Biblio

Cloud computing has a major role in the development of commercial systems. It enables companies like Microsoft, Amazon, IBM and Google to deliver their services on a large scale to its users. A cloud service provider manages cloud computing based services and applications. For any organization a cloud service provider (CSP) is an entity which works within it. So it suffers from vulnerabilities associated with organization, including internal and external attacks. So its challenge to organization to secure a cloud service provider while providing quality of service. Attribute based encryption can be used to provide data security with Key policy attribute based encryption (KP-ABE) or ciphertext policy attribute based encryption (CP-ABE). But these schemes has lack of scalability and flexibility. Hierarchical CP-ABE scheme is proposed here to provide fine grained access control. Data security is achieved using encryption, authentication and authorization mechanisms. Attribute key generation is proposed for implementing authorization of users. The proposed system is prevented by SQL Injection attack.

Aiming at the increasing popularity of mobile terminals, a CP-ABE scheme adapted to lightweight decryption at the mobile end is proposed. The scheme has the function of supporting timely attributes revocation and policy hiding. Firstly, we will introduce the related knowledge of attribute base encryption. After that, we will give a specific CP-ABE solution. Finally, in the part of the algorithm analysis, we will give analysis performance and related security, and compare this algorithm with other algorithms.

Cloud storage service makes it very convenient for people to access and share data. At the same time, the confidentiality and privacy of user data is also facing great challenges. Ciphertext-Policy Attribute-Based Encryption (CP-ABE) scheme is widely considered to be the most suitable security access control technology for cloud storage environment. Aiming at the problem of privacy leakage caused by single-cloud CP-ABE which is commonly adopted in the current schemes, this paper proposes a privacy-preserving CP-ABE access control scheme using multi-cloud architecture. By improving the traditional CP-ABE algorithm and introducing a proxy to cut the user's private key, it can ensure that only a part of the user attribute set can be obtained by a single cloud, which effectively protects the privacy of user attributes. Meanwhile, the intermediate logical structure of the access policy tree is stored in proxy, and only the leaf node information is stored in the ciphertext, which effectively protects the privacy of the access policy. Security analysis shows that our scheme is effective against replay and man-in-the-middle attacks, as well as user collusion attack. Experimental results also demonstrates that the multi-cloud CP-ABE does not significantly increase the overhead of storage and encryption compared to the single cloud scheme, but the access control overhead decreases as the number of clouds increases. When the access policy is expressed with a AND gate structure, the decryption overhead is obviously less than that of a single cloud environment.

Platoon is one of cooperative driving applications where a set of vehicles can collaboratively sense each other for driving safety and traffic efficiency. However, platoon without security insurance makes the cooperative vehicles vulnerable to cyber-attacks, which may cause life-threatening accidents. In this paper, we introduce malicious attacks in platoon maneuvers. To defend against these attacks, we propose a Cyphertext-Policy Attribute-Based Encryption (CP-ABE) based Platoon Secure Sensing scheme, named CPSS. In the CPSS, platoon key is encapsulated in the access control structure in the key distribution process, so that interference messages sending by attackers without the platoon key could be ignored. Therefore, the sensing data which contains speed and position information can be protected. In this way, speed and distance fluctuations caused by attacks can be mitigated even eliminated thereby avoiding the collisions and ensuring the overall platoon stability. Time complexity analysis shows that the CPSS is more efficient than that of the polynomial time solutions. Finally, to evaluate capabilities of the CPSS, we integrate a LTE-V2X with platoon maneuvers based on Veins platform. The evaluation results show that the CPSS outperforms the baseline algorithm by 25% in terms of distance variations.

Most searchable attribute-based encryption schemes only support the search for single-keyword without attribute revocation, the data user cannot quickly detect the validity of the ciphertext returned by the cloud service provider. Therefore, this paper proposes an authorization of searchable CP-ABE scheme with attribute revocation and applies the scheme to the cloud computing environment. The data user to send the authorization information to the authorization server for authorization, assists the data user to effectively detect the ciphertext information returned by the cloud service provider while supporting the revocation of the user attribute in a fine-grained access control structure without updating the key during revocation stage. In the random oracle model based on the calculation of Diffie-Hellman problem, it is proved that the scheme can satisfy the indistinguishability of ciphertext and search trapdoor. Finally, the performance analysis shows that the scheme has higher computational efficiency.

