• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.5
• /
• pp.2718-2731
• /
• 2019

Conjunctive keyword search encryption is an important technique for protecting sensitive data that is outsourced to cloud servers. However, the process of searching outsourced data may facilitate the leakage of sensitive data. Thus, an efficient data search approach with high security is critical. To solve this problem, an efficient conjunctive keyword search scheme based on ciphertext-policy attribute-based encryption is proposed for cloud storage environment. This paper proposes an efficient mechanism for removing the secure channel and resisting off-line keyword-guessing attacks. The storage overhead and the computational complexity are regardless of the number of keywords. This scheme is proved adaptively secure based on the decisional bilinear Diffie-Hellman assumption in the standard model. Finally, the results of theoretical analysis and experimental simulation show that the proposed scheme has advantages in security, storage overhead and efficiency, and it is more suitable for practical applications.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.17 no.1
• /
• pp.145-164
• /
• 2023

Cloud computing offers a platform that is both adaptable and scalable, making it ideal for outsourcing data for sharing. Various organizations outsource their data on cloud storage servers for availing management and sharing services. When the organizations outsource the data, they lose direct control on the data. This raises the privacy and security concerns. Cryptographic encryption methods can secure the data from the intruders as well as cloud service providers. Data owners may also specify access control policies such that only the users, who satisfy the policies, can access the data. Attribute based access control techniques are more suitable for the cloud environment as they cover large number of users coming from various domains. Multi-authority attribute-based encryption (MA-ABE) technique is one of the propitious attribute based access control technique, which allows data owner to enforce access policies on encrypted data. The main aim of this paper is to comprehensively survey various state-of-the-art MA-ABE schemes to explore different features such as attribute and key management techniques, access policy structure and its expressiveness, revocation of access rights, policy updating techniques, privacy preservation techniques, fast decryption and computation outsourcing, proxy re-encryption etc. Moreover, the paper presents feature-wise comparison of all the pertinent schemes in the field. Finally, some research challenges and directions are summarized that need to be addressed in near future.

• Journal of KIISE:Computing Practices and Letters
• /
• v.6 no.2
• /
• pp.265-273
• /
• 2000

In relational database management systems(RDBMS), a table consIn relational database management systems(RDBMS), a table consists of sets of records which are composed of a set of attributes. The number of distinct values(NDV) of an attribute denotes the number of distinct attribute values that actually appear in the database records, and is widely used in optimizing queries and supporting statistic queries. Object-relational database management systems(ORBBMSS), however, support the inheritance between tables which enforces an attribute defined in a super-table to be inherited in sub-tables automatically. Hence, in ORDBMSS, not only NDV of an attribute In a single table but also NDV of an attribute in multiple tables(HNDV) is needed. In this paper, we propose a method that calculates HNDV using arrays of attribute value intervals. In this method, an array of attribute value intervals is created for an attribute of interest In each table in a table hierarchy, and HNDV can be calculated or estimated by merging the arrays of attribute value intervals. The proposed method accurately calculates HNDV using small additional storage space and is efficient for an environment where only some of the tables in a table hierarchy are frequently updated.

• Spatial Information Research
• /
• v.5 no.1
• /
• pp.1-10
• /
• 1997

In this paper, we classify existing spatial indexing schemes for spatial objects in geographic database systems into seven classes. Also, we propose a new spatial indexing scheme called MAX(Multi-Attribute indeXing scheme). The search, insert, delete algorithms for the proposed indexmg scheme are described in detail. It is expected that the performance of the proposed indexing scheme is better than the existing indexing schemes under the some conditions. The proposed indexing scheme, MAX, can be easily implemented on existing built-in B-trees in most storage managers in the sense tha.t the structure of MAX is like that of B-tree.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.10
• /
• pp.5100-5119
• /
• 2018

Most of existing privacy-preserving multi-authorities attribute-based encryption schemes (PP-MA-ABE) only considers the privacy of the user identity (ID). However, in many occasions information leakage is caused by the disclosing of his/her some sensitive attributes. In this paper, we propose a collusion-resisting ciphertext-policy PP-MA-ABE (CRPP-MACP-ABE) scheme with hiding both user's ID and attributes in the cloud storage system. We present a method to depict anonymous users and introduce a managerial role denoted by IDM for the management of user's anonymous identity certificate ($AID_{Cred}$). The scheme uses $AID_{Cred}$ to realize privacy-preserving of the user, namely, by verifying which attribute authorities (AAs) obtain the blinded public attribute keys, pseudonyms involved in the $AID_{Cred}$ and then distributes corresponding private keys for the user. We use different pseudonyms of the user to resist the collusion attack launched by viciousAAs. In addition, we utilize IDM to cooperate with multiple authorities in producing consistent private key for the user to avoid the collusion attack launched by vicious users. The proposed CRPP-MACP-ABE scheme is proved secure. Some computation and communication costs in our scheme are finished in preparation phase (i.e. user registration). Compared with the existing schemes, our scheme is more efficient.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.8 no.11
• /
• pp.4028-4049
• /
• 2014

