INTEGRATED KEY SEARCH WITH SELECTED SUPPORTER AND TEMPORAL ARRANGEMENT ACTIVATED CONCEAL RE-FORMATION UTILITY FOR ON-LINE HEALTH RECORDS

A digital health record technique is one application which will bring great convenience in healthcare. Within this paper, we introduce one cryptographic primitive named as conjunctive keyword search with designated tester and timing enabled proxy re-file file encryption function, which is a type of sometime-dependent SE plan. We design one searchable file encryption plan supporting secure conjunctive keyword search and approved delegation function. The searchable file encryption (SE) plan may well be a technology to include security protection and favorable operability functions together, that may play a huge role within the e-health record system. As opposed to existing schemes, the task is able to do timing enabled proxy re-file file encryption with effective delegation revocation. The security and privacy within the sensitive private information would be the major concerns within the users that could hinder further development and broadly adoption within the systems. It might enable patients to delegate partial access legal rights along with other individuals to function search functions over their records in the while period. How big time-frame for your delegate to look and decrypt the delegator’s encrypted documents may be controlled. The comparison and extensive simulations show it provides a small computation and storage overhead. We formulate a method model along with a security model for your suggested Re-dtPECK plan to exhibit it's competent plan proven secure within the standard model. The experimental results and security analysis indicate our plan holds much greater security compared to existing solutions by having an acceptable overhead for cloud applications

PUBLIC-KEY ENCRYPTION WITH KEY PURSUE SURE DISTRACT STORAGE IN DOUBLE SERVER

A predominant segment of our planning for dual-hostess community key file encryption with abraxas explore stretch projective hash role, an idea created by Cramer and Soup. During this report, we must have added vital goods of civilized projective hash roles. We initiate two games, i.e. semantic-insurance counter to selected secret sign hurt also in detect ingenuity vs abraxas reckoning raid1 to grab the security of PEKS ciphers text and postern door, proportionately. In discomfit of body eliminate classified key sharing, PEKS schemes are suffering by a simple vulnerability relating to the postern door secret sign concealment, specifically interior Keyword Guessing Attack. Regrettably, it archaic incorporated the typical PEKS scheme is struggle with an all-instinctive instability admitted as innards abraxas reckoning raid put in motion adopting the vengeful waitress. To knob this confidence understrength, we recommend a thoroughly new PEKS groundwork opted dual-assistant PEKS. You need show a systematic system of sure DS-PEKS from LH-SPHF. Our plan is transcendent potent when it comes to PEKS reckoning. For the impetus that our plan doesn't incorporate pairing estimation. Particularly, already stated plan necessitates abstract calculation cost by reason 2 pairing calculation per PEKS generation

Public key encryption with keyword search secure against keyword guessing attacks without random oracle

The notion of public key encryption with keyword search (PEKS) was put forth by Boneh et al. to enable a server to search from a collection of encrypted emails given a “trapdoor” (i.e., an encrypted keyword) provided by the receiver. The nice property in this scheme allows the server to search for a keyword, given the trapdoor. Hence, the verifier can merely use an untrusted server, which makes this notion very practical. Following Boneh et al.’s work, there have been subsequent works that have been proposed to enhance this notion. Two important notions include the so-called keyword guessing attack and secure channel free, proposed by Byun et al. and Baek et al., respectively. The former realizes the fact that in practice, the space of the keywords used is very limited, while the latter considers the removal of secure channel between the receiver and the server to make PEKS practical. Unfortunately, the existing construction of PEKS secure against keyword guessing attack is only secure under the random oracle model, which does not reflect its security in the real world. Furthermore, there is no complete definition that captures secure channel free PEKS schemes that are secure against chosen keyword attack, chosen ciphertext attack, and against keyword guessing attacks, even though these notions seem to be the most practical application of PEKS primitives. In this paper, we make the following contributions. First, we define the strongest model of PEKS which is secure channel free and secure against chosen keyword attack, chosen ciphertext attack, and keyword guessing attack. In particular, we present two important security notions namely IND-SCF-CKCA and IND-KGA. The former is to capture an inside adversary, while the latter is to capture an outside adversary. Intuitively, it should be clear that IND-SCF-CKCA captures a more stringent attack compared to IND-KGA. Second, we present a secure channel free PEKS scheme secure without random oracle under the well known assumptions, namely DLP, DBDH, SXDH and truncated q-ABDHE assumption. Our contributions fill the gap in the literature and hence, making the notion of PEK

