The E-Health Cloud Platform Now Supports A Keyword Search Related To Timer Use And Lab-Enabled Proxy Recoding

The delivery of healthcare may be vastly enhanced by the introduction of novel software, such as an electronic health record system. Users' fundamental concerns about the privacy and security of their personal information may be slowing the systems' widespread adoption. The searchable encryption (SE) method is a promising option for the electronic health record system due to its ability to provide strong security without sacrificing usability. Our research introduces a new cryptographic primitive, which we've termed "Re-dtPECK." It's a time-dependent SE approach that combines conjunctive keyword search with a designated tester and a proxy reencryption function that takes time into consideration. Patients may use this function to provide access to their data to carefully chosen researchers for a short period of time. Any allotted period for a delegatee to view and decode their delegator's encrypted papers may be extended if required. It's possible that the delegate's access and search capabilities will expire after a certain period of time has passed. It's also capable of conjunctive keyword searches and resisting assaults based on guessing. Only the authorized tester is allowed to look for the existence of certain keywords in the proposed method. We provide a system model and a security model for the proposed Re-dtPECK approach to prove that it is a safe and effective replacement for the existing standard. Simulations and comparisons with other methods show that it requires very little bandwidth and storage space for data

Searchable atribute-based mechanism with efficiient data sharing for secure cloud storage

To date, the growth of electronic personal data leads to a trend that data owners prefer to remotely outsource their data to clouds for the enjoyment of the high-quality retrieval and storage service without worrying the burden of local data management and maintenance. However, secure share and search for the outsourced data is a formidable task, which may easily incur the leakage of sensitive personal information. Efficient data sharing and searching with security is of critical importance. This paper, for the first time, proposes a searchable attribute-based proxy re-encryption system. When compared to existing systems only supporting either searchable attribute-based functionality or attribute-based proxy re-encryption, our new primitive supports both abilities and provides flexible keyword update service. Specifically, the system enables a data owner to efficiently share his data to a specified group of users matching a sharing policy and meanwhile, the data will maintain its searchable property but also the corresponding search keyword(s) can be updated after the data sharing. The new mechanism is applicable to many real-world applications, such as electronic health record systems. It is also proved chosen ciphertext secure in the random oracle model

Study on A Proposed Scheme for Generating Inverted Encryption Index Structure Based on Public Homomorphic Encryption

This research article focuses on the formidable challenge of efficiently searching through encrypted data in cloud environments, particularly as an extended number of users adopt encryption for their sensitive Information. The inverted index has proven to be a robust and effective searchable index structure in this context. However, striking a balance between preserving user privacy and enabling conjunctive multi-keyword searches remains a significant hurdle for existing solutions. In response to this challenge, the authors propose an innovative public-key-based encrypted file system. This system follows conjunctive multi-keyword searches but also eliminates the restrictive one-time-only searching limitation that has been a drawback in previous approaches. The proposed solution goes beyond conventional methods by safeguarding the search pattern, a critical aspect of user privacy. Their approach involves the integration of a probabilistic trapdoor- generating mechanism, adding an extra layer of security. To fortify their technique and adhere to more stringent security standards, the authors introduce an oblivious transmission control mechanism. This mechanism enhances the overall security posture of the system, ensuring robust protection against potential threats. The simulation results presented in the article demonstrate the practical proposed technique in real-world applications. Despite the additional security measures, the approach incurs reasonable overhead, making it a viable and efficient solution for cloud-based encrypted data searches

FEASE: Fast and Expressive Asymmetric Searchable Encryption

Asymmetric Searchable Encryption (ASE) is a promising cryptographic mechanism that enables a semi-trusted cloud server to perform keyword searches over encrypted data for users. To be useful, an ASE scheme must support expressive search queries, which are expressed as conjunction, disjunction, or any Boolean formulas. In this paper, we propose a fast and expressive ASE scheme that is adaptively secure, called FEASE. It requires only 3 pairing operations for searching any conjunctive set of keywords independent of the set size and has linear complexity for encryption and trapdoor algorithms in the number of keywords. FEASE is based on a new fast Anonymous Key-Policy Attribute-Based Encryption (A-KP-ABE) scheme as our first proposal, which is of independent interest. To address optional protection against keyword guessing attacks, we extend FEASE into the first expressive Public-Key Authenticated Encryption with Keyword Search (PAEKS) scheme. We provide implementations and evaluate the performance of all three schemes, while also comparing them with the state of the art. We observe that FEASE outperforms all existing expressive ASE constructions and that our A-KP-ABE scheme offers anonymity with efficiency comparable to the currently fastest yet non-anonymous KP-ABE schemes FAME (ACM CCS 2017) and FABEO (ACM CCS 2022)

