Generating Searchable Public-Key Cipher texts with Hidden Structures for Fast Keyword Search

Abstract

Existing semantically secure public-key searchable encryption schemes take search time linear with the total number of the cipher texts. This makes retrieval from large-scale databases prohibitive. To alleviate this problem, this paper proposes Searchable Public-Key Ciphertexts with Hidden Structures (SPCHS) for keyword search as fast as possible without sacrificing semantic security of the encrypted keywords. In SPCHS, all keyword-searchable ciphertexts are structured by hidden relations, and with the search trapdoor corresponding to a keyword, the minimum information of the relations is disclosed to a search algorithm as the guidance to find all matching ciphertexts efficiently. We construct a SPCHS scheme from scratch in which the ciphertexts have a hidden star-like structure. We prove our scheme to be semantically secure in the Random Oracle (RO) model. The search complexity of our scheme is dependent on the actual number of the ciphertexts containing the queried keyword, rather than the number of all ciphertexts. Finally, we present a generic SPCHS construction from anonymous identity-based encryption and collision-free full-identity malleable Identity-Based Key Encapsulation Mechanism (IBKEM) with anonymity. We illustrate two collision-free full-identity malleable IBKEM instances, which are semantically secure and anonymous, respectively, in the RO and standard models. The latter instance enables us to construct an SPCHS scheme with semantic security in the standard model.

Aim

The aim is to generate Searchable Public-Key Ciphertexts with Hidden Structures (SPCHS) for keyword search as fast as possible without sacrificing semantic security of the encrypted keyword.

Scope

The scope is a generic SPCHS construction from anonymous identity-based encryption and collision-free full-identity malleable Identity-Based Key Encapsulation Mechanism (IBKEM) with anonymity.

Existing System

PUBLIC-KEY encryption with keyword search (PEKS), has the advantage that anyone who knows the receiver’s public key can upload keyword-searchable ciphertexts to a server. The receiver can delegate the keyword search to the server. More specifically, each sender separately encrypts a file and its extracted keywords and sends the resulting ciphertexts to a server; when the receiver wants to retrieve the files containing a specific keyword,  delegates a keyword search trapdoor to the server; the server finds the encrypted files containing the queried keyword without knowing the original files or the keyword itself, and returns the corresponding encrypted files to the receiver; finally, the receiver decrypts these encrypted files1. The authors of PEKS also presented semantic security against chosen keyword attacks (SSCKA) in the sense that the server cannot distinguish the ciphertexts of the keywords of its choice before observing the corresponding keyword search trapdoors. It seems an appropriate security notion, especially if the keyword space has no high min-entropy. Existing semantically secure PEKS schemes take search time linear with the total number of all ciphertexts. This makes retrieval from large-scale databases prohibitive. Therefore, more efficient search performance is crucial for practically deploying PEKS schemes. One of the prominent works to accelerate the search over encrypted keywords in the public-key setting is deterministic encryption. An encryption scheme is deterministic if the encryption algorithm is deterministic. Bellare et al. focuses on enabling search over encrypted keywords to be as efficient as the search for unencrypted keywords, such that a ciphertext containing a given keyword can be retrieved in time complexity logarithmic in the total number of all ciphertexts. This is reasonable because the encrypted keywords can form a tree-like structure when stored according to their binary values. However, deterministic encryption has two inherent limitations. First, keyword privacy can be guaranteed only for keywords that are a priori hardto- guess by the adversary (i.e., keywords with high minentropy to the adversary); second, certain information of a message leaks inevitably via the cipher text of the keywords since the encryption is deterministic. Hence, deterministic encryption is only applicable in special scenarios.

Disadvantages

Existing semantically secure public-key searchable encryption schemes take search time linear with the total number of the cipher texts. This makes retrieval from large-scale databases prohibitive.