CLKS: Certificateless Keyword Search on Encrypted Data

Keyword search on encrypted data enables one to search keyword ciphertexts without compromising keyword security. We further investigate this problem and propose a novel variant, dubbed certificateless keyword search on encrypted data (CLKS). CLKS not only supports keyword search on encrypted data, but also brings promising features due to the certificateless cryptography. In contrast to the certificated-based keyword search, CLKS requires no validation on the trustworthy of the public key before encrypting keywords; in contrast to the identity-based keyword search, CLKS prevents the key issuer (e.g., key generator center) from penetrating any information on keyword ciphertexts by leveraging the capability of accessing all data users’ (partial) private keys. Specifically, we rigorously define the syntax and security definitions for CLKS, and present the construction that is provably secure in the standard model under the Decisional Linear assumption. We implemented the proposed CLKS scheme and evaluated its performance. To the best of our knowledge, this is the first attempt to integrate certificateless cryptography with keyword search on encrypted data

Generic Construction of Public-key Authenticated Encryption with Keyword Search Revisited: Stronger Security and Efficient Construction

Public-key encryption with keyword search (PEKS) does not provide trapdoor privacy, i.e., keyword information is leaked through trapdoors. To prevent this information leakage, public key authenticated encryption with keyword search (PAEKS) has been proposed, where a sender\u27s secret key is required for encryption, and a trapdoor is associated with not only a keyword but also the sender. Liu et al. (ASIACCS 2022) proposed a generic construction of PAEKS based on word-independent smooth projective hash functions (SPHFs) and PEKS. In this paper, we propose a new generic construction of PAEKS. The basic construction methodology is the same as that of the Liu et al. construction, where each keyword is converted into an extended keyword using SPHFs, and PEKS is used for extended keywords. Nevertheless, our construction is more efficient than Liu et al.\u27s in the sense that we only use one SPHF, but Liu et al. used two SPHFs. In addition, for consistency we considered a security model that is stronger than Liu et al.\u27s. Briefly, Liu et al. considered only keywords even though a trapdoor is associated with not only a keyword but also a sender. Thus, a trapdoor associated with a sender should not work against ciphertexts generated by the secret key of another sender, even if the same keyword is associated. Our consistency definition considers a multi-sender setting and captures this case. In addition, for indistinguishability against chosen keyword attack (IND-CKA) and indistinguishability against inside keyword guessing attack (IND-IKGA), we use a stronger security model defined by Qin et al. (ProvSec 2021), where an adversary is allowed to query challenge keywords to the encryption and trapdoor oracles. We also highlight several issues associated with the Liu et al. construction in terms of hash functions, e.g., their construction does not satisfy the consistency that they claimed to hold

Dynamic Searchable Public-Key Ciphertexts with Fast Performance and Practical Security

Public-key encryption with keyword search (PEKS) allows a sender to generate keyword-searchable ciphertexts using a receiver’s public key and upload them to a server. Upon receiving a keyword-search trapdoor from the receiver, the server finds all matching ciphertexts. Due to the characteristics of public-key encryption, PEKS is inherently suitable for the application of numerous senders. Hence, PEKS is a well-known method to achieve secure keyword search over the encrypted email system. However, we find that without a keyword-search trapdoor, the traditional concept of PEKS still allows the server to have the obvious advantage to distinguish ciphertexts in practice. In other words, the traditional PEKS cannot guarantee the well-recognized semantic security in practice. To solve this problem, this paper defines a new concept called dynamic searchable public-key encryption (DSPE). It can hide the relationships between keyword-searchable ciphertexts and their corresponding encrypted files, and guarantee semantic security in both theory and practice. In addition, it allows the server to delete the intended ciphertexts according to the receiver’s requirement. Then, we construct a DSPE instance with provable semantic security in the random oracle model. In terms of performance, the proposed instance also has the advantage that it only requires sublinear complexity to determine all matching ciphertexts or to delete the intended ciphertexts. Finally, we experimentally demonstrate the practicability of the instance

