Optimal and Efficient Searchable Encryption with Single Trapdoor for Multi-Owner Data Sharing in Federated Cloud Computing

Cloud computing, an Internet based computing model, has changed the way of data owners store and manage data. In such environment, data sharing is very important with more efficient data access control. Issuing an aggregate key to users on data enables and authorizes them to search for data of select encrypted files using trapdoor or encrypted keyword. The existing schemes defined for this purpose do have certain limitations. For instance, Cui et al. scheme is elegant but lacks in flexibility in access control in presence of multiple data owners sharing data to users. Its single trapdoor approach needs transformation into individual trapdoors to access data of specific data owner. Moreover, the existing schemes including that of Cui et al. does not support federated cloud.  In this paper we proposed an efficient key aggregate searchable encryption scheme which enables multiple featuressuch as support for truly single aggregate key to access data of many data owners, federated cloud support,query privacy, controlled search process and security against cross-pairing attack. It has algorithms for setup, keygen, encrypt, extract, aggregate, trapdoor, test and federator. In multi-user setting it is designed to serve data owners and users with secure data sharing through key aggregate searchable encryption The proposed scheme supports federated cloud. Experimental results revealed that the proposed scheme is provably secure withrelatively less computational overhead and time complexity when compared with the state of the art

Chameleon: A Secure Cloud-Enabled and Queryable System with Elastic Properties

There are two dominant themes that have become increasingly more important in our technological society. First, the recurrent use of cloud-based solutions which provide infrastructures, computation platforms and storage as services. Secondly, the use of applicational large logs for analytics and operational monitoring in critical systems. Moreover, auditing activities, debugging of applications and inspection of events generated by errors or potential unexpected operations - including those generated as alerts by intrusion detection systems - are common situations where extensive logs must be analyzed, and easy access is required. More often than not, a part of the generated logs can be deemed as sensitive, requiring a privacy-enhancing and queryable solution. In this dissertation, our main goal is to propose a novel approach of storing encrypted critical data in an elastic and scalable cloud-based storage, focusing on handling JSONbased ciphered documents. To this end, we make use of Searchable and Homomorphic Encryption methods to allow operations on the ciphered documents. Additionally, our solution allows for the user to be near oblivious to our system’s internals, providing transparency while in use. The achieved end goal is a unified middleware system capable of providing improved system usability, privacy, and rich querying over the data. This previously mentioned objective is addressed while maintaining server-side auditable logs, allowing for searchable capabilities by the log owner or authorized users, with integrity and authenticity proofs. Our proposed solution, named Chameleon, provides rich querying facilities on ciphered data - including conjunctive keyword, ordering correlation and boolean queries - while supporting field searching and nested aggregations. The aforementioned operations allow our solution to provide data analytics upon ciphered JSON documents, using Elasticsearch as our storage and search engine.O uso recorrente de soluções baseadas em nuvem tornaram-se cada vez mais importantes na nossa sociedade. Tais soluções fornecem infraestruturas, computação e armazenamento como serviços, para alem do uso de logs volumosos de sistemas e aplicações para análise e monitoramento operacional em sistemas críticos. Atividades de auditoria, debugging de aplicações ou inspeção de eventos gerados por erros ou possíveis operações inesperadas - incluindo alertas por sistemas de detecção de intrusão - são situações comuns onde logs extensos devem ser analisados com facilidade. Frequentemente, parte dos logs gerados podem ser considerados confidenciais, exigindo uma solução que permite manter a confidencialidades dos dados durante procuras. Nesta dissertação, o principal objetivo é propor uma nova abordagem de armazenar logs críticos num armazenamento elástico e escalável baseado na cloud. A solução proposta suporta documentos JSON encriptados, fazendo uso de Searchable Encryption e métodos de criptografia homomórfica com provas de integridade e autenticação. O objetivo alcançado é um sistema de middleware unificado capaz de fornecer privacidade, integridade e autenticidade, mantendo registos auditáveis do lado do servidor e permitindo pesquisas pelo proprietário dos logs ou usuários autorizados. A solução proposta, Chameleon, visa fornecer recursos de consulta atuando em cima de dados cifrados - incluindo queries conjuntivas, de ordenação e booleanas - suportando pesquisas de campo e agregações aninhadas. As operações suportadas permitem à nossa solução suportar data analytics sobre documentos JSON cifrados, utilizando o Elasticsearch como armazenamento e motor de busca

