Search Results (60)

With the widespread deployment of video surveillance systems, effective access control is essential to enhance the accuracy and security of video anomaly detection. This paper proposes a Searchable and Revocable Attribute-Based Encryption scheme (ABE-RS) that is specifically designed for dynamic video anomaly detection scenarios. By integrating a user management tree structure, attribute-based key distribution, and keyword grouping techniques, the proposed scheme enables efficient user-level revocation along with dynamic updates to ciphertexts and keyword indexes. Furthermore, an inverted index structure is introduced to accelerate keyword search, facilitating the rapid detection and retrieval of anomalous video events. Formal security analysis demonstrates that the scheme is secure against chosen plaintext attacks (CPAs) and chosen keyword attacks (CKAs). The experimental results demonstrate that the scheme maintains millisecond-level revocation efficiency in methodology involving 512 users and either 50 attributes or a thousand keywords. Full article

The Feistel structure represents a fundamental architectural component within the domain of symmetric cryptographic algorithms, with a substantial body of research conducted within the context of classical computing environments. Nevertheless, research into specific symmetric cryptographic algorithms utilizing the Feistel structure is relatively scarce in quantum computing environments. This paper, for the first time, proposes a five-round distinguisher for Camellia under the quantum chosen-ciphertext attack (qCCA) setting, with its effectiveness empirically validated. Additionally, by combining Grover’s algorithm and Simon’s algorithm, we construct a nine-round key-recovery attack model against Camellia. Through an in-depth analysis of Camellia’s key expansion algorithm, we significantly reduce the complexity of the key-recovery attack. The proposed attack achieves a time complexity of 2^61.5 for recovering the correct key bits and requires 531 quantum bits. Full article

This study presents a decentralised ciphertext-policy attribute-based encryption (CP-ABE) scheme designed for secure and efficient access control in resource-constrained Internet-of-Things (IoT) environments. By utilising multi-authority architecture and outsourced computation, the scheme enhances scalability, simplifies key management by eliminating reliance on a certificate authority (CA), and ensures data confidentiality through randomised proxy keys. It is particularly suited for multi-scenario IoT applications involving information sharing, such as smart cities or industrial automation in strategic alliances or conglomerates. Demonstrating security against chosen-plaintext attacks under the decisional bilinear Diffie–Hellman assumption, the scheme offers a practical and scalable solution for decentralised access control. Full article

Stream ciphers are a type of symmetric encryption algorithm, and excel in speed and efficiency compared with block ciphers. They are applied in various applications, particularly in digital communications and real-time transmissions. In this paper, we propose lightweight chaotic keystream generators that utilize original one-dimensional (1D) chaotic maps with a counter to fit the requirement of a stream cipher for secure communications in the Internet of Things (IoT). The proposed chaotic scheme, referred to as expanded chaos, improves the limit of the chaotic range for the original 1D chaos. It can resist brute-force attacks, chosen-ciphertext attacks, guess-and-determine attacks, and other known attacks. We implement the proposed scheme on the IoT platform Raspberry Pi. Under NIST SP800-22 tests, the pass rates for the proposed improved chaotic maps with a counter and the proposed the mutual-coupled chaos are found to be at least about 90% and 92%, respectively. Full article