Proposed System

Keyword searchable ciphertexts with their hidden structures can be generated in the public key setting; with a keyword search trapdoor, partial relations can be disclosed to guide the discovery of all matching ciphertexts. Semantic security is defined for both the keywords and the hidden structures. It is worth noting that this new concept and its semantic security are suitable for keyword-searchable ciphertexts with any kind of hidden structures. In contrast, the concept of traditional PEKS does not contain any hidden structure among the PEKS ciphertexts; correspondingly, its semantic security is only defined for the keywords. Following the SPCHS definition, we construct a simple SPCHS from scratch in the random oracle (RO) model. The scheme generates keyword-searchable ciphertexts with a hidden star-like structure. The search performance mainly depends on the actual number of the ciphertexts containing the queried keyword. For security, the scheme is proven semantically secure based on the Decisional Bilinear Diffie- Hellman (DBDH) assumption in the RO model. We are also interested in providing a generic SPCHS construction to generate keyword-searchable ciphertexts with a hidden star-like structure. Our generic SPCHS is inspired by several interesting observations on Identity-Based Key Encapsulation Mechanism (IBKEM). In IBKEM, a sender encapsulates a key K to an intended receiver ID. Of course, receiver ID can decapsulate and obtain K, and the sender knows that receiver ID will obtain K. However, a non-intended receiver ID0 may also try to decapsulate and obtain K0. We observe that, (1) it is usually the case that K and K0 are independent of each other from the view of the receivers, and (2) in some IBKEM the sender may also know K0 obtained by receiver ID0. We refer to the former property as collision freeness and to the latter as full-identity malleability. An IBKEM scheme is said to be collision-free full-identity malleable if it possesses both properties. We transform this IBE scheme into a collision-free full-identity malleable IBKEM scheme with semantic security and anonymity in the standard model. Hence, this new IBKEM scheme allows us to build SPCHS schemes secure in the standard model with the same search performance as the previous SPCHS construction from scratch in the RO model.

Advantages

·      It outperforms existing PEKS schemes with semantic security, whose search complexity is linear with the number of all ciphertexts.
·      We identified several interesting properties, i.e., collision-freeness and full-identity malleability in some IBKEM instances, and formalized these properties to build a generic SPCHS construction.
·      SPCHS seems a promising tool to solve some challenging problems in public-key searchable encryption. One application may be to achieve retrieval completeness verification which, to the best of our knowledge, has not been achieved in existing PEKS schemes.
·      Specifically, by forming a hidden ring-like structure, i.e., letting the last hidden pointer always point to the head, one can obtain PEKS allowing to check the completeness of the retrieved ciphertexts by checking whether the pointers of the returned ciphertexts form a ring.

System Specification

Hardware Requirements

• Speed                  -    1.1 Ghz
• Processor              -    Pentium IV
• RAM                    -    512 MB (min)
• Hard Disk            -    40 GB
• Key Board                    -    Standard Windows Keyboard
• Mouse                  -    Two or Three Button Mouse
• Monitor                -     LCD/LED

 Software requirements

• Operating System              : Windows 7             
•  Front End                           : ASP.Net and C#
• Database                             : MSSQL
• Tool                                    : Microsoft Visual studio

References:

Wu, Q.; Wang, W.; Susilo, W. Xu, P. " GENERATING SEARCHABLE PUBLIC-KEY CIPHERTEXTS WITH HIDDEN STRUCTURES FOR FAST KEYWORD SEARCH", IEEE Transactions on Information Forensics and Security Volume:10 , Issue: 9 , June 2015

SECURE DISTRIBUTED DEDUPLICATION SYSTEMS WITH IMPROVED RELIABILITY

ABSTRACT:

Data deduplication is a technique for eliminating duplicate copies of data, and has been widely used in cloud storage to reduce storage space and upload bandwidth. However, there is only one copy for each file stored in cloud even if such a file is owned by a huge number of users. As a result, deduplication system improves storage utilization while reducing reliability. Furthermore, the challenge of privacy for sensitive data also arises when they are outsourced by users to cloud. Aiming to address the above security challenges, this paper makes the first attempt to formalize the notion of distributed reliable deduplication system. We propose new distributed deduplication systems with higher reliability in which the data chunks are distributed across multiple cloud servers. The security requirements of data confidentiality and tag consistency are also achieved by introducing a deterministic secret sharing scheme in distributed storage systems, instead of using convergent encryption as in previous deduplication systems. Security analysis demonstrates that our deduplication systems are secure in terms of the definitions specified in the proposed security model. As a proof of concept, we implement the proposed systems and demonstrate that the incurred overhead is very limited in realistic environments

AIM

The main goal is to enable deduplication and distributed storage of the data across multiple storage servers.

