A New Encrypted Data Switching Protocol: Bridging IBE and ABE Without Loss of Data Confidentiality

The revocable ciphertext-policy attribute-based encryption (R-CP-ABE) is an extension of ciphertext-policy attribute-based encryption (CP-ABE), which can realize user direct revocation and maintain a short revocation list. However, the revoked users can still decrypt the previously authorized encrypted data with their old key. The R-CP-ABE scheme should provide a mechanism to protect the encrypted data confidentiality by disqualifying the revoked users from accessing the previously encrypted data. Motivated by practical needs, we propose a new user R-CP-ABE scheme that simultaneously supports user direct revocation, short revocation list, and ciphertext update by incorporating the identity-based and time-based revocable technique. The scheme provides a strongly selective security proof under the modified decisional q -parallel bilinear Diffie–Hellman Exponent problem, where “strongly” means that the adversary can query the secret key of a user whose attribute set satisfies the challenge ciphertext access structure and whose identity is in the revocation list.

Download Full-text

Cryptanalysis of an encrypted database in SIGMOD '14

Proceedings of the VLDB Endowment ◽

10.14778/3467861.3467865 ◽

2021 ◽

Vol 14 (10) ◽

pp. 1743-1755

Author(s):

Xinle Cao ◽

Jian Liu ◽

Hao Lu ◽

Kui Ren

Keyword(s):

Real World ◽

Service Provider ◽

Innovative Technology ◽

Data Confidentiality ◽

Data Interoperability ◽

Encrypted Data ◽

Complex Queries ◽

Data Owner ◽

The Common ◽

Encrypted Database

Encrypted database is an innovative technology proposed to solve the data confidentiality issue in cloud-based DB systems. It allows a data owner to encrypt its database before uploading it to the service provider; and it allows the service provider to execute SQL queries over the encrypted data. Most of existing encrypted databases (e.g., CryptDB in SOSP '11) do not support data interoperability: unable to process complex queries that require piping the output of one operation to another. To the best of our knowledge, SDB (SIGMOD '14) is the only encrypted database that achieves data interoperability. Unfortunately, we found SDB is not secure! In this paper, we revisit the security of SDB and propose a ciphertext-only attack named co-prime attack. It successfully attacks the common operations supported by SDB, including addition, comparison, sum, equi-join and group-by. We evaluate our attack in three real-world benchmarks. For columns that support addition and comparison , we recover 84.9% -- 99.9% plaintexts. For columns that support sum, equi-join and group-by , we recover 100% plaintexts. Besides, we provide potential countermeasures that can prevent the attacks against sum, equi-join, group-by and addition. It is still an open problem to prevent the attack against comparison.

Download Full-text

Cloud-ElGamal and Fast Cloud-RSA Homomorphic Schemes for Protecting Data Confidentiality in Cloud Computing

International Journal of Digital Crime and Forensics ◽

10.4018/ijdcf.2019070105 ◽

2019 ◽

Vol 11 (3) ◽

pp. 90-102

Author(s):

Khalid El Makkaoui ◽

Abderrahim Beni-Hssane ◽

Abdellah Ezzati

Keyword(s):

Cloud Computing ◽

Homomorphic Encryption ◽

Third Party ◽

Security Level ◽

Wide Spread ◽

Security Attacks ◽

Data Confidentiality ◽

Encrypted Data ◽

Resource Limited ◽

Great Solution

Homomorphic encryption (HE) is an encryption form that offers a third-party with the ability to carry out computations on encrypted data. This property can be considered as a great solution to get over some obstacles limiting the wide-spread adoption of cloud computing (CC) services. Since CC environments are threatened by insider/outsider security attacks and since CC consumers often access to CC services using resource-limited devices, the HE schemes need to be promoted at security level and at running time to work effectively. For this reason, at EMENA-TSSL'16 and at WINCOM'16, the authors respectively boosted the RSA and ElGamal cryptosystems at security level, Cloud-RSA and Cloud-ElGamal. At SCAMS'17 and at EUSPN'17, the authors then suggested two fast variants of the Cloud-RSA scheme. All proposed schemes support the multiplicative homomorphism (MH) over the integers. The aim of this article is to compare the Cloud-ElGamal scheme with the Cloud-RSA schemes. This article first briefly presents the HE schemes and analyzes their security. This article then implements the schemes, compare and discuss their efficiency.

