Figure - available from: Wireless Communications and Mobile Computing
This content is subject to copyright. Terms and conditions apply.
Source publication
In recent years, it has become popular to upload patients’ medical data to a third-party cloud server (TCS) for storage through medical Internet of things. It can reduce the local maintenance burden of the medical data and importantly improve accuracy in the medical treatment. As remote TCS cannot be fully trusted, medical data should be encrypted...
Similar publications
The unceasing development of Artificial Intelligence (AI) and Machine Learning (ML) techniques is growing with privacy problems related to the training data. A relatively recent approach to partially cope with such concerns is Federated Learning (FL), a technique in which only the parameters of the trained neural network models are transferred rath...
![Figure 2: A common container architecture [8].](publication/363146969/figure/fig1/AS:11431281081983112@1661952471784/A-common-container-architecture-8_Q320.jpg)
![Figure 3: The comparison of monolithic and microservice architectures [10].](publication/363146969/figure/fig2/AS:11431281082031893@1661952471829/The-comparison-of-monolithic-and-microservice-architectures-10_Q320.jpg)
![Figure 4: Function execution activation by the client [12].](publication/363146969/figure/fig3/AS:11431281082031894@1661952471854/Function-execution-activation-by-the-client-12_Q320.jpg)
With the migration of the enterprise applications to micro-services and containers, cloud service providers, starting with Amazon in 2014, announced a new computational model called function-as-a-service. In these platforms, developers create a set of fine-grained functions with shorter execution times instead of developing coarse-grained software....
The Internet of Medical Things (IoMT) offers an infrastructure made of smart medical equipment and software applications for health services. Through the internet, the IoMT is capable of providing remote medical diagnosis and timely health services. The patients can use their smart devices to create, store and share their electronic health records...
![Privacy vs. ϵ\documentclass[12pt]{minimal} \usepackage{amsmath}...](publication/377662165/figure/fig4/AS:11431281231936801@1711586537304/Privacy-vs-edocumentclass12ptminimal-usepackageamsmath-usepackagewasysym_Q320.jpg)
![Privacy vs. C\documentclass[12pt]{minimal} \usepackage{amsmath}...](publication/377662165/figure/fig5/AS:11431281231936802@1711586537489/Privacy-vs-Cdocumentclass12ptminimal-usepackageamsmath-usepackagewasysym_Q320.jpg)
Location-based service (LBS) servers are refined periodically due to the new type of privacy issues involved while providing various social benefits to the users. In literature, many privacy mechanisms are proposed for LBS servers, but these mechanisms fail to resist many possible inference attacks, such as multi-time publication attacks and multi-...
Smart grids face critical communication bottlenecks due to the ever-increasing volume of data from distributed sensors. This paper introduces a novel approach leveraging Generative Artificial Intelligence (GenAI), specifically a type of pre-trained convolutional neural network architecture suitable for time series data due to its efficiency and pri...
Citations
... Public key authenticated encryption with keyword search (PAEKS) [1][2][3][4][5][6][7][8][9][10][11][12] has been proposed as an extension of public key encryption with keyword search (PEKS) [13]. In PAEKS, a sender's secret key is required for encryption. ...
As a multireceiver variant of public key authenticated encryption with keyword search (PAEKS), broadcast authenticated encryption with keyword search (BAEKS) was proposed by Liu et al. (ACISP 2021). BAEKS focuses on receiver anonymity, where no information about the receiver is leaked from ciphertexts, which is reminiscent of the anonymous broadcast encryption. Here, there are rooms for improving their security definitions, e.g., two challenge sets of receivers are selected before the setup phase, and an adversary is not allowed to corrupt any receiver. In this paper, we propose a generic construction of BAEKS derived from PAEKS that provides ciphertext anonymity and consistency in a multireceiver setting. The proposed construction is an extension of the generic construction proposed by Libert et al. (PKC 2012) for the fully anonymous broadcast encryption and provides adaptive corruptions. We also demonstrate that the Qin et al. PAEKS scheme (ProvSec 2021) provides ciphertext anonymity and consistency in a multireceiver setting and can be employed as a building block of the proposed generic construction.
