Abstract: Many encrypted database (EDB) systems have been proposed in the last few years as cloud computing has grown in popularity and data breaches have increased. The state-of-the-art EDB systems for relational databases can handle SQL queries over encrypted data and are competitive with commercial database systems. These systems, most of which are based on the design of CryptDB (SOSP 2011), achieve these properties by making use of property-preserving encryption schemes such as deterministic (DTE) and order- preserving encryption (OPE). In this paper, we study the concrete security provided by such systems. We present a series of attacks that recover the plaintext from DTE- and OPE-encrypted database columns using only the encrypted column and publicly-available auxiliary information. We consider well-known attacks, including frequency analysis and sorting, as well as new attacks based on combinatorial optimization. We evaluate these attacks empirically in an electronic medical records (EMR) scenario using real patient data from 200 U.S. hospitals. When the encrypted database is operating in a steady-state where enough encryption layers have been peeled to permit the application to run its queries, our experimental results show that an alarming amount of sensitive information can be recovered. In particular, our attacks correctly recovered certain OPE-encrypted attributes (e.g., age and disease severity) for more than 80% of the patient records from 95% of the hospitals; and certain DTE- encrypted attributes (e.g., sex, race, and mortality risk) for more than 60% of the patient records from more than 60% of the hospitals.

Abstract: In predicate encryption, a ciphertext is associated with descriptive attribute values x in addition to a plaintext \(\mu \), and a secret key is associated with a predicate f. Decryption returns plaintext \(\mu \) if and only if \(f(x) = 1\). Moreover, security of predicate encryption guarantees that an adversary learns nothing about the attribute x or the plaintext \(\mu \) from a ciphertext, given arbitrary many secret keys that are not authorized to decrypt the ciphertext individually.

Abstract: Now days, Data security is very challenging issue that touches many areas including computers and communication. Recently, we came across many attacks on cyber security that have played with the confidentiality of the users. These attacks just broke all the security algorithms and affected the confidentiality, authentication, integrity, availability and identification of user data. Cryptography is one such way to make sure that confidentiality, authentication, integrity, availability and identification of user data can be maintained as well as security and privacy of data can be provided to the user. Encryption is the process of converting normal data or plaintext to something incomprehensible or cipher-text by applying mathematical transformations or formulae. These mathematical transformations or formulae used for encryption processes are called algorithms. We have analysed ten data encryption algorithms DES, Triple DES, RSA, AES, ECC, BLOWFISH, TWOFISH, THREEFISH, RC5 and IDEA etc. Among them DES, Triple DES, AES, RC5, BLOWFISH, TWOFISH, THREEFISH and IDEA are symmetric key cryptographic algorithms. RSA and ECC are asymmetric key cryptographic algorithms. In this paper, we have analysed various encryption algorithms on the basis of different parameters and compared them to choose the best data encryption algorithm so that we can use it in our future work.

Abstract: Attribute-based encryption (ABE) is a promising technique for fine-grained access control of encrypted data in a cloud storage, however, decryption involved in the ABEs is usually too expensive for resource-constrained front-end users, which greatly hinders its practical popularity. In order to reduce the decryption overhead for a user to recover the plaintext, Green et al. suggested to outsource the majority of the decryption work without revealing actually data or private keys. To ensure the third-party service honestly computes the outsourced work, Lai et al. provided a requirement of verifiability to the decryption of ABE, but their scheme doubled the size of the underlying ABE ciphertext and the computation costs. Roughly speaking, their main idea is to use a parallel encryption technique, while one of the encryption components is used for the verification purpose. Hence, the bandwidth and the computation cost are doubled. In this paper, we investigate the same problem. In particular, we propose a more efficient and generic construction of ABE with verifiable outsourced decryption based on an attribute-based key encapsulation mechanism, a symmetric-key encryption scheme and a commitment scheme. Then, we prove the security and the verification soundness of our constructed ABE scheme in the standard model. Finally, we instantiate our scheme with concrete building blocks. Compared with Lai et al. ’s scheme, our scheme reduces the bandwidth and the computation costs almost by half.

Abstract: With a scheme for robust authenticated-encryption a user can select an arbitrary value \(\lambda \!\ge 0\) and then encrypt a plaintext of any length into a ciphertext that’s \(\lambda \) characters longer. The scheme must provide all the privacy and authenticity possible for the requested \(\lambda \). We formalize and investigate this idea, and construct a well-optimized solution, AEZ, from the AES round function. Our scheme encrypts strings at almost the same rate as OCB-AES or CTR-AES (on Haswell, AEZ has a peak speed of about 0.7 cpb). To accomplish this we employ an approach we call prove-then-prune: prove security and then instantiate with a scaled-down primitive (e.g., reducing rounds for blockcipher calls).

