Xiaofen Wang

Dual-Server Public-Key Encryption With Keyword Search for Secure Cloud Storage

Searchable encryption is of increasing interest for protecting the data privacy in secure searchable cloud storage. In this paper, we investigate the security of a well-known cryptographic primitive, namely, public key encryption with keyword search (PEKS) which is very useful in many applications of cloud storage. Unfortunately, it has been shown that the traditional PEKS framework suffers from an inherent insecurity called inside keyword guessing attack (KGA) launched by the malicious server. To address this security vulnerability, we propose a new PEKS framework named dual-server PEKS (DS-PEKS). As another main contribution, we define a new variant of the smooth projective hash functions (SPHFs) referred to as linear and homomorphic SPHF (LH-SPHF). We then show a generic construction of secure DS-PEKS from LH-SPHF. To illustrate the feasibility of our new framework, we provide an efficient instantiation of the general framework from a Decision Diffie-Hellman-based LH-SPHF and show that it can achieve the strong security against inside the KGA.

A New General Framework for Secure Public Key Encryption with Keyword Search

Public Key Encryption with Keyword Search (PEKS), introduced by Boneh et al. in Eurocrypt’04, allows users to search encrypted documents on an untrusted server without revealing any information. This notion is very useful in many applications and has attracted a lot of attention by the cryptographic research community. However, one limitation of all the existing PEKS schemes is that they cannot resist the Keyword Guessing Attack (KGA) launched by a malicious server. In this paper, we propose a new PEKS framework named Dual-Server Public Key Encryption with Keyword Search (DS-PEKS). This new framework can withstand all the attacks, including the KGA from the two untrusted servers, as long as they do not collude. We then present a generic construction of DS-PEKS using a new variant of the Smooth Projective Hash Functions (SPHFs), which is of independent interest.

Server-Aided Public Key Encryption With Keyword Search

Public key encryption with keyword search (PEKS) is a well-known cryptographic primitive for secure searchable data encryption in cloud storage. Unfortunately, it is inherently subject to the (inside) offline keyword guessing attack (KGA), which is against the data privacy of users. Existing countermeasures for dealing with this security issue mainly suffer from low efficiency and are impractical for real applications. In this paper, we provide a practical and applicable treatment on this security vulnerability by formalizing a new PEKS system named server-aided public key encryption with keyword search (SA-PEKS). In SA-PEKS, to generate the keyword ciphertext/trapdoor, the user needs to query a semitrusted third-party called keyword server (KS) by running an authentication protocol, and hence, security against the offline KGA can be obtained. We then introduce a universal transformation from any PEKS scheme to a secure SA-PEKS scheme using the deterministic blind signature. To illustrate its feasibility, we present the first instantiation of SA-PEKS scheme by utilizing the Full Domain Hash RSA signature and the PEKS scheme proposed by Boneh et al. in Eurocrypt 2004. Finally, we describe how to securely implement the client-KS protocol with a rate-limiting mechanism against online KGA and evaluate the performance of our solutions in experiments.

An efficient privacy-preserving aggregation and billing protocol for smart grid

Smart grid is an electrical grid that uses digital information and communication technology to gather information. Like other digital systems, security and privacy are crucial for smart grid. However, security and privacy protection will inevitably introduce computational complexity and overhead. As smart grid systems are usually operated in a large scale, computational efficiency is a challenging issue. In this paper, we propose an efficient and secure billing system for smart grid, featuring privacy-preserving and data aggregation. We show that our system offers better privacy protection and computational efficiency, in comparison with an existing protocol. Our security analysis indicates that our protocol achieves privacy-preserving on electricity reading aggregation and billing, perfect forward secrecy of system session keys, identity authentication, data integrity, and confidentiality. It also shows that even if we allow the collusion of server and gateways, user privacy can still be achieved. Copyright

Secure Channel Free ID-Based Searchable Encryption for Peer-to-Peer Group

Data sharing and searching are important functionalities in cloud storage. In this paper, we show how to securely and flexibly search and share cloud data among a group of users without a group manager. We formalize a novel cryptosystem: secure channel free searchable encryption in a peer-to-peer group, which features with the secure cloud data sharing and searching for group members in an identity-based setting. Our scheme allows group members to join or leave the group dynamically. We present two schemes: basic scheme and enhanced scheme. We formally prove that our basic scheme achieves consistency and indistinguishability against the chosen keyword and ciphertext attack and the outsider’s keyword guessing attack, respectively. An enhanced scheme is also proposed to achieve forward secrecy, which allows to revoke user search right over the former shared data.