Secure Remote Storage of Logs with Search Capabilities

Dissertação de Mestrado em Engenharia InformáticaAlong side with the use of cloud-based services, infrastructure and storage, the use of application logs in business critical applications is a standard practice nowadays. Such application logs must be stored in an accessible manner in order to used whenever needed. The debugging of these applications is a common situation where such access is required. Frequently, part of the information contained in logs records is sensitive. This work proposes a new approach of storing critical logs in a cloud-based storage recurring to searchable encryption, inverted indexing and hash chaining techniques to achieve, in a unified way, the needed privacy, integrity and authenticity while maintaining server side searching capabilities by the logs owner. The designed search algorithm enables conjunctive keywords queries plus a fine-grained search supported by field searching and nested queries, which are essential in the referred use case. To the best of our knowledge, the proposed solution is also the first to introduce a query language that enables complex conjunctive keywords and a fine-grained search backed by field searching and sub queries.A gerac¸ ˜ao de logs em aplicac¸ ˜oes e a sua posterior consulta s˜ao fulcrais para o funcionamento de qualquer neg´ocio ou empresa. Estes logs podem ser usados para eventuais ac¸ ˜oes de auditoria, uma vez que estabelecem uma baseline das operac¸ ˜oes realizadas. Servem igualmente o prop´ osito de identificar erros, facilitar ac¸ ˜oes de debugging e diagnosticar bottlennecks de performance. Tipicamente, a maioria da informac¸ ˜ao contida nesses logs ´e considerada sens´ıvel. Quando estes logs s˜ao armazenados in-house, as considerac¸ ˜oes relacionadas com anonimizac¸ ˜ao, confidencialidade e integridade s˜ao geralmente descartadas. Contudo, com o advento das plataformas cloud e a transic¸ ˜ao quer das aplicac¸ ˜oes quer dos seus logs para estes ecossistemas, processos de logging remotos, seguros e confidenciais surgem como um novo desafio. Adicionalmente, regulac¸ ˜ao como a RGPD, imp˜oe que as instituic¸ ˜oes e empresas garantam o armazenamento seguro dos dados. A forma mais comum de garantir a confidencialidade consiste na utilizac¸ ˜ao de t ´ecnicas criptogr ´aficas para cifrar a totalidade dos dados anteriormente `a sua transfer ˆencia para o servidor remoto. Caso sejam necess´ arias capacidades de pesquisa, a abordagem mais simples ´e a transfer ˆencia de todos os dados cifrados para o lado do cliente, que proceder´a `a sua decifra e pesquisa sobre os dados decifrados. Embora esta abordagem garanta a confidencialidade e privacidade dos dados, rapidamente se torna impratic ´avel com o crescimento normal dos registos de log. Adicionalmente, esta abordagem n˜ao faz uso do potencial total que a cloud tem para oferecer. Com base nesta tem´ atica, esta tese prop˜oe o desenvolvimento de uma soluc¸ ˜ao de armazenamento de logs operacionais de forma confidencial, integra e autˆ entica, fazendo uso das capacidades de armazenamento e computac¸ ˜ao das plataformas cloud. Adicionalmente, a possibilidade de pesquisa sobre os dados ´e mantida. Essa pesquisa ´e realizada server-side diretamente sobre os dados cifrados e sem acesso em momento algum a dados n˜ao cifrados por parte do servidor..

Public-key Authenticated Encryption with Keyword Search: A Generic Construction and Its Quantum-resistant Instantiation

The industrial Internet of Things (IIoT) integrates sensors, instruments, equipment, and industrial applications, enabling traditional industries to automate and intelligently process data. To reduce the cost and demand of required service equipment, IIoT relies on cloud computing to further process and store data. Public-key encryption with keyword search (PEKS) plays an important role, due to its search functionality, to ensure the privacy and confidentiality of the outsourced data and the maintenance of flexibility in the use of the data. Recently, Huang and Li proposed the ``public-key authenticated encryption with keyword search\u27\u27 (PAEKS) to avoid the insider keyword guessing attacks (IKGA) in the previous PEKS schemes. However, all current PAEKS schemes are based on the discrete logarithm assumption and are therefore vulnerable to quantum attacks. In this study, we first introduce a generic PAEKS construction, with the assistance of a trusted authority, that enjoys the security against IKGA in the standard model, if all building blocks are secure under standard model. Based on the framework, we further propose a novel instantiation of quantum-resistant PAEKS that is based on NTRU assumption under random oracle. Compared with its state-of-the-art counterparts, the experiment result indicates that our instantiation is more efficient and secure

Verifiable key-aggregate searchable encryption with a designated server in multi-owner setting

Key-aggregate searchable encryption (KASE) schemes support selective data sharing and keyword-based ciphertext searching by using the constant-size shared key and trapdoor, making these schemes attractive for resource-constrained users to store, share, and search encrypted data in public clouds. However, most previously proposed KASE schemes suffer from our proposed "off-line keyword guessing attack (KGA)" and some other weaknesses. Consequently, they fail to gain the keyword ciphertext indistinguishability and trapdoor indistinguishability, which are vital security goals of searchable encryption. Inspired by the relationship of public key encryption with keyword search (PEKS) and KASE, we design a new KASE scheme called key-aggregate searchable encryption with a designated server (dKASE). The dKASE scheme achieves our proposed keyword ciphertext indistinguishability against chosen keyword attack (KC-IND-CKA) and keyword trapdoor indistinguishability against keyword guessing attack (KT-IND-KGA) security models, where the latter model captures off-line KGA. Then, we extend the dKASE scheme to verifiable dKASE in multi-owner setting (dVKASEM) scheme. With dVKASEM, when multiple data owners authorize a user to access data, the user merely needs to store his single key and generate a single trapdoor to query these owners’ data. Besides, the adoption of the aggregate signature significantly reduces the overhead of verifying whether data has been tampered with. Performance analysis illustrates that our schemes are efficient