently, there are unavoidable security concerns since private information can be easily misused by malicious third parties. In order to protect against breaches of personal information, it is necessary to obfuscate user information by means of an efficient encryption technique while simultaneously generating the recommendation by making true information inaccessible to service providers. Therefore, we propose a privacy preserving user-based CF technique based on homomorphic encryption, which is capable of determining similarities among users followed by generating recommendations without revealing any private information. We introduce different semi-honest parties to preserve privacy and to carry out intermediate computations for generating recommendations. We implement our method on publicly available datasets and show that our method is practical as well as achieves high level of security for users without compromising the recommendation accuracy.
TL;DR: This paper implements a secure cloud storage prototype system based on Cassandra that can provide strong data loss recovery ability, effectively resist the Byzantine fault, and has very high computation efficiency, especially in the face of large files.
TL;DR: A Staged Identity-Based Encryption (SIBE) scheme is proposed, which modifies Boneh and Franklin's original IBE scheme to address the challenges to construct an efficient and functional encryption scheme for ADS-B system.
Abstract: Automatic Dependent Surveillance-Broadcast (ADS-B) is one of the key technologies for future “e-Enabled” aircrafts. ADS-B uses avionics in the e-Enabled aircrafts to broadcast essential flight data such as call sign, altitude, heading, and other extra positioning information. On the one hand, ADS-B brings significant benefits to the aviation industry, but, on the other hand, it could pose security concerns as channels between ground controllers and aircrafts for the ADS-B communication are not secured, and ADS-B messages could be captured by random individuals who own ADS-B receivers. In certain situations, ADS-B messages contain sensitive information, particularly when communications occur among mission-critical civil airplanes. These messages need to be protected from any interruption and eavesdropping. The challenge here is to construct an encryption scheme that is fast enough for very frequent encryption and that is flexible enough for effective key management. In this paper, we propose a Staged Identity-Based Encryption (SIBE) scheme, which modifies Boneh and Franklin's original IBE scheme to address those challenges, that is, to construct an efficient and functional encryption scheme for ADS-B system. Based on the proposed SIBE scheme, we provide a confidentiality framework for future e-Enabled aircraft with ADS-B capability.
TL;DR: This paper proposes a collaborative key management protocol in CP-ABE that realizes distributed generation, issue and storage of private keys without adding any extra infrastructure, and helps markedly reduce client decryption overhead.
Abstract: Ciphertext policy attribute-based encryption (CP-ABE) is a promising cryptographic technique for fine-grained access control of outsourced data in the cloud. However, some drawbacks of key management hinder the popularity of its application. One drawback in urgent need of solution is the key escrow problem. We indicate that front-end devices of clients like smart phones generally have limited privacy protection, so if private keys are entirely held by them, clients risk key exposure that is hardly noticed but inherently existed in previous research. Furthermore, enormous client decryption overhead limits the practical use of ABE. In this paper, we propose a collaborative key management protocol in CP-ABE. Our construction realizes distributed generation, issue and storage of private keys without adding any extra infrastructure. A fine-grained and immediate attribute revocation is provided for key update. The proposed collaborative mechanism effectively solves not only key escrow problem but also key exposure. Meanwhile, it helps markedly reduce client decryption overhead. A comparison with other representative CP-ABE schemes demonstrates that our scheme has somewhat better performance in terms of cloud-based outsourced data sharing on mobile devices. Finally, we provide proof of security for the proposed protocol.
TL;DR: By using proxy re-encryption technology, the scheme enables the proxy (cloud server) to directly share encrypted data to the target users without the intervention of data owner while keeping data privacy, so that greatly improves the sharing performance.
Abstract: Since Cloud Service Provider is a semi-trusted party in cloud storage, to protect data from being disclosed, users’ data are encrypted before being uploaded to a cloud server. Undoubtedly, flexible encrypted data sharing is a very important demand required by cloud storage users, whereas few schemes have being designed to satisfy this demand. In this paper, based on conditional proxy broadcast re-encryption technology, an encrypted data sharing scheme for secure cloud storage is proposed. The scheme not only achieves broadcast data sharing by taking advantage of broadcast encryption, but also achieves dynamic sharing that enables adding a user to and removing a user from sharing groups dynamically without the need to change encryption public keys. Moreover, by using proxy re-encryption technology, our scheme enables the proxy (cloud server) to directly share encrypted data to the target users without the intervention of data owner while keeping data privacy, so that greatly improves the sharing performance. Meanwhile, the correctness and the security are proved; the performance is analyzed, and the experimental results are shown to verify the feasibility and the efficiency of the proposed scheme.
