Showing papers on "On-the-fly encryption published in 2013"

DupLESS: server-aided encryption for deduplicated storage

Abstract: Cloud storage service providers such as Dropbox, Mozy, and others perform deduplication to save space by only storing one copy of each file uploaded. Should clients conventionally encrypt their files, however, savings are lost. Message-locked encryption (the most prominent manifestation of which is convergent encryption) resolves this tension. However it is inherently subject to brute-force attacks that can recover files falling into a known set. We propose an architecture that provides secure deduplicated storage resisting brute-force attacks, and realize it in a system called DupLESS. In DupLESS, clients encrypt under message-based keys obtained from a key-server via an oblivious PRF protocol. It enables clients to store encrypted data with an existing service, have the service perform deduplication on their behalf, and yet achieves strong confidentiality guarantees. We show that encryption for deduplicated storage can achieve performance and space savings close to that of using the storage service with plaintext data.

An Ideal-Security Protocol for Order-Preserving Encoding

Abstract: Order-preserving encryption - an encryption scheme where the sort order of ciphertexts matches the sort order of the corresponding plaintexts - allows databases and other applications to process queries involving order over encrypted data efficiently. The ideal security guarantee for order-preserving encryption put forth in the literature is for the ciphertexts to reveal no information about the plaintexts besides order. Even though more than a dozen schemes were proposed, all these schemes leak more information than order. This paper presents the first order-preserving scheme that achieves ideal security. Our main technique is mutable ciphertexts, meaning that over time, the ciphertexts for a small number of plaintext values change, and we prove that mutable ciphertexts are needed for ideal security. Our resulting protocol is interactive, with a small number of interactions. We implemented our scheme and evaluated it on microbenchmarks and in the context of an encrypted MySQL database application. We show that in addition to providing ideal security, our scheme achieves 1 - 2 orders of magnitude higher performance than the state-of-the-art order-preserving encryption scheme, which is less secure than our scheme.

A Study of Encryption Algorithms AES, DES and RSA for Security

Abstract: In recent years network security has become an important issue. Encryption has come up as a solution, and plays an important role in information security system. Many techniques are needed to protect the shared data. The present work focus on cryptography to secure the data while transmitting in the network. Firstly the data which is to be transmitted from sender to receiver in the network must be encrypted using the encryption algorithm in cryptography. Secondly, by using decryption technique the receiver can view the original data. In this paper we implemented three encrypt techniques like AES, DES and RSA algorithms and compared their performance of encrypt techniques based on the analysis of its stimulated time at the time of encryption and decryption. Experiments results are given to analyses the effectiveness of each algorithm.

Attribute-Based Encryption with Fast Decryption

Abstract: Attribute-based encryption (ABE) is a vision of public key encryption that allows users to encrypt and decrypt messages based on user attributes. This functionality comes at a cost. In a typical implementation, the size of the ciphertext is proportional to the number of attributes associated with it and the decryption time is proportional to the number of attributes used during decryption. Specifically, many practical ABE implementations require one pairing operation per attribute used during decryption.

White-Box Traceable Ciphertext-Policy Attribute-Based Encryption Supporting Any Monotone Access Structures

Abstract: In a ciphertext-policy attribute-based encryption (CP-ABE) system, decryption keys are defined over attributes shared by multiple users. Given a decryption key, it may not be always possible to trace to the original key owner. As a decryption privilege could be possessed by multiple users who own the same set of attributes, malicious users might be tempted to leak their decryption privileges to some third parties, for financial gain as an example, without the risk of being caught. This problem severely limits the applications of CP-ABE. Several traceable CP-ABE (T-CP-ABE) systems have been proposed to address this problem, but the expressiveness of policies in those systems is limited where only and gate with wildcard is currently supported. In this paper we propose a new T-CP-ABE system that supports policies expressed in any monotone access structures. Also, the proposed system is as efficient and secure as one of the best (non-traceable) CP-ABE systems currently available, that is, this work adds traceability to an existing expressive, efficient, and secure CP-ABE scheme without weakening its security or setting any particular trade-off on its performance.

