• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제18권4호
• /
• pp.998-1019
• /
• 2024

Mobile cloud computing is a very attractive service paradigm that outsources users' data computing and storage from mobile devices to cloud data centers. To protect data privacy, users often encrypt their data to ensure data sharing securely before data outsourcing. However, the bilinear and power operations involved in the encryption and decryption computation make it impossible for mobile devices with weak computational power and network transmission capability to correctly obtain decryption results. To this end, this paper proposes an outsourcing decryption algorithm of verifiable transformed ciphertext. First, the algorithm uses the key blinding technique to divide the user's private key into two parts, i.e., the authorization key and the decryption secret key. Then, the cloud data center performs the outsourcing decryption operation of the encrypted data to achieve partial decryption of the encrypted data after obtaining the authorization key and the user's outsourced decryption request. The verifiable random function is used to prevent the semi-trusted cloud data center from not performing the outsourcing decryption operation as required so that the verifiability of the outsourcing decryption is satisfied. Finally, the algorithm uses the authorization period to control the final decryption of the authorized user. Theoretical and experimental analyses show that the proposed algorithm reduces the computational overhead of ciphertext decryption while ensuring the verifiability of outsourcing decryption.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제17권7호
• /
• pp.1935-1950
• /
• 2023

The arrival of the Internet of Things and 5G technology enables users to rely on edge computing platforms to process massive data. Data sharing based on edge computing refines the efficiency of data collection and analysis, saves the communication cost of data transmission back and forth, but also causes the privacy leakage of a lot of user data. Based on attribute-based encryption and blockchain technology, we design a fine-grained access control scheme for data in edge computing, which has the characteristics of verifiability, support for outsourcing decryption and user attribute revocation. User attributes are authorized by multi-attribute authorization, and the calculation of outsourcing decryption in attribute encryption is completed by edge server, which reduces the computing cost of end users. Meanwhile, We implemented the user's attribute revocation process through the dual encryption process of attribute authority and blockchain. Compared with other schemes, our scheme can manage users' attributes more flexibly. Blockchain technology also ensures the verifiability in the process of outsourcing decryption, which reduces the space occupied by ciphertext compared with other schemes. Meanwhile, the user attribute revocation scheme realizes the dynamic management of user attribute and protects the privacy of user attribute.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제10권4호
• /
• pp.1892-1903
• /
• 2016

Mobile social network is becoming more and more popular with respect to the development and popularity of mobile devices and interpersonal sociality. As the amount of social data increases in a great deal and cloud computing techniques become developed, the architecture of mobile social network is evolved into cloud-based that mobile clients send data to the cloud and make data accessible from clients. The data in the cloud should be stored in a secure fashion to protect user privacy and restrict data sharing defined by users. Ciphertext-policy attribute-based encryption (CP-ABE) is currently considered to be a promising security solution for cloud-based mobile social network to encrypt the sensitive data. However, its ciphertext size and decryption time grow linearly with the attribute numbers in the access structure. In order to reduce the computing overhead held by the mobile devices, in this paper we propose a new Outsourcing decryption and Match-then-decrypt CP-ABE algorithm (OM-CP-ABE) which firstly outsources the computation-intensive bilinear pairing operations to a proxy, and secondly performs the decryption test on the attributes set matching access policy in ciphertexts. The experimental performance assessments show the security strength and efficiency of the proposed solution in terms of computation, communication, and storage. Also, our construction is proven to be replayable choosen-ciphertext attacks (RCCA) secure based on the decisional bilinear Diffie-Hellman (DBDH) assumption in the standard model.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제8권8호
• /
• pp.2708-2721
• /
• 2014