Abstract: With the growing awareness of data privacy, more and more cloud users choose to encrypt their sensitive data before outsourcing them to the cloud. Search over encrypted data is therefore a critical function facilitating efficient cloud data access given the high data volume that each user has to handle nowadays. Inverted index is one of the most efficient searchable index structures and has been widely adopted in plaintext search. However, securing an inverted index and its associated search schemes is not a trivial task. A major challenge exposed from the existing efforts is the difficulty to protect user's query privacy. The challenge roots on two facts: 1) the existing solutions use a deterministic trapdoor generation function for queries; and 2) once a keyword is searched, the encrypted inverted list for this keyword is revealed to the cloud server. We denote this second property in the existing solutions as one-time-only search limitation. Additionally, conjunctive multi-keyword search, which is the most common form of query nowadays, is not supported in those works. In this paper, we propose a public-key searchable encryption scheme based on the inverted index. Our scheme preserves the high search efficiency inherited from the inverted index while lifting the one-time-only search limitation of the previous solutions. Our scheme features a probabilistic trapdoor generation algorithm and protects the search pattern. In addition, our scheme supports conjunctive multi-keyword search. Compared with the existing public key based schemes that heavily rely on expensive pairing operations, our scheme is more efficient by using only multiplications and exponentiations. To meet stronger security requirements, we strengthen our scheme with an efficient oblivious transfer protocol that hides the access pattern from the cloud. The simulation results demonstrate that our scheme is suitable for practical usage with moderate overhead.

Abstract: In many encryption systems, the original data are transformed into encrypted version by applying nonlinear substitutions and inducing diffusion. The objective of the nonlinear transformation is to attain high levels of randomness in the cipher text. The choice of the source of randomness is critical because the success in cryptanalysis is demarked by the characteristics identified in the encrypted data. The chaotic systems show random behavior that is suitable for encryption applications where nonlinear transformations are required between plaintext and the encrypted data. The application of nonlinear functional chaos-based system with embedded chaotic system and multi-parameters can instigate randomness and diffusion in the data. In addition to high level of randomness, the need for multiple round keys is required in a typical substitution–permutation process. The proposed method eliminates the need for multiple round keys, which is suitable for high-speed communication systems. The statistical experiments performed on the proposed nonlinear transformation algorithms show improvement in encryption strength and resistance against many brute force and statistical attacks. In addition, the proposed system shows high resistance against differential and linear cryptanalysis.

Abstract: Cryptography plays an important role in computer and communication security. In practical implementations of cryptosystems, the cryptographic keys are usually loaded into the memory as plaintext, and then used in the cryptographic algorithms. Therefore, the private keys are subject to memory disclosure attacks that read unauthorized data from RAM. Such attacks could be performed through software methods (e.g., Open SSL Heart bleed) even when the integrity of the victim system's executable binaries is maintained. They could also be performed through physical methods (e.g., Cold-boot attacks on RAM chips) even when the system is free of software vulnerabilities. In this paper, we propose Mimosa that protects RSA private keys against the above software-based and physical memory attacks. When the Mimosa service is in idle, private keys are encrypted and reside in memory as cipher text. During the cryptographic computing, Mimosa uses hardware transactional memory (HTM) to ensure that (a) whenever a malicious process other than Mimosa attempts to read the plaintext private key, the transaction aborts and all sensitive data are automatically cleared with hardware mechanisms, due to the strong atomicity guarantee of HTM, and (b) all sensitive data, including private keys and intermediate states, appear as plaintext only within CPU-bound caches, and are never loaded to RAM chips. To the best of our knowledge, Mimosa is the first solution to use transactional memory to protect sensitive data against memory disclosure attacks. We have implemented Mimosa on a commodity machine with Intel Core i7 Has well CPUs. Through extensive experiments, we show that Mimosa effectively protects cryptographic keys against various attacks that attempt to read sensitive data from memory, and it only introduces a small performance overhead.

Abstract: The use of public cloud infrastructure for storing and processing large datasets raises new security concerns. Current solutions propose encrypting all data, and accessing it in plaintext only within secure hardware. Nonetheless, the distributed processing of large amounts of data still involves intensive encrypted communications between different processing and network storage units, and those communications patterns may leak sensitive information. We consider secure implementation of MapReduce jobs, and analyze their intermediate traffic between mappers and reducers. Using datasets that include personal and geographical data, we show how an adversary that observes the runs of typical jobs can infer precise information about their input. We give a new definition of data privacy for MapReduce, and describe two provably-secure, practical solutions. We implement our solutions on top of VC3, a secure implementation of Hadoop, and evaluate their performance.