Toward Secure Multikeyword Top-k Retrieval over Encrypted Cloud Data

Abstract: Cloud computing has emerging as a promising pattern for data outsourcing and high-quality data services. However, concerns of sensitive information on cloud potentially causes privacy problems. Data encryption protects data security to some extent, but at the cost of compromised efficiency. Searchable symmetric encryption (SSE) allows retrieval of encrypted data over cloud. In this paper, we focus on addressing data privacy issues using SSE. For the first time, we formulate the privacy issue from the aspect of similarity relevance and scheme robustness. We observe that server-side ranking based on order-preserving encryption (OPE) inevitably leaks data privacy. To eliminate the leakage, we propose a two-round searchable encryption (TRSE) scheme that supports top-k multikeyword retrieval. In TRSE, we employ a vector space model and homomorphic encryption. The vector space model helps to provide sufficient search accuracy, and the homomorphic encryption enables users to involve in the ranking while the majority of computing work is done on the server side by operations only on ciphertext. As a result, information leakage can be eliminated and data security is ensured. Thorough security and performance analysis show that the proposed scheme guarantees high security and practical efficiency.

ABSTRACTION LAYER FOR DEFAULT Encryption WITH ORTHOGONAL ENCRYPTION LOGIC SESSION OBJECT AND AUTOMATED AUTHENTICATION with A METHOD FOR ONLINE LITIGATION

Abstract: Embodiments herein provide methods, apparatus, computer program products, software and means for (1) an abstraction layer for default encryption, (2) with orthogonal encryption logic session object, and (3) automated authentication, (4) with a method for online litigation. In some cases subject matter disclosed herein relates to default data encryption; use a user's registration data to generate an encryption logic and related executable code, including servers and client applications; encryption as an automatic background task occurring through variable encryption logic, with authentication; embodiments are also described for conducting online litigation through pleadings formed as meta-files that trigger litigation related algorithms in order to automate and coordinate litigation.

Node computing data encryption method

Abstract: A data encryption method, adapted to a node computing device in a cloud server system comprises following steps. A primary data is received. A dimension of an encrypted matrix is computed. An encryption length is computed, and data segments matching the encryption length are extracted from the primary data sequentially according to the encryption length. A plurality of encrypted segments is obtained by encrypting the extracted data segments respectively through the encrypted matrix.

Use of Digital Signature with Diffie Hellman Key Exchange and AES Encryption Algorithm to Enhance Data Security in Cloud Computing

Abstract: Cloud computing is the apt technology for the decade It allows user to store large amount of data in cloud storage and use as and when required, from any part of the world, via any terminal equipment Since cloud computing is rest on internet, security issues like privacy, data security, confidentiality, and authentication is encountered In order to get rid of the same, a variety of encryption algorithms and mechanisms are used Many researchers choose the best they found and use it in different combination to provide security to the data in cloud On the similar terms, we have chosen to make use of a combination of authentication technique and key exchange algorithm blended with an encryption algorithm This combination is referred to as "Three way mechanism" because it ensures all the three protection scheme of authentication, data security and verification, at the same time In this paper, we have proposed to make use of digital signature and Diffie Hellman key exchange blended with (AES) Advanced Encryption Standard encryption algorithm to protect confidentiality of data stored in cloud Even if the key in transmission is hacked, the facility of Diffie Hellman key exchange render it useless, since key in transit is of no use without user's private key, which is confined only to the legitimate user This proposed architecture of three way mechanism makes it tough for hackers to crack the security system, thereby protecting data stored in cloud

On the Achievability of Simulation-Based Security for Functional Encryption

Abstract: This work attempts to clarify to what extent simulation-based security (SIM-security) is achievable for functional encryption (FE) and its relation to the weaker indistinguishability-based security (IND-security). Our main result is a compiler that transforms any FE scheme for the general circuit functionality (which we denote by Circuit-FE) meeting indistinguishability-based security (IND-security) to a Circuit-FE scheme meeting SIM-security, where:

Function-Private Identity-Based Encryption: Hiding the Function in Functional Encryption

Abstract: We put forward a new notion, function privacy, in identity-based encryption and, more generally, in functional encryption. Intuitively, our notion asks that decryption keys reveal essentially no information on their corresponding identities, beyond the absolute minimum necessary. This is motivated by the need for providing predicate privacy in public-key searchable encryption. Formalizing such a notion, however, is not straightforward as given a decryption key it is always possible to learn some information on its corresponding identity by testing whether it correctly decrypts ciphertexts that are encrypted for specific identities.

