Search Results (45)

In the deep integration process between digital infrastructure and new economic forms, structural imbalance between the evolution rate of cloud storage technology and the growth rate of data-sharing demands has caused systemic security vulnerabilities such as blurred data sovereignty boundaries and nonlinear surges in privacy leakage risks. Existing academic research indicates current proxy re-encryption schemes remain insufficient for cloud access control scenarios characterized by diversified user requirements and personalized permission management, thus failing to fulfill the security needs of emerging computing paradigms. To resolve these issues, a revocable attribute-based proxy re-encryption scheme supporting policy-hiding is proposed. Data owners encrypt data and upload it to the blockchain while concealing attribute values within attribute-based encryption access policies, effectively preventing sensitive information leaks and achieving fine-grained secure data sharing. Simultaneously, proxy re-encryption technology enables verifiable outsourcing of complex computations. Furthermore, the SM3 (SM3 Cryptographic Hash Algorithm) hash function is embedded in user private key generation, and key updates are executed using fresh random factors to revoke malicious users. Ultimately, the scheme proves indistinguishability under chosen-plaintext attacks for specific access structures in the standard model. Experimental simulations confirm that compared with existing schemes, this solution delivers higher execution efficiency in both encryption/decryption and revocation phases. Full article

Provable data possession (PDP) is a technique that enables the verification of data integrity in cloud storage without the need to download the data. PDP schemes are generally categorized into public and private verification. Public verification allows third parties to assess the integrity of outsourced data, offering good openness and flexibility, but it may lead to privacy leakage and security risks. In contrast, private verification restricts the auditing capability to the data owner, providing better privacy protection but often resulting in higher verification costs and operational complexity due to limited local resources. Moreover, most existing PDP schemes are based on classical number-theoretic assumptions, making them vulnerable to quantum attacks. To address these challenges, this paper proposes an identity-based PDP with a designated verifier over lattices, utilizing a specially leveled identity-based fully homomorphic signature (IB-FHS) scheme. We provide a formal security proof of the proposed scheme under the small-integer solution (SIS) and learning with errors (LWE) within the random oracle model. Theoretical analysis confirms that the scheme achieves security guarantees while maintaining practical feasibility. Furthermore, simulation-based experiments show that for a 1 MB file and lattice dimension of n = 128, the computation times for core algorithms such as TagGen, GenProof, and CheckProof are approximately 20.76 s, 13.75 s, and 3.33 s, respectively. Compared to existing lattice-based PDP schemes, the proposed scheme introduces additional overhead due to the designated verifier mechanism; however, it achieves a well-balanced optimization among functionality, security, and efficiency. Full article

By leveraging Internet of Things (IoT) technology, patients can utilize medical devices to upload their collected personal health records (PHRs) to the cloud for analytical processing or transmission to doctors, which embodies smart health systems and greatly enhances the efficiency and accessibility of healthcare management. However, the highly sensitive nature of PHRs necessitates efficient and secure transmission mechanisms. Revocable and verifiable attribute-based encryption (ABE) enables dynamic fine-grained access control and can verify the integrity of outsourced computation results via a verification tag. However, most existing schemes have two vital issues. First, in order to achieve the verifiable function, they need to execute the secret sharing operation twice during the encryption process, which significantly increases the computational overhead. Second, during the revocation operation, the verification tag is not updated simultaneously, so revoked users can infer plaintext through the unchanged tag. To address these challenges, we propose a revocable ABE scheme with efficient and secure verification, which not only reduces local computational load by optimizing the encryption algorithm and outsourcing complex operations to the cloud server, but also updates the tag when revocation operation occurs. We present a rigorous security analysis of our proposed scheme, and show that the verification tag retains its verifiability even after being dynamically updated. Experimental results demonstrate that local encryption and decryption costs are stable and low, which fully meets the real-time and security requirements of smart health systems. Full article

The proliferation of numerous portable mobile devices has made mobile crowd-sensing (MCS) systems a promising new trend. Traditional MCS systems typically outsource sensing tasks to the data aggregator (e.g., cloud server). They collect and analyze the provided sensing data through an appropriate truth discovery (TD) method to identify valuable data sets. However, existing privacy-preserving MCS systems lack transparency, enabling data aggregators to deviate from the specified protocols and allowing malicious users to provide false or invalid sensing data, thereby contaminating the resulting data sets. The lack of transparency and public verifiability in MCS systems undermines widespread adoption by preventing data requesters from confidently verifying data integrity and accuracy. To address this issue, we propose a transparent and privacy-preserving mobile crowd-sensing system with truth discovery (TP-MCS) constructed using zero-knowledge proof (ZKP) and the Merkle commitment tree. This scheme enables data requesters to effectively verify the correctness of the truth discovery service while ensuring data privacy. Furthermore, theoretical analysis and extensive experiments demonstrate that this scheme is secure and efficient. Full article

