More and more clients would like to store their data to public cloud servers (PCSs) along with the rapid development of cloud computing. New security problems have to be solved in order to help more ...clients process their data in public cloud. When the client is restricted to access PCS, he will delegate its proxy to process his data and upload them. On the other hand, remote data integrity checking is also an important security problem in public cloud storage. It makes the clients check whether their outsourced data are kept intact without downloading the whole data. From the security problems, we propose a novel proxy-oriented data uploading and remote data integrity checking model in identity-based public key cryptography: identity-based proxy-oriented data uploading and remote data integrity checking in public cloud (ID-PUIC). We give the formal definition, system model, and security model. Then, a concrete ID-PUIC protocol is designed using the bilinear pairings. The proposed ID-PUIC protocol is provably secure based on the hardness of computational Diffie-Hellman problem. Our ID-PUIC protocol is also efficient and flexible. Based on the original client's authorization, the proposed ID-PUIC protocol can realize private remote data integrity checking, delegated remote data integrity checking, and public remote data integrity checking.
Data deduplication for edge-based mobile crowdsensing services removes duplicate data to minimize storage space and enhance communication efficiency. However, secure data deduplication in edge-based ...mobile crowdsensing applications can be challenging to achieve in concurrent with protecting sensing data and participants (e.g., client and recruited mobile users) from various threats (i.e., inside attacks and outside attacks). In this paper, we propose an efficient and secure data deduplication protocol for edge-assisted mobile crowdsensing services. Specifically, certificateless public key cryptography is first employed to generate the private and public keys of the crowdsensing server center and edge nodes. Then, a novel method is created to detect and eliminate duplicates while preventing the duplicate-linking from being leaked. Next, we demonstrate that the presented scheme achieves both privacy and security attributes typically required of mobile crowdsening applications. Finally, the performance analysis shows that the proposed protocol incurs minimal computation and communication costs compared with the state of the art research.
The drone's open and untrusted environment may create problems for authentication and data sharing. To address this issue, we propose a blockchain-enabled efficient and secure data sharing model for ...5G flying drones. In this model, blockchain and attribute-based encryption (ABE) are applied to ensure the security of instruction issues and data sharing. The authentication mechanism in the model employs a smart contract for authentication and access control, public key cryptography for providing accounts and ensuring accounts' security, and a distributed ledger for security audit. In addition, to speed up out-sourced computations and reduce electricity consumption, an ABE model with parallel outsourced computation (ABEM-POC) is constructed, and a generic parallel computation method for ABE is proposed. The analysis of the experimental results shows that parallel computation significantly improves the speed of outsourced encryption and decryption compared to serial computation.
•The proposed signature scheme only requires a general one-way hash function, which consumes less computing time than a special one-way hash function (MapToPoint).•A complex security analysis was ...performed on the proposed scheme. This analysis revealed that the proposed scheme can meet the safety and privacy requirements of VANETs.•The communication and computation costs associated with the proposed scheme were analyzed. The results demonstrate that the performance of the proposed scheme surpasses that of previously proposed schemes for VANETs.
In order to eliminate the complexity associated with managing public key encryption certificates and the drawbacks of identity-based encryption key escrows, the concept of certificateless public key cryptography has been recommended. Further, in specific application areas where the signatures on numerous messages generated by different users need to be compressed, the concept of the aggregate signature is useful. An aggregate signature can not only reduce the cost of verification, but also reduce the length of the signature, which makes it effective in environments constrained by bandwidth and storage. In this paper, we propose a new, efficient, certificateless aggregate signature based on the elliptic curve cryptosystem (ECC), and demonstrate its ability to support conditional privacy preservation. This scheme demonstrates the process of secure communication between vehicles and the infrastructure in vehicular ad hoc networks (VANETs). The proposed scheme not only satisfies privacy requirements (with security analysis), but also achieves lower message overhead than previous schemes. We demonstrate that the performance of our scheme surpasses that of existing authentication schemes for VANETs in terms of computation and communication costs.