A novel text and image encryption method based on chaos theory and DNA computing

Abstract: In today's world, the security of information is associated with valid and reliable encryption algorithms that we have used in our systems. Today, the latest methods for data encryption are based on DNA computing. In this paper, we consider a reliable data encryption algorithm (OTP) which is theoretically unbreakable, but it experiences some disadvantages in its algorithm. These drawbacks have prevented the common use of its scheme in modern cryptosystems. In this research, we include a logistic chaotic map as an input of OTP algorithm. So, the obtained result of `Matlab Simulation' could prove the efficiency of proposed algorithm in image encryption. In addition to the cryptography of text files, we can propose an interesting encryption algorithm based on a chaotic selection between original message DNA strands and OTP DNA strands. Finally, the empirical results of our proposed algorithm will be compared with AES Open SSl algorithm.

Confused Johnny: when automatic encryption leads to confusion and mistakes

Abstract: A common approach to designing usable security is to hide as many security details as possible from the user to reduce the amount of information and actions a user must encounter. This paper gives an overview of Pwm (Private Webmail), our secure webmail system that uses security overlays to integrate tightly with existing webmail services like Gmail. Pwm's security is mostly transparent, including automatic key management and automatic encryption. We describe a series of Pwm user studies indicating that while nearly all users can use the system without any prior training, the security details are so transparent that a small percentage of users mistakenly sent out unencrypted messages and some users are unsure whether they should trust Pwm. We then conducted user studies with an alternative prototype to Pwm that uses manual encryption. Surprisingly users were accepting of the extra steps of cutting and pasting ciphertext themselves. They avoided mistakes and had more trust in the system with manual encryption. Our results suggest that designers may want to reconsider manual encryption as a way to reduce transparency and foster greater trust.

MrCrypt: static analysis for secure cloud computations

Abstract: In a common use case for cloud computing, clients upload data and computation to servers that are managed by a third-party infrastructure provider. We describe MrCrypt, a system that provides data confidentiality in this setting by executing client computations on encrypted data. MrCrypt statically analyzes a program to identify the set of operations on each input data column, in order to select an appropriate homomorphic encryption scheme for that column, and then transforms the program to operate over encrypted data. The encrypted data and transformed program are uploaded to the server and executed as usual, and the result of the computation is decrypted on the client side. We have implemented MrCrypt for Java and illustrate its practicality on three standard benchmark suites for the Hadoop MapReduce framework. We have also formalized the approach and proven several soundness and security guarantees.

Efficient Implementation of AES

Abstract: With the fast progression of digital data exchange in electronic way, information security is becoming much more important in data storage and transmission. Cryptography has come up as a solution which plays a vital role in information security system against various attacks. This security mechanism uses some algorithms to scramble data into unreadable text which can be only being decoded or decrypted by party those possesses the associated key. Two types of cryptographic techniques are being used: symmetric and asymmetric. In this paper we have used symmetric cryptographic technique AES (Advance encryption standard) having 200 bit block as well as key size. And the same conventional 128 bit conventional AES algorithm is implemented for 200 bit using 5*5 Matrix. After the implementation, the proposed work is compared with 128 bit, 192 bits & 256 bits AES techniques on two points. These points are encryption and decryption time and throughput at both encryption and decryption sides.

Amplitude-phase retrieval attack free cryptosystem based on direct attack to phase-truncated Fourier-transform-based encryption using a random amplitude mask.

Abstract: We propose a simple amplitude-phase retrieval attack free cryptosystem based on direct attack to phase-truncated Fourier-transform-based encryption using a random amplitude mask (RAM). The RAM that is not saved during the encryption provides extremely high security for the two private keys, and no iterative calculations are involved in the nonlinear encryption process. Lack of enough constraints makes the specific attack based on iterative amplitude-phase retrieval algorithms unusable. Numerical simulation results are given for testing the validity and security of the proposed approach.

Use of elliptic curve cryptography for multimedia encryption

Abstract: The unique characteristics of the elliptic curve cryptography (ECC) such as the small key size, fast computations and bandwidth saving make its use attractive for multimedia encryption. In this study, the ECC is used to perform encryption along with multimedia compression, and two ECC-based encryption algorithms are introduced and applied before and during compression. The first algorithm performs selective encryption on the transform coefficients during compression, whereas the second algorithm achieves perceptual encryption based on selective bit-plane encryption before compression. The results of applying ECC to multimedia encryption are presented and analysed with respect to the requirements of multimedia encryption: the encryption efficiency, compression efficiency, codec compliance and security level. It is shown that ECC is highly efficient and does not affect the compression efficiency, and accordingly can meet the multimedia encryption requirements.