Internet of Things (IoT) and cloud computing are promising technologies that change the way people communicate and live. As the data collected through IoT devices often involve users' private information and the cloud is not completely trusted, users' private data are usually encrypted before being uploaded to cloud for security purposes. Searchable encryption, allowing users to search over the encrypted data, extends data flexibility on the premise of security. In this paper, to achieve the accurate and efficient ciphertext searching, we present an efficient multi-keyword ranked searchable encryption scheme supporting ciphertext-policy attribute-based encryption (CP-ABE) test (MRSET). For efficiency, numeric hierarchy supporting ranked search is introduced to reduce the dimensions of vectors and matrices. For practicality, CP-ABE is improved to support access right test, so that only documents that the user can decrypt are returned. The security analysis shows that our proposed scheme is secure, and the experimental result demonstrates that our scheme is efficient.

For future Internet, information-centric networking (ICN) is considered a potential solution to many of its current problems, such as content distribution, mobility, and security. Named Data Networking (NDN) is a more popular ICN project. However, concern regarding the protection of user data persists. Information caching in NDN decouples content and content publishers, which leads to content security threats due to lack of secure controls. Therefore, this paper presents a CP-ABE (ciphertext policy attribute based encryption) access control scheme based on hash table and data segmentation (CHTDS). Based on data segmentation, CHTDS uses a method of linearly splitting fixed data blocks, which effectively improves data management. CHTDS also introduces CP-ABE mechanism and hash table data structure to ensure secure access control and privilege revocation does not need to re-encrypt the published content. The analysis results show that CHTDS can effectively realize the security and fine-grained access control in the NDN environment, and reduce communication overhead for content access.

Ciphertext Policy Attribute Based Encryption techniques provide fine grained access control to securely share the data in the organizations where access rights of users vary according to their roles. We have noticed that various key delegation mechanisms are provided for CP-ABE schemes but no key delegation mechanism exists for CP-ABE with hidden access policy. In practical, users' identity may be revealed from access policy in the organizations and unlimited further delegations may results in unauthorized data access. For maintaining the users' anonymity, the access structure should be hidden and every user must be restricted for specified further delegations. In this work, we have presented a flexible secure key delegation mechanism for CP-ABE with hidden access structure. The proposed scheme enhances the capability of existing CP-ABE schemes by supporting flexible delegation, attribute revocation and user revocation with negligible enhancement in computational cost.

Technology development has led to rapid increase in demands for multimedia applications. Due to this demand, digital archives are increasingly used to store these multimedia contents. Cloud is the commonly used archive to store, transmit, receive and share multimedia contents. Cloud makes use of internet to perform these tasks due to which data becomes more prone to attacks. Data security and privacy are compromised. This can be avoided by limiting data access to authenticated users and by hiding the data from cloud services that cannot be trusted. Hiding data from the cloud services involves encrypting the data before storing it into the cloud. Data to be shared with other users can be encrypted by utilizing Cipher Text-Policy Attribute Based Encryption (CP-ABE). CP-ABE is used which is a cryptographic technique that controls access to the encrypted data. The pairing-based computation based on bilinearity is used in ABE due to which the requirements for resources like memory and power supply increases rapidly. Most of the devices that we use today have limited memory. Therefore, an efficient pairing free CP- ABE access control scheme using elliptic curve cryptography has been used. Pairing based computation is replaced with scalar product on elliptic curves that reduces the necessary memory and resource requirements for the users. Even though pairing free CP-ABE is used, it is easier to retrieve the plaintext of a secret message if cryptanalysis is used. Therefore, this paper proposes to combine cryptography with steganography in such a way by embedding crypto text into an image to provide increased level of data security and data ownership for sub-optimal multimedia applications. It makes it harder for a cryptanalyst to retrieve the plaintext of a secret message from a stego-object if steganalysis were not used. This scheme significantly improved the data security as well as data privacy.