Electronic Health Records (EHRs: digital compilations of patient health status and diagnosis) are typically shared, analyzed, and stored on cloud servers. One operational challenge is to guarantee the accurate storage of EHRs, for instance, by utilizing Provable Data Possession (PDP). When a portion of one hospital’s EHRs needs to be transferred to another, outsourcing the computational costs of data transfer to the cloud and ensuring the integrity of the data transferred off-site becomes a problematic issue. In this article, to tackle these two problems, we put forward a certificateless provable data possession scheme with outsourced data transmission on secure cloud storage. Our scheme achieves the following functions: ensuring the data integrity for the transferred data; only the data owner or the data recipient themselves can verify the integrity of their own remote data; delegating most of the computations to the public cloud server to enable data transferability. Finally, we analyze the security and efficiency of the concrete scheme. The analysis demonstrates that our scheme is demonstrably secure and efficient. Full article

The Internet of Things (IoT) is a heterogeneous network composed of numerous dynamically connected devices. While it brings convenience, the IoT also faces serious challenges in data security. Ciphertext-policy attribute-based encryption (CP-ABE) is a promising cryptography method that supports fine-grained access control, offering a solution to the IoT’s security issues. However, existing CP-ABE schemes are inefficient and unsuitable for IoT devices with limited computing resources. To address this problem, this paper proposes an efficient pairing-free CP-ABE scheme for the IoT. The scheme is based on lightweight elliptic curve scalar multiplication and supports multi-authority and verifiable outsourced decryption. The proposed scheme satisfies indistinguishability against chosen-plaintext attacks (CPA) under the elliptic curve decisional Diffie–Hellman (ECDDH) problem. Performance analysis shows that our proposed scheme is more efficient and better suited to the IoT environment compared to existing schemes. Full article

With the rapid development of wireless communication and big data analysis technologies, the storage of massive amounts of data relies on third-party trusted storage, such as cloud storage. However, once data are stored on third-party servers, data owners lose physical control over their data, making it challenging to ensure data integrity and security. To address this issue, researchers have proposed integrity auditing mechanisms that allow for the auditing of data integrity on cloud servers without retrieving all the data. To further enhance the availability of data stored on cloud servers, multiple replicas of the original data are stored on the server. However, in existing multi-replica auditing schemes, there is a problem of server fraud, where the server does not actually store the corresponding data replicas. To tackle this issue, this paper presents a formal definition of authentic replicas along with a security model for the authentic-replica sampling mechanism. Based on time-lock puzzles, identity-based encryption (IBE) mechanisms, and succinct proof techniques, we design an authentic replica auditing mechanism. This mechanism ensures the authenticity of replicas and can resist outsourcing attacks and generation attacks. Additionally, our schemes replace the combination of random numbers and replica correspondence tables with Linear Feedback Shift Registers (LFSRs), optimizing the original client-side generation and uploading of replica parameters from being linearly related to the number of replicas to a constant level. Furthermore, our schemes allow for the public recovery of replica parameters, enabling any third party to verify the replicas through these parameters. As a result, the schemes achieve public verifiability and meet the efficiency requirements for authentic-replica sampling in multi-cloud environments. This makes our scheme more suitable for distributed storage environments. The experiments show that our scheme makes the time for generating copy parameters negligible while also greatly optimizing the time required for replica generation. As the amount of replica data increases, the time spent does not grow linearly. Due to the multi-party aggregation design, the verification time is also optimal. Compared to the latest schemes, the verification time is reduced by approximately 30%. Full article

To address the deficiencies in privacy-preserving expressive query and verification mechanisms in outsourced key-value stores, we propose EKV-VBQ, a scheme designed to ensure verifiable Boolean queries over encrypted key-value data. We have integrated blockchain and homomorphic Xor operations and pseudo-random functions to create a secure and verifiable datastore, while enabling efficient encrypted Boolean queries. Additionally, we have designed a lightweight verification protocol using bilinear map accumulators to guarantee the correctness of Boolean query results. Our security analysis demonstrates that EKV-VBQ is secure against adaptive chosen label attacks (IND-CLA) and guarantees Integrity and Unforgeability under the bilinear q-strong Diffie–Hellman assumption. Our performance evaluations showed reduced server-side storage overhead, efficient proof generation, and a significant reduction in user-side computational complexity by a factor of log n. Finally, GPU-accelerated optimizations significantly enhance EKV-VBQ’s performance, reducing computational overhead by up to 50%, making EKV-VBQ highly efficient and suitable for deployment in environments with limited computational resources. Full article

