1,835 research outputs found
Recommended from our members
R-PEKS: RBAC Enabled PEKS for Secure Access of Cloud Data
In the recent past, few works have been done by combining attribute-based access control with multi-user PEKS, i.e., public key encryption with keyword search. Such attribute enabled searchable encryption is most suitable for applications where the changing of privileges is done once in a while. However, to date, no efficient and secure scheme is available in the literature that is suitable for these applications where changing privileges are done frequently. In this paper our contributions are twofold. Firstly, we propose a new PEKS scheme for string search, which, unlike the previous constructions, is free from bi-linear mapping and is efficient by 97% compared to PEKS for string search proposed by Ray et.al in TrustCom 2017. Secondly, we introduce role based access control (RBAC) to multi-user PEKS, where an arbitrary group of users can search and access the encrypted files depending upon roles. We termed this integrated scheme as R-PEKS. The efficiency of R-PEKS over the PEKS scheme is up to 90%. We provide formal security proofs for the different components of R-PEKS and validate these schemes using a commercial dataset
Recommended from our members
Fuzzy matching: multi-authority attribute searchable encryption without central authority
Attribute-based keyword search (ABKS) supports the access control on the search result based upon fuzzy identity over encrypted data, when the search operation is performed over outsourced encrypted data in cloud. However, almost ABKS schemes trust a single authority to monitor the attribute key for users. In practice, we usually have different entities responsible for monitoring different attribute keys to a user. Thus, it is not realistic to trust a single authority to monitor all attributes keys for ABKS scheme in practical situation. Although a large body of ABKS schemes have been proposed, few works have been done on multi-authority attribute searchable encryption. We propose a multi-authority attribute searchable encryption without central authority in this paper. Comparing previous ABKS schemes, we extend the single-authority ABKS scheme to multi-authority ABKS scheme and remove the central authority in multi-authority ABKS scheme. We analyze our scheme in terms of security and efficiency
Shared and Searchable Encrypted Data for Untrusted Servers
Current security mechanisms pose a risk for organisations that outsource their data management to untrusted servers. Encrypting and decrypting sensitive data at the client side is the normal approach in this situation but has high communication and computation overheads if only a subset of the data is required, for example, selecting records in a database table based on a keyword search. New cryptographic schemes have been proposed that support encrypted queries over encrypted data but all depend on a single set of secret keys, which implies single user access or sharing keys among multiple users, with key revocation requiring costly data re-encryption. In this paper, we propose an encryption scheme where each authorised user in the system has his own keys to encrypt and decrypt data. The scheme supports keyword search which enables the server to return only the encrypted data that satisfies an encrypted query without decrypting it. We provide two constructions of the scheme giving formal proofs of their security. We also report on the results of a prototype implementation.
This research was supported by the UK’s EPSRC research grant EP/C537181/1. The authors would like to thank the members of the Policy Research Group at Imperial College for their support
Shared and searchable encrypted data for untrusted servers
Current security mechanisms are not suitable for organisations that outsource their data management to untrusted servers. Encrypting and decrypting sensitive data at the client side is the normal approach in this situation but has high communication and computation overheads if only a subset of the data is required, for example, selecting records in a database table based on a keyword search. New cryptographic schemes have been proposed that support encrypted queries over encrypted data. But they all depend on a single set of secret keys, which implies single user access or sharing keys among multiple users, with key revocation requiring costly data re-encryption. In this paper, we propose an encryption scheme where each authorised user in the system has his own keys to encrypt and decrypt data. The scheme supports keyword search which enables the server to return only the encrypted data that satisfies an encrypted query without decrypting it. We provide a concrete construction of the scheme and give formal proofs of its security. We also report on the results of our implementation
State of The Art and Hot Aspects in Cloud Data Storage Security
Along with the evolution of cloud computing and cloud storage towards matu-
rity, researchers have analyzed an increasing range of cloud computing security
aspects, data security being an important topic in this area. In this paper, we
examine the state of the art in cloud storage security through an overview of
selected peer reviewed publications. We address the question of defining cloud
storage security and its different aspects, as well as enumerate the main vec-
tors of attack on cloud storage. The reviewed papers present techniques for key
management and controlled disclosure of encrypted data in cloud storage, while
novel ideas regarding secure operations on encrypted data and methods for pro-
tection of data in fully virtualized environments provide a glimpse of the toolbox
available for securing cloud storage. Finally, new challenges such as emergent
government regulation call for solutions to problems that did not receive enough
attention in earlier stages of cloud computing, such as for example geographical
location of data. The methods presented in the papers selected for this review
represent only a small fraction of the wide research effort within cloud storage
security. Nevertheless, they serve as an indication of the diversity of problems
that are being addressed
Revisit the Concept of PEKS: Problems and a Possible Solution
Since Boneh et al. propose the concept, non-interactive\ud
Public-key Encryption with Keyword Search (PEKS) has attracted lots of attention from cryptographers. Non-interactive PEKS enables a third party to test whether or not a tag, generated by the message sender, and a trapdoor, generated by the receiver, contain the same keyword without revealing further information. In this paper we investigate a non-interactive PEKS application proposed by Boneh et al. and show our observations, especially that privacy is\ud
not protected against a curious server. We propose the notion of interactive PEKS, which, in contrast to non-interactive PEKS, requires the tag to be generated interactively by the message sender and the receiver. For this new primitive, we identify two types of adversaries, namely a curious user and a curious server, and provide\ud
security formulations for the desirable properties. We propose a construction for interactive PEKS and prove its security in the proposed security model
ESPOON: Enforcing Encrypted Security Policies in Outsourced Environments
The enforcement of security policies in outsourced environments is still an
open challenge for policy-based systems. On the one hand, taking the
appropriate security decision requires access to the policies. However, if such
access is allowed in an untrusted environment then confidential information
might be leaked by the policies. Current solutions are based on cryptographic
operations that embed security policies with the security mechanism. Therefore,
the enforcement of such policies is performed by allowing the authorised
parties to access the appropriate keys. We believe that such solutions are far
too rigid because they strictly intertwine authorisation policies with the
enforcing mechanism.
In this paper, we want to address the issue of enforcing security policies in
an untrusted environment while protecting the policy confidentiality. Our
solution ESPOON is aiming at providing a clear separation between security
policies and the enforcement mechanism. However, the enforcement mechanism
should learn as less as possible about both the policies and the requester
attributes.Comment: The final version of this paper has been published at ARES 201
- …