Single-pixel imaging(SPI)enables an invisible target to be imaged onto a photosensitive surface without a lens,emerging as a promising way for indirect optical encryption.However,due to its linear and broadcast imagin...Single-pixel imaging(SPI)enables an invisible target to be imaged onto a photosensitive surface without a lens,emerging as a promising way for indirect optical encryption.However,due to its linear and broadcast imaging principles,SPI encryption has been confined to a single-user framework for the long term.We propose a multi-image SPI encryption method and combine it with orthogonal frequency division multiplexing-assisted key management,to achieve a multiuser SPI encryption and authentication framework.Multiple images are first encrypted as a composite intensity sequence containing the plaintexts and authentication information,simultaneously generating different sets of keys for users.Then,the SPI keys for encryption and authentication are asymmetrically isolated into independent frequency carriers and encapsulated into a Malus metasurface,so as to establish an individually private and content-independent channel for each user.Users can receive different plaintexts privately and verify the authenticity,eliminating the broadcast transparency of SPI encryption.The improved linear security is also verified by simulating attacks.By the combination of direct key management and indirect image encryption,our work achieves the encryption and authentication functionality under a multiuser computational imaging framework,facilitating its application in optical communication,imaging,and security.展开更多
With the rapid development of information technology,data security issues have received increasing attention.Data encryption and decryption technology,as a key means of ensuring data security,plays an important role i...With the rapid development of information technology,data security issues have received increasing attention.Data encryption and decryption technology,as a key means of ensuring data security,plays an important role in multiple fields such as communication security,data storage,and data recovery.This article explores the fundamental principles and interrelationships of data encryption and decryption,examines the strengths,weaknesses,and applicability of symmetric,asymmetric,and hybrid encryption algorithms,and introduces key application scenarios for data encryption and decryption technology.It examines the challenges and corresponding countermeasures related to encryption algorithm security,key management,and encryption-decryption performance.Finally,it analyzes the development trends and future prospects of data encryption and decryption technology.This article provides a systematic understanding of data encryption and decryption techniques,which has good reference value for software designers.展开更多
Public Key Encryption with Keyword Search (PEKS), an indispensable part of searchable encryption, is stock-in- trade for both protecting data and providing operability of encrypted data. So far most of PEKS schemes ...Public Key Encryption with Keyword Search (PEKS), an indispensable part of searchable encryption, is stock-in- trade for both protecting data and providing operability of encrypted data. So far most of PEKS schemes have been established on Identity-Based Cryptography (IBC) with key escrow problem inherently. Such problem severely restricts the promotion of IBC-based Public Key Infrastructure including PEKS component. Hence, Certificateless Public Key Cryptography (CLPKC) is efficient to remove such problem. CLPKC is introduced into PEKS, and a general model of Certificateless PEKS (CLPEKS) is formalized. In addition, a practical CLPEKS scheme is constructed with security and efficiency analyses. The proposal is secure channel free, and semantically secure against adaptive chosen keyword attack and keyword guessing attack. To illustrate the superiority, massive experiments are conducted on Enron Email dataset which is famous in information retrieval field. Compared with existed constructions, CLPEKS improves the efficiency in theory and removes the key escrow problem.展开更多
The emergence of quantum computer will threaten the security of existing public-key cryptosystems, including the Diffie Hellman key exchange protocol, encryption scheme and etc, and it makes the study of resistant qua...The emergence of quantum computer will threaten the security of existing public-key cryptosystems, including the Diffie Hellman key exchange protocol, encryption scheme and etc, and it makes the study of resistant quantum cryptography very urgent. This motivate us to design a new key exchange protocol and eneryption scheme in this paper. Firstly, some acknowledged mathematical problems was introduced, such as ergodic matrix problem and tensor decomposition problem, the two problems have been proved to NPC hard. From the computational complexity prospective, NPC problems have been considered that there is no polynomial-time quantum algorithm to solve them. From the algebraic structures prospective, non-commutative cryptography has been considered to resist quantum. The matrix and tensor operator we adopted also satisfied with this non-commutative algebraic structures, so they can be used as candidate problems for resisting quantum from perspective of computational complexity theory and algebraic structures. Secondly, a new problem was constructed based on the introduced problems in this paper, then a key exchange protocol and a public key encryption scheme were proposed based on it. Finally the security analysis, efficiency, recommended parameters, performance evaluation and etc. were also been given. The two schemes has the following characteristics, provable security,security bits can be scalable, to achieve high efficiency, quantum resistance, and etc.展开更多
Searchable public key encryption is a useful cryptographic paradigm that enables an untrustworthy server to retrieve the encrypted data without revealing the contents of the data. It offers a promising solution to enc...Searchable public key encryption is a useful cryptographic paradigm that enables an untrustworthy server to retrieve the encrypted data without revealing the contents of the data. It offers a promising solution to encrypted data retrieval in cryptographic cloud storage. Certificateless public key cryptography (CLPKC) is a novel cryptographic primitive that has many merits. It overcomes the key escrow problem in identity-based cryptography (IBC) and the cumbersome certificate problem in conventional public key cryptography (PKC). Motivated by the appealing features of CLPKC, several certificateless encryption with keyword search (CLEKS) schemes have been presented in the literature. But, our cryptanalysis demonstrates that the previously proposed CLEKS frameworks suffer from the security vulnerability caused by the keyword guessing attack. To remedy the security weakness in the previous frameworks and provide resistance against both inside and outside keyword guessing attacks, we propose a new CLEKS framework. Under the new framework, we design a concrete CLEKS scheme and formally prove its security in the random oracle model. Compared with previous two CLEKS schemes, the proposed scheme has better overall performance while offering stronger security guarantee as it withstands the existing known types of keyword guessing attacks.展开更多