A New Somewhat Homomorphic Encryption Scheme over Integers

At Eurocrypt 2010 van Dijk et al. presented a very simple somewhat homomorphic encryption scheme over the integers. However, this simplicity came at the cost of a public key size in Õ(λ¹⁰). Although at Crypto 2011 Coron et al. reduced the public key size to Õ(λ⁷), it was still too large for practical applications. In this paper we further reduce the public key size to Õ(λ³) by encrypting with a new form. The semantic security of our scheme is based on approximate-GCD problem of two integers. By using Gentrys techniques, we can easily convert the somewhat scheme into a practical fully homomorphic encryption scheme available in cloud computing.

Certificate-based Anonymous Authentication Protocol for Vehicular Ad-hoc Network

Abstract Certificate-based Cryptography (CBC) combines the advantages of ID-based cryptography (implicit certification) and traditional PKI approach (no key escrow). Based on CBC, an anonymous authentication protocol featured with conditional privacy preservation and non-repudiation is proposed for vehicular ad-hoc network. First, a certificate-based signature scheme with only one pairing computation and only one element signature is proposed. Then, an anonymous authentication protocol is constructed by applying the proposed signature scheme and a novel concept called the account index which helps to realize On-Board Units anonymity, non-reputation, and conditional privacy preservation. A secure session key is established in the protocol which provides perfect forward secrecy.

One-Round Privacy-Preserving Meeting Location Determination for Smartphone Applications

With the widely adopted GPS technology in mobile devices, users enjoy many types of location services. As a recently proposed application, determining the optimal private meeting location with an aid of a location server has been an interesting research topic. The challenge in this paper is due to the requirements of security and privacy, because user locations should not be revealed to the honest-but-curious or semi-trusted location server. Adding the security and privacy protection to a location service will inevitably introduce computational complexity and communication overhead. In order to introduce robust location service and make this location service practical, we propose an efficient optimal private meeting location determination protocol, which needs only one round communication and light computation. Our proposed protocol satisfies the requirement of location privacy against outsiders, the semi-trusted meeting location determination server, and the semi-trusted group users. In order to study the performance of our protocol in a real deployment, we simulate our scheme on smartphones. The simulation results and the performance comparison with another scheme demonstrate its advantages in communication and computation efficiency.

Privacy‐preserving data search and sharing protocol for social networks through wireless applications

Data search and sharing are two important functionalities in social networks. The social network users can form a peer‐to‐peer group and securely and flexibly search and share cloud data through wireless applications. When the number of users increases, the communication, storage, and computational overheads will be increased, and the quality of services such as searching and data sharing for clients could be affected. In order to solve these problems, we formalize an ID‐based multi‐user searchable encryption (IDB‐MUSE) and formally define its security model, where the security notions accommodate indistinguishability against insiders keyword guessing attack, indistinguishability against chosen keyword attack, and indistinguishability against insiders identity guessing attack. We present an IDB‐MUSE scheme, where the index and search trapdoor are of constant size. We formally prove its security properties. To improve the search efficiency, we divide the computation of the trapdoor into two phases, that is, the offline phase and the online phase. The computation cost for the online phase trapdoor remains constant with respect to the number of users. Based on the IDB‐MUSE scheme, a privacy‐preserving data search and sharing protocol is proposed, where only the authorized user can access the shared group data. It captures the properties of source authenticity, data and search pattern privacy‐preserving, anonymity, and request unlinkability. The experimental results show that the protocol is practical for wireless applications. Copyright

One-round secure fair meeting location determination based on homomorphic encryption

Determination of optimal meeting location without revealing the locations of participants to the location server is an interesting research problem. A major concern for a location based service is location privacy. However, adding privacy protection to a location service will inevitably introduce computational complexity. To provide location privacy with low computational cost is a challenging task. In this paper, we propose a one-round meeting location determination protocol, where the location service provider makes a decision with a semi-trusted cloud server which works as a computation center and conducts most of computation. The user location privacy is preserved against the outside and internal attackers including the computation center, the meeting location determination server and participants. In order to study the performance of the protocol, we test its computational efficiency on smartphones. The simulation results and the performance comparison of our protocol with another protocol of the same functionalities demonstrate that our solution is more efficient and practical.