Peixin Chen

An Efficient Searchable Encryption Against Keyword Guessing Attacks for Sharable Electronic Medical Records in Cloud-based System

Preserving the privacy of electronic medical records (EMRs) is extremely important especially when medical systems adopt cloud services to store patients’ electronic medical records. Considering both the privacy and the utilization of EMRs, some medical systems apply searchable encryption to encrypt EMRs and enable authorized users to search over these encrypted records. Since individuals would like to share their EMRs with multiple persons, how to design an efficient searchable encryption for sharable EMRs is still a very challenge work. In this paper, we propose a cost-efficient secure channel free searchable encryption (SCF-PEKS) scheme for sharable EMRs. Comparing with existing SCF-PEKS solutions, our scheme reduces the storage overhead and achieves better computation performance. Moreover, our scheme can guard against keyword guessing attack, which is neglected by most of the existing schemes. Finally, we implement both our scheme and a latest medical-based scheme to evaluate the performance. The evaluation results show that our scheme performs much better performance than the latest one for sharable EMRs.

An escrow-free online/offline HIBS scheme for privacy protection of people-centric sensing

People-centric sensing PCS, which collects information closely related to human activity and interactions in societies, is stepping into a flourishing time. Along with its great benefits, PCS poses new security challenges such as data integrity and participant privacy. Hierarchical identity-based signature HIBS scheme can efficiently provide high-integrity messaging, secure communication, and privacy protection to PCS. However, key escrow problem and low computation efficiency primarily hinder the adoption of HIBS scheme. In this paper, we propose an escrow-free online/offline HIBS scheme for securing PCS. By utilizing user-selected-secret signing algorithm and splitting the signing phase into online and offline procedures, our scheme solves the key escrow problem and achieves high scheme performance. Copyright

RScam: Cloud-Based Anti-Malware via Reversible Sketch

Cybercrime caused by malware becomes a persistent and damaging threat which makes the trusted security solution urgently demanded, especially for resource-constrained ends. The existing industry and academic approaches provide available anti-malware systems based on different perspectives. However, it is hard to achieve high performance detection and data privacy protection simultaneously. This paper proposes a cloud-based anti-malware system, called RScam, which provides fast and trusted security service for the resource-constrained ends. In RScam, we present suspicious bucket filtering, a novel signature-based detection mechanism based on the reversible sketch structure, which provides retrospective and accurate orientations of malicious signature fragments. Then we design a lightweight client which utilizes the digest of signature fragments to sharply reduce detection range. Finally, we design balanced interaction mechanism, which transmits sketch coordinates of suspicious file fragments and transformation of malicious signature fragments between the client and cloud server to protect data privacy and reduce traffic volume. We evaluate the performance of RScam with campus suspicious traffic and normal files. The results demonstrate validity and veracity of the proposed mechanism. Our system can outperform other existing systems with less time and traffic consumption.

An Online/Offline HIBS Scheme for Privacy Protection of People-centric Sensing

People-Centric Sensing (PCS), which collects information closely related to human activity and interactions in societies, is stepping into a flourishing time. Along with its great benefits, PCS poses new security challenges such as data integrity, participant privacy. Hierarchical Identity-Based Signature (HIBS) scheme can efficiently provide high integrity messaging, secure communication and privacy protection to PCS. However, the low computation efficiency primarily hinders the PCS adoption of HIBS scheme. In this paper, we propose an online/offline HIBS (HIBOOS) scheme for securing PCS. By splitting the signing phase into online and offline procedures, our scheme achieves high signing efficiency.

An Escrow-Free Hierarchical Identity-Based Signature Model for Cloud Storage

Hierarchical identity-based cryptography is an efficient technology to address the security issues in cloud storage. However, the inherent key escrow problem primarily hinders the widespread adoption of this cryptosystem in practice. To address the key escrow problem, this paper proposes an escrow-free hierarchical identity-based signature model, in which a user signs messages with a user-selected secret and PKG signing factor apart from the private key. For proving the full security, wei¾źformulate three security games with respect to our signature model. We instantiate the escrow-free model into a specific scheme based on the SHER-IBS scheme and prove that our scheme is secure against adaptive chosen ID and message attacks.