With the rapid development of geo-positioning technologies, location-based services have become increasingly widespread. In the field of location-based services, range queries on geographical data have emerged as an important research topic, attracting significant attention from academia and industry. In many applications, data owners choose to outsource their geographical data and range query tasks to cloud servers to alleviate the burden of local data storage and computation. However, this outsourcing presents many security challenges. These challenges include adversaries analyzing outsourced geographical data and query requests to obtain privacy information, untrusted cloud servers selectively querying a portion of the outsourced data to conserve computational resources, returning incorrect search results to data users, and even illegally modifying the outsourced geographical data, etc. To address these security concerns and provide reliable services to data owners and data users, this paper proposes an efficient and verifiable range query scheme (EVRQ) for encrypted geographical information in untrusted cloud environments. EVRQ is constructed based on a map region tree, 0–1 encoding, hash function, Bloom filter, and cryptographic multiset accumulator. Extensive experimental evaluations demonstrate the efficiency of EVRQ, and a comprehensive analysis confirms the security of EVRQ. Full article

The booming development of e-commerce has promoted the diversified development of logistics distribution services (LDS). For LDS, e-commerce retailers (e-retailers) often choose either the outsourced logistics distribution services strategy (OLDSS) or the self-built logistics distribution services strategy (SBLDSS). Although there are problems such as products getting lost and damaged during the logistics distribution process, the high transparency and traceability characteristics of blockchain technology (BT) can help solve the problem of products being lost and damaged in the logistics distribution process. However, due to the high cost of BT, e-retailers may encounter reduced sales, which causes the supply chain corporate profits to decrease. To encourage the BT investment enthusiasm of the e-retailers and regulate corporate profits, the government implements subsidies for e-retailers’ BT, namely, the government blockchain subsidy (GBS). In addition, in recent years, environmental degradation has become increasingly severe, causing negative impacts on people’s lives. To promote sustainable development, we use variational inequality to establish an e-commerce closed-loop supply chain (E-CLSC) network equilibrium model in which the network equilibrium decisions of e-retailers choosing the OLDSS and those choosing the SBLDSS are obtained. Then, we analyze the impact of the BT input cost and the GBS quota on equilibrium decisions by studying their properties and verifying the theoretical results by performing numerical examples. Finally, we analyze the profits of the e-retailers to obtain the impact of the BT input cost and the GBS quota on e-retailers’ choice of the optimal LDS strategy; in this way, we provide a scientific basis for e-retailers to choose the optimal LDS strategy. The results show that increasing the BT input costs reduces e-retailers’ product sales under the two LDS strategies, which decreases the production rate and the recovery rate of the products. When the BT input cost is low, SBLDSS is the best choice for e-retailers. When the BT input cost is high, OLDSS is the best choice for e-retailers. Moreover, there is a positive correlation between GBS and e-retailers’ product sales; thus, GBS is conducive to expanding market demand, regulating the profits of manufacturers, increasing the e-retailers’ profits, improving the enthusiasm of the e-retailers for BT investment, and promoting the overall development of supply chain enterprises. For e-retailers, choosing the OLDSS can lead to a better development of the E-CLSC. Full article

Outsourcing computation has become increasingly popular due to its cost-effectiveness, enabling users with limited resources to conduct large-scale computations on potentially untrusted cloud platforms. In order to safeguard privacy, verifiable computing (VC) has emerged as a secure approach, ensuring that the cloud cannot discern users’ input and output. Random permutation masking (RPM) is a widely adopted technique in VC protocols to provide robust privacy protection. This work presents a precise definition of the privacy-preserving property of RPM by employing indistinguishability experiments. Moreover, an innovative attack exploiting the greatest common divisor and the least common multiple of each row and column in the encrypted matrices is introduced against RPM. Unlike previous density-based attacks, this novel approach offers a significant advantage by allowing the reconstruction of matrix values from the ciphertext based on RPM. A comprehensive demonstration was provided to illustrate the failure of protocols based on RPM in maintaining the privacy-preserving property under this proposed attack. Furthermore, an extensive series of experiments is conducted to thoroughly validate the effectiveness and advantages of the attack against RPM. The findings of this research highlight vulnerabilities in RPM-based VC protocols and underline the pressing need for further enhancements and alternative privacy-preserving mechanisms in outsourcing computation. Full article