Multi-authority attribute-based keyword search over encrypted cloud data

National Research Foundation (NRF) Singapore; AXA Research Fun

Security and Privacy for Green IoT-based Agriculture: Review, Blockchain solutions, and Challenges

open access articleThis paper presents research challenges on security and privacy issues in the field of green IoT-based agriculture. We start by describing a four-tier green IoT-based agriculture architecture and summarizing the existing surveys that deal with smart agriculture. Then, we provide a classification of threat models against green IoT-based agriculture into five categories, including, attacks against privacy, authentication, confidentiality, availability, and integrity properties. Moreover, we provide a taxonomy and a side-by-side comparison of the state-of-the-art methods toward secure and privacy-preserving technologies for IoT applications and how they will be adapted for green IoT-based agriculture. In addition, we analyze the privacy-oriented blockchain-based solutions as well as consensus algorithms for IoT applications and how they will be adapted for green IoT-based agriculture. Based on the current survey, we highlight open research challenges and discuss possible future research directions in the security and privacy of green IoT-based agriculture

AI-enabled privacy-preservation phrase with multi-keyword ranked searching for sustainable edge-cloud networks in the era of industrial IoT

Abstract: Please refer to full text to view abstrac

Public-key Authenticated Encryption with Keyword Search: A Generic Construction and Its Quantum-resistant Instantiation

The industrial Internet of Things (IIoT) integrates sensors, instruments, equipment, and industrial applications, enabling traditional industries to automate and intelligently process data. To reduce the cost and demand of required service equipment, IIoT relies on cloud computing to further process and store data. Public-key encryption with keyword search (PEKS) plays an important role, due to its search functionality, to ensure the privacy and confidentiality of the outsourced data and the maintenance of flexibility in the use of the data. Recently, Huang and Li proposed the ``public-key authenticated encryption with keyword search\u27\u27 (PAEKS) to avoid the insider keyword guessing attacks (IKGA) in the previous PEKS schemes. However, all current PAEKS schemes are based on the discrete logarithm assumption and are therefore vulnerable to quantum attacks. In this study, we first introduce a generic PAEKS construction, with the assistance of a trusted authority, that enjoys the security against IKGA in the standard model, if all building blocks are secure under standard model. Based on the framework, we further propose a novel instantiation of quantum-resistant PAEKS that is based on NTRU assumption under random oracle. Compared with its state-of-the-art counterparts, the experiment result indicates that our instantiation is more efficient and secure

A Practical Framework for Storing and Searching Encrypted Data on Cloud Storage

Security has become a significant concern with the increased popularity of cloud storage services. It comes with the vulnerability of being accessed by third parties. Security is one of the major hurdles in the cloud server for the user when the user data that reside in local storage is outsourced to the cloud. It has given rise to security concerns involved in data confidentiality even after the deletion of data from cloud storage. Though, it raises a serious problem when the encrypted data needs to be shared with more people than the data owner initially designated. However, searching on encrypted data is a fundamental issue in cloud storage. The method of searching over encrypted data represents a significant challenge in the cloud. Searchable encryption allows a cloud server to conduct a search over encrypted data on behalf of the data users without learning the underlying plaintexts. While many academic SE schemes show provable security, they usually expose some query information, making them less practical, weak in usability, and challenging to deploy. Also, sharing encrypted data with other authorized users must provide each document's secret key. However, this way has many limitations due to the difficulty of key management and distribution. We have designed the system using the existing cryptographic approaches, ensuring the search on encrypted data over the cloud. The primary focus of our proposed model is to ensure user privacy and security through a less computationally intensive, user-friendly system with a trusted third party entity. To demonstrate our proposed model, we have implemented a web application called CryptoSearch as an overlay system on top of a well-known cloud storage domain. It exhibits secure search on encrypted data with no compromise to the user-friendliness and the scheme's functional performance in real-world applications.Comment: 146 Pages, Master's Thesis, 6 Chapters, 96 Figures, 11 Table

Post-Quantum Era Privacy Protection for Intelligent Infrastructures

As we move into a new decade, the global world of Intelligent Infrastructure (II) services integrated into the Internet of Things (IoT) are at the forefront of technological advancements. With billions of connected devices spanning continents through interconnected networks, security and privacy protection techniques for the emerging II services become a paramount concern. In this paper, an up-to-date privacy method mapping and relevant use cases are surveyed for II services. Particularly, we emphasize on post-quantum cryptography techniques that may (or must when quantum computers become a reality) be used in the future through concrete products, pilots, and projects. The topics presented in this paper are of utmost importance as (1) several recent regulations such as Europe's General Data Protection Regulation (GDPR) have given privacy a significant place in digital society, and (2) the increase of IoT/II applications and digital services with growing data collection capabilities are introducing new threats and risks on citizens' privacy. This in-depth survey begins with an overview of security and privacy threats in IoT/IIs. Next, we summarize some selected Privacy-Enhancing Technologies (PETs) suitable for privacy-concerned II services, and then map recent PET schemes based on post-quantum cryptographic primitives which are capable of withstanding quantum computing attacks. This paper also overviews how PETs can be deployed in practical use cases in the scope of IoT/IIs, and maps some current projects, pilots, and products that deal with PETs. A practical case study on the Internet of Vehicles (IoV) is presented to demonstrate how PETs can be applied in reality. Finally, we discuss the main challenges with respect to current PETs and highlight some future directions for developing their post-quantum counterparts