Data outsourcing in the cloud (DOC) is a promising solution for data management at the present time, but it could result in the disclosure of outsourced data to unauthorized users. Therefore, protecting the confidentiality of such data has become a very challenging issue. The conventional way to achieve data confidentiality is to encrypt the data via asymmetric or symmetric encryptions before outsourcing. However, this is computationally inefficient because encryption/decryption operations are time-consuming. In recent years, a few DOC schemes based on secret sharing have emerged due to their low computational complexity. However, Dautrich and Ravishankar pointed out that most of them are insecure against certain kinds of collusion attacks. In this paper, we proposed a novel DOC scheme based on Shamir's secret sharing to overcome the security issues of these schemes. Our scheme can allow an authorized data user to recover all data files in a specified subset at once rather than one file at a time as required by other schemes that are based on secret sharing. Our thorough analyses showed that our proposed scheme is secure and that its performance is satisfactory.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제17권1호
• /
• pp.145-164
• /
• 2023

Cloud computing offers a platform that is both adaptable and scalable, making it ideal for outsourcing data for sharing. Various organizations outsource their data on cloud storage servers for availing management and sharing services. When the organizations outsource the data, they lose direct control on the data. This raises the privacy and security concerns. Cryptographic encryption methods can secure the data from the intruders as well as cloud service providers. Data owners may also specify access control policies such that only the users, who satisfy the policies, can access the data. Attribute based access control techniques are more suitable for the cloud environment as they cover large number of users coming from various domains. Multi-authority attribute-based encryption (MA-ABE) technique is one of the propitious attribute based access control technique, which allows data owner to enforce access policies on encrypted data. The main aim of this paper is to comprehensively survey various state-of-the-art MA-ABE schemes to explore different features such as attribute and key management techniques, access policy structure and its expressiveness, revocation of access rights, policy updating techniques, privacy preservation techniques, fast decryption and computation outsourcing, proxy re-encryption etc. Moreover, the paper presents feature-wise comparison of all the pertinent schemes in the field. Finally, some research challenges and directions are summarized that need to be addressed in near future.

• 정보과학회 논문지
• /
• 제42권1호
• /
• pp.97-106
• /
• 2015

최근 데이터베이스 아웃소싱(Outsourcing) 환경에서 데이터 보호를 위한 암호화 기법 및 질의 결과 검증 기법에 대한 관심이 고조되고 있다. 그러나 기존 아웃소싱 데이터 암호화 기법들은 원본 데이터베이스 도메인 정보를 알고 있는 공격자에 의한 순서 매칭 공격 및 카운팅 공격에 취약한 문제점을 지닌다. 기존 질의 결과 무결성 검증 기법은 질의 결과 검증 데이터 전송 오버헤드 문제를 지닌다. 따라서, 본 논문에서는 데이터 보호를 위한 그룹 순서 보존 암호화 인덱스 및 이를 기반으로 한 질의 결과 무결성 검증 기법을 제안한다. 제안하는 기법은 순서 보존 암호화 인덱스를 통해 데이터를 암호화 하고, 복호화 없이 질의를 수행한다. 또한, 힐버트 커브를 통해 그룹 정보를 은닉함으로써, 질의 수행 과정에서 데이터 그룹 정보가 유출되는 것을 방지한다. 마지막으로, 주기함수 기반 그룹 분할 및 그룹 기반 인증을 통해 질의 결과 무결성 검증을 위한 데이터 크기를 감소시킨다. 성능평가를 통해, 제안하는 기법이 기존 버킷 기반 인증 기법에 비해 질의 처리 시간 측면에서 평균 1.6배, 검증 데이터 오버헤드 측면에서 최대 20배의 성능을 개선함을 보인다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제12권7호
• /
• pp.3375-3400
• /
• 2018

With the advent of database-as-a-service (DAAS) and cloud computing, more and more data owners are motivated to outsource their data to cloud database in consideration of convenience and cost. However, it has become a challenging work to provide security to database as service model in cloud computing, because adversaries may try to gain access to sensitive data, and curious or malicious administrators may capture and leak data. In order to realize privacy preservation, sensitive data should be encrypted before outsourcing. In this paper, we present a secure and practical system over encrypted cloud data, called QSDB (queryable and secure database), which simultaneously supports SQL query operations. The proposed system can store and process the floating point numbers without compromising the security of data. To balance tradeoff between data privacy protection and query processing efficiency, QSDB utilizes three different encryption models to encrypt data. Our strategy is to process as much queries as possible at the cloud server. Encryption of queries and decryption of encrypted queries results are performed at client. Experiments on the real-world data sets were conducted to demonstrate the efficiency and practicality of the proposed system.

