A Secure Ciphertext Self-Destruction Scheme with Attribute-Based Encryption

The secure destruction of expired data is one of the important contents in the research of cloud storage security. Applying the attribute-based encryption (ABE) and the distributed hash table (DHT) technology to the process of data destruction, we propose a secure ciphertext self-destruction scheme with attribute-based encryption called SCSD. In SCSD scheme, the sensitive data is first encrypted under an access key and then the ciphertext shares are stored in the DHT network along with the attribute shares. Meanwhile, the rest of the sensitive data ciphertext and the shares of access key ciphertext constitute the encapsulated self-destruction object (EDO), which is stored in the cloud. When the sensitive data is expired, the nodes in DHT networks can automatically discard the ciphertext shares and the attribute shares, which can make the ciphertext and the access key unrecoverable. Thus, we realize secure ciphertext self-destruction. Compared with the current schemes, our SCSD scheme not only can support efficient data encryption and fine-grained access control in lifetime and secure self-destruction after expiry, but also can resist the traditional cryptanalysis attack as well as the Sybil attack in the DHT network.

Download Full-text

Hierarchical authority based weighted attribute encryption scheme

Computer Science and Information Systems ◽

10.2298/csis180912027t ◽

2019 ◽

Vol 16 (3) ◽

pp. 797-813

Author(s):

Qiuting Tian ◽

Dezhi Han ◽

Yanmei Jiang

Keyword(s):

Data Storage ◽

Cloud Storage ◽

Encryption Scheme ◽

Storage Security ◽

Fine Grained ◽

Security Proof ◽

Attribute Based Encryption ◽

Encryption Schemes ◽

And Performance ◽

Cloud Storage Environment

With the development of cloud storage technology, data storage security has become increasingly serious. Aiming at the problem that existing attribute-based encryption schemes do not consider hierarchical authorities and the weight of attribute. A hierarchical authority based weighted attribute encryption scheme is proposed. This scheme will introduce hierarchical authorities and the weight of attribute into the encryption scheme, so that the authorities have a hierarchical relationship and different attributes have different importance. At the same time, the introduction of the concept of weight makes this scheme more flexible in the cloud storage environment and enables fine-grained access control. In addition, this scheme implements an online/offline encryption mechanism to improve the security of stored data. Security proof and performance analysis show that the scheme is safe and effective, and it can resist collusion attacks by many malicious users and authorization centers. It is more suitable for cloud storage environments than other schemes.

Download Full-text

Multiauthority Attribute-Based Encryption with Traceable and Dynamic Policy Updating

Security and Communication Networks ◽

10.1155/2021/6661450 ◽

2021 ◽

Vol 2021 ◽

pp. 1-13

Author(s):

Jie Ling ◽

Junwei Chen ◽

Jiahui Chen ◽

Wensheng Gan

Keyword(s):

Cloud Storage ◽

Storage Security ◽

Access Policy ◽

Fine Grained ◽

Security Models ◽

Attribute Based Encryption ◽

Dynamic Policy ◽

Ciphertext Policy ◽

Experimental Comparisons ◽

Better Than

Ciphertext policy attribute-based encryption (CP-ABE) is an encryption mechanism that can provide fine-grained access control and adequate cloud storage security for Internet of Things (IoTs). In this field, the original CP-ABE scheme usually has only a single trusted authority, which will become a bottleneck in IoTs. In addition, different users may illegally share their private keys to obtain improper benefits. Besides, the data owners also require the flexibility to change their access policy. In this paper, we construct a multiauthority CP-ABE scheme on prime order groups over a large attribute universe. Our scheme can support white-box traceability along with policy updates to solve the abovementioned three problems and, thus, can fix the potential requirements of IoTs. More precisely, the proposed scheme supports multiple authority, white box traceability, large attribute domains, access policy updates, and high expressiveness. We prove that our designed scheme is static secure and traceable secure based on the state-of-the-art security models. Moreover, by theoretical comparison, our scheme has better performance than other schemes. Finally, extensive experimental comparisons show that our proposed algorithm can be better than the baseline algorithms.