Fully homomorphic encryption is faced with two problems now. One is candidate fully homomorphic encryption schemes are few. Another is that the efficiency of fully homomorphic encryption is a big question. In this pap...Fully homomorphic encryption is faced with two problems now. One is candidate fully homomorphic encryption schemes are few. Another is that the efficiency of fully homomorphic encryption is a big question. In this paper, we propose a fully homomorphic encryption scheme based on LWE, which has better key size. Our main contributions are: (1) According to the binary-LWE recently, we choose secret key from binary set and modify the basic encryption scheme proposed in Linder and Peikert in 2010. We propose a fully homomorphic encryption scheme based on the new basic encryption scheme. We analyze the correctness and give the proof of the security of our scheme. The public key, evaluation keys and tensored ciphertext have better size in our scheme. (2) Estimating parameters for fully homomorphic encryption scheme is an important work. We estimate the concert parameters for our scheme. We compare these parameters between our scheme and Bral2 scheme. Our scheme have public key and private key that smaller by a factor of about logq than in Bral2 scheme. Tensored ciphertext in our scheme is smaller by a factor of about log2q than in Bral2 scheme. Key switching matrix in our scheme is smaller by a factor of about log3q than in Bra12 scheme.展开更多
Public key encryption scheme with keyword search (PEKS) enables us to search the encrypted data in a cloud server with a keyword, and no one can obtain any infor- mation about the encrypted data without the trapdoor...Public key encryption scheme with keyword search (PEKS) enables us to search the encrypted data in a cloud server with a keyword, and no one can obtain any infor- mation about the encrypted data without the trapdoor corresponding to the keyword. The PEKS is useful to keep the management of large data storages secure such as those in a cloud. In this paper, to protect against quantum computer attacks, we present a lattice-based identity-based encryption scheme with key- word search. We have proved that our scheme can achieve ciphertext indistinguishability in the random oracle model, and our scheme can also achieve trapdoor security. In particular, our scheme can designate a unique tester to test and return the search results, therefore it does not need a secure channel. To the best of our knowledge, our scheme is the first iden- tity-based encryption scheme with keyword search from lattice assumption.展开更多
The key exposure problem is a practical threat for many security applications. In wireless sensor networks (WSNs), keys could be compromised easily due to its limited hardware protections. A secure group key managemen...The key exposure problem is a practical threat for many security applications. In wireless sensor networks (WSNs), keys could be compromised easily due to its limited hardware protections. A secure group key management scheme is responsible for secure distributing group keys among valid nodes of the group. Based on the key-insulated encryption (KIE), we propose a group key management scheme (KIE-GKMS), which integrates the pair-wise key pre-distribution for WSN. The KIE-GKMS scheme updates group keys dynamically when adding or removing nodes. Moreover, the security analysis proves that the KIE-GKMS scheme not only obtains the semantic security, but also provides the forward and backward security. Finally, the theoretical analysis shows that the KIE-GKMS scheme has constant performance on both communication and storage costs in sensor nodes.展开更多
Cloud computing, a recently emerged paradigm faces major challenges in achieving the privacy of migrated data, network security, etc. Too many cryptographic technologies are raised to solve these issues based on ident...Cloud computing, a recently emerged paradigm faces major challenges in achieving the privacy of migrated data, network security, etc. Too many cryptographic technologies are raised to solve these issues based on identity, attributes and prediction algorithms yet;these techniques are highly prone to attackers. This would raise a need of an effective encryption technique, which would ensure secure data migration. With this scenario, our proposed methodology Efficient Probabilistic Public Key Encryption(EPPKE) is optimized with Covariance Matrix Adaptation Evolution Strategies(CMA-ES). It ensures data integrity through the Luhn algorithm with BLAKE 2b encapsulation. This enables an optimized security to the data which is migrated through cloud. The proposed methodology is implemented in Open Stack with Java Language. It achieves better results by providing security compared to other existing techniques like RSA, IBA, ABE, PBE, etc.展开更多
The expanding and ubiquitous availability of the Internet of Things(IoT)have changed everyone’s life easier and more convenient.Same time it also offers a number of issues,such as effectiveness,security,and excessive...The expanding and ubiquitous availability of the Internet of Things(IoT)have changed everyone’s life easier and more convenient.Same time it also offers a number of issues,such as effectiveness,security,and excessive power consumption,which constitute a danger to intelligent IoT-based apps.Group managing is primarily used for transmitting and multi-pathing communications that are secured with a general group key and it can only be decrypted by an authorized group member.A centralized trustworthy system,which is in charge of key distribution and upgrades,is used to maintain group keys.To provide longitudinal access controls,Software Defined Network(SDN)based security controllers are employed for group administration services.Cloud service providers provide a variety of security features.There are just a few software security answers available.In the proposed system,a hybrid protocols were used in SDN and it embeds edge system to improve the security in the group communication.Tree-based algorithms compared with Group Key Establishment(GKE)and Multivariate public key cryptosystem with Broadcast Encryption in the proposed system.When all factors are considered,Broadcast Encryption(BE)appears to become the most logical solution to the issue.BE enables an initiator to send encrypted messages to a large set of recipients in a efficient and productive way,meanwhile assuring that the data can only be decrypted by defining characteristic.The proposed method improves the security,efficiency of the system and reduces the power consumption and minimizes the cost.展开更多