SCOPE

Data deduplication techniques are widely employed to backup data and minimize network and storage overhead by detecting and eliminating redundancy among data

SYNOPSIS

A number of deduplication systems have been proposed based on various deduplication strategies such as client-side or server-side deduplication, file-level or block-level deduplication. Especially, with the advent of cloud storage, data deduplication techniques become more attractive and critical for the management of ever-increasing volumes of data in cloud storage services which motivates enterprises and organizations to outsource data storage to third-party cloud providers, as evidenced by many real-life case studies. According to the analysis report of IDC, the volume of data in the world is expected to reach 40 trillion gigabytes in 2020 [ Today’s commercial cloud storage services, such as Drop box, Google Drive and Mozy, have been applying deduplication to save the network bandwidth and the storage cost with client-side deduplication.

EXISTING SYSTEM

The challenge for data privacy also arises as more and more sensitive data are being outsourced by users to cloud. Encryption mechanisms have usually been utilized to protect the confidentiality before outsourcing data into cloud. Most commercial storage service provider are reluctant to apply encryption over the data because it makes deduplication impossible. The reason is that the traditional encryption mechanisms, including public key encryption and symmetric key encryption, require different users to encrypt their data with their own keys. As a result, identical data copies of different users will lead to different cipher texts.

DISADVANTAGES:

1. To work on secure deduplication can properly address the reliability and tag consistency problem in distributed storage systems
2. To protect both confidentiality and reliability while achieving deduplication in a cloud storage system is still a challenge.

PROPOSED SYSTEM

Four new secure deduplication systems are proposed to provide efficient deduplication with high reliability for file-level and block-level deduplication, respectively. The secret splitting technique, instead of traditional encryption methods, is utilized to protect data confidentiality. Specifically, data are split into fragments by using secure secret sharing schemes and stored at different servers. Our proposed constructions support both file-level and block-level deduplication Security analysis demonstrates that the proposed deduplication systems are secure in terms of the definitions specified in the proposed security model. In more details, confidentiality, reliability and integrity can be achieved in our proposed system. Two kinds of collusion attacks are considered in our solutions. These are the collusion attack on the data and the collusion attack against servers. In particular, the data remains secure even if the adversary controls a limited number of storage servers.  We implement our deduplication systems using the Ramp secret sharing scheme that enables high reliability and confidentiality levels. Our evaluation results demonstrate that the new proposed constructions are efficient and the redundancies are optimized and comparable with the other storage system supporting the same level of reliability

ADVANTAGES

1.  To protect data confidentiality, the secret sharing technique is utilized, which is also compatible with the distributed storage systems
2.  To improve the reliability of data while achieving the confidentiality of the users’ outsourced data without an encryption mechanism.

SYSTEM CONFIGURATION:-

Hardware Requirements

• Speed                  -    1.1 Ghz
• Processor              -    Pentium IV
• RAM                    -    512 MB (min)
• Hard Disk            -    40 GB
• Key Board                    -    Standard Windows Keyboard
• Mouse                  -    Two or Three Button Mouse
• Monitor                -     LCD/LED

 Software requirements

• Operating System              : Windows 7             
•  Front End                           : ASP.Net and C#
• Database                             : MSSQL
• Tool                                    : Microsoft Visual studio

REFERENCE:

Chen, X. ; Huang, X. ; Tang, S. “SECURE DISTRIBUTED DEDUPLICATION SYSTEMS WITH IMPROVED RELIABILITY” IEEE Transactions on Computers, VOL PP, ISS 99,FEBRUARY  2015.