• Journal of Information Processing Systems
• /
• 제14권5호
• /
• pp.1087-1101
• /
• 2018

As cloud computing has become a widespread technology, malicious attackers can obtain the private information of users that has leaked from the service provider in the outsourced databases. To resolve the problem, it is necessary to encrypt the database prior to outsourcing it to the service provider. However, the most existing data encryption schemes cannot process a query without decrypting the encrypted databases. Moreover, because the amount of the data is large, it takes too much time to decrypt all the data. For this, Programmable Order-Preserving Secure Index Scheme (POPIS) was proposed to hide the original data while performing query processing without decryption. However, POPIS is weak to both order matching attacks and data count attacks. To overcome the limitations, we propose a group order-preserving data encryption scheme (GOPES) that can support efficient query processing over the encrypted data. Since GOPES can preserve the order of each data group by generating the signatures of the encrypted data, it can provide a high degree of data privacy protection. Finally, it is shown that GOPES is better than the existing POPIS, with respect to both order matching attacks and data count attacks.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제14권10호
• /
• pp.4136-4156
• /
• 2020

Recently, data can be safely shared or stored using the infrastructure of cloud computing in various fields. However, issues such as data security and privacy affect cloud environments. Thus, a variety of security technologies are required, one of them is security technology using CP-ABE. Research into the CP-ABE scheme is currently ongoing, but the existing CP-ABE schemes can pose security threats and are inefficient. In terms of security, the CP-ABE approach should be secure against user collusion attacks and masquerade attacks. In addition, in a dynamic cloud environment where users are frequently added or removed, they must eliminate user access when they leave, and so users will not be able to access the cloud after removal. A user who has left should not be able to access the cloud with the existing attributes, secret key that had been granted. In addition, the existing CP-ABE scheme increases the size of the ciphertext according to the number of attributes specified by the data owner. This leads to inefficient use of cloud storage space and increases the amount of operations carried out by the user, which becomes excessive when the number of attributes is large. In this paper, CP-ABE access control is proposed to block access of withdrawn users in dynamic cloud environments. This proposed scheme focuses on the revocation of the attributes of the withdrawn users and the output of a ciphertext of a constant-size, and improves the efficiency of the user decryption operation through outsourcing.

• 방송공학회논문지
• /
• 제18권5호
• /
• pp.758-770
• /
• 2013

브로드캐스트 암호시스템은 송신자가 수신자 집합을 지정하여 생성한 암호문을 공개된 채널을 통해 전송하면, 수신자 집합에 속하는 정당한 사용자만이 메시지를 복호화 할 수 있는 암호 기법이다. 2005년도에는 공모공격에 안전하며 상수크기의 암호문과 비밀키를 가지는 페어링 기반의 기법이 Boneh 등에 의해 제안되었다. 일반적으로 페어링 기반의 기법은 사용자로부터 많은 연산량을 요구하기 때문에 리소스에 제한이 있는 기기에 적용하기에는 어려움이 있었다. 본 논문에서는 Boneh 등의 기법을 기반으로 브로드캐스트 암호시스템에서 암호문을 효율적으로 복호화 하는 기법(BEWD)을 제안한다. 제안하는 기법에서는 복호화 시에 요구되는 페어링연산과 다른 사용자들의 공개키가 쓰이는 연산을 제 3자인 프록시 서버에 위임함으로써 사용자에게 요구되는 연산량을 줄인다. 또한 사용자는 서버의 올바른 계산을 확인을 할 수 있다. 제안하는 기법은 n-BDHE가정 하에 선택적인 IND-RCCA에 안전한 기법이다.