The Internet of Things(IoT)offers a new era of connectivity,which goes beyond laptops and smart connected devices for connected vehicles,smart homes,smart cities,and connected healthcare.The massive quantity of data g...The Internet of Things(IoT)offers a new era of connectivity,which goes beyond laptops and smart connected devices for connected vehicles,smart homes,smart cities,and connected healthcare.The massive quantity of data gathered from numerous IoT devices poses security and privacy concerns for users.With the increasing use of multimedia in communications,the content security of remote-sensing images attracted much attention in academia and industry.Image encryption is important for securing remote sensing images in the IoT environment.Recently,researchers have introduced plenty of algorithms for encrypting images.This study introduces an Improved Sine Cosine Algorithm with Chaotic Encryption based Remote Sensing Image Encryption(ISCACE-RSI)technique in IoT Environment.The proposed model follows a three-stage process,namely pre-processing,encryption,and optimal key generation.The remote sensing images were preprocessed at the initial stage to enhance the image quality.Next,the ISCACERSI technique exploits the double-layer remote sensing image encryption(DLRSIE)algorithm for encrypting the images.The DLRSIE methodology incorporates the design of Chaotic Maps and deoxyribonucleic acid(DNA)Strand Displacement(DNASD)approach.The chaotic map is employed for generating pseudorandom sequences and implementing routine scrambling and diffusion processes on the plaintext images.Then,the study presents three DNASD-related encryption rules based on the variety of DNASD,and those rules are applied for encrypting the images at the DNA sequence level.For an optimal key generation of the DLRSIE technique,the ISCA is applied with an objective function of the maximization of peak signal to noise ratio(PSNR).To examine the performance of the ISCACE-RSI model,a detailed set of simulations were conducted.The comparative study reported the better performance of the ISCACE-RSI model over other existing approaches.展开更多
Wireless sensor networks are being deployed for some practical applications and their se-curity has received considerable attention.It is an important challenge to find out suitable keyagreement and encryption scheme ...Wireless sensor networks are being deployed for some practical applications and their se-curity has received considerable attention.It is an important challenge to find out suitable keyagreement and encryption scheme for wireless sensor networks due to limitations of the power,com-putation capability and storage resources.In this paper,an efficient key agreement and encryptionscheme for wireless sensor networks is presented.Results of analysis and simulations among the pro-posed scheme and other schemes show that the proposed scheme has some advantages in terms ofenergy consumption,computation requirement,storage requirement and security.展开更多
A mobile ad hoc network (MANET) is a collection of mobile nodes that temporarily integrate with each other to form a network. Such a network does not require the existence of a typical network infrastructure. There is...A mobile ad hoc network (MANET) is a collection of mobile nodes that temporarily integrate with each other to form a network. Such a network does not require the existence of a typical network infrastructure. There is no central entity with the authority to administer the services and configurations of the network. How to secure a MANET is an active field of study for researchers. However, most of the research on the topic of securing the MANETs has focused on adapting security mechanisms that were meant for traditional wired networks. This adaptation has resulted in security solutions that do not work efficiently or that make assumptions that are not in line with the properties and characterizations of MANETs. In this paper, we propose the use of security mechanisms for MANETs that are designed based on the characteristics, functionalities, and goals of such networks. We aim to initiate a paradigm shift in securing MANETs, in which the focus should be on building security solutions specifically developed for MANETs, and not on adapting solutions that were meant for conventional wired networks. We revisit the basics and propose a simple encryption keys creation scheme that is based on the Diffie-Hellman key agreement protocol. The work presented in this paper should mark the initiation of a research agenda designed to build security primitives that are specifically for MANETs, along the lines of the new paradigm.展开更多
In ACM'CCS 2009,Camenisch,et al.proposed the Oblivious Transfer with Access Control(AC-OT) in which each item is associated with an attribute set and can only be available,on request,to the users who have all the ...In ACM'CCS 2009,Camenisch,et al.proposed the Oblivious Transfer with Access Control(AC-OT) in which each item is associated with an attribute set and can only be available,on request,to the users who have all the attributes in the associated set.Namely,AC-OT achieves access control policy for conjunction of attributes.Essentially,the functionality of AC-OT is equivalent to the sim-plified version that we call AC-OT-SV:for each item,one attribute is associated with it,and it is requested that only the users who possess the associated attribute can obtain the item by queries.On one hand,AC-OT-SV is a special case of AC-OT when there is just one associated attribute with each item.On the other hand,any AC-OT can be realized by an AC-OT-SV.In this paper,we first present a concrete AC-OT-SV protocol which is proved to be secure in the model defined by Camenisch,et al..Then from the protocol,interestingly,a concrete Identity-Based Encryption(IBE) with Anonymous Key Issuing(AKI) is given which is just a direct application to AC-OT-SV.By comparison,we show that the AKI protocol we present is more efficient in communications than that proposed by Chow.展开更多