TL;DR: This paper investigates the critical security factors that influence the decision to adopt cloud computing by Saudi government agencies and proposes a framework for three categories, Social Factors category, Cloud Security Risks Category and Perceived Cloud Security Benefits that includes well-known cloud security features.
TL;DR: In this article, the authors applied homomorphic encryption on IBM's cloud quantum computer platform and successfully implemented a quantum algorithm for linear equations while protecting the privacy of the user, which opens a feasible path to the next stage of development of cloud quantum information technology.
Abstract: Quantum computing has undergone rapid development in recent years. Owing to limitations on scalability, personal quantum computers still seem slightly unrealistic in the near future. The first practical quantum computer for ordinary users is likely to be on the cloud. However, the adoption of cloud computing is possible only if security is ensured. Homomorphic encryption is a cryptographic protocol that allows computation to be performed on encrypted data without decrypting them, so it is well suited to cloud computing. Here, we first applied homomorphic encryption on IBM’s cloud quantum computer platform. In our experiments, we successfully implemented a quantum algorithm for linear equations while protecting our privacy. This demonstration opens a feasible path to the next stage of development of cloud quantum information technology.
18 Apr 2017
TL;DR: According to the evaluation based on two real datasets, Kryptein provides strong protection to the data, and it is 250 times faster than other state-of-the-art systems and incurs 120 times less energy consumption.
Abstract: Internet of Things (IoT) is flourishing and has penetrated deeply into people's daily life. With the seamless connection to the physical world, IoT provides tremendous opportunities to a wide range of applications. However, potential risks exist when the IoT system collects sensor data and uploads it to the cloud. The leakage of private data can be severe with curious database administrator or malicious hackers who compromise the cloud. In this work, we propose Kryptein, a compressive-sensing-based encryption scheme for cloud-enabled IoT systems to secure the interaction between the IoT devices and the cloud. Kryptein supports random compressed encryption, statistical decryption, and accurate raw data decryption. According to our evaluation based on two real datasets, Kryptein provides strong protection to the data. It is 250 times faster than other state-of-the-art systems and incurs 120 times less energy consumption. The performance of Kryptein is also measured on off-the-shelf IoT devices, and the result shows Kryptein can run efficiently on IoT devices.
19 Jul 2017
TL;DR: The survey has since been extended to assess whether the research into mobile devices has been translated to the application of attribute-based encryption in IoT where the challenges to support complex computation and data transmission are potentially more complex given the much greater heterogeneity and resource restrictions of IoT devices.
Abstract: The growth in Cloud Computing and the ubiquity of Mobile devices to access Cloud services has generated a new paradigm, Mobile Cloud Computing (MCC) While the benefits of storing and accessing data in the Cloud are well documented there are concerns relating to the security of such data through data corruption, theft, exploitation or deletion Innovative encryption schemes have been developed to address the challenges of data protection in the Cloud and having greater control over who should be accessing what data, one of which is Attribute-Based Encryption (ABE) ABE is a type of role-based access control encryption solution which allows data owners and data consumers or users to encrypt and decrypt based on their personal attributes (eg department, location, gender, role) A number of ABE schemes have been developed over the years but ABE in MCC has established its own paradigm driven by a) the use of mobile devices to access private data hosted in the Cloud and b) the physical limitations of the mobile device to perform complex computation in support of encryption and decryption in ABE ABE in MCC is an evolving research field but given the breadth and strength of interest at time of writing it is timely to perform a survey Due to the sheer volume of research, the survey has focused on one aspect of ABE - Ciphertext-Policy Attribute-Based Encryption - in line with its prominence in ABE in MCC research to date Further, given the significant developments and interest in IoT, the survey has since been extended to assess whether the research into mobile devices has been translated to the application of attribute-based encryption in IoT where the challenges to support complex computation and data transmission are potentially more complex given the much greater heterogeneity and resource restrictions of IoT devices
TL;DR: In this paper, a fine-grained owner-forced data search and access authorization scheme spanning user-fog-cloud for resource constrained end users is proposed and the security and the performance analysis show that the scheme is suitable for a fog computing environment.