T-HIBE: A Trustworthy HIBE Scheme for the OSN Privacy Protection

The Hierarchical Identity-Based Encryption (HIBE) scheme can efficiently provide confidential communication and privacy protection to online social networks. However, the inherent key escrow problem and the secure key distributing problem primarily hinder the widespread adoption of the cryptographic scheme in practice. To address the key escrow problem, this paper introduces a provably secure escrow-free model, which employs multiple Key Privacy Authorities (KPAs) to restrict the power of Public Key Generators (PKGs) in HIBE scheme. To achieve the goal of secure key distributing, this paper proposes an efficient mechanism which imposes user calculated blinding factors when distributing private keys. We instantiate the proposed model into an trustworthy and secure HIBE scheme called T-HIBE scheme, and prove that the scheme is IND-ID-CCA secure under standard model.

An Escrow-Free Hierarchical Identity-Based Signature Scheme from Composite Order Bilinear Groups

Hierarchical Identity-Based Signature (HIBS) is an efficient digital signature scheme to be applied to the cloud storage. However, the key escrow problem, which is an inherent problem in HIBS scheme, primarily hinders the widespread adoption of this cryptosystem in practice. In this paper we propose an HIBS scheme using composite order bilinear groups, and present the methodology of dual system signature to prove that our scheme is secure against existential forgery on adaptively chosen message and identity attack under standard model. Based on the scheme, we propose an escrow-free method that employs user-selected-secret signing algorithm and obtain an escrow-free HIBS scheme. We illuminate that our scheme can resist the key abusing and user slandering attacks.

Multi-owner keyword search over shared data without secure channels in the cloud

Searchable encryption allows cloud users to outsource the massive encrypted data to the remote cloud and to search over the data without revealing the sensitive information. Many schemes have been proposed to support the keyword search in a public cloud. However, they have some potential limitations. First, most of the existing schemes only consider the scenario with the single data owner. Second, they need secure channels to guarantee the secure transmission of secret keys from the data owner to data users. Third, in some schemes, the data owner should be online to help data users when data users intend to perform the search, which is inconvenient. In this paper, we propose a novel searchable scheme which supports the multi-owner keyword search without secure channels. More than that, our scheme is a non-interactive solution, in which all the users only need to communicate with the cloud server. Furthermore, the analysis proves that our scheme can guarantee the security even without secure channels. Unlike most existing public key encryption based searchable schemes, we evaluate the performance of our scheme, which shows that our scheme is practical.

A Hierarchical Identity-Based Signature from Composite Order Bilinear Groups

Cloud storage has become one of the integral parts of online life. However, the cloud storage brings in new kinds of data security issues as well. Authentication framework for both users and services provides an efficient solution to the security and privacy problems of the cloud storage. In this paper we propose a Hierarchical Identity-Based Signature HIBS scheme using composite order bilinear groups. We present the methodology of dual system signature to prove that our scheme is secure against existential forgery on adaptively chosen message and identity attack under standard model. Our HIBS scheme shares the same system parameters with the hierarchical identity-based encryption LW-HIBE scheme by Lewko and Waters, and it is as efficient as the LW-HIBE. Combining our signature scheme with the LW-HIBE scheme yields a complete solution of an identity-based public key system, which can be utilized to build an authentication framework for cloud storage.

Removing Key Escrow from the LW-HIBE Scheme

Hierarchical Identity-Based Encryption HIBE provides an efficient solution to the security problems existed in cloud storage. However, the key escrow problem, which is an inherent problem in HIBE, primarily hinders the widespread adoption of the cryptographic scheme in practice. To address the key escrow problem, this paper introduces a provably-secure escrow-free model, which employs multiple Key Privacy Authorities KPAs to restrict the power of Public Key Generators PKGs in HIBE scheme. We instantiate the model into an escrow-free HIBE scheme that is referred to as the EF-LW-HIBE scheme, based on the HIBE scheme introduced by Lewko and Waters. Utilizing the Dual System Encryption methodology, we prove that our EF-LW-HIBE scheme is IND-ID-CCA secure.