Cloud Computing expands its usability to various fields that utilize data and store it in a common space that is required for computing and the purpose of analysis as like the IoT devices.These devices utilize the clo...Cloud Computing expands its usability to various fields that utilize data and store it in a common space that is required for computing and the purpose of analysis as like the IoT devices.These devices utilize the cloud for storing and retrieving data since the devices are not capable of storing processing data on its own.Cloud Computing provides various services to the users like the IaaS,PaaS and SaaS.The major drawback that is faced by cloud computing include the Utilization of Cloud services for the storage of data that could be accessed by all the users related to cloud.The use of Public Key Encryptions with keyword search(PEKS)provides security against the untrustworthy third-party search capability on publicly encryption keys without revealing the data’s contents.But the Security concerns of PEKs arise when Inside Keywords Guessing attacks(IKGA),is identified in the system due to the untrusted server presume the keyword in trapdoor.This issue could be solved by using various algorithms like the Certificateless Hashed Public Key Authenticated Encryption with Keyword Search(CL-HPAEKS)which utilizes the Modified Elliptic Curve Cryptography(MECC)along with the Mutation Centred flower pollinations algorithm(CM-FPA)that is used in enhancing the performance of the algorithm using the Optimization in keys.The additional use of Message Digests 5(MD5)hash function in the system enhances the security Level that is associated with the system.The system that is proposed achieves the security level performance of 96 percent and the effort consumed by the algorithm is less compared to the other encryption techniques.展开更多
A measuring-basis encrypted quantum key distribution scheme is proposed by using twelve nonorthogohal states in a four-state system and the measuring-basis encryption technique. In this scheme, two bits of classical i...A measuring-basis encrypted quantum key distribution scheme is proposed by using twelve nonorthogohal states in a four-state system and the measuring-basis encryption technique. In this scheme, two bits of classical information can be encoded on one four-state particle and the transmitted particles can be fully used.展开更多
We presented a simple and efficient password-based encrypted key exchange protocol that allows a user to establish secure session keys with remote servers from client terminals in low resource environments. He does no...We presented a simple and efficient password-based encrypted key exchange protocol that allows a user to establish secure session keys with remote servers from client terminals in low resource environments. He does not need to carry smart card storing his private information but just needs to know his identity and password. For this purpose, the scheme was implemented over elliptic curves because of their well-known advantages with regard to processing and size constraints. Furthermore, the scheme is provably secure under the assumptions that the hash function closely behaves like a random oracle and that the elliptic curve computational Diffie-Hellman problem is difficult.展开更多
As a special kind of digital signature, verifiably encrypted signatures are used as a building block to construct optimistic fair exchange. Many verifiably encrypted signature schemes have been proposed so far and mos...As a special kind of digital signature, verifiably encrypted signatures are used as a building block to construct optimistic fair exchange. Many verifiably encrypted signature schemes have been proposed so far and most of them were proven secure under certain complexity assumptions. In this paper, however, we find that although some schemes are secure in a single-user setting, they are not secure in a multi-user setting any more. We show that Zhang, et al. ' s scheme, Gorantla, et al. ' s scheme and Ming, et al. ' s scheme are vulnerable to key substitution attacks, where an adversary can generate new keys satisfying legitimate verifiably encrypted signatures created by the legitimate users. We also show that this kind of attacks can breach the fairness when they are used in fair exchange in a multi-user setting.展开更多
This paper presents a scheme for quantum secure direct communication with quantum encryption. The two authorized users use repeatedly a sequence of the pure entangled pairs (quantum key) shared for encrypting and de...This paper presents a scheme for quantum secure direct communication with quantum encryption. The two authorized users use repeatedly a sequence of the pure entangled pairs (quantum key) shared for encrypting and decrypting the secret message carried by the travelling photons directly. For checking eavesdropping, the two parties perform the single-photon measurements on some decoy particles before each round. This scheme has the advantage that the pure entangled quantum signal source is feasible at present and any eavesdropper cannot steal the message.展开更多
Wireless sensor networks are open architectures, so any potential threat can easily intercept, wiretap and counterfeit the information. Therefore, the safety of WSN is very important. Since any single key system canno...Wireless sensor networks are open architectures, so any potential threat can easily intercept, wiretap and counterfeit the information. Therefore, the safety of WSN is very important. Since any single key system cannot guarantee the security of the wireless sensor network for communications, this paper introduces a hierarchical key management scheme based on the different abilities of different sensor nodes in the clustered wireless sensor network. In this scheme, the nodes are distributed into several clusters, and a cluster head must be elected for each cluster. Private communication between cluster heads is realized through the encryption system based on the identity of each head while private communication between cluster nodes in a same cluster head is achieved through the random key preliminary distribution system. Considering the characteristics of WSN, we adopt dynamic means called dynamic cluster key management scheme to deal with master key, so master key will be updated according to the changed dynamic network topology. For cluster head node plays a pivotal role in this scheme, a trust manage-ment system should be introduced into the election of the cluster head which will exclude the malicious node from outside the cluster, thus improve the whole network security.展开更多
基金supported by the National Key R&D Program of China(Grant No.2021YFB3900300)National Natural Science Foundation of China(Grant Nos.61860206007,62275177,and 62371321)+4 种基金Ministry of Education Science and Technology Chunhui Project(Grant No.HZKY20220559)International S and T Cooperation Program of Sichuan Province(Grant No.2023YFH0030)Sichuan Science and Technology Innovation Seeding Project(Grant No.23-YCG034)Sichuan Science and Technology Program(Grant No.2023YFG0334)Chengdu Science and Technology Program(Grant No.2022-GH02-00001-HZ).