Expressive search on encrypted data

Abstract: Different from the traditional public key encryption, searchable public key encryption allows a data owner to encrypt his data under a user's public key in such a way that the user can generate search token keys using her secret key and then query an encryption storage server. On receiving such a search token key, the server filters all or related stored encryptions and returns matched ones as response.Searchable pubic key encryption has many promising applications. Unfortunately, existing schemes either only support simple query predicates, such as equality queries and conjunctive queries, or have a superpolynomial blowup in ciphertext size and search token key size.In this paper, based on the key-policy attribute-based encryption scheme proposed by Lewko et al. recently, we present a new construction of searchable public key encryption. Compared to previous works in this field, our construction is much more expressive and efficient and is proven secure in the standard model.

Automatic file encryption

Abstract: A method for automatically encrypting files is disclosed. In some cases, the method may be performed by computer hardware comprising one or more processors. The method can include detecting access to a first file, which may be stored in a primary storage system. Further, the method can include determining whether the access comprises a write access. In response to determining that the access comprises a write access, the method can include accessing file metadata associated with the first file and accessing a set of encryption rules. In addition, the method can include determining whether the file metadata satisfies the set of encryption rules. In response to determining that the file metadata satisfies the set of encryption rules, the method can include encrypting the first file to obtain a first encrypted file and modifying an extension of the first encrypted file to include an encryption extension.

Infrastructure level lan security

Abstract: Techniques are disclosed for securing traffic flowing across multi-tenant virtualized infrastructures using group key-based encryption In one embodiment, an encryption module of a virtual machine (VM) host intercepts layer 2 (L2) frames sent via a virtual NIC (vNIC) The encryption module determines whether the vNIC is connected to a “secure wire,” and invokes an API exposed by a key management module to encrypt the frames using a group key associated with the secure wire, if any Encryption may be performed for all frames from the vNIC, or according to a policy In one embodiment, the encryption module may be located at a layer farthest from the vNIC, and encryption may be transparent to both the VM and a virtual switch Unauthorized network entities which lack the group key cannot decipher the data of encrypted frames, even if they gain access to such frames

Multi-user Searchable Encryption with Coarser-Grained Access Control in Hybrid Cloud

Abstract: In consideration of feasibility, searchable encryption schemes in multi-user setting have to handle the problem of dynamical user injection and revocation, especially to make sure that user revocation will not cause security issues, such as secret key leakage. Recently, fine-grained access control using trusted third party is proposed to resolve this issue, however, it increases the management complexity for maintaining massive authentication information of users. In this paper, we for the first time present new concept of coarse-grained access control and use it to construct a multi-user searchable encryption model in hybrid cloud. In our construction, two typical schemes are used, one is broadcast encryption (BE) scheme to simplify access control, and the other is single-user searchable encryption scheme, which can support two-phase operation and be secure when untrusted server colludes with the adversary. Furthermore, we implement such a practical scheme using an improved searchable symmetric encryption scheme, and security analysis shows that our scheme is secure.

ARMORED: CPU-Bound Encryption for Android-Driven ARM Devices

Abstract: As recently shown by attacks against Android-driven smart phones, ARM devices are vulnerable to cold boot attacks. At the end of 2012, the data recovery tool FROST was released which exploits the remanence effect of RAM to recover user data from a smart phone, at worst its disk encryption key. Disk encryption is supported in Android since version 4.0 and is today available on many smart phones. With ARMORED, we demonstrate that Android's disk encryption feature can be improved to withstand cold boot attacks by performing AES entirely without RAM. ARMORED stores necessary keys and intermediate values of AES inside registers of the ARM microprocessor architecture without involving main memory. As a consequence, cold boot attacks on encryption keys in RAM appear to be futile. We developed our implementation on a Panda Board and tested it successfully on real phones. We also present a security and a performance analysis for ARMORED.

