User Authentication in the IoE Era: Attacks, Challenges, Evaluation, and New DesignsView this Special Issue
Research Article | Open Access
Qian Meng, Jianfeng Ma, Kefei Chen, Yinbin Miao, Tengfei Yang, "Comparable Encryption Scheme over Encrypted Cloud Data in Internet of Everything", Security and Communication Networks, vol. 2017, Article ID 6430850, 11 pages, 2017. https://doi.org/10.1155/2017/6430850
Comparable Encryption Scheme over Encrypted Cloud Data in Internet of Everything
User authentication has been widely deployed to prevent unauthorized access in the new era of Internet of Everything (IOE). When user passes the legal authentication, he/she can do series of operations in database. We mainly concern issues of data security and comparable queries over ciphertexts in IOE. In traditional database, a Short Comparable Encryption (SCE) scheme has been widely used by authorized users to conduct comparable queries over ciphertexts, but existing SCE schemes still incur high storage and computational overhead as well as economic burden. In this paper, we first propose a basic Short Comparable Encryption scheme based on sliding window method (SCESW), which can significantly reduce computational and storage burden as well as enhance work efficiency. Unfortunately, as the cloud service provider is a semitrusted third party, public auditing mechanism needs to be furnished to protect data integrity. To further protect data integrity and reduce management overhead, we present an enhanced SCESW scheme based on position-aware Merkle tree, namely, PT-SCESW. Security analysis proves that PT-SCESW and SCESW schemes can guarantee completeness and weak indistinguishability in standard model. Performance evaluation indicates that PT-SCESW scheme is efficient and feasible in practical applications, especially for smarter and smaller computing devices in IOE.
With the new era of Internet of Everything (IOE)  and cloud computing [2, 3], smaller and smarter computing devices have begun to be integrated into our lives such as e-Health [4, 5], online shopping , and image retrieval . Authentication is regarded as a first line of defense and has been widely used to prevent unauthorized access. Series of research efforts [8–17] have been made. User authentication can be password-based authentication [18, 19], biometric-based authentication [20, 21], and others [22–24]. However, security issues of user authentication, especially issues of data security and the availability of ciphertext data, are rather challenging tasks in IOE. When user passes the legal authentication, he/she can do comparable queries over ciphertexts. On the premise of ensuring safety, we concern how to make comparable queries over ciphertexts for authorized users.
As the cloud service provider is not a completely trusted entity, data usually utilize encryption technique by authorized users to guarantee security before being outsourced to the cloud service provider. There exist some scenes such as e-Health and stock exchange, which need to compare numeric data  over encrypted data. Unfortunately, what is of prime importance is how to make comparable operations over ciphertexts as well as data integrity without leaking any information.
To ensure comparable query operations over ciphertexts, series of research efforts [26–31] have been made. Among these efforts, one of popular works is a request-based comparable encryption scheme  which utilizes the idea of Prefix Preserving Encryption (PPE). Although this scheme can make comparable query operations over ciphertexts, it brings in high computational and storage burden. To this end, an efficient request-based comparable encryption scheme was discussed by Chen et al.  through utilizing sliding window method to reduce computational and storage burden. To further relief ciphertexts storage space, SCE scheme was presented by Furukawa through using PPE idea . Compared with request-based comparable encryption scheme, SCE scheme encrypts each bit into -ary, thereby dramatically reducing ciphertexts space and improving work efficiency. As the semitrusted cloud service provider may maliciously conduct a fraction of operations and forge some ciphertexts, we should verify the correctness of outsourced data for the purpose of ensuring data integrity.
To ensure data integrity without maliciously being forged, large amount of work [34–37] aimed to verify the integrity of static and dynamic outsourced data. For example, a remote integrity checking scheme which is based on modular-exponentiation cryptographic techniques was introduced by Deswarte et al.  Unfortunately, the new scheme has high computing complexity. To tackle this problem, Gazzoni Filho and Barreto  proposed a scheme by utilizing an RSA-based secure hash function in order to achieve safe data transfer transaction through a trusted third party. However, this protocol is still vulnerable to the collusion attack in a P2P environment  as most of existing schemes cannot prevent the user data from being leaked to external auditors. After that, Wang et al.  proposed a scheme known as privacy-preserving public auditing for data storage security in cloud computing, which was the first privacy-preserving auditing protocol to support scalable and public auditing in the cloud computing. In Wang et al. protocol, computational overhead came from several time-consuming operations. Aiming at reducing high computational and storage overhead, we use position-aware Merkle tree (PMT)  to ensure data integrity.
