Efficient and Privacy-Preserving Ride Sharing Organization for Transferable and Non-Transferable Services

Ride-sharing allows multiple persons to share their trips together in one vehicle instead of using multiple vehicles. This can reduce the number of vehicles in the street, which consequently can reduce air pollution, traffic congestion and transportation cost. However, a ride-sharing organization requires passengers to report sensitive location information about their trips to a trip organizing server (TOS) which creates a serious privacy issue. In addition, existing ride-sharing schemes are non-flexible, i.e., they require a driver and a rider to have exactly the same trip to share a ride. Moreover, they are non-scalable, i.e., inefficient if applied to large geographic areas. In this paper, we propose two efficient privacy-preserving ride-sharing organization schemes for Non-transferable Ride-sharing Services (NRS) and Transferable Ride-sharing Services (TRS). In the NRS scheme, a rider can share a ride from its source to destination with only one driver whereas, in TRS scheme, a rider can transfer between multiple drivers while en route until he reaches his destination. In both schemes, the ride-sharing area is divided into a number of small geographic areas, called cells, and each cell has a unique identifier. Each driver/rider should encrypt his trip's data and send an encrypted ride-sharing offer/request to the TOS. In NRS scheme, Bloom filters are used to compactly represent the trip information before encryption. Then, the TOS can measure the similarity between the encrypted trips data to organize shared rides without revealing either the users' identities or the location information. In TRS scheme, drivers report their encrypted routes, an then the TOS builds an encrypted directed graph that is passed to a modified version of Dijkstra's shortest path algorithm to search for an optimal path of rides that can achieve a set of preferences defined by the riders

Optimal and Efficient Searchable Encryption with Single Trapdoor for Multi-Owner Data Sharing in Federated Cloud Computing

Cloud computing, an Internet based computing model, has changed the way of data owners store and manage data. In such environment, data sharing is very important with more efficient data access control. Issuing an aggregate key to users on data enables and authorizes them to search for data of select encrypted files using trapdoor or encrypted keyword. The existing schemes defined for this purpose do have certain limitations. For instance, Cui et al. scheme is elegant but lacks in flexibility in access control in presence of multiple data owners sharing data to users. Its single trapdoor approach needs transformation into individual trapdoors to access data of specific data owner. Moreover, the existing schemes including that of Cui et al. does not support federated cloud.  In this paper we proposed an efficient key aggregate searchable encryption scheme which enables multiple featuressuch as support for truly single aggregate key to access data of many data owners, federated cloud support,query privacy, controlled search process and security against cross-pairing attack. It has algorithms for setup, keygen, encrypt, extract, aggregate, trapdoor, test and federator. In multi-user setting it is designed to serve data owners and users with secure data sharing through key aggregate searchable encryption The proposed scheme supports federated cloud. Experimental results revealed that the proposed scheme is provably secure withrelatively less computational overhead and time complexity when compared with the state of the art

STAIBT: Blockchain and CP-ABE Empowered Secure and Trusted Agricultural IoT Blockchain Terminal

The integration of agricultural Internet of Things (IoT) and blockchain has become the key technology of precision agriculture. How to protect data privacy and security from data source is one of the difficult issues in agricultural IoT research. This work integrates cryptography, blockchain and Interplanetary File System (IPFS) technologies, and proposes a general IoT blockchain terminal system architecture, which strongly supports the integration of the IoT and blockchain technology. This research innovatively designed a fine-grained and flexible terminal data access control scheme based on the ciphertext-policy attribute-based encryption (CP-ABE) algorithm. Based on CP-ABE and DES algorithms, a hybrid data encryption scheme is designed to realize 1-to-N encrypted data sharing. A "horizontal + vertical" IoT data segmentation scheme under blockchain technology is proposed to realize the classified release of different types of data on the blockchain. The experimental results show that the design scheme can ensure data access control security, privacy data confidentiality, and data high-availability security. This solution significantly reduces the complexity of key management, can realize efficient sharing of encrypted data, flexibly set access control strategies, and has the ability to store large data files in the agricultural IoT

Efficient cryptographic primitives: Secure comparison, binary decomposition and proxy re-encryption

”Data outsourcing becomes an essential paradigm for an organization to reduce operation costs on supporting and managing its IT infrastructure. When sensitive data are outsourced to a remote server, the data generally need to be encrypted before outsourcing. To preserve the confidentiality of the data, any computations performed by the server should only be on the encrypted data. In other words, the encrypted data should not be decrypted during any stage of the computation. This kind of task is commonly termed as query processing over encrypted data (QPED). One natural solution to solve the QPED problem is to utilize fully homomorphic encryption. However, fully homomorphic encryption is yet to be practical. The second solution is to adopt multi-server setting. However, the existing work is not efficient. Their implementations adopt costly primitives, such as secure comparison, binary decomposition among others, which reduce the efficiency of the whole protocols. Therefore, the improvement of these primitives results in high efficiency of the protocols. To have a well-defined scope, the following types of computations are considered: secure comparison (CMP), secure binary decomposition (SBD) and proxy re-encryption (PRE). We adopt the secret sharing scheme and paillier public key encryption as building blocks, and all computations can be done on the encrypted data by utilizing multiple servers. We analyze the security and the complexity of our proposed protocols, and their efficiencies are evaluated by comparing with the existing solutions.”--Abstract, page iii