Exclusion-intersection encryption

Identity-based encryption (IBE) has shown to be a useful cryptographic scheme enabling secure yet flexible role-based access control. We propose a new variant of IBE named as exclusion-intersection encryption: during encryption, the sender can specify the targeted groups that are legitimate and interested in reading the documents; there exists a trusted key generation centre generating the intersection private decryption keys on request. This special private key can only be used to decrypt the ciphertext which is of all the specified groups' interests, its holders are excluded from decrypting when the documents are not targeted to all these groups (e.g., the ciphertext of only a single group's interest). While recent advances in cryptographic techniques (e.g., attribute-based encryption or wicked IBE) can support a more general access control policy, the private key size may be as long as the number of attributes or identifiers that can be specified in a ciphertext, which is undesirable, especially when each user may receive a number of such keys for different decryption power. One of the applications of our notion is to support an ad-hoc joint project of two or more groups which needs extra helpers that are not from any particular group. © 2011 IEEE.published_or_final_versionThe 1st IEEE International Workshop on Security in Computers, Networking and Communications (SCNC 2011) in conjuntion with IEEE INFOCOM 2011, Shanghai, China, 10-15 April 2011. In Conference Proceedings of INFOCOM WKSHPS, 2011, p. 1048-1053The 1st IEEE International Workshop on Security in Computers, Networking and Communications (SCNC 2011) in conjuntion with IEEE INFOCOM 2011, Shanghai, China, 10-15 April 2011. In Conference Proceedings of INFOCOM WKSHPS, 2011, p. 1048-105

Practical Architectures for Deployment of Searchable Encryption in a Cloud Environment

Public cloud service providers provide an infrastructure that gives businesses and individuals access to computing power and storage space on a pay-as-you-go basis. This allows these entities to bypass the usual costs associated with having their own data centre such as: hardware, construction, air conditioning and security costs, for example, making this a cost-effective solution for data storage. If the data being stored is of a sensitive nature, encrypting it prior to outsourcing it to a public cloud is a good method of ensuring the confidentiality of the data. With the data being encrypted, however, searching over it becomes unfeasible. In this paper, we examine different architectures for supporting search over encrypted data and discuss some of the challenges that need to be overcome if these techniques are to be engineered into practical systems

Novel Techniques for Secure Use of Public Cloud Computing Resources

The federal government has an expressed interest in moving data and services to third party service providers in order to take advantage of the flexibility, scalability, and potential cost savings. This approach is called cloud computing. The thesis for this research is that efficient techniques exist to support the secure use of public cloud computing resources by a large, federated enterprise. The primary contributions of this research are the novel cryptographic system MA-AHASBE (Multi-Authority Anonymous Hierarchical Attribute-Set Based Encryption), and the techniques used to incorporate MA-AHASBE in a real world application. Performance results indicate that while there is a cost associated with enforcing the suggested security model, the cost is not unreasonable and the benefits in security can be significant. The contributions of this research give the DoD additional tools for supporting the mission while taking advantage of the cost efficient public cloud computing resources that are becoming widely available

Distributed Searchable Symmetric Encryption

Searchable Symmetric Encryption (SSE) allows a client to store encrypted data on a storage provider in such a way, that the client is able to search and retrieve the data selectively without the storage provider learning the contents of the data or the words being searched for. Practical SSE schemes usually leak (sensitive) information during or after a query (e.g., the search pattern). Secure schemes on the other hand are not practical, namely they are neither efficient in the computational search complexity, nor scalable with large data sets. To achieve efficiency and security at the same time, we introduce the concept of distributed SSE (DSSE), which uses a query proxy in addition to the storage provider.\ud We give a construction that combines an inverted index approach (for efficiency) with scrambling functions used in private information retrieval (PIR) (for security). The proposed scheme, which is entirely based on XOR operations and pseudo-random functions, is efficient and does not leak the search pattern. For instance, a secure search in an index over one million documents and 500 keywords is executed in less than 1 second