An Attribute-Based Encryption Scheme Based on Unrecognizable Trapdoors

Attribute-Based Encryption (ABE) has been widely used for ciphertext retrieval in the cloud environment.However,bi-flexible attribute control and privacy keywords are difficult problems that have yet to be solved.In this paper,we introduce the denial of access policy and the mutual matching algorithm of a dataset used to realize bidirectional control of attributes in the cloud server.To solve the problem of keyword privacy,we construct a security trapdoor by adding random numbers that effectively resist keyword guessing attacks from cloud servers and external attackers.System security is reduced to the Deterministic Bilinear Diffie-Hellman (DBDH) hypothesis problem.We validate our scheme through theoretical security analysis and experimental verification.Experiments are conducted on a real dataset,and results show that the scheme has higher security and retrieval efficiency than previous methods.     

Security and privacy issues in electronic health network

Electronic health network(EHN) is an information system providing functions involved in e-health. In this paper, we devise mechanisms covering three important security and privacy issues of EHN including trust management, privacy preserving, and data sharing. First, we propose an authenticated key agreement scheme based on hierarchical identity-based signature(HIBS). We abstract a hierarchical architecture from the social network architecture of EHN. To support large-scale scenarios, we introduce a virtual signature generation phase into traditional HIBS, thus our scheme will be efficient even the depth is quite big. Second, we propose a fast data searching scheme based on symmetric searchable encryption(SSE). To improve the searching efficiency, we introduce a two-level cache structure into the traditional SSE. Third, we propose an access control scheme based on hierarchical identitybased encryption(HIBE). To make it a fine-grained scheme, we organize the data owner’s file in hierarchy and introduce a virtual key generation phase to traditional HIBE. Also, the scheme can provide delegation and revocation functions easily. Besides, our schemes guarantee known-key secrecy, forward secrecy, and antidirection secrecy and possess the resistance capability to collude-attack. Evaluation results show that our scheme indeed achieves the security and efficiency.     

Secure multi-party computation solution to Yao''s millionaires'' problem based on set-inclusion

Secure multi-party computation is a focus of international cryptography in recent years. Protocols for Yao's millionaires' problem have become an important building block of many secure multi-party computation protocols. Their efficiency are crucial to the efficiency of many secure multi-party computation protocols. Unfortunately, known protocols for Yao's millionaires' problem have high computational complexity or communication complexity. In this study, based on the 1-out-of-m oblivious transfer and set-inclusion problem, we propose a new protocol to solve this problem. This new protocol is very efficient in terms of both computational and communication complexities. Its privacy-preserving property is also proved by simulation paradigm which is generally accepted in the study of secure multi-party computation. We also compare the information leakage of our new protocol and the known protocols.     

Privacy Preserving Query over Encrypted Multidimensional Massive Data in Cloud Storage

Cloud storage is widely used in massive data outsourcing, but how to efficiently query encrypted multidimensional data stored in an untrusted cloud environment remains a research challenge. We propose a high performance and privacy-preserving query (pLSH-PPQ) scheme over encrypted multidimensional data to address this challenge. In our scheme, for a given query, the proxy server will return K top similar data object identifiers. An enhanced Ciphertext-Policy Attribute-Based Encryption (CP-ABE) policy is used to control access to the search results. Therefore, only the requester with the permission attribute can obtain correct secret keys to decrypt the data. Security analysis proves that the pLSH-PPQ scheme achieves data confidentiality and reserves the data owner’s privacy in a semi-trusted cloud. In addition, evaluations demonstrate that the pLSH-PPQ scheme can significantly reduce response time and provide high search efficiency without compromising on search quality.     

Provable Efficient Certificateless Group Key Exchange Protocol

Certificateless public key cryptography （CL-PKC） avoids the inherent escrow of identity-based cryptography and does not require certificates to guarantee the authenticity of public keys. Based on CL-PKC, we present an efficient constant-round group key exchange protocol, which is provably secure under the intractability of computation Diffie-Hellman problem. Our protocol is a contributory key exchange with perfect forward secrecy and has only two communication rounds. So it is more efficient than other protocols. Moreover, our protocol provides a method to design efficient constant-round group key exchange protocols and most secret sharing schemes could be adopted to construct our protocol.     

一种高效保持隐私数据挖掘协议的实现

简要介绍了数据挖掘和安全多方计算,提出了一种高效的基于安全多方计算的保持隐私数据挖掘协议,并对协议的安全性、公平性、有效性和复杂度进行了分析.     