In this paper, we present the enhancement of a lightweight key-policy attribute-based encryption (KP-ABE) scheme designed for the Internet of Things (IoT). The KP-ABE scheme was claimed to achieve ciphertext indistinguishability under chosen-plaintext attack in the selective-set model but we show that the KP-ABE scheme is insecure even in the weaker security notion, namely, one-way encryption under the same attack and model. In particular, we show that an attacker can decrypt a ciphertext which does not satisfy the policy imposed on his decryption key. Subsequently, we propose an efficient fix to the KP-ABE scheme as well as extending it to be a hierarchical KP-ABE (H-KP-ABE) scheme that can support role delegation in IoT applications. An example of applying our H-KP-ABE on an IoT-connected healthcare system is given to highlight the benefit of the delegation feature. Lastly, using the NIST curves secp192k1 and secp256k1, we benchmark the fixed (hierarchical) KP-ABE scheme on an Android phone and the result shows that the scheme is still the fastest in the literature.

In previous multi-authority key-policy attribute-based Encryption (KP-ABE) schemes, either a super power central authority (CA) exists, or multiple attribute authorities (AAs) must collaborate in initializing the system. In addition, those schemes are proved security in the selective model. In this paper, we propose a new fully secure decentralized KP-ABE scheme, where no CA exists and there is no cooperation between any AAs. To become an AA, a participant needs to create and publish its public parameters. All the user's private keys will be linked with his unique global identifier (GID). The proposed scheme supports any monotonic access structure which can be expressed by a linear secret sharing scheme (LSSS). We prove the full security of our scheme in the standard model. Our scheme is also secure against at most F-1 AAs corruption, where F is the number of AAs in the system. The efficiency of our scheme is almost as well as that of the underlying fully secure single-authority KP-ABE system.

To allow fine-grained access control of sensitive data, researchers have proposed various types of functional encryption schemes, such as identity-based encryption, searchable encryption and attribute-based encryption. We observe that it is difficult to define some complex access policies in certain application scenarios by using these schemes individually. In this paper, we attempt to address this problem by proposing a functional encryption approach named Key-Policy Attribute-Based Encryption with Attribute Extension (KP-ABE-AE). In this approach, we utilize extended attributes to integrate various encryption schemes that support different access policies under a common top-level KP-ABE scheme, thus expanding the scope of access policies that can be defined. Theoretical analysis and experimental studies are conducted to demonstrate the applicability of the proposed KP-ABE-AE. We also present an optimization for a special application of KP-ABE-AE where IPE schemes are integrated with a KP-ABE scheme. The optimization results in an integrated scheme with better efficiency when compared to the existing encryption schemes that support the same scope of access policies.

Media streaming has largely dominated the Internet traffic and the trend will keep increasing in the next years. To efficiently distribute the media content, Information-Centric Networking (ICN) has attracted many researchers. Since end users usually obtain content from indeterminate caches in ICN, the publisher cannot reinforce data security and access control depending on the caches. Hence, the ability of self-contained protection is important for the cached contents. Attribute-based encryption (ABE) is considered the preferred solution to achieve this goal. However, the existing ABE schemes usually have problems regarding efficiency. The exponentiation in key generation and pairing operation in decryption respectively increases linearly with the number of attributes involved, which make it costly. In this paper, we propose an efficient key-policy ABE with fast key generation and decryption (FKP-ABE). In the key generation, we get rid of exponentiation and only require multiplications/divisions for each attribute in the access policy. And in the decryption, we reduce the pairing operations to a constant number, no matter how many attributes are used. The efficiency analysis indicates that our scheme has better performance than the existing KP-ABE schemes. Finally, we present an implementation framework that incorporates the proposed FKP-ABE with the ICN architecture.

KP-ABE mechanism emerges as one of the most suitable security scheme for asymmetric encryption. It has been widely used to implement access control solutions. However, due to its expensive overhead, it is difficult to consider this cryptographic scheme in resource-limited networks, such as the IoT. As the cloud has become a key infrastructural support for IoT applications, it is interesting to exploit cloud resources to perform heavy operations. In this paper, a collaborative variant of KP-ABE named C-KP-ABE for cloud-based IoT applications is proposed. Our proposal is based on the use of computing power and storage capacities of cloud servers and trusted assistant nodes to run heavy operations. A performance analysis is conducted to show the effectiveness of the proposed solution.