Download Full-text

Efficient Multi-Keyword Search Through Ciphertext Data in the Cloud

International Journal of Engineering and Advanced Technology - Regular Issue ◽

10.35940/ijeat.f8534.088619 ◽

2019 ◽

Vol 8 (6) ◽

pp. 2417-2420

Keyword(s):

Cloud Storage ◽

Keyword Search ◽

Data Retrieval ◽

Data Sets ◽

Sensitive Data ◽

Data Set ◽

Vast Number ◽

Attribute Based Encryption ◽

Efficient Data ◽

Keyword Searches

Cloud computing has become essential for storing sensitive data sets that are centralized in the cloud. The need for privacy and protection of files and documents has increased day by day. Data users typically dump the most powerful information in cloud storage to prevent third parties from accessing data in cloud storage. In legacy systems, end users safely retrieved encrypted information using keyword search. However, in existing systems, we recommend only individual keywords and Boolean keywords, which is not yet sufficient to ensure efficient data usage for a vast number of data users and the number of documents in the cloud repository. This work aims to develop a systematic approach to searching multi keywords in the cloud with ciphertext data. The cloud server carries out risk-free investigations with no clear information about keywords and trap doors. The client or user uses multiple keywords to perform data retrieval. When the client enters a question for many words, the server breaks the question into one word and retrieves the word from the index. In this task, the cipher text policy attribute-based encryption (CPABE) algorithm is used to perform encryption of files and documents. Experimental results show 95% accuracy with a data set size of 1000, for both single and multiple keyword searches. Because previous research were limited to single searches, this new work performs multiple keyword searches with unique security aspects to create a multi-keyword search system rather than the cryptographic data in the cloud.

Download Full-text

A Study on Cloud Storage Security Method Using Data Classification

Journal of University of Shanghai for Science and Technology ◽

10.51201/jusst/21/09657 ◽

2021 ◽

Vol 23 (09) ◽

pp. 1105-1121

Author(s):

Dr. Ashish Kumar Tamrakar ◽

◽

Dr. Abhishek Verma ◽

Dr. Vishnu Kumar Mishra ◽

Dr. Megha Mishra ◽

...

Keyword(s):

Cloud Storage ◽

Storage Systems ◽

Data Classification ◽

Data Encryption ◽

Security Requirements ◽

Security And Privacy ◽

Security Level ◽

Distributed Resources ◽

Storage Security ◽

Public Data

Cloud computing is a new model for providing diverse services of software and hardware. This paradigm refers to a model for enabling on-demand network access to a shared pool of configurable computing resources, that can be rapidly provisioned and released with minimal service provider interaction .It helps the organizations and individuals deploy IT resources at a reduced total cost. However, the new approaches introduced by the clouds, related to computation outsourcing, distributed resources and multi-tenancy concept, increase the security and privacy concerns and challenges. It allows users to store their data remotely and then access to them at any time from any place .Cloud storage services are used to store data in ways that are considered cost saving and easy to use. In cloud storage, data are stored on remote servers that are not physically known by the consumer. Thus, users fear from uploading their private and confidential files to cloud storage due to security concerns. The usual solution to secure data is data encryption, which makes cloud users more satisfied when using cloud storage to store their data. Motivated by the above facts; we have proposed a solution to undertake the problem of cloud storage security. In cloud storage, there are public data that do not need any security measures, and there are sensitive data that need applying security mechanisms to keep them safe. In that context, data classification appears as the solution to this problem. The classification of data into classes, with different security requirements for each class is the best way to avoid under security and over security situation. The existing cloud storage systems use the same Journal of University of Shanghai for Science and Technology ISSN: 1007-6735 Volume 23, Issue 9, September – 2021 Page-1105 key size to encrypt all data without taking into consideration its confidentiality level. Treating the low and high confidential data with the same way and at the same security level will add unnecessary overhead and increase the processing time. In our proposal, we have combined the K-NN (K Nearest Neighbors) machine learning method and the goal programming decision-making method, to provide an efficient method for data classification. This method allows data classification according to the data owner security needs. Then, we introduce the user data to the suitable security mechanisms for each class. The use of our solution in cloud storage systems makes the data security process more flexible, besides; it increases the cloud storage system performance and decreases the needed resources, which are used to store the data.