An efficient PHR service system supporting fuzzy keyword search and fine-grained access control

Outsourcing of personal health record (PHR) has attracted considerable interest recently. It can not only bring much convenience to patients, it also allows efficient sharing of medical information among researchers. As the medical data in PHR is sensitive, it has to be encrypted before outsourcing. To achieve fine-grained access control over the encrypted PHR data becomes a challenging problem. In this paper, we provide an affirmative solution to this problem. We propose a novel PHR service system which supports efficient searching and fine-grained access control for PHR data in a hybrid cloud environment, where a private cloud is used to assist the user to interact with the public cloud for processing PHR data. In our proposed solution, we make use of attribute-based encryption (ABE) technique to obtain fine-grained access control for PHR data. In order to protect the privacy of PHR owners, our ABE is anonymous. That is, it can hide the access policy information in ciphertexts. Meanwhile, our solution can also allow efficient fuzzy search over PHR data, which can greatly improve the system usability. We also provide security analysis to show that the proposed solution is secure and privacy-preserving. The experimental results demonstrate the efficiency of the proposed scheme.Peer ReviewedPostprint (author's final draft

Constant-Size Unbounded Multi-Hop Fully Homomorphic Proxy Re-Encryption from Lattices

Proxy re-encryption is a cryptosystem that achieves efficient encrypted data sharing by allowing a proxy to transform a ciphertext encrypted under one key into another ciphertext under a different key. Homomorphic proxy re-encryption (HPRE) extends this concept by integrating homomorphic encryption, allowing not only the sharing of encrypted data but also the homomorphic computations on such data. The existing HPRE schemes, however, are limited to a single or bounded number of hops of ciphertext re-encryptions. To address this limitation, this paper introduces a novel lattice-based, unbounded multi-hop fully homomorphic proxy re-encryption (FHPRE) scheme, with constant-size ciphertexts. Our FHPRE scheme supports an unbounded number of reencryption operations and enables arbitrary homomorphic computations over original, re-encrypted, and evaluated ciphertexts. Additionally, we propose a potential application of our FHPRE scheme in the form of a non-interactive, constant-size multi-user computation system for cloud computing environments

Development of Novel Encryption for Secured Data Sharing

In cloud storage the data sharing is important one. Key-aggregate cryptosystem produce constant size cipher text . That is very efficient delegation rights of decryption for any set of cipher text are possible. Any set of secret keys can be aggregated and make them as single key, which groups all the key by making it a aggregate key. This aggregate key can be sent to the others for decryption of cipher text set and remaining .Encrypted files outside the set are remains confidential. Cloud storage could provide secured data sharin

A secure data outsourcing scheme based on Asmuth – Bloom secret sharing

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.Data outsourcing is an emerging paradigm for data management in which a database is provided as a service by third-party service providers. One of the major benefits of offering database as a service is to provide organisations, which are unable to purchase expensive hardware and software to host their databases, with efficient data storage accessible online at a cheap rate. Despite that, several issues of data confidentiality, integrity, availability and efficient indexing of users’ queries at the server side have to be addressed in the data outsourcing paradigm. Service providers have to guarantee that their clients’ data are secured against internal (insider) and external attacks. This paper briefly analyses the existing indexing schemes in data outsourcing and highlights their advantages and disadvantages. Then, this paper proposes a secure data outsourcing scheme based on Asmuth–Bloom secret sharing which tries to address the issues in data outsourcing such as data confidentiality, availability and order preservation for efficient indexing

A New Algorithm to Generate The Integrated Access Trees For A Document Collection

ABE schemes have been broadly in use to firmly store and allocate data in cloud computing. A procedure method which congregates the requirements of different data users is considered and used to encrypt distributed file systems. Cloud computing accumulates and categorizes a huge amount of data method possessions to endow with secure, efficient, flexible and on demand services. In ABE schemes, every document is encrypted independently and a data user can decrypt a document if the attribute set equivalents the access formation of the document. In this we confine our consideration to the document collection encryption-decryption process and pay no attention to the other technical challenges such as symmetric encryption algorithms and encrypted document search algorithms. The protection of CP-ABHE is hypothetically established and the efficiency of the integrated access tree construction algorithm is scrutinized in facet. The intact document outsourcing and sharing system contains abundant delve into lines