文摘Single-pixel imaging(SPI)enables an invisible target to be imaged onto a photosensitive surface without a lens,emerging as a promising way for indirect optical encryption.However,due to its linear and broadcast imaging principles,SPI encryption has been confined to a single-user framework for the long term.We propose a multi-image SPI encryption method and combine it with orthogonal frequency division multiplexing-assisted key management,to achieve a multiuser SPI encryption and authentication framework.Multiple images are first encrypted as a composite intensity sequence containing the plaintexts and authentication information,simultaneously generating different sets of keys for users.Then,the SPI keys for encryption and authentication are asymmetrically isolated into independent frequency carriers and encapsulated into a Malus metasurface,so as to establish an individually private and content-independent channel for each user.Users can receive different plaintexts privately and verify the authenticity,eliminating the broadcast transparency of SPI encryption.The improved linear security is also verified by simulating attacks.By the combination of direct key management and indirect image encryption,our work achieves the encryption and authentication functionality under a multiuser computational imaging framework,facilitating its application in optical communication,imaging,and security.
文摘With the rapid development of information technology,data security issues have received increasing attention.Data encryption and decryption technology,as a key means of ensuring data security,plays an important role in multiple fields such as communication security,data storage,and data recovery.This article explores the fundamental principles and interrelationships of data encryption and decryption,examines the strengths,weaknesses,and applicability of symmetric,asymmetric,and hybrid encryption algorithms,and introduces key application scenarios for data encryption and decryption technology.It examines the challenges and corresponding countermeasures related to encryption algorithm security,key management,and encryption-decryption performance.Finally,it analyzes the development trends and future prospects of data encryption and decryption technology.This article provides a systematic understanding of data encryption and decryption techniques,which has good reference value for software designers.
基金This research was supported by the National Science Foundation of China for Funding Projects (61173089,61472298) and National Statistical Science Program of China(2013LZ46).
文摘Public Key Encryption with Keyword Search (PEKS), an indispensable part of searchable encryption, is stock-in- trade for both protecting data and providing operability of encrypted data. So far most of PEKS schemes have been established on Identity-Based Cryptography (IBC) with key escrow problem inherently. Such problem severely restricts the promotion of IBC-based Public Key Infrastructure including PEKS component. Hence, Certificateless Public Key Cryptography (CLPKC) is efficient to remove such problem. CLPKC is introduced into PEKS, and a general model of Certificateless PEKS (CLPEKS) is formalized. In addition, a practical CLPEKS scheme is constructed with security and efficiency analyses. The proposal is secure channel free, and semantically secure against adaptive chosen keyword attack and keyword guessing attack. To illustrate the superiority, massive experiments are conducted on Enron Email dataset which is famous in information retrieval field. Compared with existed constructions, CLPEKS improves the efficiency in theory and removes the key escrow problem.
基金the National Natural Science Foundation of China,the State Key Program of National Natural Science of China,the Major Research Plan of the National Natural Science Foundation of China,Major State Basic Research Development Program of China (973 Program),the Hubei Natural Science Foundation of China
文摘The emergence of quantum computer will threaten the security of existing public-key cryptosystems, including the Diffie Hellman key exchange protocol, encryption scheme and etc, and it makes the study of resistant quantum cryptography very urgent. This motivate us to design a new key exchange protocol and eneryption scheme in this paper. Firstly, some acknowledged mathematical problems was introduced, such as ergodic matrix problem and tensor decomposition problem, the two problems have been proved to NPC hard. From the computational complexity prospective, NPC problems have been considered that there is no polynomial-time quantum algorithm to solve them. From the algebraic structures prospective, non-commutative cryptography has been considered to resist quantum. The matrix and tensor operator we adopted also satisfied with this non-commutative algebraic structures, so they can be used as candidate problems for resisting quantum from perspective of computational complexity theory and algebraic structures. Secondly, a new problem was constructed based on the introduced problems in this paper, then a key exchange protocol and a public key encryption scheme were proposed based on it. Finally the security analysis, efficiency, recommended parameters, performance evaluation and etc. were also been given. The two schemes has the following characteristics, provable security,security bits can be scalable, to achieve high efficiency, quantum resistance, and etc.
基金supported by the National Natural Science Foundation of China under Grant Nos. 61772009 and U1736112the Natural Science Foundation of Jiangsu Province under Grant Nos. BK20161511 and BK20181304
文摘Searchable public key encryption is a useful cryptographic paradigm that enables an untrustworthy server to retrieve the encrypted data without revealing the contents of the data. It offers a promising solution to encrypted data retrieval in cryptographic cloud storage. Certificateless public key cryptography (CLPKC) is a novel cryptographic primitive that has many merits. It overcomes the key escrow problem in identity-based cryptography (IBC) and the cumbersome certificate problem in conventional public key cryptography (PKC). Motivated by the appealing features of CLPKC, several certificateless encryption with keyword search (CLEKS) schemes have been presented in the literature. But, our cryptanalysis demonstrates that the previously proposed CLEKS frameworks suffer from the security vulnerability caused by the keyword guessing attack. To remedy the security weakness in the previous frameworks and provide resistance against both inside and outside keyword guessing attacks, we propose a new CLEKS framework. Under the new framework, we design a concrete CLEKS scheme and formally prove its security in the random oracle model. Compared with previous two CLEKS schemes, the proposed scheme has better overall performance while offering stronger security guarantee as it withstands the existing known types of keyword guessing attacks.