Abstract: In the fog computing environment, the encrypted sensitive data may be transferred to multiple fog nodes on the edge of a network for low latency; thus, fog nodes need to implement a search over encrypted data as a cloud server. Since the fog nodes tend to provide service for IoT applications often running on resource-constrained end devices, it is necessary to design lightweight solutions. At present, there is little research on this issue. In this paper, we propose a fine-grained owner-forced data search and access authorization scheme spanning user-fog-cloud for resource constrained end users. Compared to existing schemes only supporting either index encryption with search ability or data encryption with fine-grained access control ability, the proposed hybrid scheme supports both abilities simultaneously, and index ciphertext and data ciphertext are constructed based on a single ciphertext-policy attribute based encryption (CP-ABE) primitive and share the same key pair, thus the data access efficiency is significantly improved and the cost of key management is greatly reduced. Moreover, in the proposed scheme, the resource constrained end devices are allowed to rapidly assemble ciphertexts online and securely outsource most of decryption task to fog nodes, and mediated encryption mechanism is also adopted to achieve instantaneous user revocation instead of re-encrypting ciphertexts with many copies in many fog nodes. The security and the performance analysis show that our scheme is suitable for a fog computing environment.
01 Feb 2017
TL;DR: The proposed algorithm reduces the time of encryption and decryption processes by dividing the file into blocks and enhances the strength of the algorithm by increasing the key size, which paves the way to store data in cloud by the users without any inconvenience.
Abstract: Cloud Computing is a distributed and centralized network of inter connected and inter related systems with one or more IT resources provisioned based on pay-on-demand usage. Even though Cloud consumers or users are more flexible with cloud resources, there exist various issues which bring down the usage of cloud resources. Security issue is the major one among them. Data Security and Privacy, Identity and Access Management, Disaster Recovery/Business Continuity Planning etc., are some of the crisis related to data stored on the cloud. Since the cloud users are more concerned with their data, its security is a major issue which has to be dealt seriously. Securing the users' data can be achieved by the conventional method of Cryptography. Encryption is done by using any one of the popular symmetric or asymmetric key algorithms such as AES, DES, RSA, Blowfish and Triple DES etc., RSA algorithm which is a asymmetric key algorithm using two different keys for encryption and decryption processes. The Key size can be varied to make the encryption process strong. Hence it is difficult for the attackers to intrude dthe data. Increasing key size correspondingly increases the time taken for encryption and decryption process. The proposed algorithm reduces the time of encryption and decryption processes by dividing the file into blocks and enhances the strength of the algorithm by increasing the key size. This strength paves the way to store data in cloud by the users without any inconvenience.
TL;DR: A designated server identity-based encryption scheme with conjunctive keyword search is put forward that satisfies the ciphertext indistinguishability, the trapdoor indistinguishesability and the off-line keyword-guessing attack security and is efficient and practical.
Abstract: Public key encryption with keyword search is a useful primitive that provides searchable ciphertexts for some predefined keywords. It allows a user to send a trapdoor to a storage server, which enables the latter to locate all encrypted data containing the keyword(s) encoded in the trapdoor. To remove the requirement of a secure channel between the server and the receiver in identity-based encryption with keyword search, Wu et al. proposed a designated server identity-based encryption scheme with keyword search. However, our cryptanalysis indicates that Wu et al.’s scheme fails in achieving the ciphertext indistinguishability. To overcome the security weakness in the scheme and offer the multiple-keyword search function, we put forward a designated server identity-based encryption scheme with conjunctive keyword search. In the random oracle model, we formally prove that the proposed scheme satisfies the ciphertext indistinguishability, the trapdoor indistinguishability and the off-line keyword-guessing attack security. Comparison analysis shows that it is efficient and practical.