544 research outputs found
Recommended from our members
R-PEKS: RBAC Enabled PEKS for Secure Access of Cloud Data
In the recent past, few works have been done by combining attribute-based access control with multi-user PEKS, i.e., public key encryption with keyword search. Such attribute enabled searchable encryption is most suitable for applications where the changing of privileges is done once in a while. However, to date, no efficient and secure scheme is available in the literature that is suitable for these applications where changing privileges are done frequently. In this paper our contributions are twofold. Firstly, we propose a new PEKS scheme for string search, which, unlike the previous constructions, is free from bi-linear mapping and is efficient by 97% compared to PEKS for string search proposed by Ray et.al in TrustCom 2017. Secondly, we introduce role based access control (RBAC) to multi-user PEKS, where an arbitrary group of users can search and access the encrypted files depending upon roles. We termed this integrated scheme as R-PEKS. The efficiency of R-PEKS over the PEKS scheme is up to 90%. We provide formal security proofs for the different components of R-PEKS and validate these schemes using a commercial dataset
A Practical Framework for Storing and Searching Encrypted Data on Cloud Storage
Security has become a significant concern with the increased popularity of
cloud storage services. It comes with the vulnerability of being accessed by
third parties. Security is one of the major hurdles in the cloud server for the
user when the user data that reside in local storage is outsourced to the
cloud. It has given rise to security concerns involved in data confidentiality
even after the deletion of data from cloud storage. Though, it raises a serious
problem when the encrypted data needs to be shared with more people than the
data owner initially designated. However, searching on encrypted data is a
fundamental issue in cloud storage. The method of searching over encrypted data
represents a significant challenge in the cloud.
Searchable encryption allows a cloud server to conduct a search over
encrypted data on behalf of the data users without learning the underlying
plaintexts. While many academic SE schemes show provable security, they usually
expose some query information, making them less practical, weak in usability,
and challenging to deploy. Also, sharing encrypted data with other authorized
users must provide each document's secret key. However, this way has many
limitations due to the difficulty of key management and distribution.
We have designed the system using the existing cryptographic approaches,
ensuring the search on encrypted data over the cloud. The primary focus of our
proposed model is to ensure user privacy and security through a less
computationally intensive, user-friendly system with a trusted third party
entity. To demonstrate our proposed model, we have implemented a web
application called CryptoSearch as an overlay system on top of a well-known
cloud storage domain. It exhibits secure search on encrypted data with no
compromise to the user-friendliness and the scheme's functional performance in
real-world applications.Comment: 146 Pages, Master's Thesis, 6 Chapters, 96 Figures, 11 Table
Secure Remote Storage of Logs with Search Capabilities
Dissertação de Mestrado em Engenharia InformáticaAlong side with the use of cloud-based services, infrastructure and storage, the use of application logs
in business critical applications is a standard practice nowadays. Such application logs must be stored
in an accessible manner in order to used whenever needed. The debugging of these applications is a
common situation where such access is required. Frequently, part of the information contained in logs
records is sensitive.
This work proposes a new approach of storing critical logs in a cloud-based storage recurring to
searchable encryption, inverted indexing and hash chaining techniques to achieve, in a unified way, the
needed privacy, integrity and authenticity while maintaining server side searching capabilities by the logs
owner.
The designed search algorithm enables conjunctive keywords queries plus a fine-grained search
supported by field searching and nested queries, which are essential in the referred use case. To the
best of our knowledge, the proposed solution is also the first to introduce a query language that enables
complex conjunctive keywords and a fine-grained search backed by field searching and sub queries.A gerac¸ ˜ao de logs em aplicac¸ ˜oes e a sua posterior consulta s˜ao fulcrais para o funcionamento de qualquer
neg´ocio ou empresa. Estes logs podem ser usados para eventuais ac¸ ˜oes de auditoria, uma vez
que estabelecem uma baseline das operac¸ ˜oes realizadas. Servem igualmente o prop´ osito de identificar
erros, facilitar ac¸ ˜oes de debugging e diagnosticar bottlennecks de performance. Tipicamente, a maioria
da informac¸ ˜ao contida nesses logs ´e considerada sens´ıvel.
Quando estes logs s˜ao armazenados in-house, as considerac¸ ˜oes relacionadas com anonimizac¸ ˜ao,
confidencialidade e integridade s˜ao geralmente descartadas. Contudo, com o advento das plataformas
cloud e a transic¸ ˜ao quer das aplicac¸ ˜oes quer dos seus logs para estes ecossistemas, processos de
logging remotos, seguros e confidenciais surgem como um novo desafio. Adicionalmente, regulac¸ ˜ao
como a RGPD, imp˜oe que as instituic¸ ˜oes e empresas garantam o armazenamento seguro dos dados.
A forma mais comum de garantir a confidencialidade consiste na utilizac¸ ˜ao de t ´ecnicas criptogr ´aficas
para cifrar a totalidade dos dados anteriormente `a sua transfer ˆencia para o servidor remoto. Caso sejam
necess´ arias capacidades de pesquisa, a abordagem mais simples ´e a transfer ˆencia de todos os dados
cifrados para o lado do cliente, que proceder´a `a sua decifra e pesquisa sobre os dados decifrados.
Embora esta abordagem garanta a confidencialidade e privacidade dos dados, rapidamente se torna
impratic ´avel com o crescimento normal dos registos de log. Adicionalmente, esta abordagem n˜ao faz
uso do potencial total que a cloud tem para oferecer.
Com base nesta tem´ atica, esta tese prop˜oe o desenvolvimento de uma soluc¸ ˜ao de armazenamento
de logs operacionais de forma confidencial, integra e autˆ entica, fazendo uso das capacidades de armazenamento
e computac¸ ˜ao das plataformas cloud. Adicionalmente, a possibilidade de pesquisa sobre
os dados ´e mantida. Essa pesquisa ´e realizada server-side diretamente sobre os dados cifrados e sem
acesso em momento algum a dados n˜ao cifrados por parte do servidor..