基金The first author would like to thank for the Fund of Jiangsu Innovation Program for Graduate Education,the Fundamental Research Funds for the Central Universities,and Ningbo Natural Science Foundation,the Chinese National Scholarship fund,and also appreciate the benefit to this work from projects in science and technique of Ningbo municipal.The third author would like to thank for Ningbo Natural Science Foundation
文摘Fully homomorphic encryption is faced with two problems now. One is candidate fully homomorphic encryption schemes are few. Another is that the efficiency of fully homomorphic encryption is a big question. In this paper, we propose a fully homomorphic encryption scheme based on LWE, which has better key size. Our main contributions are: (1) According to the binary-LWE recently, we choose secret key from binary set and modify the basic encryption scheme proposed in Linder and Peikert in 2010. We propose a fully homomorphic encryption scheme based on the new basic encryption scheme. We analyze the correctness and give the proof of the security of our scheme. The public key, evaluation keys and tensored ciphertext have better size in our scheme. (2) Estimating parameters for fully homomorphic encryption scheme is an important work. We estimate the concert parameters for our scheme. We compare these parameters between our scheme and Bral2 scheme. Our scheme have public key and private key that smaller by a factor of about logq than in Bral2 scheme. Tensored ciphertext in our scheme is smaller by a factor of about log2q than in Bral2 scheme. Key switching matrix in our scheme is smaller by a factor of about log3q than in Bra12 scheme.
基金supported by the National Natural Science Foundation of China (No.61370203)China Postdoctoral Science Foundation Funded Project (No.2017M623008)+1 种基金Scientific Research Starting Project of SWPU (No.2017QHZ023)State Scholarship Foundation of China Scholarship Council (No.201708515149)
文摘Public key encryption scheme with keyword search (PEKS) enables us to search the encrypted data in a cloud server with a keyword, and no one can obtain any infor- mation about the encrypted data without the trapdoor corresponding to the keyword. The PEKS is useful to keep the management of large data storages secure such as those in a cloud. In this paper, to protect against quantum computer attacks, we present a lattice-based identity-based encryption scheme with key- word search. We have proved that our scheme can achieve ciphertext indistinguishability in the random oracle model, and our scheme can also achieve trapdoor security. In particular, our scheme can designate a unique tester to test and return the search results, therefore it does not need a secure channel. To the best of our knowledge, our scheme is the first iden- tity-based encryption scheme with keyword search from lattice assumption.
基金Project(61100201) supported by National Natural Science Foundation of ChinaProject(12ZZ019) supported by Technology Innovation Research Program,Shang Municipal Education Commission,China+1 种基金Project(LYM11053) supported by the Foundation for Distinguished Young Talents in Higher Education of Guangdong Province,ChinaProject(NCET-12-0358) supported by New Century Excellent Talentsin University,Ministry of Education,China
文摘The key exposure problem is a practical threat for many security applications. In wireless sensor networks (WSNs), keys could be compromised easily due to its limited hardware protections. A secure group key management scheme is responsible for secure distributing group keys among valid nodes of the group. Based on the key-insulated encryption (KIE), we propose a group key management scheme (KIE-GKMS), which integrates the pair-wise key pre-distribution for WSN. The KIE-GKMS scheme updates group keys dynamically when adding or removing nodes. Moreover, the security analysis proves that the KIE-GKMS scheme not only obtains the semantic security, but also provides the forward and backward security. Finally, the theoretical analysis shows that the KIE-GKMS scheme has constant performance on both communication and storage costs in sensor nodes.
文摘Cloud computing, a recently emerged paradigm faces major challenges in achieving the privacy of migrated data, network security, etc. Too many cryptographic technologies are raised to solve these issues based on identity, attributes and prediction algorithms yet;these techniques are highly prone to attackers. This would raise a need of an effective encryption technique, which would ensure secure data migration. With this scenario, our proposed methodology Efficient Probabilistic Public Key Encryption(EPPKE) is optimized with Covariance Matrix Adaptation Evolution Strategies(CMA-ES). It ensures data integrity through the Luhn algorithm with BLAKE 2b encapsulation. This enables an optimized security to the data which is migrated through cloud. The proposed methodology is implemented in Open Stack with Java Language. It achieves better results by providing security compared to other existing techniques like RSA, IBA, ABE, PBE, etc.