有关保护私有信息的三角不等式判定问题研究

安全多方计算是信息安全领域研究的热点问题之一,保护私有信息的三角不等式判定问题是一类基于三方的特殊安全多方计算问题。文章设计了一个基于Paillier加密算法的百万富翁比较协议,并扩展该协议至三方参与者,形成一个基于Paillier加密算法的三角不等式判定协议;结合点积协议与百万富翁协议,设计了一个保护私有信息的三角不等式判定协议,在保护用户私有输入信息的条件下,解决了三角不等式的判定问题。     

Secure Two-Party Distance Computation Protocol Based on Privacy Homomorphism and Scalar Product in Wireless Sensor Networks

Numerous privacy-preserving issues have emerged along with the fast development of the Internet of Things. In addressing privacy protection problems in Wireless Sensor Networks(WSN), secure multi-party computation is considered vital, where obtaining the Euclidian distance between two nodes with no disclosure of either side’s secrets has become the focus of location-privacy-related applications. This paper proposes a novel Privacy-Preserving Scalar Product Protocol(PPSPP) for wireless sensor networks. Based on PPSPP, we then propose a Homomorphic-Encryption-based Euclidean Distance Protocol(HEEDP) without third parties. This protocol can achieve secure distance computation between two sensor nodes. Correctness proofs of PPSPP and HEEDP are provided, followed by security validation and analysis. Performance evaluations via comparisons among similar protocols demonstrate that HEEDP is superior; it is most efficient in terms of both communication and computation on a wide range of data types, especially in wireless sensor networks.     

排序问题的多方保密计算协议

为了解决多方参与的保密排序问题,提出了基于保密排序的隐私保护解决方案.该方案首先假设多方保密计算的参与者为半诚实的,即参与者在协议执行过程中将忠实地执行协议,但可能保留计算的中间结果,以试图推导出其他参与者的输入,然后给定参与者与数据的对应集合关系,并利用离散对数方法计算数据数组以获取其置换结果,从而使得参与者知道且只知道自己的数据在置换后的数组中的位置.模拟范例证明了所提方案具有一定保密性,且特别适用于解决计算机网络中的隐私保护问题.     

基于椭圆曲线的可验证的强（n,t,n）秘密共享方案

（n,t,n）秘密共享是构造安全多方计算和分布式数据库隐私保护数据挖掘等协议的基础工具.Harn等人提出了适合此环境下的强（n,t,n）秘密共享以及高效的（n,t,n）秘密共享,但这些方案只能验证子份额的真伪而无法验证子秘密的真伪,不能满足安全多方计算和分布式数据挖掘的应用需求.因此,本文基于椭圆曲线的因式分解困难假设和离散对数困难假设,提出可验证的强（n,t,n）秘密共享方案,利用椭圆曲线的点乘运算将多项式和子份额点乘基点加密,进行公开验证子秘密和子份额的真伪,从而保证了双向验证.通过分析显示,我们的方案具有较好的效率.     

垂直分布数据的隐私保护支持向量机

随着人们对隐私权的越来越重视,隐私保护数据挖掘成为当前研究热点.分类算法作为一个重要的数据挖掘方法被应用到各个领域,其中支持向量机(SVM)是分类算法中一个重要方法.并且数据的隐私性和安全性是人们关注的重点.本文对SSP协议进行扩展提出了一个基于垂直分布数据的隐私支持向量机算法,这个算法具有更高的效率和更好的安全性.     

属性盲化的模糊可搜索加密云存储方案

为保护基于属性的密文策略（ciphertext-policy attribute-based encryption,CP-ABE）可搜索加密云存储机制中数据使用者的属性隐私,实现云存储模糊可搜索加密,该文提出一种属性盲化的模糊可搜索加密云存储（attribute blinding fuzzy searchable encryption cloud storage,ABFSECS）方案.数据使用者的每个访问属性被随机盲化,再聚合为一个完整的盲化属性.通过关键字索引集和数据使用者生成的关键字陷门的匹配计算,实现了模糊可搜索加密云存储机制.利用云服务器的强大计算资源,引入预解密操作,减少了数据使用者的计算时间开销.安全性分析表明,ABFSECS方案具有不可伪造性,可抵抗数据使用者与云存储服务器间的共谋攻击,不会泄露数据使用者的属性隐私信息.      

Identity Based Group Key Agreement in Multiple PKG Environment

Secure and reliable group communication is an increasingly active research area by growing popularity in group-oriented and collaborative applications. In this paper, we propose the first identity-based authenticated group key agreement in multiple private key generators （PKG） environment. It is inspired on a new two-party identity-based key agreement protocol first proposed by Hoonjung Lee et al. In our scheme, although each member comes from different domain and belongs to different PKGs which do not share the common system parameters, they can agree on a shared secret group key. We show that our scheme satisfies every security requirements of the group key agreement protocols.     

