-
A Multi-Client Searchable Encryption Scheme for IoT Environment
Authors:
Nazatul H. Sultan,
Shabnam Kasra-Kermanshahi,
Yen Tran,
Shangqi Lai,
Vijay Varadharajan,
Surya Nepal,
Xun Yi
Abstract:
The proliferation of connected devices through Internet connectivity presents both opportunities for smart applications and risks to security and privacy. It is vital to proactively address these concerns to fully leverage the potential of the Internet of Things. IoT services where one data owner serves multiple clients, like smart city transportation, smart building management and healthcare can…
▽ More
The proliferation of connected devices through Internet connectivity presents both opportunities for smart applications and risks to security and privacy. It is vital to proactively address these concerns to fully leverage the potential of the Internet of Things. IoT services where one data owner serves multiple clients, like smart city transportation, smart building management and healthcare can offer benefits but also bring cybersecurity and data privacy risks. For example, in healthcare, a hospital may collect data from medical devices and make it available to multiple clients such as researchers and pharmaceutical companies. This data can be used to improve medical treatments and research but if not protected, it can also put patients' personal information at risk. To ensure the benefits of these services, it is important to implement proper security and privacy measures. In this paper, we propose a symmetric searchable encryption scheme with dynamic updates on a database that has a single owner and multiple clients for IoT environments. Our proposed scheme supports both forward and backward privacy. Additionally, our scheme supports a decentralized storage environment in which data owners can outsource data across multiple servers or even across multiple service providers to improve security and privacy. Further, it takes a minimum amount of effort and costs to revoke a client's access to our system at any time. The performance and formal security analyses of the proposed scheme show that our scheme provides better functionality, and security and is more efficient in terms of computation and storage than the closely related works.
△ Less
Submitted 16 May, 2023;
originally announced May 2023.
-
Securing Organization's Data: A Role-Based Authorized Keyword Search Scheme with Efficient Decryption
Authors:
Nazatul Haque Sultan,
Maryline Laurent,
Vijay Varadharajan
Abstract:
For better data availability and accessibility while ensuring data secrecy, organizations often tend to outsource their encrypted data to the cloud storage servers, thus bringing the challenge of keyword search over encrypted data. In this paper, we propose a novel authorized keyword search scheme using Role-Based Encryption (RBE) technique in a cloud environment. The contributions of this paper a…
▽ More
For better data availability and accessibility while ensuring data secrecy, organizations often tend to outsource their encrypted data to the cloud storage servers, thus bringing the challenge of keyword search over encrypted data. In this paper, we propose a novel authorized keyword search scheme using Role-Based Encryption (RBE) technique in a cloud environment. The contributions of this paper are multi-fold. First, it presents a keyword search scheme which enables only the authorized users, having proper assigned roles, to delegate keyword-based data search capabilities over encrypted data to the cloud providers without disclosing any sensitive information. Second, it supports a multi-organization cloud environment, where the users can be associated with more than one organization. Third, the proposed scheme provides efficient decryption, conjunctive keyword search and revocation mechanisms. Fourth, the proposed scheme outsources expensive cryptographic operations in decryption to the cloud in a secure manner. Fifth, we have provided a formal security analysis to prove that the proposed scheme is semantically secure against Chosen Plaintext and Chosen Keyword Attacks. Finally, our performance analysis shows that the proposed scheme is suitable for practical applications.
△ Less
Submitted 22 April, 2020;
originally announced April 2020.
-
A Role-Based Encryption Scheme for Securing Outsourced Cloud Data in a Multi-Organization Context
Authors:
Nazatul Haque Sultan,
Vijay Varadharajan,
Lan Zhou,
Ferdous Ahmed Barbhuiya
Abstract:
Role-Based Access Control (RBAC) is a popular model which maps roles to access permissions for resources and then roles to the users to provide access control. Role-Based Encryption (RBE) is a cryptographic form of RBAC model that integrates traditional RBAC with the cryptographic encryption method, where RBAC access policies are embedded in encrypted data itself so that any user holding a qualifi…
▽ More
Role-Based Access Control (RBAC) is a popular model which maps roles to access permissions for resources and then roles to the users to provide access control. Role-Based Encryption (RBE) is a cryptographic form of RBAC model that integrates traditional RBAC with the cryptographic encryption method, where RBAC access policies are embedded in encrypted data itself so that any user holding a qualified role can access the data by decrypting it. However, the existing RBE schemes have been focusing on the single-organization cloud storage system, where the stored data can be accessed by users of the same organization. This paper presents a novel RBE scheme with efficient user revocation for the multi-organization cloud storage system, where the data from multiple independent organizations are stored and can be accessed by the authorized users from any other organization. Additionally, an outsourced decryption mechanism is introduced which enables the users to delegate expensive cryptographic operations to the cloud, thereby reducing the overhead on the end-users. Security and performance analyses of the proposed scheme demonstrate that it is provably secure against Chosen Plaintext Attack and can be useful for practical applications due to its low computation overhead.
△ Less
Submitted 11 April, 2020;
originally announced April 2020.