... Sun et al. [10] took into account the fact that the server was malicious, and they explored whether a PEKS scheme against inside KGA can be built based on different public key cryptosystems, such as PKI based, identity-based, or certificateless cryptosystem. In order to improve the scheme's efficiency, the researchers proposed a construction of PAEKS based on word-independent smooth projective hash functions (SPHFs) and PEKS [11][12][13][14][15][16][17][18][19]. ...
Outsourcing data to cloud services is a good solution for users with limited computing resources. Privacy and confidentiality of data is jeopardized when data is transferred and shared in the cloud. The development of searchable cryptography offers the possibility to solve these problems. Symmetric searchable encryption (SSE) is popular among researchers because it is efficient and secure. SSE often requires the data sender and data receiver to use the same key to generate key ciphertext and trapdoor, which will obviously cause the problem of key management. Searchable encryption based on public key can simplify the key management problem. A public key encryption scheme with keyword search (PEKS) allows multiple senders to encrypt keywords under the receiver’s public key. It is vulnerable to keyword guessing attacks (KGA) due to the small size of the keywords. The proposal of public key authenticated encryption with keyword search (PAEKS) is mainly to resist inside keyword guessing attacks. The previous security models do not involve the indistinguishability of the same keywords ( w 0 × × = w 1 ), which brings the user’s search pattern easy to leak. The essential reason is that the trapdoor generation algorithm is deterministic. At the same time, most of the existing schemes use bilinear pair design, which greatly reduces the efficiency of the scheme. To address these problems, the paper introduces an improved PAEKS model. We design a lightweight public key authentication encryption scheme based on the Diffie-Hellman protocol. Then, we prove the ciphertext indistinguishability security and trapdoor indistinguishability security of the scheme in the improved security model. Finally, the paper demonstrates its comparable security and computational efficiency by comparing it with previous PAEKS schemes. Meanwhile, we conduct an experimental evaluation based on the cryptographic library. Experimental results show that the computational overhead of our scheme compared with the ciphertext generation algorithm, trapdoor generation algorithm and test algorithm of other schemes Our scheme reduces 274, 158 and 60 times, respectively.
... In the process of patient diagnosis, the transmission of EHR between doctors or hospitals is inevitable. Since the EHR contains Mi Song, Song Han College of Data and Internet, Shenzhen University of Technology, Shenzhen 518118, Guangzhou, China patients' private information, the EHR must be encrypted, and it is necessary to focus on data security during EHR sharing (Riad et al. 2019;Chi et al. 2019;Gautam et al. 2019). Therefore, how to retrieve and share encrypted EHR while ensuring data security and privacy preservation is an essential research direction. ...
Searchable encryption allows data users to search for encrypted files by keywords without restriction. However, electronic health record (EHR) contains sensitive information, and data users should search for and share EHR with restriction. If data users are not restricted when EHR is searched and shared, there is a high risk that EHR will be misused and reveal large amounts of private patient information. This paper proposes a specified keywords search scheme for EHR sharing based on searchable encryption and proxy re-encryption to address this problem. In the scheme, the data user searches with the keywords specified by the doctor and obtains EHR from the medical cloud. Proxy re-encryption is used to implement the sharing of EHR and privacy preservation securely. The security proof demonstrates that our scheme is secure against chosen keyword attack. Furthermore, the experimental results show that the scheme achieves computational efficiency
... Recently, efforts have been spent on developing the PEKS scheme to solve the KGA problem, for example, in [8], in a Public-key Authenticated Encryption with Keyword Search (PAEKS) scheme a keyword is not only encrypted but also authenticated by the data owner. Another study [9] uses the method of renewing the keywords in the key server periodically to prevent the key server from being compromised. ...