Inspired by the aforementioned sliding window method and PMT, we first propose a basic scheme called SCESW scheme which is based on the sliding window method to reduce computational and storage overhead. Since the cloud service provider is a semitrusted entity which can obtain some sensitive information and then derive plaintexts, we further present an enhanced scheme named PT-SCESW scheme according to PMT to verify the stored data integrity. The main contributions of our work are listed as follows.(i)SCESW scheme: inspired by sliding window method and SCE scheme, we first put forward the basic SCESW scheme to relief computational burden and storage overhead as well as enhance work efficiency.(ii)PT-SCESW scheme: to further protect data integrity for authorized users, we then introduce the enhanced lightweight PT-SCESW scheme based on PMT, which allows the authorized verifier to check the correctness of stored cloud data. Table 1 shows comparisons among various schemes.(iii)Security and efficiency: formal security analysis demonstrates that PT-SCESW and SCESW schemes can guarantee data security and integrity as well as weak indistinguishability in standard model and experimental results using real-world dataset show its efficiency in practice.
|Note. : storage overhead; : computational overhead; : efficiency; : sliding window method; : public auditing; Yes: ✓; no: ✕.|
The reminder of this paper is organized as follows. Section 2 depicts some preliminaries which will be used in our paper. Section 3 gives a detailed description of the proposed basic and enhanced schemes. Section 4 shows security analysis and Section 5 illustrates the performance of proposed schemes.
In this section, we will give some descriptions of sliding window method and position-aware Merkle tree.
2.1. Sliding Window Method
Sliding window method proposed by Koç  is one of the widely used methods for exponentiation. For example, computing , we can write using its binary code, such as . Based on the value of is divided into a tuple of zero windows and nonzero windows. Sliding window technology can bring in the reduction in the amount of computation and management overhead. Algorithm 1 illustrates details of sliding window method .
In our schemes, numeric numbers are considered as a sequence of the binary codes. However, we suppose that all the windows have the same window size without distinguishing zero windows or nonzero windows. The fixed window size is chosen by the user’s security level requirements. Hence, security and efficiency can be trade-off in practice.
2.2. Position-Aware Merkle Tree
Merkle hash tree  is extensively utilized in data integrity . The structure of Merkle tree  contains a root on the top of the tree, nonleaf nodes, and leaf nodes, which is shown in Figure 1. Every nonleaf node is labeled as the hash value of its children nodes and every leaf node is defined as the hash value of a file block. , where represents a hash function. The root node of the is regarded as . For a node , Auxiliary Authentication Information (AAI) is used to depict the smallest order node set . Given a node , AAI contains all the brother nodes related to through root path from to root node . For example, the AAI of node is , as shown in Figure 1.
In the PMT structure, every node is noted as . Besides, is presented by a -tuple , where represents node ’s relative position to its parents node; represents the number of node ’s leaf nodes; represents the value of the node . We label nodes from left to right in each layer with , , and defined as follows, where set represents the set of left subtrees, set represents the set of right subtrees, set represents the root of tree, and set represents the set of leaf nodes.
From Figure 1, we know that node is a leaf node that relates to the block and is located in the left of its parent node . According to the formula above, , , and . Similarly, we can obtain and . Table 2 illustrates the value of nodes in Figure 1.
3. Proposed Basic and Enhanced Schemes
Before presenting concrete constructions of SCESW and PT-SCESW schemes outlined above, we give some notations which will be utilized in the whole paper, as shown in Notations.
3.1. System Model
We first describe the system model of PT-SCESW scheme which mainly involves four entities, namely, Data Owner (DO), cloud service provider (CSP), user, and Third-Party Auditor (TPA), as shown in Figure 2. When user passes the legal authentication, he/she can do comparable queries operations over encrypted data. First, the DO encrypts files by using SCESW scheme and finally sends the file and the corresponding to the CSP. When user wants to issue the search query over encrypted cloud data, he/she needs to submit a search query to CSP. The CSP returns the result of the query to the user. If the verifier wants to check the outsourced data integrity, she/he sends an auditing request to the TPA and the TPA submits the auditing challenge to the CSP. Upon receiving the auditing challenge , CSP computes , and sends the auditing proof to the TPA. Then TPA conducts the integrity verification algorithm (Algorithm 2) to check the data integrity and returns the auditing report to the verifier. Figure 2 depicts the task of each entity, with an assumption that the DO is the verifier.(1)DO: it has twofold responsibilities. Firstly, data files are encrypted through SCESW scheme and then outsourced to the CSP, as shown in step ①. Secondly, the DO sends auditing request to the TPA in order to check ciphertexts integrity, as illustrated in step ②.(2)CSP: it can provide infinite storage and computation resources to the DO and the user. After executing auditing challenge, the CSP sends auditing proof to the TPA, as shown in step ④.(3)User: it has the following responsibilities. Firstly, the user submits a query to compare a pair of ciphertexts and , as shown in step ⑥. Secondly, upon doing Cmp operation, the CSP returns the relationship of two numeric ciphertexts, as illustrated in step ⑦.(4)TPA: it has twofold responsibilities. Firstly, the TPA submits auditing challenge to the CSP, as shown in step ③. Secondly, the TPA returns the auditing report to the verifier shown in step ⑤. If the result of auditing is correctness, system continues the Cmp step; otherwise, the scheme demonstrates that ciphertexts are not with integrity and system stops working.
3.2. The SCESW Scheme
Let be the window size, which means each block file has bits. We assume arbitrary number is a multiple of . If is not a multiple of , we make a multiple of by adding zero in the end of the ’s binary code. SCESW scheme consists of five algorithms, namely, KeyGen, Par, Der, Enc, and Cmp. When user passes the legal authentication, he/she can do comparable queries operations over encrypted data. Thus, we mainly consider data security and comparable queries operations over ciphertexts. A detailed construction of SCESW scheme is depicted as follows.