The Internet of Things (IoT) is a new paradigm in which every-day objects are interconnected between each other and to the Internet. This paradigm is receiving much attention of the scientific community and it is applied in many fields. In some applications, it is useful to prove that a number of objects are simultaneously present in a group. For example, an individual might want to authorize NFC payment with his mobile only if k of his devices are present to ensure that he is the right person. This principle is known as Grouping-Proofs. However, existing Grouping-Proofs schemes are mostly designed for RFID systems and don't fulfill the IoT characteristics. In this paper, we propose a Threshold Grouping-Proofs for IoT applications. Our scheme uses the Key-Policy Attribute-Based Encryption (KP-ABE) protocol to encrypt a message so that it can be decrypted only if at least k objects are simultaneously present in the same location. A security analysis and performance evaluation is conducted to show the effectiveness of our proposal solution.

In many hostile military environments for instance war zone, unfriendly nature, etc., the systems perform on the specially promoted mode and nature which they tolerate the defined system network architecture. Preparation of Disruption-Tolerant systems (DTN) enhances the network between the remote devices which provided to the soldiers in the war zone, this situation conveys the reliable data transmission under scanner. Cipher text approach are based on the attribute based encryption which mainly acts on the attributes or role of the users, which is a successful cryptographic strategy to maintain the control issues and also allow reliable data transfer. Specially, the systems are not centralized and have more data constrained issues in the systems, implementing the Ciphertext-Policy Attribute-Based Encryption (CP-ABE) was an important issue, where this strategy provides the new security and data protection approach with the help of the Key Revocation, Key Escrows and collaboration of the certain attributes with help of main Key Authorities. This paper mainly concentrates on the reliable data retrieval system with the help of CP-ABE for the Disruption-Tolerant Networks where multiple key authorities deal with respective attributes safely and securely. We performed comparison analysis on existing schemes with the recommended system components which are configured in the respective decentralized tolerant military system for reliable data retrieval.

Decentralized attribute-based encryption (ABE) is an efficient and flexible multi-authority attribute-based encryption system, since it does not requires the central authority and does not need to cooperate among the authorities for creating public parameters. Unfortunately, recent works show that the reality of the privacy preserving and security in almost well-known decentralized key policy ABE (KP-ABE) schemes are doubtful. How to construct a decentralized KP-ABE with the privacy-preserving and user collusion avoidance is still a challenging problem. Most recently, Y. Rahulamathavam et al. proposed a decentralized KP ABE scheme to try avoiding user collusion and preserving the user's privacy. However, we exploit the vulnerability of their scheme in this paper at first and present a collusion attack on their decentralized KP-ABE scheme. The attack shows the user collusion cannot be avoided. Subsequently, a new privacy-preserving decentralized KP-ABE is proposed. The proposed scheme avoids the linear attacks at present and achieves the user collusion avoidance. We also show that the security of the proposed scheme is reduced to decisional bilinear Diffie-Hellman assumption. Finally, numerical experiments demonstrate the efficiency and validity of the proposed scheme.

Ciphertext-policy attribute-based encryption (CP-ABE) has been proposed to enable fine-grained access control on encrypted data for cloud storage service. In the context of CP-ABE, since the decryption privilege is shared by multiple users who have the same attributes, it is difficult to identify the original key owner when given an exposed key. This leaves the malicious cloud users a chance to leak their access credentials to outsourced data in clouds for profits without the risk of being caught, which severely damages data security. To address this problem, we add the property of traceability to the conventional CP-ABE. To catch people leaking their access credentials to outsourced data in clouds for profits effectively, in this paper, we first propose two kinds of non-interactive commitments for traitor tracing. Then we present a fully secure traceable CP-ABE system for cloud storage service from the proposed commitment. Our proposed commitments for traitor tracing may be of independent interest, as they are both pairing-friendly and homomorphic. We also provide extensive experimental results to confirm the feasibility and efficiency of the proposed solution.

Two design techniques improve the robustness of Whitenoise encryption algorithm implementation to side-channel attacks based on dynamic and/or static power consumption. The first technique conceals the power consumption and has linear cost. The second technique randomizes the power consumption and has quadratic cost. These techniques are not mutually exclusive; their synergy provides a good robustness to power analysis attacks. Other circuit-level protection can be applied on top of the proposed techniques, opening the avenue for generating very robust implementations.