Searchable encryption (SE) allows users to efficiently retrieve data from encrypted cloud data, but most of the existing SE solutions only support precise keyword search. Fuzzy searchable encryption agrees with practical situations well in the cloud environment, as search keywords that are misspelled to some extent can still generate search trapdoors that are as effective as correct keywords. In scenarios where multiple users can search for ciphertext, most fuzzy searchable encryption schemes ignore the security issues associated with malicious cloud services and are inflexible in multi-user scenarios. For example, in medical application scenarios where malicious cloud servers may exist, diverse types of files need to correspond to doctors in the corresponding departments, and there is a lack of fine-grained access control for sharing decryption keys for different types of files. In the application of medical cloud storage, malicious cloud servers may return incorrect ciphertext files. Since diverse types of files need to be guaranteed to be accessible by doctors in the corresponding departments, sharing decryption keys with the corresponding doctors for different types of files is an issue. To solve these problems, a verifiable fuzzy searchable encryption with blockchain-assisted multi-user scenarios is proposed. Locality-sensitive hashing and bloom filters are used to realize multi-keyword fuzzy search, and the bigram segmentation algorithm is optimized for keyword conversion to improve search accuracy. To realize fine-grained access control in multi-user scenarios, ciphertext-policy attribute-based encryption (CP-ABE) is used to distribute the shared keys. In response to the possibility of malicious servers tampering with or falsifying users’ search results, the scheme leverages the blockchain’s technical features of decentralization, non-tamperability, and traceability, and uses smart contracts as a trusted third party to carry out the search work, which not only prevents keyword-guessing attacks within the cloud server, but also solves the verification work of search results. The security analysis leads to the conclusion that the scheme is secure under the adaptively chosen-keyword attack. Full article

The Internet of Things (IoT) is a heterogeneous network composed of numerous dynamically connected devices. While it brings convenience, the IoT also faces serious challenges in data security. Ciphertext-policy attribute-based encryption (CP-ABE) is a promising cryptography method that supports fine-grained access control, offering a solution to the IoT’s security issues. However, existing CP-ABE schemes are inefficient and unsuitable for IoT devices with limited computing resources. To address this problem, this paper proposes an efficient pairing-free CP-ABE scheme for the IoT. The scheme is based on lightweight elliptic curve scalar multiplication and supports multi-authority and verifiable outsourced decryption. The proposed scheme satisfies indistinguishability against chosen-plaintext attacks (CPA) under the elliptic curve decisional Diffie–Hellman (ECDDH) problem. Performance analysis shows that our proposed scheme is more efficient and better suited to the IoT environment compared to existing schemes. Full article

As technology advances rapidly, a diverse array of Internet of Things (IoT) devices finds widespread application across numerous fields. The intelligent nature of these devices not only gives people more convenience, but also introduces new challenges especially in security when transmitting data in fog-based cloud environments. In fog computing environments, data need to be transmitted across multiple devices, increasing the risk of data being intercepted or tampered with during transmission. To securely share cloud ciphertexts, an alleged proxy re-encryption approach is a commonly adopted solution. Without decrypting the original ciphertext, such a mechanism permits a ciphertext intended for user A to be easily converted into the one intended for user B. However, to revoke the decryption privilege of data users usually relies on the system authority to maintain a user revocation list which inevitably increases the storage space. In this research, the authors come up with a fog-based proxy re-encryption system with revocable identity. Without maintaining the traditional user revocation list, the proposed scheme introduces a time-updated key mechanism. The time-update key could be viewed as a partial private key and should be renewed with different time periods. A revoked user is unable to obtain the renewed time-update key and hence cannot share or decrypt cloud ciphertexts. We formally demonstrate that the introduced scheme satisfies the security of indistinguishability against adaptively chosen identity and chosen plaintext attacks (IND-PrID-CPA) assuming the hardness of the Decisional Bilinear Diffie–Hellman (DBDH) problem in the random oracle model. Furthermore, compared with similar systems, the proposed one also has lower computational complexity as a whole. Full article

Secure instant communication is an important topic of information security. A group chat is a highly convenient mode of instant communication. Increasingly, companies are adopting group chats as a daily office communication tool. However, a large volume of messages in group chat communication can lead to message overload, causing group members to miss important information. Additionally, the communication operator’s server may engage in the unreliable behavior of stealing information from the group chat. To address these issues, this paper proposes an attribute-based end-to-end policy-controlled signcryption scheme, aimed at establishing a secure and user-friendly group chat communication mode. By using the linear secret sharing scheme (LSSS) with strong expressive power to construct the access structure in the signcryption technology, the sender can precisely control the recipients of the group chat information to avoid message overload. To minimize computational cost, a signcryption step with constant computational overhead is designed. Additionally, a message-sending mechanism combining “signcryption + encryption” is employed to prevent the operator server from maliciously stealing group chat information. Rigorous analysis shows that PCE-EtoE can resist adaptive chosen-ciphertext attacks under the standard model. Simulation results demonstrate that our theoretical derivation is correct, and that the PCE-EtoE scheme outperforms existing schemes in terms of computational cost, making it suitable for group chat communication. Full article