文摘The expanding and ubiquitous availability of the Internet of Things(IoT)have changed everyone’s life easier and more convenient.Same time it also offers a number of issues,such as effectiveness,security,and excessive power consumption,which constitute a danger to intelligent IoT-based apps.Group managing is primarily used for transmitting and multi-pathing communications that are secured with a general group key and it can only be decrypted by an authorized group member.A centralized trustworthy system,which is in charge of key distribution and upgrades,is used to maintain group keys.To provide longitudinal access controls,Software Defined Network(SDN)based security controllers are employed for group administration services.Cloud service providers provide a variety of security features.There are just a few software security answers available.In the proposed system,a hybrid protocols were used in SDN and it embeds edge system to improve the security in the group communication.Tree-based algorithms compared with Group Key Establishment(GKE)and Multivariate public key cryptosystem with Broadcast Encryption in the proposed system.When all factors are considered,Broadcast Encryption(BE)appears to become the most logical solution to the issue.BE enables an initiator to send encrypted messages to a large set of recipients in a efficient and productive way,meanwhile assuring that the data can only be decrypted by defining characteristic.The proposed method improves the security,efficiency of the system and reduces the power consumption and minimizes the cost.
基金Princess Nourah bint Abdulrahman University Researchers Supporting Project number(PNURSP2022R319)PrincessNourah bint Abdulrahman University,Riyadh,Saudi Arabia.The authors would like to thank the Deanship of Scientific Research at Umm Al-Qura University for supporting this work by Grant Code:(22UQU4210118DSR48).
文摘The Internet of Things(IoT)offers a new era of connectivity,which goes beyond laptops and smart connected devices for connected vehicles,smart homes,smart cities,and connected healthcare.The massive quantity of data gathered from numerous IoT devices poses security and privacy concerns for users.With the increasing use of multimedia in communications,the content security of remote-sensing images attracted much attention in academia and industry.Image encryption is important for securing remote sensing images in the IoT environment.Recently,researchers have introduced plenty of algorithms for encrypting images.This study introduces an Improved Sine Cosine Algorithm with Chaotic Encryption based Remote Sensing Image Encryption(ISCACE-RSI)technique in IoT Environment.The proposed model follows a three-stage process,namely pre-processing,encryption,and optimal key generation.The remote sensing images were preprocessed at the initial stage to enhance the image quality.Next,the ISCACERSI technique exploits the double-layer remote sensing image encryption(DLRSIE)algorithm for encrypting the images.The DLRSIE methodology incorporates the design of Chaotic Maps and deoxyribonucleic acid(DNA)Strand Displacement(DNASD)approach.The chaotic map is employed for generating pseudorandom sequences and implementing routine scrambling and diffusion processes on the plaintext images.Then,the study presents three DNASD-related encryption rules based on the variety of DNASD,and those rules are applied for encrypting the images at the DNA sequence level.For an optimal key generation of the DLRSIE technique,the ISCA is applied with an objective function of the maximization of peak signal to noise ratio(PSNR).To examine the performance of the ISCACE-RSI model,a detailed set of simulations were conducted.The comparative study reported the better performance of the ISCACE-RSI model over other existing approaches.
基金the Six Great Talent Peak Plan of JiangsuProvince(No 06-E-044)the"Qinlan Project"plan of Jiangsu province 2006 and the Natural Science Founda-tion of Jiangsu Province(No.BK2004218).
文摘Wireless sensor networks are being deployed for some practical applications and their se-curity has received considerable attention.It is an important challenge to find out suitable keyagreement and encryption scheme for wireless sensor networks due to limitations of the power,com-putation capability and storage resources.In this paper,an efficient key agreement and encryptionscheme for wireless sensor networks is presented.Results of analysis and simulations among the pro-posed scheme and other schemes show that the proposed scheme has some advantages in terms ofenergy consumption,computation requirement,storage requirement and security.
文摘A mobile ad hoc network (MANET) is a collection of mobile nodes that temporarily integrate with each other to form a network. Such a network does not require the existence of a typical network infrastructure. There is no central entity with the authority to administer the services and configurations of the network. How to secure a MANET is an active field of study for researchers. However, most of the research on the topic of securing the MANETs has focused on adapting security mechanisms that were meant for traditional wired networks. This adaptation has resulted in security solutions that do not work efficiently or that make assumptions that are not in line with the properties and characterizations of MANETs. In this paper, we propose the use of security mechanisms for MANETs that are designed based on the characteristics, functionalities, and goals of such networks. We aim to initiate a paradigm shift in securing MANETs, in which the focus should be on building security solutions specifically developed for MANETs, and not on adapting solutions that were meant for conventional wired networks. We revisit the basics and propose a simple encryption keys creation scheme that is based on the Diffie-Hellman key agreement protocol. The work presented in this paper should mark the initiation of a research agenda designed to build security primitives that are specifically for MANETs, along the lines of the new paradigm.
文摘In ACM'CCS 2009,Camenisch,et al.proposed the Oblivious Transfer with Access Control(AC-OT) in which each item is associated with an attribute set and can only be available,on request,to the users who have all the attributes in the associated set.Namely,AC-OT achieves access control policy for conjunction of attributes.Essentially,the functionality of AC-OT is equivalent to the sim-plified version that we call AC-OT-SV:for each item,one attribute is associated with it,and it is requested that only the users who possess the associated attribute can obtain the item by queries.On one hand,AC-OT-SV is a special case of AC-OT when there is just one associated attribute with each item.On the other hand,any AC-OT can be realized by an AC-OT-SV.In this paper,we first present a concrete AC-OT-SV protocol which is proved to be secure in the model defined by Camenisch,et al..Then from the protocol,interestingly,a concrete Identity-Based Encryption(IBE) with Anonymous Key Issuing(AKI) is given which is just a direct application to AC-OT-SV.By comparison,we show that the AKI protocol we present is more efficient in communications than that proposed by Chow.