Ciphertext policy attribute-based encryption (CP-ABE) is a promising technology that offers fine-grained access control over encrypted data. In a CP-ABE scheme, any user can decrypt the ciphertext using his secret key if his attributes satisfy the access policy embedded in the ciphertext. Since the same ciphertext can be decrypted by multiple users with their own keys, the malicious users may intentionally leak their decryption keys for financial profits. So how to trace the malicious users becomes an important issue in a CP-ABE scheme. In addition, from the practical point of view, users may leave the system due to resignation or dismissal. So user revocation is another hot issue that should be solved. In this paper, we propose a practical CP-ABE scheme. On the one hand, our scheme has the properties of traceability and large universe. On the other hand, our scheme can solve the dynamic issue of user revocation. The proposed scheme is proved selectively secure in the standard model.

Wearable devices can be potentially captured or accessed in an unauthorized manner because of their physical nature. In such cases, they are in white-box attack contexts, where the adversary may have total visibility on the implementation of the built-in cryptosystem, with full control over its execution platform. Dealing with white-box attacks on wearable devices is undoubtedly a challenge. To serve as a countermeasure against threats in such contexts, we propose a lightweight encryption scheme to protect the confidentiality of data against white-box attacks. We constructed the scheme's encryption and decryption algorithms on a substitution-permutation network that consisted of random secret components. Moreover, the encryption algorithm uses random padding that does not need to be correctly decrypted as part of the input. This feature enables non-bijective linear transformations to be used in each encryption round to achieve strong security. The required storage for static data is relatively small and the algorithms perform well on various devices, which indicates that the proposed scheme satisfies the requirements of wearable computing in terms of limited memory and low computational power.

For the security enhancement of the conventional visible light (VL) communication which allows the easy intrusion by adjacent adversary due to visible signal characteristic, the VL communication technique based on the asymmetric Rivest-Shamir-Adleman (RSA) encryption method is proposed for smart indoor service in this paper, and the optimal key length of the RSA encryption process for secure VL communication technique is investigated, and also the error performance dependent on the various asymmetric encryption key is analyzed for the performance evaluation of the proposed technique. Then we could see that the VL communication technique based on the RSA encryption gives the similar RMSE performance independent of the length of the public or private key and provides the better error performance as the signal to noise ratio (SNR) increases.

Cloud service providers offer a low-cost and convenient solution to host unstructured data. However, cloud services act as third-party solutions and do not provide control of the data to users. This has raised security and privacy concerns for many organizations (users) with sensitive data to utilize cloud-based solutions. User-side encryption can potentially address these concerns by establishing user-centric cloud services and granting data control to the user. Nonetheless, user-side encryption limits the ability to process (e.g., search) encrypted data on the cloud. Accordingly, in this research, we provide a framework that enables processing (in particular, searching) of encrypted multiorganizational (i.e., multi-source) big data without revealing the data to cloud provider. Our framework leverages locality feature of edge computing to offer a user-centric search ability in a realtime manner. In particular, the edge system intelligently predicts the user's search pattern and prunes the multi-source big data search space to reduce the search time. The pruning system is based on efficient sampling from the clustered big dataset on the cloud. For each cluster, the pruning system dynamically samples appropriate number of terms based on the user's search tendency, so that the cluster is optimally represented. We developed a prototype of a user-centric search system and evaluated it against multiple datasets. Experimental results demonstrate 27% improvement in the pruning quality and search accuracy.

As we all are aware that internet acts as a depository to store cyberspace data and provide as a service to its user. cloud computing is a technology by internet, where a large amount of data being pooled by different users is stored. The data being stored comes from various organizations, individuals, and communities etc. Thus, security and privacy of data is of utmost importance to all of its users regardless of the nature of the data being stored. In this research paper the use of multiple encryption technique outlines the importance of data security and privacy protection. Also, what nature of attacks and issues might arise that may corrupt the data; therefore, it is essential to apply effective encryption methods to increase data security.

Many organizations around the world recognize the vitality of cloud computing. However, some concerns make organizations reluctant to adopting cloud computing. These include data security, privacy, and trust issues. It is very important that these issues are addressed to meet client concerns and to encourage the wider adoption of cloud computing. This paper develops a user privacy framework based upon on emerging security model that includes access control, encryption and protection monitor schemas in the cloud environment.