Key Updating For Leakage Resiliency With Application To Aes Modes Of Operation

ABSTRACT:

Side-channel analysis (SCA) exploits the information leaked through unintentional outputs (e.g., power consumption) to reveal the secret key of cryptographic modules. The real threat of SCA lies in the ability to mount attacks over small parts of the key and to aggregate information over different encryptions. The threat of SCA can be thwarted by changing the secret key at every run. Indeed, many contributions in the domain of leakage resilient cryptography tried to achieve this goal. However, the proposed solutions were computationally intensive and were not designed to solve the problem of the current cryptographic schemes. In this paper, we propose a generic framework of lightweight key updating that can protect the current cryptographic standards and evaluate the minimum requirements for heuristic SCA-security. Then, we propose a complete solution to protect the implementation of any standard mode of Advanced Encryption Standard. Our solution maintains the same level of SCA-security (and sometimes better) as the state of the art, at a negligible area overhead while doubling the throughput of the best previous work

 AIM

The aim of this paper is to protect the implementation of any standard mode of Advanced Encryption Standard.

SCOPE

The scope of this paper is to be maintains the same level of SCA-security (and sometimes better) as the state of the art, at a negligible area overhead.

EXISTING SYSTEM

The design of countermeasures against SCA attacks is a vast research field. Contributions in this regard fall into three categories: Hiding, Masking and Leakage Resiliency independently if the puzzle function is non-parallelizable (e.g. modular square root puzzle and Time-lock puzzle Hiding depends on breaking the link between intermediate variables and the observable leakage by minimizing the signal-to-noise ratio within the trace. This can be achieved using balanced circuits and/or noise generators. Masking depends on breaking Eve’s ability to calculate hypothetical intermediate variables, by splitting the useful information into n shares based on random variable(s). The random variables are generated on-the-fly and discarded afterwards. Each share is processed independently. The final outputs (of each share) are combined to retrieve the original output. Similarly, cryptographic modules supported with masking require more than double the area Leakage resiliency depends on using a fresh key for every execution of the cryptographic module hence, prevents aggregating information about

any secret. Leakage resiliency is achieved by utilizing a key-updating mechanism (aka re-keying or key-rolling). Although leakage resilient primitives can be implemented using unprotected cores, the overall performance is at least halved

DISADVANTAGES:

1. The real threat of SCA lies in the ability to mount attacks over small parts of the key and to aggregate information over different encryptions
2. Indeed, many contributions in the domain of leakage resilient cryptography tried to achieve this goal

PROPOSED SYSTEM

 To propose a generic framework of lightweight key updating that can protect the current cryptographic standards and evaluate the minimum requirements for heuristic SCA-security. Then, we propose a complete solution to protect the implementation of any standard mode of Advanced Encryption Standard. Our solution maintains the same level of SCA-security (and sometimes better) as the state of the art, at a negligible area overhead while doubling the throughput of the best previous work

ADVANTAGES

1. To protect the implementation of any AES mode of operation.
2. AES itself achieving negligible area overhead and very small performance overhead.

SYSTEM CONFIGURATION:-

Hardware Requirements

• Speed                  -    1.1 Ghz
• Processor              -    Pentium IV
• RAM                    -    512 MB (min)
• Hard Disk            -    40 GB
• Key Board                    -    Standard Windows Keyboard
• Mouse                  -    Two or Three Button Mouse
• Monitor                -     LCD/LED

 Software requirements

• Operating System              : Windows 7             
•  Front End                           : ASP.Net and C#
• Database                             : MSSQL
• Tool                                    : Microsoft Visual studio

REFERENCE:

Schaumont, P., Taha, M.  “KEY UPDATING FOR LEAKAGE RESILIENCY WITH APPLICATION TO AES MODES OF OPERATION”, IEEE Transactions on Information Forensics and Security, VOL 10, ISS 3, DECEMBER 2014.