... To address keyword guessing attack (KGA) issues, the authors of [37] present certificateless searchable publickey authenticated encryption scheme with a designated tester (CL-dPAEKS). Public-key Authenticated Encryption with Keyword Search (PAEKS) in [8] provides a different approach to solve the same problem. Besides that, the authors of [9] present SEPSE to resolve online and offline keyword guessing and also the single point of failure problem. ...
There are significant data privacy implications associated with Electronic Health Records (EHRs) sharing among various untrusted healthcare entities. Recently, a blockchain-based EHRs sharing system has provided many benefits. Decentralization, anonymity, unforgeability, and verifiability are all unique properties of blockchain technology. In this paper, we propose a secure, blockchain-based EHR sharing system. After receiving the data owner’s authorization, the data requester can use the data provider’s keyword search to discover relevant EHRs on the EHR consortium blockchain and obtain the re-encryption ciphertext from the proxy server. To attain privacy, access control and data security, the proposed technique uses asymmetric searchable encryption and conditional proxy re-encryption. Likewise, proof of permission serves in consortium blockchains as the consensus method to ensure the system’s availability. The proposed protocol can achieve the specified security goals, according to the security analysis. In addition, we simulate basic cryptography and put the developed protocol into practice on the Ethereum platform. The analysis results suggest that the developed protocol is computationally efficient.
... It mainly solves how to use untrusted servers to implement secure keyword search in a cloud storage environment so that users can securely search data in ciphertext state, specifically, search the keywords according to the keywords of interest. SE systems are divided into symmetric [1] and asymmetric [2][3][4] forms. Although the calculation amount of public key SE is greater than that of symmetric SE, data owners and users do not need to pass the key negotiation before searching, which is more secure and has greater practical value. ...
The emergence of the cloud storage has brought great convenience to people’s life. Many individuals and enterprises have delivered a large amount of data to the third-party server for storage. Thus, the privacy protection of data retrieved by the user needs to be guaranteed. Searchable encryption technology for the cloud environment is adopted to ensure that the user information is secure with retrieving data. However, most schemes only support single-keyword search and do not support file updates, which limit the flexibility of the scheme. To eliminate these problems, we propose a blockchain-enabled public key encryption scheme with multi-keyword search (BPKEMS), and our scheme supports file updates. In addition, smart contract is used to ensure the fairness of transactions between data owner and user without introducing a third party. At the data storage stage, our scheme realizes the verifiability by numbering the files, which ensures that the ciphertext received by the user is complete. In terms of security and performance, our scheme is secure against inside keyword guessing attacks (KGAs) and has better computation overhead than other related schemes.
The Secure Cloud Storage App, developed using React.js for the frontend and MongoDB for thebackend, addresses the growing need for a reliable and privacy-focused solution for storing and managing digital assetsin the cloud. In response to the escalating demand for a dependable and privacy-centric solution to handle digital assetsin the cloud, the Secure Cloud Storage App has emerged, meticulously crafted with React.js powering its frontend andMongoDB driving its backend architecture. This innovative application stands as a beacon for users seeking a securehaven for their data. At its core, security takes precedence, with the implementation of cutting-edge encryptionprotocols meticulously woven into every aspect of data transmission and storage. This fortification ensures the utmostconfidentiality and integrity of user information throughout its journey within the cloud infrastructure. The userinterface, expertly fashioned using React.js, stands as a testament to seamless design and intuitive interaction. Users areempowered with effortless capabilities to upload, organize, and access their files, enhancing productivity andconvenience in managing digital assets. MongoDB, a stalwart in backend database solutions, offers a robust foundationcharacterized by scalability and flexibility, adeptly catering to diverse storage requirements. Moreover, the SecureCloud Storage App encompasses comprehensive user authentication and authorization mechanisms, bolstering accesscontrol and privacy measures. Through the amalgamation of secure authentication protocols and end-to-end encryption,paramount importance is placed on shielding user data from prying eyes, fostering an environment of trust andconfidence in cloud-based file management. The synergy between React.js and MongoDB transcends meretechnological integration; it epitomizes a harmonious marriage of functionality and security. Not only does this pairingensure a responsive and dynamic user interface, but it also lays down a resilient and secure infrastructure for the storageand retrieval of sensitive information within the cloud ecosystem. In essence, the Secure Cloud Storage App stands as abeacon of innovation, ushering in a new era of secure and efficient cloud-based file management solutions.