Abstract: A non-interactive zero-knowledge (NIZK) proof can be used to demonstrate the truth of a statement without revealing anything else. It has been shown under standard cryptographic assumptions that NIZK proofs of membership exist for all languages in NP. While there is evidence that such proofs cannot be much shorter than the corresponding membership witnesses, all known NIZK proofs for NP languages are considerably longer than the witnesses. Soon after Gentry's construction of fully homomorphic encryption, several groups independently contemplated the use of hybrid encryption to optimize the size of NIZK proofs and discussed this idea within the cryptographic community. This article formally explores this idea of using fully homomorphic hybrid encryption to optimize NIZK proofs and other related cryptographic primitives. We investigate the question of minimizing the communication overhead of NIZK proofs for NP and show that if fully homomorphic encryption exists then it is possible to get proofs that are roughly of the same size as the witnesses. Our technique consists in constructing a fully homomorphic hybrid encryption scheme with ciphertext size $$|m|+{\mathrm {poly}}(k)$$|m|+poly(k), where $$m$$m is the plaintext and $$k$$k is the security parameter. Encrypting the witness for an NP-statement allows us to evaluate the NP-relation in a communication-efficient manner. We apply this technique to both standard non-interactive zero-knowledge proofs and to universally composable non-interactive zero-knowledge proofs. The technique can also be applied outside the realm of non-interactive zero-knowledge proofs, for instance to get witness-size interactive zero-knowledge proofs in the plain model without any setup or to minimize the communication in secure computation protocols.

Abstract: Cipherbase is a comprehensive database system that provides strong end-to-end data confidentiality through encryption. Cipherbase is based on a novel architecture that combines an industrial strength database engine (SQL Server) with lightweight processing over encrypted data that is performed in secure hardware. The overall architecture provides significant benefits over the state-of-the-art in terms of security, performance, and functionality. This paper presents a prototype of Cipherbase that uses FPGAs to provide secure processing and describes the system engineering details implemented to achieve competitive performance for transactional workloads. This includes hardware-software co-design issues (e.g. how to best offer parallelism), optimizations to hide the latency between the secure hardware and the main system, and techniques to cope with space inefficiencies. All these optimizations were carefully designed not to affect end-to-end data confidentiality. Our experiments with the TPC-C benchmark show that in the worst case when all data are strongly encrypted, Cipherbase achieves 40% of the throughput of plaintext SQL Server. In more realistic cases, if only critical data such as customer names are encrypted, the Cipherbase throughput is more than 90% of plaintext SQL Server.

Abstract: Due to easy and simple implementation, normally single 1-D chaotic maps like logistic and sine maps are employed in multimedia data encryption. However, data encrypted through a single chaotic map does not provide better security in terms of resistance against various attacks. In this paper, 2D Henon chaotic map and skew tent map are deployed in the design of an efficient chaos-based image encryption algorithm. To confuse the relationship between plaintext and ciphertext images, both chaotic maps play a key role in the permutation and diffusion mechanism. In the confusion stage, firstly, the Henon chaotic map generates two different chaotic sequences, which are further applied in row and column permutation of plaintext image. The pixel values diffusion is produced by unimodal skew tent map via XOR operations. In the last stage of encryption algorithm, Hussain's substitution box is used to substitute each pixel into a new random pixel. Extensive security analysis and resistance to statistical attack prove the security of anticipated scheme.

Abstract: Efficient user revocation in Identity-Based Encryption IBE has been a challenging problem and has been the subject of several research efforts in the literature. Among them, the tree-based revocation approach, due to Boldyreva, Goyal and Kumar, is probably the most efficient one. In this approach, a trusted Key Generation Center KGC periodically broadcasts a set of key updates to all non-revoked users through public channels, where the size of key updates is only $$Or\log \frac{N}{r}$$, with N being the number of users and r the number of revoked users, respectively; however, every user needs to keep at least $$O\log N$$ long-term secret keys and all non-revoked users are required to communicate with the KGC regularly. These two drawbacks pose challenges to users who have limited resources to store their secret keys or cannot receive key updates in real-time. To alleviate the above problems, we propose a novel system model called server-aided revocable IBE. In our model, almost all of the workloads on users are delegated to an untrusted server which manages users' public keys and key updates sent by a KGC periodically. The server is untrusted in the sense that it does not possess any secret information. Our system model requires each user to keep just one short secret key and does not require users to communicate with either the KGC or the server during key updating. In addition, the system supports delegation of users' decryption keys, namely it is secure against decryption key exposure attacks. We present a concrete construction of the system that is provably secure against adaptive-ID chosen plaintext attacks under the DBDH assumption in the standard model. One application of our server-aided revocable IBE is encrypted email supporting lightweight devices e.g., mobile phones in which an email server plays the role of the untrusted server so that only non-revoked users can read their email messages.