CAMF: Context-Aware Message Forwarding In Selfish Mobile Social Networks

ABSTRACT:

Nodes may exhibit selfish behaviors in mobile social networks (MSN) selfish nodes refuse to forward messages for all or some nodes in a network to conserve limited resources. Previous work mainly focuses on promoting selfish nodes transmit messages for others. In this paper, we consider selfishness from a different viewpoint; we regard selfishness as a basic requirement of systems and allow nodes to behave selfish behaviors. However, selfishness has a profound influence on routing performance. To achieve a good routing performance when node selfishness is considered, we first put forward a stateless approach which does not need collecting and storing state information to measure the similarity of nodes, and then evaluate the forwarding capability of nodes by combining the acquired similarity with node selfishness. We then quantify the receiving capability of nodes based on their available buffer size and energy. Incorporating forwarding and receiving capability, we present a forwarding set mechanism, which formulates the forwarding set optimization problem as a multiple knapsack problem to maximize the forwarding profit. Consequently, we take all the results above into our context-aware message forwarding design. Extensive trace-driven simulations show that our proposed algorithm achieves good routing performance with low transmission cost and resource consumption in selfish MSN.

AIM

The aims of this paper achieve a good routing performance when node selfishness is considered we first put forward a stateless approach which does not need collecting and storing state information to measure the similarity of nodes, and then evaluate the forwarding capability of nodes by combining the acquired similarity with node selfishness.

SCOPE

 The Scope of this project is Extensive trace-driven simulations show that our proposed algorithm achieves good routing performance with low transmission cost and resource consumption in selfish MSN.

EXISTING SYSTEM

In the real world, some or all individuals may exhibit various degrees of selfishness when forwarding messages, in particular when nodes are constrained with energy and storage space, e.g., a node may refuse to accept and store messages for others in order to conserve limited buffer and power resources. In general, node’s selfish behaviors are considered from two aspects: individual and social selfishness. For individual selfishness, a node exhibits the same forwarding willingness to any others. While, for social selfishness, nodes are more interested in receiving and forwarding messages for the nodes in the same community, but are less interested in receiving and forwarding messages for the nodes outside their communities.

DISADVANTAGES:

1.  Selfish  nodes refuse to forward messages for all or some nodes in a network to conserve limited resources
2.  Selfishness  has a profound influence on routing performance

PROPOSED SYSTEM

In this paper, to be consider node selfishness from a different perspective; we regard node selfishness as a basic requirement of applications or systems, and utilize the selfish characteristic of nodes to reduce resource consumption and extend the network lifetime. Nevertheless, it is difficult to achieve an acceptable routing performance when selfishness is considered. Because selfish nodes may refuse to accept or forward messages from others. Thus, our goal is to achieve high delivery performance with a low cost when nodes are allowed to exhibit selfish behaviors develop a context-aware message forwarding algorithm (CAMF), which exploits the context information to quantify the forwarding and receiving capability of nodes and to determine the forwarding set.

ADVANTAGES

1. CAMF achieves good routing performance with low transmission cost when nodes are allowed to exhibit selfish behaviors.
2. To design incentive schemes to stimulate selfish nodes to forward messages for other nodes to achieve a good routing performance.

SYSTEM ARCHITECTURE:

 

SYSTEM CONFIGURATION:-

Hardware Requirements

• Speed                  -    1.1 Ghz
• Processor              -    Pentium IV
• RAM                    -    512 MB (min)
• Hard Disk            -    40 GB
• Key Board                    -    Standard Windows Keyboard
• Mouse                  -    Two or Three Button Mouse
• Monitor                -     LCD/LED

 Software requirements

• Operating System              : Windows 7             
•  Front End                           : ASP.Net and C#
• Database                             : MSSQL
• Tool                                    : Microsoft Visual studio

REFERENCE:

Dong, M.  Ota, K.  Xu, K., Wei, K. “CAMF: CONTEXT-AWARE MESSAGE FORWARDING IN SELFISH MOBILE SOCIAL NETWORKS”, IEEE Transactions on Parallel and Distributed Systems, Volume 26 ,  Issue 8, AUGUST  2014.