文摘Cloud Computing expands its usability to various fields that utilize data and store it in a common space that is required for computing and the purpose of analysis as like the IoT devices.These devices utilize the cloud for storing and retrieving data since the devices are not capable of storing processing data on its own.Cloud Computing provides various services to the users like the IaaS,PaaS and SaaS.The major drawback that is faced by cloud computing include the Utilization of Cloud services for the storage of data that could be accessed by all the users related to cloud.The use of Public Key Encryptions with keyword search(PEKS)provides security against the untrustworthy third-party search capability on publicly encryption keys without revealing the data’s contents.But the Security concerns of PEKs arise when Inside Keywords Guessing attacks(IKGA),is identified in the system due to the untrusted server presume the keyword in trapdoor.This issue could be solved by using various algorithms like the Certificateless Hashed Public Key Authenticated Encryption with Keyword Search(CL-HPAEKS)which utilizes the Modified Elliptic Curve Cryptography(MECC)along with the Mutation Centred flower pollinations algorithm(CM-FPA)that is used in enhancing the performance of the algorithm using the Optimization in keys.The additional use of Message Digests 5(MD5)hash function in the system enhances the security Level that is associated with the system.The system that is proposed achieves the security level performance of 96 percent and the effort consumed by the algorithm is less compared to the other encryption techniques.
基金The project supported by the National Fundamental Research Program under Grant No. 2006CB0L0106, National Natural Science Foundation of China under Grant Nos. 60433050, 10325521, and 10447106, and the SRFDP Program of Education Ministry of China and Beijing Education Committee under Grant No. XK100270454
文摘A measuring-basis encrypted quantum key distribution scheme is proposed by using twelve nonorthogohal states in a four-state system and the measuring-basis encryption technique. In this scheme, two bits of classical information can be encoded on one four-state particle and the transmitted particles can be fully used.
基金Supported by the National Natural Science Foun-dation of China (60473021)
文摘We presented a simple and efficient password-based encrypted key exchange protocol that allows a user to establish secure session keys with remote servers from client terminals in low resource environments. He does not need to carry smart card storing his private information but just needs to know his identity and password. For this purpose, the scheme was implemented over elliptic curves because of their well-known advantages with regard to processing and size constraints. Furthermore, the scheme is provably secure under the assumptions that the hash function closely behaves like a random oracle and that the elliptic curve computational Diffie-Hellman problem is difficult.
基金Supported by the National High Technology Research and Development Programme of China ( No. 2008AA092301 ) and the National Natural Science Foundation of China (No. 50879014).
文摘As a special kind of digital signature, verifiably encrypted signatures are used as a building block to construct optimistic fair exchange. Many verifiably encrypted signature schemes have been proposed so far and most of them were proven secure under certain complexity assumptions. In this paper, however, we find that although some schemes are secure in a single-user setting, they are not secure in a multi-user setting any more. We show that Zhang, et al. ' s scheme, Gorantla, et al. ' s scheme and Ming, et al. ' s scheme are vulnerable to key substitution attacks, where an adversary can generate new keys satisfying legitimate verifiably encrypted signatures created by the legitimate users. We also show that this kind of attacks can breach the fairness when they are used in fair exchange in a multi-user setting.
基金Project supported by the National Natural Science Foundation of China (Grant Nos 10604008 and 10435020) and the Beijing Education Committee (Grant No XK100270454).
文摘This paper presents a scheme for quantum secure direct communication with quantum encryption. The two authorized users use repeatedly a sequence of the pure entangled pairs (quantum key) shared for encrypting and decrypting the secret message carried by the travelling photons directly. For checking eavesdropping, the two parties perform the single-photon measurements on some decoy particles before each round. This scheme has the advantage that the pure entangled quantum signal source is feasible at present and any eavesdropper cannot steal the message.
基金supported by National Natural Science Foundation of China Grant No. 60803150, No.60803151the National High Technology Research and Development Program of China under grant Nos.2008AA01Z411+1 种基金the Key Program of NSFC-Guangdong Union Foundation under Grant No.U0835004China Postdoctoral Science Foundation No. 20090451495
文摘Wireless sensor networks are open architectures, so any potential threat can easily intercept, wiretap and counterfeit the information. Therefore, the safety of WSN is very important. Since any single key system cannot guarantee the security of the wireless sensor network for communications, this paper introduces a hierarchical key management scheme based on the different abilities of different sensor nodes in the clustered wireless sensor network. In this scheme, the nodes are distributed into several clusters, and a cluster head must be elected for each cluster. Private communication between cluster heads is realized through the encryption system based on the identity of each head while private communication between cluster nodes in a same cluster head is achieved through the random key preliminary distribution system. Considering the characteristics of WSN, we adopt dynamic means called dynamic cluster key management scheme to deal with master key, so master key will be updated according to the changed dynamic network topology. For cluster head node plays a pivotal role in this scheme, a trust manage-ment system should be introduced into the election of the cluster head which will exclude the malicious node from outside the cluster, thus improve the whole network security.