This paper surveys blockchain-based approaches for several security services. These services include authentication, confidentiality, privacy and access control list, data and resource provenance, ...and integrity assurance. All these services are critical for the current distributed applications, especially due to the large amount of data being processed over the networks and the use of cloud computing. Authentication ensures that the user is who he/she claims to be. Confidentiality guarantees that data cannot be read by unauthorized users. Privacy provides the users the ability to control who can access their data. Provenance allows an efficient tracking of the data and resources along with their ownership and utilization over the network. Integrity helps in verifying that the data has not been modified or altered. These services are currently managed by centralized controllers, for example, a certificate authority. Therefore, the services are prone to attacks on the centralized controller. On the other hand, blockchain is a secured and distributed ledger that can help resolve many of the problems with centralization. The objectives of this paper are to give insights on the use of security services for current applications, to highlight the state of the art techniques that are currently used to provide these services, to describe their challenges, and to discuss how the blockchain technology can resolve these challenges. Further, several blockchain-based approaches providing such security services are compared thoroughly. Challenges associated with using blockchain-based security services are also discussed to spur further research in this area.
Cryptographic primitives are fundamental building blocks for designing security protocols to achieve confidentiality, authentication, integrity and non-repudiation. It is not too much to say that the ...selection and integration of appropriate cryptographic primitives into the security protocols determines the largest part of the efficiency and energy consumption of the wireless sensor network (WSN). There are a number of surveys on security issues on WSNs, which, however, did not focus on public-key cryptographic primitives in WSNs. In this survey, we provide a deeper understanding of public-key cryptographic primitives in WSNs including identity-based cryptography and discuss their main directions and some open research issues that can be further pursued. We investigate state-of-the-art software implementation results of public-key cryptographic primitives in terms of execution time, energy consumption and resource occupation on constrained wireless devices choosing popular IEEE 802.15.4-compliant WSN hardware platforms, used in real-life deployments. This survey provides invaluable insights on public-key cryptographic primitives on WSN platforms, and solutions to find tradeoffs between cost, performance and security for designing security protocols in WSNs.
This paper proposes lossless, reversible, and combined data hiding schemes for ciphertext images encrypted by public-key cryptosystems with probabilistic and homomorphic properties. In the lossless ...scheme, the ciphertext pixels are replaced with new values to embed the additional data into several least significant bit planes of ciphertext pixels by multilayer wet paper coding. Then, the embedded data can be directly extracted from the encrypted domain, and the data-embedding operation does not affect the decryption of original plaintext image. In the reversible scheme, a preprocessing is employed to shrink the image histogram before image encryption, so that the modification on encrypted images for data embedding will not cause any pixel oversaturation in plaintext domain. Although a slight distortion is introduced, the embedded data can be extracted and the original image can be recovered from the directly decrypted image. Due to the compatibility between the lossless and reversible schemes, the data-embedding operations in the two manners can be simultaneously performed in an encrypted image. With the combined technique, a receiver may extract a part of embedded data before decryption, and extract another part of embedded data and recover the original plaintext image after decryption.
This paper proposes a novel reversible data hiding scheme for encrypted images by using homomorphic and probabilistic properties of Paillier cryptosystem. In the proposed method, groups of adjacent ...pixels are randomly selected, and reversibly embedded into the rest of the image to make room for data embedding. In each group, there are a reference pixel and a few host pixels. Least significant bits (LSBs) of the reference pixels are reset before encryption and the encrypted host pixels are replaced with the encrypted reference pixel in the same group to form mirroring ciphertext groups (MCGs). In such a way, the modification on MCGs for data embedding will not cause any pixel oversaturation in plaintext domain and the embedded data can be directly extracted from the encrypted domain. In an MCG, the reference ciphertext pixel is kept unchanged as a reference while data hider embeds the encrypted additional data into the LSBs of the host ciphertext pixels by employing homomorphic multiplication. On the receiver side, the hidden ciphertext data can be retrieved by employing a modular multiplicative inverse operation between the marked host ciphertext pixels and their corresponding reference ciphertext pixels, respectively. After that, the hidden data are extracted promptly by looking for a one-to-one mapping table from ciphertext to plaintext. Data extraction and image restoration can be accomplished without any error after decryption. Compared with the existing works, the proposed scheme has lower computation complexity, higher security performance, and better embedding performance. The experiments on the standard image files also certify the effectiveness of the proposed scheme.