On Implementing Deniable Storage Encryption for Mobile Devices

Abstract: Data confidentiality can be effectively preserved through encryption. In certain situations, this is inadequate, as users may be coerced into disclosing their decryption keys. In this case, the data must be hidden so that its very existence can be denied. Steganographic techniques and deniable encryption algorithms have been devised to address this specific problem. Given the recent proliferation of smartphones and tablets, we examine the feasibility and efficacy of deniable storage encryption for mobile devices. We evaluate existing, and discover new, challenges that can compromise plausibly deniable encryption (PDE) in a mobile environment. To address these obstacles, we design a system called Mobiflage that enables PDE on mobile devices by hiding encrypted volumes within random data on a device’s external storage. We leverage lessons learned from known issues in deniable encryption in the desktop environment, and design new countermeasures for threats specific to mobile systems. Key features of Mobiflage include: deniable file systems with limited impact on throughput; efficient storage use with no data expansion; and restriction/prevention of known sources of leakage and disclosure. We provide a proof-of-concept implementation for the Android OS to assess the feasibility and performance of Mobiflage. We also compile a list of best practices users should follow to restrict other known forms of leakage and collusion that may compromise deniability.

Providing access to encrypted data

Abstract: Embodiments of methods, systems, and storage medium associated with providing access to encrypted data for authorized users are disclosed herein. In one instance, the method may include obtaining a derived value for an authenticated user based on user personalization data of the authenticated user, and generating a user-specific encryption key based on the derived value. The derived value may have entropy in excess of a predetermined level. The user-specific encryption key may enable the authenticated user to access the encrypted data stored at the storage device. Other embodiments may be described and/or claimed.

System on chip to perform a secure boot, an image forming apparatus using the same, and method thereof

Abstract: A system on chip is provided. The system on chip includes a first memory to store a plurality of encryption keys, a second memory, a third memory to store an encryption key setting value, and a CPU to decrypt encrypted data which is stored in an external non-volatile memory using an encryption key corresponding to the encryption key setting value from among the plurality of encryption keys, to store the decrypted data in the second memory, and to perform a boot using data stored in the second memory. Accordingly, security of a boot operation can be improved.

Secure server side encryption for online file sharing and collaboration

Abstract: This invention discloses a novel system and method for securing files and folders containing files on a computer system whereby the files are encrypted using a hierarchy of encryption keys that permit authorized sharing but are resistant to tampering or hacking or other malicious access of the data.

A Novel Triple Encryption Scheme for Hadoop-Based Cloud Data Security

Abstract: Cloud computing has been flourishing in past years because of its ability to provide users with on-demand, flexible, reliable, and low-cost services. With more and more cloud applications being available, data security protection becomes an important issue to the cloud. In order to ensure data security in cloud data storage, a novel triple encryption scheme is proposed in this paper, which combines HDFS files encryption using DEA and the data key encryption with RSA, and then encrypts the user's RSA private key using IDEA. We implement the triple encryption scheme in Hadoop-based cloud data storage and experiment studies were conducted to verify its effectiveness.

Commutative reversible data hiding and encryption

Abstract: This work proposes a novel scheme of commutative reversible data hiding and encryption. In encryption part, the gray values of two neighboring pixels are masked by same pseudo-random bits. In data-hiding part, the additional data are embedded into various bit planes with a reversible manner, and a parameter optimization method based on a capacity–distortion criterion is used to ensure a good performance. Because the data space used for accommodating the additional data is not affected by the encryption operation, the data embedded in plain/encrypted domain can be extracted from encrypted/plain domain, and the way of insertion/extraction of additional data in plain domain is same as that in encrypted domain. Furthermore, the original image can be recovered without any error from an image containing additional data. Copyright © 2013 John Wiley & Sons, Ltd.

Dispersed storage network secure hierarchical file directory

Abstract: A method to generate a secure hierarchical file directory system begins by a processing module, for a child level directory of the secure hierarchical file directory system, obtaining a unique inner encryption key for encrypting the child level directory and creating one or more outer encryption keys for encrypting the unique inner encryption key. For each of the one or more outer encryption keys, the method continues with the processing module encrypting the unique inner encryption key to create one or more encrypted inner encryption keys. The method continues with the processing module creating one or more entries in a parent level directory, where each entry includes a path name, a dispersed storage network (DSN) address of the child level directory, a corresponding one of the one or more encrypted inner encryption keys, and an indicator for a corresponding one of the one or more outer encryption keys.