Attribute-based encryption (ABE) is a promising cryptographic primitive for implementing fine-grained data sharing in cloud computing. However, before ABE can be widely deployed in practical cloud storage systems, a challenging issue with regard to attributes and user revocation has to be addressed. To our knowledge, most of the existing ABE schemes fail to support flexible and direct revocation owing to the burdensome update of attribute secret keys and all the ciphertexts. Aiming at tackling the challenge above, we formalize the notion of ciphertext-policy ABE supporting flexible and direct revocation (FDR-CP-ABE), and present a concrete construction. The proposed scheme supports direct attribute and user revocation. To achieve this goal, we introduce an auxiliary function to determine the ciphertexts involved in revocation events, and then only update these involved ciphertexts by adopting the technique of broadcast encryption. Furthermore, our construction is proven secure in the standard model. Theoretical analysis and experimental results indicate that FDR-CP-ABE outperforms the previous revocation-related methods.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.16 no.4
• /
• pp.1286-1306
• /
• 2022

Searchable symmetric encryption (SSE) provides a safe and effective solution for retrieving encrypted data on cloud servers. However, the existing SSE schemes mainly focus on single keyword search in single client, which is inefficient for multiple keywords and cannot meet the needs for multiple clients. Considering the above drawbacks, we propose a scheme enabling dynamic multi-client and Boolean query in searchable symmetric encryption for cloud storage system (DMC-SSE). DMC-SSE realizes the fine-grained access control of multi-client in SSE by attribute-based encryption (ABE) and novel access control list (ACL), and supports Boolean query of multiple keywords. In addition, DMC-SSE realizes the full dynamic update of client and file. Compared with the existing multi-client schemes, our scheme has the following advantages: 1) Dynamic. DMC-SSE not only supports the dynamic addition or deletion of multiple clients, but also realizes the dynamic update of files. 2) Non-interactivity. After being authorized, the client can query keywords without the help of the data owner and the data owner can dynamically update client's permissions without requiring the client to stay online. At last, the security analysis and experiments results demonstrate that our scheme is safe and efficient.

• Journal of the Semiconductor & Display Technology
• /
• v.8 no.1
• /
• pp.39-42
• /
• 2009

In this paper an attempt for realizing a storage system which works as a part of human brain has been discussed. The system is expected to be able to coordinate with human brain. And current storage may have inherent problem due to an intrinsic attribute of storage, exclusiveness. Directory structure in it must be a source of confusion, if it used out side of the range of limitation. Adapting multidimensional annotation of file name extension and directory-less file system, a new storage system able to associate and coordinate with human brain may be available near future. This paper showed that the limitation of current storage system clearly exists, because of human brain limitation to memorize directory name.

• Journal of KIISE
• /
• v.43 no.8
• /
• pp.933-945
• /
• 2016

Sharing data by multiple users on the public storage, e.g., the cloud, is considered to be efficient because the cloud provides on-demand computing service at anytime and anywhere. Secure data sharing is achieved by fine-grained access control. Existing symmetric and public key encryption schemes are not suitable for secure data sharing because they support 1-to-1 relationship between a ciphertext and a secret key. Attribute based encryption supports fine-grained access control, however it incurs linearly increasing ciphertexts as the number of attributes increases. Additionally, the decryption process has high computational cost so that it is not applicable in case of resource-constrained environments. In this study, we propose an efficient attribute-based secure data sharing scheme with outsourceable decryption. The proposed scheme guarantees constant-size ciphertexts irrespective of the number of attributes. In case of static attributes, the computation cost to the user is reduced by delegating approximately 95.3% of decryption operations to the more powerful storage systems, whereas 72.3% of decryption operations are outsourced in terms of dynamic attributes.

• Interdisciplinary Bio Central
• /
• v.3 no.3
• /
• pp.9.1-9.5
• /
• 2011

Entity Attribute Value (EAV) is the widely used solution to represent high dimensional and sparse data, but EAV is not search efficient for knowledge extraction. In this paper, we have proposed a search efficient data model: Optimized Entity Attribute Value (OEAV) for physical representation of high dimensional and sparse data as an alternative of widely used EAV. We have implemented both EAV and OEAV models in a data warehousing en-vironment and performed different relational and warehouse queries on both the models. The experimental results show that OEAV is dramatically search efficient and occupy less storage space compared to EAV.