In this paper, we propose a generic construction of forward secure public key authenticated encryption with keyword search (FS-PAEKS) from PAEKS. In addition to PAEKS, we employ 0/1 encodings proposed by Lin et al. (ACNS 2005). Here, forward security means that a newly generated ciphertext is not allowed to be searched by previously generated trapdoors. We also show that the Jiang et al. FS-PAEKS scheme (The Computer Journal 2023) does not provide forward security. Our generic construction is quite simple, and it can also be applied to construct forward secure public key encryption with keyword search (FS-PEKS). Our generic construction yields a comparably efficient FS-PEKS scheme compared to the previous scheme. Moreover, it eliminates the hierarchical structure (Abdalla et al. (JoC 2008)) or attribute-based feature (Zeng et al. (IEEE Transactions on Cloud Computing 2022)) of the previous generic constructions which is meaningful from a feasibility perspective.
Public key authenticated encryption with keyword search (PAEKS) has been proposed, where a sender's secret key is required for encryption, and a trapdoor is associated with not only a keyword but also the sender. This setting allows us to prevent information leakage of keyword from trapdoors. Liu et al. (ASIACCS 2022) proposed a generic construction of PAEKS based on word-independent smooth projective hash functions (SPHFs) and PEKS. In this paper, we propose a new generic construction of PAEKS, which is more efficient than Liu et al.'s in the sense that we only use one SPHF, but Liu et al. used two SPHFs. In addition, for consistency we considered a security model that is stronger than Liu et al.'s. Briefly, Liu et al. considered only keywords even though a trapdoor is associated with not only a keyword but also a sender. Thus, a trapdoor associated with a sender should not work against ciphertexts generated by the secret key of another sender, even if the same keyword is associated. That is, in the previous definitions, there is room for a ciphertext to be searchable even though the sender was not specified when the trapdoor is generated, that violates the authenticity of PAKES. Our consistency definition considers a multi-sender setting and captures this case. In addition, for indistinguishability against chosen keyword attack (IND-CKA) and indistinguishability against inside keyword guessing attack (IND-IKGA), we use a stronger security model defined by Qin et al. (ProvSec 2021), where an adversary is allowed to query challenge keywords to the encryption and trapdoor oracles. We also highlight several issues associated with the Liu et al. construction in terms of hash functions, e.g., their construction does not satisfy the consistency that they claimed to hold.
Searchable Encryption (SE) allows users to perform a keyword search over encrypted documents. In Eurocrypt’04, Boneh et al. introduced Public-key Encryption with Keyword Search (PEKS). Broadcast Encryption with Keyword Search (BEKS) is a natural progression to allow some amount of access control. Unfortunately, PEKS and BEKS suffer from keyword-guessing attacks (KGA). In the case of KGA, an adversary guesses the keyword encoded in a trapdoor by creating a ciphertext on a sequence of keywords of its choice and testing them against the trapdoor. In ACISP’21, Liu et al. introduced a variant of BEKS called Broadcast Authenticated Encryption with Keyword Search (BAEKS), which tried to mitigate KGA in BEKS. This construction did not argue consistency and achieved weaker security in the random oracle model.In this work, we first introduce the notion of consistency for BAEKS and introduce security models much stronger than those of Liu et al. We propose a new statistically-consistent construction of BAEKS in the standard model that achieves security in the newly introduced models. Our proposal is proven adaptively secure under the well-studied bilateral Matrix Diffie-Hellman Assumption and still achieves asymptotic efficiency similar to that of Liu et al.