Although the copyright protection schemes supported by blockchain have significantly changed traditional copyright data management, there are still some data security challenges that cannot be ignored, especially the secure access and controllable management of copyright data. Quantum computing attacks also pose a threat to its security. Targeting these issues, we design and propose a blockchain copyright protection scheme based on attribute-based encryption (ABE). In this scheme, the security advantages of blockchain technology are utilized to ensure the authenticity and integrity of copyright data. Based on lattice cryptography and the decision ring learning with errors (R-LWE) problem, a new ABE algorithm that supports searchable ciphertext and policy updates is designed. Then, we introduce it into the blockchain copyright protection scheme, which enables secure access to copyright data and fine-grained control. In addition, the lattice cryptography can strengthen this scheme against quantum attacks. Through security analysis, our scheme can prove to be secure against adaptive chosen keyword attacks, selective chosen plaintext attacks, and adaptive chosen policy attacks in the random oracle model. More importantly, the comparison analysis and experimental results show that our proposed approach has lower computation costs and storage costs. Therefore, our scheme has better security and performance in copyright protection. Full article

In emergency situations, ensuring the secure transmission of medical information is critical. While existing schemes address on-road emergencies, off-road scenarios present unique challenges due to hazardous locations inaccessible to conventional vehicles. This research introduces a protocol for off-road emergencies, leveraging flying ad hoc networks (FANETs) formed by drones. The protocol, designed for users receiving emergency treatment, employs cryptographic techniques to protect sensitive information. To overcome the challenge of decrypting user medical records at emergency centers without the healthcare provider’s key, proxy re-encryption is employed. The control center (CC) securely generates encryption and decryption keys, facilitating the re-encryption process by the cloud server (CS) and transmission to the emergency center (E). The proposed protocol, free from pairing functions, underwent security and efficiency analyses, demonstrating resilience against chosen-ciphertext attacks (CCA) and collusion resistance (CR). Execution times of approximately 0.02 and 0.0 s for re-encryption and decryption processes, respectively, for a message size of 2000 bytes highlighted the efficiency of the protocol. The research contributes a secure and efficient proxy re-encryption protocol for off-road emergency medical information transmission within FANETs. Full article

The emerging cloud storage technology has significantly improved efficiency and productivity in the traditional electronic healthcare field. However, it has also brought about many security concerns. Ciphertext policy attribute-based encryption (CP-ABE) holds immense potential in achieving fine-grained access control, providing robust security for electronic healthcare data in the cloud. However, current CP-ABE schemes still face issues such as inflexible attribute revocation, relatively lower computational capabilities, and key management. To address these issues, this paper introduces a revocable and traceable undeniable ciphertext policy attribute-based encryption scheme (MA-RUABE). MA-RUABE not only enables fast and accurate data traceability, effectively preventing malicious user key leakage, but also includes a direct revocation feature, significantly enhancing computational efficiency. Furthermore, the introduction of a multi-permission mechanism resolves the issue of centralization of power caused by single-attribute permissions. Furthermore, a security analysis demonstrates that our system ensures resilience against chosen plaintext attacks. Experimental results demonstrate that MA-RUABE incurs lower computational overhead, effectively enhancing system performance and ensuring data-sharing security in cloud-based electronic healthcare systems. Full article