Automobile manufacturers often outsource key components and parts to suppliers, hence ensuring that process quality has been a hot topic in current research. The quality control demands at different stages of the manufacturing supply chain cycle have been ignored in traditional process quality control methods. To solve this issue, this paper takes the three-cylinder engine balance shaft system as the research object, and builds a process quality control model for the three-cylinder engine balance shaft system oriented to the manufacturing supply chain. The metagraph theory is introduced, and parts suppliers in the manufacturing supply chain, product process quality attributes, supply chain revenue function, and other key elements are defined. By constructing the revenue function of the three-cylinder engine balance shaft system process quality control model, the feasibility of the proposed method is verified by taking the process quality control of one certain three-cylinder engine balance shaft system as a verification example. The results show that, with other conditions unchanged, the application of this method can increase the overall profit of the manufacturing supply chain by 100% at the stage of preparation before product machining, and more than 8% at the stage of product performance evaluation. The proposed method of process quality control based on the metagraph theory provides a theoretical basis for building an information sharing platform of product process quality, and effectively reduces the machining cost for product improvement and upgrading in the manufacturing supply chain. Full article

Ciphertext policy–attribute-based encryption (CP-ABE), which provides fine-grained access control and ensures data confidentiality, is widely used in data sharing. However, traditional CP-ABE schemes often choose to outsource data to untrusted third-party cloud service providers for storage or to verify users’ access rights through third parties, which increases the risk of privacy leakage and also suffers from the problem of opaque permission verification. This paper proposes an access control scheme based on blockchain and CP-ABE, which is based on multiple authorization centers and supports policy updating. In addition, blockchain technology’s distributed, decentralized, and tamper-proof features are utilized to solve the trust crisis problem in the data-sharing process. Security analysis and performance evaluation show that the proposed scheme improves the computational efficiency by 18%, 26%, and 68% compared to previous references. The proposed scheme also satisfies the indistinguishability under chosen-plaintext attack (IND-CPA). Full article

With the rapid development of Internet of Things technology and cloud computing technology, all industries need to outsource massive data to third-party clouds for storage in order to reduce storage and computing costs. Verifiable and dynamic searchable symmetric encryption is a very important cloud security technology, which supports the dynamic update of private data and allows users to perform search operations on the cloud server and verify the legitimacy of the returned results. Therefore, how to realize the dynamic search of encrypted cloud data and the effective verification of the results returned by the cloud server is a key problem to be solved. To solve this problem, we propose a verifiable dynamic encryption scheme (v-PADSSE) based on the public key cryptosystem. In order to achieve efficient and correct data updating, the scheme designs verification information (VI) for each keyword and constructs a verification list (VL) to store it. When dynamic update operations are performed on the cloud data, it is easy to quickly update the security index through obtaining the latest verification information in the VL. The safety and performance evaluation of the v-PADSSE scheme proved that the scheme is safe and effective. Full article

As medical data become increasingly important in healthcare, it is crucial to have proper access control mechanisms, ensuring that sensitive data are only accessible to authorized users while maintaining privacy and security. Ciphertext-Policy Attribute-Based Encryption (CP-ABE) is an attractive access control solution that can offer effective, fine-grained and secure medical data sharing, but it has two major drawbacks: Firstly, decryption is computationally expensive for resource-limited data users, especially when the access policy has many attributes, limiting its use in large-scale data-sharing scenarios. Secondly, existing schemes are based on data users’ attributes, which can potentially reveal sensitive information about the users, especially in healthcare data sharing, where strong privacy and security are essential. To address these issues, we designed an improved CP-ABE scheme that provides efficient and verifiable outsourced access control with fully hidden policy named EVOAC-HP. In this paper, we utilize the attribute bloom filter to achieve policy hiding without revealing user privacy. For the purpose of alleviating the decryption burden for data users, we also adopt the technique of outsourced decryption to outsource the heavy computation overhead to the cloud service provider (CSP) with strong computing and storage capabilities, while the transformed ciphertext results can be verified by the data user. Finally, with rigorous security and reliable performance analysis, we demonstrate that EVOAC-HP is both practical and effective with robust privacy protection. Full article