Authorized keyword search over outsourced encrypted data in cloud environment
For better data availability and accessibility while ensuring data secrecy, end-users often tend to outsource their data to the cloud servers in an encrypted form. However, this brings a major challenge to perform the search for some keywords over encrypted content without disclosing any information to unintended entities. This paper proposes a novel expressive authorized keyword search scheme relying on the concept of ciphertext-policy attribute-based encryption. The originality of the proposed scheme is multifold. First, it supports the generic and convenient multi-owner and multi-user scenario, where the encrypted data are outsourced by several data owners and searchable by multiple users. Second, the formal security analysis proves that the proposed scheme is semantically secure against chosen keyword and outsider's keyword guessing attacks. Third, an interactive protocol is introduced which avoids the need of any secure channels between users and service provider. Fourth, due to the concept of bilinear-map accumulator, the system can efficiently revoke users and/or their attributes, and authenticate them prior to launching any expensive search operations. Fifth, conjunctive keyword search is provided thus enabling to search for multiple keywords simultaneously, with minimal cost. Sixth, the performance analysis shows that the proposed scheme outperforms closely-related works
Certificate-Less Searchable Encryption with a Refreshing Keyword Search
Public Key Encryptions with Keyword Search (PEKS) scheme had been hosted for keeping data security and privacy of outsourced data in a cloud environment. It is also used to provide search operations on encrypted data. Nevertheless, most of the existing PEKS schemes are disposed to key-escrow problems due to the private key of the target users are known by the Key Generating Center (KGC). To improve the key escrow issue in PEKS schemes, the Certificate-Less Public Key Encryptions with Keyword Search (CL-PEKS) scheme has been designed. Meanwhile, the existing CL-PEKS schemes do not consider refreshing keyword searches. Due to this, the cloud server can store search trapdoors for keywords used in the system and can launch keyword guessing attacks. In this research work, we proposed Certificate-Less Searchable Encryption with a Refreshing Keyword Search (CL-SERKS) scheme by attaching date information to the encrypted data and keyword. We demonstrated that our proposed scheme is secure against adaptively chosen keyword attacks against both types of adversaries, where one adversary is given the power to select a random public key as a replacement for the user’s public key whereas another adversary is allowed to learn the system master key in the random oracle model under the Bilinear Diffie-Hellman problem assumption. We evaluated the performance of the proposed scheme in terms of both computational cost and communication cost. Experimental results show that the proposed CL-SERKS scheme has better computational cost during the key generation phase and testing phase than two related schemes. It also has lower communication costs than both related schemes
Efficient and secure ranked multi-keyword search on encrypted cloud data
Information search and document retrieval from a remote database (e.g. cloud server) requires submitting the search terms to the database holder. However, the search terms may contain sensitive information that must be kept secret from the database holder. Moreover, the privacy concerns apply to the relevant documents retrieved by the user in the later stage since they may also contain sensitive data and reveal information about sensitive search terms. A related protocol, Private Information Retrieval (PIR), provides useful cryptographic tools to hide the queried search terms and the data retrieved from the database while returning most relevant documents to the user. In this paper, we propose a practical privacy-preserving ranked keyword search scheme based on PIR that allows multi-keyword queries with ranking capability. The proposed scheme increases the security of the keyword search scheme while still satisfying efficient computation and communication requirements. To the best of our knowledge the majority of previous works are not efficient for assumed scenario where documents are large files. Our scheme outperforms the most efficient proposals in literature in terms of time complexity by several orders of magnitude
Trapdoor-indistinguishable secure channel free public key encryption with multi-keywords search (student contributions)
Public Key Encryption with Keyword Search (PEKS) enables users to search encrypted messages by a specific keyword without compromising the original data security. Traditional PEKS schemes allow users to search one keyword only instead of multiple keywords. Therefore, these schemes may not be applied in practice. Besides, some PEKS schemes are vulnerable to Keyword Guessing Attack (KGA). This paper formally defines a concept of Trapdoor-indistinguishable Secure Channel Free Public Key Encryption with Multi-Keywords Search (tSCF-MPEKS) and then presents a concrete construction of tSCF-MPEKS. The proposed scheme solves multiple keywords search problem and satisfies the properties of Ciphertext Indistinguishability and Trapdoor Indistinguishability. Its security is semantic security in the random oracle models under Bilinear Diffle-Hellman (BDH) and 1-Bilinear Diffie-Hellman Inversion (1-BDHI) assumptions so that it is able to resist KGA
Controlled and Secure Sharing Threat Intelligence
Cyber threat information sharing platforms have become a useful weapon for
dealing with cyberattacks, proactively mitigating them and thus reducing risk
exposure. These allow multiple agencies to connect with each other, forming a
community, and share that same intrusion information regarding cyberattacks
or threats with each other.
The Malware Information Sharing Platform (MISP) is particularly developed
to promote the open dissemination of information such as intrusion indicators
within a community. This exchange of information related to threats
or incidents is treated as a data synchronisation procedure between di erent
MISP instances, which may belong to one or more communities, companies or
organisations. However, this platform presents limitations if its information is
considered as classi ed or shared only for a certain period of time. This implies
that this information should be treated only in encrypted form. One solution
is to use MISP with searchable encryption techniques to impose greater control
over information sharing.
In this document, it is present a system that guarantees a controlled synchronisation
of information between entities through the use of encrypted search
techniques to guarantee the con dentiality of the information present in the
MISP platform and also the use of synchronisation policies to control the way
information is exchanged
- …