Based on the NTRU trapdoor used in NIST’s Falcon, a signcryption scheme following the sign-then-encrypt paradigm is constructed. The existing partitioning technique based on Waters hash over the lattice can not complete the security reduction in the standard model for the signature part due to the “partiality” of the pre-image generated with the NTRU trapdoor. To address this, a variant of Waters hash over small integers is proposed and, the probability of the successful reduction is analyzed. The resulting signcryption achieves existential unforgeability under the adaptive chosen-message attacks. By utilizing the uniqueness of the secret and the noise in an NTRU instance, the tag used in encryption is eliminated. Furthermore, a method to construct tamper-sensitive lattice public key encryption is proposed. This approach implants the ciphertext-sensitive information into the lattice public key encryption and binds it to the encrypted information. The malleability to the public key ciphertext triggers the change of the message–signature pair so that the IND-CCA2 security of the entire ciphertext can be guaranteed by the signature for the message. Thanks to the rational design and the efficiency of the NTRU trapdoor, the computational overhead of the proposed scheme is reduced significantly compared to the existing lattice-based signcryption scheme, reaching orders of magnitude improvement in efficiency. The experiment shows that the proposed scheme is efficient. Full article

Ciphertext policy–attribute-based encryption (CP-ABE), which provides fine-grained access control and ensures data confidentiality, is widely used in data sharing. However, traditional CP-ABE schemes often choose to outsource data to untrusted third-party cloud service providers for storage or to verify users’ access rights through third parties, which increases the risk of privacy leakage and also suffers from the problem of opaque permission verification. This paper proposes an access control scheme based on blockchain and CP-ABE, which is based on multiple authorization centers and supports policy updating. In addition, blockchain technology’s distributed, decentralized, and tamper-proof features are utilized to solve the trust crisis problem in the data-sharing process. Security analysis and performance evaluation show that the proposed scheme improves the computational efficiency by 18%, 26%, and 68% compared to previous references. The proposed scheme also satisfies the indistinguishability under chosen-plaintext attack (IND-CPA). Full article

In this paper, we propose a new symmetric stream cipher encryption algorithm based on Graph Walks and 2-dimensional matrices, called Matrix Encryption Walks (MEW). We offer example Key Matrices and show the efficiency of the proposed method, which operates in linear complexity with an extremely large key space and low-resource requirements. We also provide the Proof of Concept code for the encryption algorithm and a detailed analysis of the security of our proposed MEW. The MEW algorithm is designed for low-resource environments such as IoT or smart devices and is therefore intended to be simple in operation. The encryption, decryption, and key generation time, along with the bytes required to store the key, are all discussed, and similar proposed algorithms are examined and compared. We further discuss the avalanche effect, key space, frequency analysis, Shannon entropy, and chosen/known plaintext-ciphertext attacks, and how MEW remains robust against these attacks. We have also discussed the potential for future research into algorithms such as MEW, which make use of alternative structures and graphic methods for improving encryption models. Full article

The redactable blockchain has emerged as a promising technique in mobile crowdsensing, allowing users to break immutability in a controlled manner selectively. Unfortunately, current fine-grained redactable blockchains suffer two significant limitations in terms of security and functionality, which severely impede their application in mobile crowdsensing. For security, the transparency of the blockchain allows anyone to access both the data and policy, which consequently results in a breach of user privacy. Regarding functionality, current solutions cannot support error tolerance during policy matching, thereby limiting their applicability in various situations, such as fingerprint-based and face-based identification scenarios. This paper presents a privacy-preserving fine-grained redactable blockchain with policy fuzzy matching, named PRBFM. PRBFM supports fuzzy policy matching and partitions users’ privileges without compromising user privacy. The idea of PRBFM is to leverage threshold linear secret sharing based on the Lagrange interpolation theorem to distribute the decryption keys and chameleon hash trapdoors. Additionally, we have incorporated a privacy-preserving policy matching delegation mechanism into PRBFM to minimize user overhead. Our security analysis demonstrates that PRBFM can defend against the chosen-ciphertext attack. Moreover, experiments conducted on the FISCO blockchain platform show that PRBFM is at least 7.8 times faster than existing state-of-the-art solutions. Full article