Secure Selections on Encrypted Multi-writer Streams

Performing searches over encrypted data is a very current and active area. Several efficient solutions have been provided for the single-writer scenario in which all sensitive data originate with one party (the Data Owner ) that encrypts and uploads the data to a public repository. Subsequently, the Data Owner accesses the encrypted data through a Query Processor , which has direct access to the public encrypted repository. Motivated by the recent trend in pervasive data collection, we depart from this model and consider a multi-writer scenario in which the data originate with several and mutually untrusted parties, the Data Sources . In this new scenario, the Data Owner provides public parameters so that each Data Source can add encrypted items to the public encrypted stream; moreover, the Data Owner keeps some related secret information needed to generate tokens so that different Query Sources can decrypt different subsets of the encrypted stream, as specified by corresponding access policies. We propose security model for this problem that we call Secure Selective Stream ( SSS ) and give a secure construction for it based on hard problems in Pairing-Based Cryptography. The cryptographic core of our construction is a new primitive, Amortized Orthogonality Encryption , that is crucial for the efficiency of the proposed implementation for SSS .

Multi-Keyword Searchable Encryption for E-Health System With Multiple Data Writers and Readers

E-health is a cloud-based system to store and share medical data with the stakeholders. From a security perspective, the stored data are in encrypted form that could further be searched by the stakeholders through searchable encryption (SE). Practically, an e-health system with support of multiple stakeholders (that may work as either data owner [writer] or user [reader]) along with the provision of multi-keyword search is desirable. However, the existing SE schemes either support multi-keyword search in multi-reader setting or offer multi-writer, multi-reader mechanism along with single-keyword search only. This chapter proposes a multi-keyword SE for an e-health system in multi-writer multi-reader setting. With this scheme, any registered writer could share data with any registered reader with optimal storage-computational overhead on writer. The proposed scheme offers conjunctive search with optimal search complexity at server. It also ensures security to medical records and privacy of keywords. The theoretical and empirical analysis demonstrates the effectiveness of the proposed work.

Functional Encryption for Pattern Matching with a Hidden String

We propose a new functional encryption for pattern matching scheme with a hidden string. In functional encryption for pattern matching (FEPM), access to a message is controlled by its description and a private key that is used to evaluate the description for decryption. In particular, the description with which the ciphertext is associated is an arbitrary string w and the ciphertext can only be decrypted if its description matches the predicate of a private key which is also a string. Therefore, it provides fine-grained access control through pattern matching alone. Unlike related schemes in the literature, our scheme hides the description that the ciphertext is associated with. In many practical scenarios, the description of the ciphertext cannot be public information as an attacker may abuse the message description to identify the data owner or classify the target ciphertext before decrypting it. Moreover, some data owners may not agree to reveal any ciphertext information since it simply gives greater advantage to the adversary. In this paper, we introduce the first FEPM scheme with a hidden string, such that the adversary cannot get any information about the ciphertext from its description. The security of our scheme is formally analyzed. The proposed scheme provides both confidentiality and anonymity while maintaining its expressiveness. We prove these security properties under the interactive general Diffie–Hellman assumption (i-GDH) and a static assumption introduced in this paper.

A Novel Hierarchical Key Assignment Scheme for Data Access Control in IoT

Hierarchical key assignment scheme is an efficient cryptographic method for hierarchical access control, in which the encryption keys of lower classes can be derived by the higher classes. Such a property is an effective way to ensure the access control security of Internet of Things data markets. However, many researchers on this field cannot avoid potential single point of failure in key distribution, and some key assignment schemes are insecure against collusive attack or sibling attack or collaborative attack. In this paper, we propose a hierarchical key assignment scheme based on multilinear map to solve the multigroup access control in Internet of Things data markets. Compared with previous hierarchical key assignment schemes, our scheme can avoid potential single point of failure in key distribution. Also the central authority of our scheme (corresponding to the data owner in IoT data markets) does not need to assign the corresponding encryption keys to each user directly, and users in each class can obtain the encryption key via only a one-round key agreement protocol. We then show that our scheme satisfies the security of key indistinguishability under decisional multilinear Diffie-Hellman assumption. Finally, comparisons show the efficiency of our scheme and indicates that our proposed scheme can not only resist the potential attacks, but also guarantee the forward and backward security.

Third Party Public Auditing Scheme for Cloud Storage

Thus the new auditing scheme has been developed by considering all these requirements. It consist of three entities: data owner, TPA and cloud server. The data owner performs various operations such as splitting the file to blocks, encrypting them, generating a hash value for each, concatenating it and generating a signature on it. The TPA performs the main role of data integrity check. It performs activities like generating hash value for encrypted blocks received from cloud server, concatenating them and generates signature on it. It later compares both the signatures to verify whether the data stored on cloud is tampered or not. It verifies the integrity of data on demand of the users. The cloud server is used only to save the encrypted blocks of data. This proposed auditing scheme make use of AES algorithm for encryption, SHA-2 for integrity check and RSA signature for digital signature calculation. In this philosophy, users of cloud storage services no longer physically maintain direct control over their data, which makes data security one of the major concerns of using cloud. Existing research work already allows data integrity to be verified without possession of the actual data file. When the verification is done by a trusted third party, this verification process is also called data auditing, and this third party is called an auditor. As a result, every small update will cause re-computation and updating of the authenticator for an entire file block, which in turn causes higher storage and communication overheads. In this paper, we provide a formal analysis for possible types of fine-grained data updates and propose a scheme that can fully support authorized auditing and fine-grained update requests. Basedon our scheme, we also propose an enhancement that can dramatically reduce communication overheads for verifying small updates Keywords: Cloud computing, big data, data security, authorized auditing, fine-grained dynamic data update

