• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제13권5호
• /
• pp.2718-2731
• /
• 2019

Conjunctive keyword search encryption is an important technique for protecting sensitive data that is outsourced to cloud servers. However, the process of searching outsourced data may facilitate the leakage of sensitive data. Thus, an efficient data search approach with high security is critical. To solve this problem, an efficient conjunctive keyword search scheme based on ciphertext-policy attribute-based encryption is proposed for cloud storage environment. This paper proposes an efficient mechanism for removing the secure channel and resisting off-line keyword-guessing attacks. The storage overhead and the computational complexity are regardless of the number of keywords. This scheme is proved adaptively secure based on the decisional bilinear Diffie-Hellman assumption in the standard model. Finally, the results of theoretical analysis and experimental simulation show that the proposed scheme has advantages in security, storage overhead and efficiency, and it is more suitable for practical applications.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제17권1호
• /
• pp.145-164
• /
• 2023

Cloud computing offers a platform that is both adaptable and scalable, making it ideal for outsourcing data for sharing. Various organizations outsource their data on cloud storage servers for availing management and sharing services. When the organizations outsource the data, they lose direct control on the data. This raises the privacy and security concerns. Cryptographic encryption methods can secure the data from the intruders as well as cloud service providers. Data owners may also specify access control policies such that only the users, who satisfy the policies, can access the data. Attribute based access control techniques are more suitable for the cloud environment as they cover large number of users coming from various domains. Multi-authority attribute-based encryption (MA-ABE) technique is one of the propitious attribute based access control technique, which allows data owner to enforce access policies on encrypted data. The main aim of this paper is to comprehensively survey various state-of-the-art MA-ABE schemes to explore different features such as attribute and key management techniques, access policy structure and its expressiveness, revocation of access rights, policy updating techniques, privacy preservation techniques, fast decryption and computation outsourcing, proxy re-encryption etc. Moreover, the paper presents feature-wise comparison of all the pertinent schemes in the field. Finally, some research challenges and directions are summarized that need to be addressed in near future.

• 한국정보과학회논문지:컴퓨팅의 실제 및 레터
• /
• 제6권2호
• /
• pp.265-273
• /
• 2000

관계형 데이타베이스 시스템의 각 테이블은 레코드의 집합이며 각 레코드는 일련의 속성들의 집합으로 이루어진다. 속성에 대한 상이값수란 레코드의 속성에 대해 실제로 데이타베이스 내에 사용되고 있는 서로 다른 속성값의 개수를 나타내며 질의 최적화나 통계적 질의의 지원에 유용하게 사용된다. 한편 기존 관계형 데이타베이스 시스템과는 달리 객체-관계 데이타베이스 시스템은 테이블간의 계승 관계를 지원하므로 상위 테이블에서 정의된 속성을 하위 테이블에서 계승받게 된다. 따라서 상이값수 또한 단일 테이블에 관한 정보뿐만 아니라 하위 테이블의 속성 정보를 모두 반영하는 계층 상이값수가 필요하다. 본 논문은 기존 상이값수 측정 방법을 그대로 사용하되 계층 상이값수를 계산하는 방법으로써 속성값 구간 배열을 이용하는 기법을 제안한다. 이 기법은 해당 테이블과 하위 테이블에 대하여 각각 속성값 구간 배열을 구성하고 그것을 합병함으로써 계층 상이값수를 계산한다. 제안하는 기법은 작은 양의 저장 공간만을 사용하여 계층 상이값수를 정확히 구할 수 있게 하며 계층 내의 각 테이블에 대한 갱신 연산이 불균등하게 이루어지는 환경에서 더욱 효과적으로 이용될 수 있다.

• Spatial Information Research
• /
• 제5권1호
• /
• pp.1-10
• /
• 1997

본 연구에서는 GIS(GIS: geographic information systems)데이타베이스 시스템에서 주로 사용되는 공간 객체를 위한 색인 방법에 대해 과거의 연구를 토대로 해서 7개의 클래스로 분류를 해보고 이로부터 새로이 제안하는 색인 방법인 MAX(Multi-Attribute indexing scheme)에 대해서 상세히 기술한다. 또한 MAX의 여러 연산을 위한 알고리즘을 제시하고, 알고리즘의 우수성을 제시한다. 이미 성능 평가를 통해 어느 정도의 성능을 기대할 수 있으며, 이를 실제 시스템에 구현한다면 상당한 성능을 가진 지리 정보 시스템을 구축할 수 있을 것이다. 특히 MAX는 이 기법이 가지는 B 트리의 확장성으로 쉽게 구현할 수 있는 구조를 가지게 된다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제12권10호
• /
• pp.5100-5119
• /
• 2018

Most of existing privacy-preserving multi-authorities attribute-based encryption schemes (PP-MA-ABE) only considers the privacy of the user identity (ID). However, in many occasions information leakage is caused by the disclosing of his/her some sensitive attributes. In this paper, we propose a collusion-resisting ciphertext-policy PP-MA-ABE (CRPP-MACP-ABE) scheme with hiding both user's ID and attributes in the cloud storage system. We present a method to depict anonymous users and introduce a managerial role denoted by IDM for the management of user's anonymous identity certificate ($AID_{Cred}$). The scheme uses $AID_{Cred}$ to realize privacy-preserving of the user, namely, by verifying which attribute authorities (AAs) obtain the blinded public attribute keys, pseudonyms involved in the $AID_{Cred}$ and then distributes corresponding private keys for the user. We use different pseudonyms of the user to resist the collusion attack launched by viciousAAs. In addition, we utilize IDM to cooperate with multiple authorities in producing consistent private key for the user to avoid the collusion attack launched by vicious users. The proposed CRPP-MACP-ABE scheme is proved secure. Some computation and communication costs in our scheme are finished in preparation phase (i.e. user registration). Compared with the existing schemes, our scheme is more efficient.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제8권11호
• /
• pp.4028-4049
• /
• 2014