Download Full-text

An Empirical Analysis of the Obtrusiveness of and Participants' Compliance with the Electronically Activated Recorder (EAR)

European Journal of Psychological Assessment ◽

10.1027/1015-5759.23.4.248 ◽

2007 ◽

Vol 23 (4) ◽

pp. 248-257 ◽

Cited By ~ 58

Author(s):

Matthias R. Mehl ◽

Shannon E. Holleran

Keyword(s):

Empirical Analysis ◽

Sampling Method ◽

Daily Life ◽

Assessment Method ◽

Data Confidentiality ◽

Short Term ◽

Naturally Occurring ◽

Two Samples ◽

Audio Recorder ◽

Term Monitoring

Abstract. In this article, the authors provide an empirical analysis of the obtrusiveness of and participants' compliance with a relatively new psychological ambulatory assessment method, called the electronically activated recorder or EAR. The EAR is a modified portable audio-recorder that periodically records snippets of ambient sounds from participants' daily environments. In tracking moment-to-moment ambient sounds, the EAR yields an acoustic log of a person's day as it unfolds. As a naturalistic observation sampling method, it provides an observer's account of daily life and is optimized for the assessment of audible aspects of participants' naturally-occurring social behaviors and interactions. Measures of self-reported and behaviorally-assessed EAR obtrusiveness and compliance were analyzed in two samples. After an initial 2-h period of relative obtrusiveness, participants habituated to wearing the EAR and perceived it as fairly unobtrusive both in a short-term (2 days, N = 96) and a longer-term (10-11 days, N = 11) monitoring. Compliance with the method was high both during the short-term and longer-term monitoring. Somewhat reduced compliance was identified over the weekend; this effect appears to be specific to student populations. Important privacy and data confidentiality considerations around the EAR method are discussed.

Download Full-text

An Efficient Privacy-Preserving Rank Query over Encrypted Data in Cloud Computing

Chinese Journal of Computers ◽

10.3724/sp.j.1016.2012.02215 ◽

2012 ◽

Vol 35 (11) ◽

pp. 2215 ◽

Cited By ~ 2

Author(s):

Fang-Quan CHENG ◽

Zhi-Yong PENG ◽

Wei SONG ◽

Shu-Lin WANG ◽

Yi-Hui CUI

Keyword(s):

Cloud Computing ◽

Privacy Preserving ◽

Encrypted Data

Download Full-text

Research and design of querying approach for XML encrypted data

Journal of Computer Applications ◽

10.3724/sp.j.1087.2010.01099 ◽

2010 ◽

Vol 30 (4) ◽

pp. 1099-1102

Author(s):

Yu-yi KE ◽

Shi-xiong XIA ◽

Chu-jiao WANG

Keyword(s):

Encrypted Data ◽

Research And Design

Download Full-text

A New User-controlled and Efficient Encrypted Data Sharing Model in Cloud Storage

Recent Patents on Engineering ◽

10.2174/1872212113666190215143537 ◽

2019 ◽

Vol 13 (4) ◽

pp. 356-363

Author(s):

Yuezhong Wu ◽

Wei Chen ◽

Shuhong Chen ◽

Guojun Wang ◽

Changyun Li

Keyword(s):

Data Sharing ◽

Data Security ◽

Cloud Storage ◽

Screening Program ◽

Original Data ◽

Third Party ◽

Active System ◽

Encrypted Data ◽

Active User ◽

User Data

Background: Cloud storage is generally used to provide on-demand services with sufficient scalability in an efficient network environment, and various encryption algorithms are typically applied to protect the data in the cloud. However, it is non-trivial to obtain the original data after encryption and efficient methods are needed to access the original data. Methods: In this paper, we propose a new user-controlled and efficient encrypted data sharing model in cloud storage. It preprocesses user data to ensure the confidentiality and integrity based on triple encryption scheme of CP-ABE ciphertext access control mechanism and integrity verification. Moreover, it adopts secondary screening program to achieve efficient ciphertext retrieval by using distributed Lucene technology and fine-grained decision tree. In this way, when a trustworthy third party is introduced, the security and reliability of data sharing can be guaranteed. To provide data security and efficient retrieval, we also combine active user with active system. Results: Experimental results show that the proposed model can ensure data security in cloud storage services platform as well as enhance the operational performance of data sharing. Conclusion: The proposed security sharing mechanism works well in an actual cloud storage environment.

Download Full-text