A New Secure Model for Data Protection over Cloud Computing

The main goal of any data storage model on the cloud is accessing data in an easy way without risking its security. A security consideration is a major aspect in any cloud data storage model to provide safety and efficiency. In this paper, we propose a secure data protection model over the cloud. The proposed model presents a solution to some security issues of cloud such as data protection from any violations and protection from a fake authorized identity user, which adversely affects the security of the cloud. This paper includes multiple issues and challenges with cloud computing that impairs security and privacy of data. It presents the threats and attacks that affect data residing in the cloud. Our proposed model provides the benefits and effectiveness of security in cloud computing such as enhancement of the encryption of data in the cloud. It provides security and scalability of data sharing for users on the cloud computing. Our model achieves the security functions over cloud computing such as identification and authentication, authorization, and encryption. Also, this model protects the system from any fake data owner who enters malicious information that may destroy the main goal of cloud services. We develop the one-time password (OTP) as a logging technique and uploading technique to protect users and data owners from any fake unauthorized access to the cloud. We implement our model using a simulation of the model called Next Generation Secure Cloud Server (NG-Cloud). These results increase the security protection techniques for end user and data owner from fake user and fake data owner in the cloud.

A Novel Trade Transaction Agreement Algorithm Using Blockchain Consensus Mechanism

Blockchain, the underlying technology of Bitcoin, has been deeply studied in various fields after its development in recent years. As a typical decentralized distributed data storage system, consensus reached among all participants in a blockchain system requires a consensus mechanism to be realized. In order to make blockchain applicable to different application scenarios, different consensus mechanisms have been proposed. With the further development of blockchain applications, more and more studies have been conducted on the consensus mechanism. However, some existing consensus mechanisms still have some problems in various aspects. Therefore, this paper proposes a trade deal algorithm based on the blockchain mechanism of consensus. First of all, according to PBFT, the lack of a dynamic problem in the VPBFT voting mechanism was introduced. The node system is divided into four types with different responsibilities and gives the number of relations between nodes. When the number of nodes is changed, it can be calculated according to the quantity relation, ensuring dynamic. Second, a data anonymous transaction and authentication protocol is designed. In the protocol, when the seller sells data, the mapping relationship between the real identity and the false identity of the data owner is blinded and sent to the buyer. When the buyer wants to verify their identity, the seller’s identity can only be verified with the authentication of the blockchain. The proposed algorithm is superior to the current consensus in terms of time and energy consumption, throughput, and fault tolerance methods, which is proven through experimental tests and simulation analysis.

Protecting Sensitive Data with Secure Data Enclaves

A Secure Data Enclave is a system that allows data owners to control data access and ensure data security while facilitating approved uses of data by other parties. This model of data use offers additional protections and technical controls for the data owner compared to the more commonly used approach of transferring data from the owner to another party through a data sharing agreement. Under the data use model, the data owner retains full transparency and auditing over the other party’s access, which can be difficult to achieve in practice with even the best legal instrument for data sharing. We describe the key technical requirements for a Secure Data Enclave and provide a reference architecture for its implementation on the Amazon Web Services platform using managed cloud services.

A Secure Key Aggregate Searchable Encryption with Multi Delegation in Cloud Data Sharing Service

As the amount of data generated in various distributed environments is rapidly increasing, cloud servers and computing technologies are attracting considerable attention. However, the cloud server has privacy issues, including personal information and requires the help of a Trusted Third Party (TTP) for data sharing. However, because the amount of data generated and value increases, the data owner who produces data must become the subject of data sharing. In this study, we use key aggregate searchable encryption (KASE) technology, which enables keyword search, to efficiently share data without using TTP. The traditional KASE scheme approach only discusses the authority delegation from the data owner to another user. The traditional KASE scheme approach only discusses delegation of authority from the data owner to another user. However, if the delegated entity cannot perform time-critical tasks because the shared data are unavailable, the delegate must further delegate the rights given to other users. Consequently, this paper proposes a new KASE scheme that enables multi-delegation without TTP and includes an authentication technique between the user and the server. After that, we perform informal and formal analysis using BAN logic and AVISPA for security evaluation, and compare the security and performance aspects with existing schemes.

An Inner Product Space-Based Hierarchical Key Assignment Scheme for Access Control

<div>An inner product space-based hierarchical access control scheme is presented in this work. The proposed scheme can be utilized in any cloud delivery model where the data owner implements a hierarchical access control policy. In other words, the scheme adjusts any hierarchical access control policy to a digital medium. The scheme is based on inner product spaces and the method of orthogonal projection. While distributing a basis for each class by the data owner, left-to-right and bottom-up (LRBU) policy can ensure much more flexibility and efficiency, especially during any change in the structure. For each class, the secret keys can be derived only when a predetermined subspace is available. Our scheme is resistant to collusion attacks and privilege creep problems, as well as providing key recovery and key indistinguishability security. The performance analysis also shows us that the data storage overhead is much more tolerable than other schemes in the literature. In addition, the other advantage of our key access scheme over many others in the literature is that it requires only one operation to derive the secret key of child classes securely and efficiently.</div>