Download Full-text

Implementation of an Attribute-Based Encryption Scheme Based on SM9

Applied Sciences ◽

10.3390/app9153074 ◽

2019 ◽

Vol 9 (15) ◽

pp. 3074

Author(s):

Yang Shi ◽

Zhiyuan Ma ◽

Rufu Qin ◽

Xiaoping Wang ◽

Wujing Wei ◽

...

Keyword(s):

Smart Phone ◽

Regulatory Compliance ◽

Bilinear Pairing ◽

Encryption Scheme ◽

Sensitive Data ◽

Fine Grained ◽

Fundamental Building Block ◽

Attribute Based Encryption ◽

Identity Based ◽

Computing Platforms

In recent years, attribute-based encryption (ABE) has been widely applied in mobile computing, cloud computing, and the Internet of things, for supporting flexible and fine-grained access control of sensitive data. In this paper, we present a novel attribute-based encryption scheme that is based on bilinear pairing over Barreto and Naehrig curves (BN-curves). The identity-based encryption scheme SM9, which is a Chinese commercial cryptographic standard and a forthcoming part of ISO/IEC11770-3, has been used as the fundamental building block, and thus we first introduce SM9 and present our SM9 implementation in details. Subsequently, we propose the design and implementation of the ABE scheme. Moreover, we also develop a hybrid ABE for achieving lower ciphertext expansion rate when the size of access structure or plaintext is large. The performance and energy consumption of the implementation of the proposed ABE and its hybrid version are evaluated with a workstation, a PC, a smart phone, and an embedded device. The experimental results indicated that our schemes work well on various computing platforms. Moreover, the proposed schemes and their implementations would benefit developers in building applications that fulfill the regulatory compliance with the Chinese commercial cryptographic standard since there is no existing ABE scheme compatible with any Chinese cryptographic standard.

Download Full-text

A P2P Framework for Developing Bioinformatics Applications in Dynamic Cloud Environments

International Journal of Genomics ◽

10.1155/2013/361327 ◽

2013 ◽

Vol 2013 ◽

pp. 1-9 ◽

Cited By ~ 3

Author(s):

Chun-Hung Richard Lin ◽

Chun-Hao Wen ◽

Ying-Chih Lin ◽

Kuang-Yuan Tung ◽

Rung-Wei Lin ◽

...

Keyword(s):

Hash Table ◽

Biological Data ◽

Distributed Hash Table ◽

Data Discovery ◽

P2p Computing ◽

Trip Time ◽

Alternative Approach ◽

Cloud Framework ◽

Efficient Data ◽

Cloud Environments

Bioinformatics is advanced from in-house computing infrastructure to cloud computing for tackling the vast quantity of biological data. This advance enables large number of collaborative researches to share their works around the world. In view of that, retrieving biological data over the internet becomes more and more difficult because of the explosive growth and frequent changes. Various efforts have been made to address the problems of data discovery and delivery in the cloud framework, but most of them suffer the hindrance by a MapReduce master server to track all available data. In this paper, we propose an alternative approach, called PRKad, which exploits aPeer-to-Peer(P2P) model to achieve efficient data discovery and delivery. PRKad is a Kademlia-based implementation withRound-Trip-Time(RTT) as the associated key, and it locates data according toDistributed Hash Table(DHT) and XOR metric. The simulation results exhibit that our PRKad has the low link latency to retrieve data. As an interdisciplinary application of P2P computing for bioinformatics, PRKad also provides good scalability for servicing a greater number of users in dynamic cloud environments.