Improved fair and dynamic provable data possession supporting public verification

A number of proposals have been suggested to tackle data integrity and privacy concerns in cloud storage in which some existing schemes suffer from vulnerabilities in data dynamics. In this paper, we propose an improved fairness and dynamic provable data possession scheme that supports public verification and batch auditing while preserves data privacy. The rb23Tree is utilized to facilitate data dynamics. Moreover, the fairness is considered to prevent a dishonest user from accusing the cloud service provider of manipulating the data. The scheme allows a third party auditor (TPA) to verify the data integrity without learning any information about the data content during the auditing process. Furthermore, our scheme also allows batch auditing, which greatly accelerates the auditing process when there are multiple auditing requests. Security analysis and extensive experimental evaluations show that our scheme is secure and efficient.     

云计算中安全的向量点积计算

安全问题是云计算研究的关键问题之一.提出云计算模型中安全的向量点积计算方案,同时提供计算结果的正确性验证和数据的隐私保护功能.通过分析向量和向量点积的代数性质,为数据所有者端的原始向量构建转换向量和影子向量,使客户能够验证计算结果的正确性.将现有两方间隐私保护的向量点积计算协议扩展到云计算模型中的三方.安全性分析表明该方案能够抵御多种可能的威胁.实验结果表明了该方案的高效性.     

Secure planar convex hull protocol for large-scaled point sets in semi-honest model

Efficiency and scalability are still the bottleneck for secure multi-party computation geometry(SMCG).In this work a secure planar convex hull(SPCH) protocol for large-scaled point sets in semi-honest model has been proposed efficiendy to solve the above problems.Firstly,a novel privacy-preserving point-inclusion(PPPI) protocol is designed based on the classic homomorphic encryption and secure cross product protocol,and it is demonstrated that the complexity of PPPI protocol is independent of the vertex size of the input convex hull.And then on the basis of the novel PPPI protocol,an effective SPCH protocol is presented.Analysis shows that this SPCH protocol has a good performance for large-scaled point sets compared with previous solutions.Moreover,analysis finds that the complexity of our SPCH protocol relies on the size of the points on the outermost layer of the input point sets only.     

无完全可信PKG身份签名的分层CES方案

针对管理型SaaS应用整体签批分层处理业务中隐私保护的需求,提出了一种无完全可信私钥生成中心（private key generator,PKG）身份签名的分层内容摘录签名（content extraction signature,CES）方案。采用分层摘录策略控制分片和签名摘录,基于身份签名克服了公钥基础设施证书管理复杂的问题,由租户和服务提供商的PKG独立生成用户私钥分量,在一定程度上克服了无完全可信PKG问题。分析表明,该方案具有用户私钥的私密性、CES的隐私性和不可伪造性,可推广应用于在线办公、在线图书销售等方面。     

多PKG环境下无双线性对的基于身份AKA协议

提出一种多PKG环境下无双线性对的基于身份AKA协议, 且在随机预言模型下, 将协议的安全性证明规约到标准的计算性CDH假设。提出了相应的基于身份XCR与DCR签名体制, 通过对两处体制进行安全性证明, 实现对新协议的安全性证明。通过与已有协议的相关性能比较体现了新协议的优点。     

Lattice-Based Double-Authentication-Preventing Ring Signature for Security and Privacy in Vehicular Ad-Hoc Networks

Amidst the rapid development of the Internet of Things(IoT), Vehicular Ad-Hoc NETwork(VANET), a typical IoT application, are bringing an ever-larger number of intelligent and convenient services to the daily lives of individuals. However, there remain challenges for VANETs in preserving privacy and security. In this paper, we propose the first lattice-based Double-Authentication-Preventing Ring Signature(DAPRS) and adopt it to propose a novel privacy-preserving authentication scheme for VANETs, offering the potential for security against quantum computers. The new construction is proven secure against chosen message attacks. Our scheme is more efficient than other ring signature in terms of the time cost of the message signing phase and verification phase, and also in terms of signature length. Analyses of security and efficiency demonstrate that our proposed scheme is provably secure and efficient in the application.     

An Identity-Based Key-Exchange Protocol

An identity-based key-exchange protocol using a bilinear map is proposed and it is proved SK-secure(session key secure) in the AM (authenticated links adversarial model) provided the BDDH (bilinear Diffie-Hellmen) assumption is correct. Then we apply the signature-based authenticator to our protocol and obtain an identity-based key-exchange protocol that is SK-secure in the UM (unauthenticated links adversarial model) provided the BDDH assumption is correct.