Attribute-based encryption (ABE) is a promising cryptographic primitive for implementing fine-grained data sharing in cloud computing. However, before ABE can be widely deployed in practical cloud storage systems, a challenging issue with regard to attributes and user revocation has to be addressed. To our knowledge, most of the existing ABE schemes fail to support flexible and direct revocation owing to the burdensome update of attribute secret keys and all the ciphertexts. Aiming at tackling the challenge above, we formalize the notion of ciphertext-policy ABE supporting flexible and direct revocation (FDR-CP-ABE), and present a concrete construction. The proposed scheme supports direct attribute and user revocation. To achieve this goal, we introduce an auxiliary function to determine the ciphertexts involved in revocation events, and then only update these involved ciphertexts by adopting the technique of broadcast encryption. Furthermore, our construction is proven secure in the standard model. Theoretical analysis and experimental results indicate that FDR-CP-ABE outperforms the previous revocation-related methods.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제16권4호
• /
• pp.1286-1306
• /
• 2022

Searchable symmetric encryption (SSE) provides a safe and effective solution for retrieving encrypted data on cloud servers. However, the existing SSE schemes mainly focus on single keyword search in single client, which is inefficient for multiple keywords and cannot meet the needs for multiple clients. Considering the above drawbacks, we propose a scheme enabling dynamic multi-client and Boolean query in searchable symmetric encryption for cloud storage system (DMC-SSE). DMC-SSE realizes the fine-grained access control of multi-client in SSE by attribute-based encryption (ABE) and novel access control list (ACL), and supports Boolean query of multiple keywords. In addition, DMC-SSE realizes the full dynamic update of client and file. Compared with the existing multi-client schemes, our scheme has the following advantages: 1) Dynamic. DMC-SSE not only supports the dynamic addition or deletion of multiple clients, but also realizes the dynamic update of files. 2) Non-interactivity. After being authorized, the client can query keywords without the help of the data owner and the data owner can dynamically update client's permissions without requiring the client to stay online. At last, the security analysis and experiments results demonstrate that our scheme is safe and efficient.

• 반도체디스플레이기술학회지
• /
• 제8권1호
• /
• pp.39-42
• /
• 2009

In this paper an attempt for realizing a storage system which works as a part of human brain has been discussed. The system is expected to be able to coordinate with human brain. And current storage may have inherent problem due to an intrinsic attribute of storage, exclusiveness. Directory structure in it must be a source of confusion, if it used out side of the range of limitation. Adapting multidimensional annotation of file name extension and directory-less file system, a new storage system able to associate and coordinate with human brain may be available near future. This paper showed that the limitation of current storage system clearly exists, because of human brain limitation to memorize directory name.

• 정보과학회 논문지
• /
• 제43권8호
• /
• pp.933-945
• /
• 2016

클라우드와 같은 퍼블릭 스토리지 시스템은 언제 어디서든 온디맨드(on-demand) 컴퓨팅 서비스를 제공한다는 점에서, 다수 사용자 간 데이터 공유 환경으로 각광받고 있다. 안전한 데이터 공유는 세분화된 접근 제어를 통해 가능한데, 기존의 대칭키 및 공개키 기반 암호 기법은 암호문과 비밀키 간 일대일 대응만을 지원한다는 점에서 적합하지 않다. 속성 기반 암호는 세분화된 접근 제어를 지원하지만, 속성의 개수가 증가함에 따라 암호문의 크기도 함께 증가한다. 게다가, 복호에 필요한 연산비용이 매우 크기 때문에, 가용한 자원이 제한된 환경에서 비효율적이다. 본 연구에서는, 복호 연산의 아웃소싱을 지원하는 효율적인 속성 기반의 안전한 데이터 공유 기법을 제안한다. 제안 기법은 속성의 개수에 관계없이 항상 일정 크기의 암호문을 보장한다. 또한 정적 속성 환경에서 사용자 측면 연산 비용 절감을 지원하며, 이는 약 95.3%의 복호 연산을 고성능의 스토리지 시스템에 위임함으로써 가능하다. 반면 동적 송석 환경에서는 약 72.3%의 복호 연산 위임이 가능하다.

• Interdisciplinary Bio Central
• /
• 제3권3호
• /
• pp.9.1-9.5
• /
• 2011

Entity Attribute Value (EAV) is the widely used solution to represent high dimensional and sparse data, but EAV is not search efficient for knowledge extraction. In this paper, we have proposed a search efficient data model: Optimized Entity Attribute Value (OEAV) for physical representation of high dimensional and sparse data as an alternative of widely used EAV. We have implemented both EAV and OEAV models in a data warehousing en-vironment and performed different relational and warehouse queries on both the models. The experimental results show that OEAV is dramatically search efficient and occupy less storage space compared to EAV.