Abstract: It is a common mistake of application developers to store user passwords within databases as plaintext or only as their unsalted hash values. Many real-life successful hacking attempts that enabled attackers to get unauthorized access to sensitive database entries including user passwords have been experienced in the past. Seizing password hashes, attackers perform brute-force, dictionary, or rainbow-table attacks to reveal plaintext passwords from their hashes. Dictionary attacks are very fast for cracking hashes but their success rate is not sufficient. In this paper, we propose a novel method for improving dictionary attacks. Our method exploits several password patterns that are commonly preferred by users when trying to choose a complex and strong password. In order to analyze and show success rates of our developed method, we performed cracking tests on real-life leaked password hashes using both a traditional dictionary and our pattern-based dictionary. We observed that our pattern-based method is superior for cracking password hashes.

Abstract: In this paper, we describe a cryptanalysis of image encryption scheme recently proposed by Chun-Yan Song, Yu-Long Qiao, and Xing-Zhou Zhang. The scheme is based on a spatiotemporal chaos with a dynamic keystream generator, and its security is claimed to rely in utilized the plainimage in the keystream generation process to obtain a different keystream for every plainimage/cipherimage pair. However, two flaws are investigated and prove that the security of the proposal against chosen plaintext attack is groundless. Simulations conducted demonstrate that the plainimage can be recovered under partial attack with an acceptable perceptual quality. Moreover, a total break is possible, but a large number of plain-image/cipher-image pairs is needed. HighlightsA cryptanalysis of an image encryption scheme based on spatiotemporal chaos is presented.We gave a complete and partial break of the cryptosystem under study.We prove that the studied cryptosystem is not sufficiently secure against chosen plaintext attack.Results suggest that a partial attach needs smaller number of plain/ciphered images with acceptable perceptual qualities.

Abstract: This work presents a retrieval scheme for encrypted JPEG images based on Markov process. In our scheme, the stream cipher and permutation encryption are combined to encrypt JPEG images, which are then uploaded to a database server. After that, the server without knowing the original content can extract features from the transition probability matrices of the AC coefficients of encrypted query image, in which those coefficients are modeled by Markov process. With the multi-class support vector machine (SVM), the features of encrypted query image can be converted into a vector with low dimensionality determined by the number of image categories. The encrypted database images are conducted similarly. After low-dimensional vector representation, the similarity between encrypted query image and database image may be measured by calculating the distance of their corresponding vectors. At the client side, the encrypted images returned by the server are decrypted to the plaintext images using encryption key. The proposed scheme can preserve file compliance and file size for encrypted JPEG images, while providing privacy-preserving image retrieval.

Abstract: An efficient and secure environment is necessary for data transmission and storage, especially for large-column multimedia data. In this study, a novel compression–encryption scheme is presented using a fractal dictionary and Julia set. For the compression in this scheme, fractal dictionary encoding not only reduces time consumption, but also gives good quality image reconstruction. For the encryption in the scheme, the key has large key space and high sensitivity, even to tiny perturbation. Besides, the stream cipher encryption and the diffusion process adopted in this study help spread perturbation in the plaintext, achieving high plain sensitivity and giving an effective resistance to chosen-plaintext attacks.

Abstract: This paper analyzes the security of a novel image encryption scheme with a permutation–diffusion structure, which is based on Brownian motion and PWLCM chaotic system. By applying chosen plaintext, we demonstrate that a hacker can determine the permutation vector and the diffusion sequence used, respectively, in permutation and diffusion procedure, which can be exploited to reveal the plain image. The effectiveness of the proposed chosen plaintext attack is supported by concise theoretical analyses and is verified by experimental results.

Abstract: We initiate the study of the following problem: Suppose Alice and Bob would like to outsource their encrypted private data sets to the cloud, and they also want to conduct the set intersection operation on their plaintext data sets. The straightforward solution for them is to download their outsourced cipher texts, decrypt the cipher texts locally, and then execute a commodity two-party set intersection protocol. Unfortunately, this solution is not practical. We therefore motivate and introduce the novel notion of Verifiable Delegated Set Intersection on outsourced encrypted data (VDSI). The basic idea is to delegate the set intersection operation to the cloud, while (i) not giving the decryption capability to the cloud, and (ii) being able to hold the misbehaving cloud accountable. We formalize security properties of VDSI and present a construction. In our solution, the computational and communication costs on the users are linear to the size of the intersection set, meaning that the efficiency is optimal up to a constant factor.