Download Full-text

Multi-security-level cloud storage system based on improved proxy re-encryption

EURASIP Journal on Wireless Communications and Networking ◽

10.1186/s13638-019-1614-y ◽

2019 ◽

Vol 2019 (1) ◽

Author(s):

Jinan Shen ◽

Xuejian Deng ◽

Zhenwu Xu

Keyword(s):

Performance Optimization ◽

Cloud Storage ◽

Storage System ◽

Security Requirements ◽

Control Factor ◽

Security Level ◽

Fine Grained ◽

Attribute Based Encryption ◽

And Performance ◽

Heterogeneous Cloud

AbstractBased on the characteristics and data security requirements of the cloud environment, we present a scheme for a multi-security-level cloud storage system that is combined with AES symmetric encryption and an improved identity-based proxy re-encryption (PRE) algorithm. Our optimization includes support for fine-grained control and performance optimization. Through a combination of attribute-based encryption methods, we add a fine-grained control factor to our algorithm in which each authorization operation is only valid for a single factor. By reducing the number of bilinear mappings, which are the most time-consuming processes, we achieve our aim of optimizing performance. Last but not least, we implement secure data sharing among heterogeneous cloud systems. As shown in experiment, our proposed multi-security-level cloud storage system implements services such as the direct storage of data, transparent AES encryption, PRE protection that supports fine-grained and ciphertext heterogeneous transformation, and other functions such as authentication and data management. In terms of performance, we achieve time-cost reductions of 29.8% for the entire process, 48.3% for delegation and 47.2% for decryption.

Download Full-text

DHT-PDP: A Distributed Hash Table based Provable Data Possession Mechanism in Cloud Storage

2020 8th International Conference on Reliability, Infocom Technologies and Optimization (Trends and Future Directions) (ICRITO) ◽

10.1109/icrito48877.2020.9198019 ◽

2020 ◽

Author(s):

Raziqa Masood ◽

Nitin Pandey ◽

Q. P. Rana

Keyword(s):

Cloud Storage ◽

Hash Table ◽

Distributed Hash Table ◽

Provable Data Possession

Download Full-text

Privacy Protection in Cloud Storage

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.55-57.504 ◽

2011 ◽

Vol 55-57 ◽

pp. 504-507

Author(s):

Jian Hua Zhang ◽

Nan Zhang ◽

Chun Chang Fu

Keyword(s):

Data Mining ◽

Privacy Protection ◽

Cloud Storage ◽

Data Encryption ◽

Security Technology ◽

Storage Security ◽

Key Technology ◽

Encryption And Authentication

The storage security technology in cloud storage applications was analyzed, and in order to satisfied the demand for privacy protection, the key technology of data encryption and authentication are described and the methods of privacy protection in data mining under the cloud were discussed. At the same time, a hierarchical mechanism of authentication was proposed. These methods and mechanisms could solve the problem of privacy protection in a certain degree, and ensure the security of cloud storage.

Download Full-text

Traceable Multiauthority Attribute-Based Encryption with Outsourced Decryption and Hidden Policy for CIoT

Wireless Communications and Mobile Computing ◽

10.1155/2021/6682580 ◽

2021 ◽

Vol 2021 ◽

pp. 1-16

Author(s):

Suhui Liu ◽

Jiguo Yu ◽

Chunqiang Hu ◽

Mengmeng Li

Keyword(s):

Data Sharing ◽

Random Oracle Model ◽

Random Oracle ◽

Fine Grained ◽

Security Issues ◽

Efficient Management ◽

Attribute Based Encryption ◽

High Efficient ◽

Efficient Data ◽

Iot Devices

Cloud-assisted Internet of Things (IoT) significantly facilitate IoT devices to outsource their data for high efficient management. Unfortunately, some unsettled security issues dramatically impact the popularity of IoT, such as illegal access and key escrow problem. Traditional public-key encryption can be used to guarantees data confidentiality, while it cannot achieve efficient data sharing. The attribute-based encryption (ABE) is the most promising way to ensure data security and to realize one-to-many fine-grained data sharing simultaneously. However, it cannot be well applied in the cloud-assisted IoT due to the complexity of its decryption and the decryption key leakage problem. To prevent the abuse of decryption rights, we propose a multiauthority ABE scheme with white-box traceability in this paper. Moreover, our scheme greatly lightens the overhead on devices by outsourcing the most decryption work to the cloud server. Besides, fully hidden policy is implemented to protect the privacy of the access policy. Our scheme is proved to be selectively secure against replayable chosen ciphertext attack (RCCA) under the random oracle model. Some theory analysis and simulation are described in the end.

Download Full-text