Abstract: The security of image and video data is important for many applications which require in real-time a high security level. In the first part of this work, four chaos-based cryptosystems, flexible, efficient, and more robust against cryptanalysis, are designed and realized. The first two cryptosystems are based on the substitution-permutation network. The substitution is achieved by a proposed modified Finite Skew Tent Map (FSTM) to overcome various problems: fixed point, key space restriction, and limitation of mapping between plaintext and ciphertext. The third cryptosystem is a new and efficient structure. It is based on a binary diffusion layer of pixels, followed by a bit-permutation layer. The permutation is achieved by an efficient proposed formulation of the 2-D cat map. The fourth cryptosystem is faster than the others, having a very high security level. The confusion and the diffusion are performed in a single scan. Its design is based on a partial cryptanalysis that we performed on the Zhang algorithm. In the second part, two fast and secure selective chaos-based crypto-compressions are designed and realized to secure the High Efficiency Video Coding (HEVC) and its scalable version. In the first crypto-compression, a new algorithm is proposed to define the encryptable bits in the bit stream of the HEVC and the SHVC systems. The proposed solution encrypts a set of sensitive SHVC parameters at the entropy encoder (CABAC), while preserving all SHVC functionalities. Based on the tile concept, the second proposed crypto-compression provides protection of the ROI defined in the standard HEVC.

Abstract: Ensuring the cloud data security is a major concern for corporate cloud subscribers and in some cases for the private cloud users. Confidentiality of the stored data can be managed by encrypting the data at the client side before outsourcing it to the remote cloud storage server. However, once the data is encrypted, it will limit server’s capability for keyword search since the data is encrypted and server simply cannot make a plaintext keyword search on encrypted data. But again we need the keyword search functionality for efficient retrieval of data. To maintain user’s data confidentiality, the keyword search functionality should be able to perform over encrypted cloud data and additionally it should not leak any information about the searched keyword or the retrieved document. This is known as privacy preserving keyword search. This paper aims to study privacy preserving keyword search over encrypted cloud data. Also, we present our implementation of a privacy preserving data storage and retrieval system in cloud computing. For our implementation, we have chosen one of the symmetric key primitives due to its efficiency in mobile environments. The implemented scheme enables a user to store data securely in the cloud by encrypting it before outsourcing and also provides user capability to search over the encrypted data without revealing any information about the data or the query.

Abstract: Traditional cryptography techniques require our data to be unencrypted to be processed correctly. This means that at some stage on a system we have no control over, our data will be processed in plaintext. Homomorphic encryption or specifically, fully homomorphic encryption is a viable solution to this problem. It allows encrypted data to be processed as if it were in plaintext and will produce the correct value once decrypted. While many know that homomorphic encryption promises to be an ideal solution to trust, security, and privacy issues in cloud computing, few actually knows how it works and why it is not yet a practical solution despite its promises. This chapter serves as a much needed primer on current homomorphic encryption techniques, discusses about several practical challenges, and introduces workarounds proposed by practitioners and researchers to overcome these challenges.

Abstract: In this note we provide a more-or-less unified framework to talk about the functionality and security of graded encoding schemes, describe some variations of recent schemes, and discuss their security. In particular we describe schemes that combine elements from both the GGH13 scheme of Garg, Gentry and Halevi (EUROCRYPT 2013) and the GGH15 scheme of Gentry, Gorbunov and Halevi (TCC 2015). On one hand, we show how to use techniques from GGH13 in the GGH15 construction to enable encoding of arbitrary plaintext elements (as opposed to only small ones) and to introduce “levels/subsets” (e.g., as needed to implement straddling sets). On the other hand, we show how to modify the GGH13 scheme to support graph-induced constraints (either instead of, or in addition to, the levels from GGH13). Turning to security, we describe zeroizing attacks on the GGH15 scheme, similar to those described by Cheon et al. (EUROCRYPT 2015) and Coron et al. (CRYPTO 2015) on the CLT13 and GGH13 constructions. As far as we know, however, these attacks to not break the GGH15 multi-partite key-agreement protocol. We also describe a new multi-partite keyagreement protocol using the GGH13 scheme, which also seems to resist known attacks. That protocol suggests a relatively simple hardness assumption for the GGH13 scheme, that we put forward as a target for cryptanalysis.