(1) Definitions of SCESW Scheme. The SCESW scheme is composed of five algorithms involving KeyGen, Par, Der, Enc, and Cmp. SCESW system definition can be defined in Algorithm 3.
(2) Details of SCESW Scheme. Concrete construction of SCESW scheme can be defined as follows.(i)KeyGen: given a security parameter and range parameter , KeyGen first randomly chooses hash functions: and then returns . Finally, KeyGen algorithm outputs a public parameter and a master key .(ii)Par: given an original number , the DO rewrites it through its binary code by utilizing sliding window method with (2), where represents the window size, is the number of blocks, and :(iii)Der: given , master key , and number , Der algorithm outputs a token with the following equations:(iv)Enc: given , master key , and number , Enc randomly picks and a random number , where Next, Enc generates , where Enc finally outputs ciphertexts . The DO submits to the CSP. Here, can be encoded into to reduce storage space, where(v)Cmp: given two ciphertexts , , and a token , Cmp algorithm sets and keeps producing by decreasing by at each step, where This algorithm stops when Cmp produces such that or when for all . If , then holds. If , then holds. If , then holds. Then we have
3.3. The PT-SCESW Scheme
(1) Definitions of PT-SCESW Scheme. To efficiently support public auditing, we propose an enhanced SCESW scheme called PT-SCESW scheme. PT-SCESW scheme consists of four phases Setup, Encryption, Auditing and Comparison, defined in Algorithm 4. When user passes the legal authentication, he/she can do comparable queries operations over encrypted data. Thus, we mainly consider data security and comparable queries operations over ciphertexts.
(2) Details of PT-SCESW Scheme. Concrete construction of PT-SCESW scheme is defined as follows.
Setup Phase. This phase contains the KeyGen algorithm, which is utilized by the DO to initialize system.
The DO chooses a security parameter , range parameter , master key , and hash functions . Then he/she calculates the secret key and public key , where are two large primes and is the generator of a high-order cyclic group. Besides, he/she defines . The DO runs KeyGen algorithm to generate the public parameter and secret key . Setup phase contains KeyGen algorithm in SCESW scheme.
Setup phase outputs the secret key , public key , public parameter , and master key .
Encryption Phase. Par algorithm is run by the DO to generate the num which adopts the sliding window method. Der algorithm is used by the DO to produce the token of the num . Enc algorithm is run by the DO to generate ciphertexts of the num .(i)Par, Der: algorithms are similar to SCESW scheme.(ii)Enc: suppose that a public parameter , master key , and number are given, where Enc algorithm randomly chooses a token and a random number . Next Enc generates Enc finally outputs ciphertexts . Here, can be encoded into an integer to make ciphertexts shorter, where The DO regards as parts. For each file block , the DO computes tag . Then the user constructs the PMT according to the data block tags and calculates root value as the metadata, where . and can be kept by the DO, while file and set can be sent to the CSP.
Auditing Phase. ChalGen algorithm is run by the verifier to produce the auditing challenge . ProofGen algorithm is used by the TPA to generate the auditing proof . ChalGen algorithm is conducted by the TPA to produce auditing results.(i)ChalGen: the verifier randomly chooses the secret parameter and calculates the public parameter . The verifier randomly chooses weight coefficient pairs , where is different from each other, . Then the verifier sends the auditing request to the TPA, and TPA sends auditing challenge to the CSP.(ii)ProofGen: upon receiving the sent by the verifier, the CSP computes , . Then the CSP returns auditing proof to the TPA.(iii)ProofCheck: upon receiving the auditing proof , the TPA conducts Algorithm 2 to verify , in which . If Algorithm 2 outputs correct, it means tags corresponding to the auditing request are correct. Then, the TPA computes . If holds, it outputs correct, which means the auditing challenge passes the verification and the system continues the Cmp algorithm; otherwise, it outputs , which means the outsourced file was forged at the CSP side and the system stops the Cmp algorithm.
Comparison Phase. Cmp algorithm is employed by the user to compare the relationship of the numbers and from and .(i)Cmp: Cmp algorithm is similar to SCESW scheme. Given two ciphertexts , and a token , Cmp algorithm outputs .
4. Security Analysis
In this section, we will give properties of completeness and weak indistinguishability in PT-SCESW scheme by theoretical analysis, which are similar to SCESW scheme.
Theorem 1. The PT-SCESW scheme is complete as long as , , and are pseudorandom functions and the CSP honestly performs operations according to the auditing challenge.
Proof. We denote that and are generated from and , respectively.where is the window size; is the number of blocks via utilizing sliding window technology.From (3) we know that and depend on , and . Suppose that is the first different block of and , for ; if the equation holds, then holds. Hence, if , holds for , and then outputs 0. If , for this arbitrary ,For , equation means ; equation means is the first different bit. Specifically, if , then ; if , then .
Upon receiving sent by the verifier, the CSP computes . According to the PMT formula, we can prove that is the corresponding tag to the leaf node and the result outputs correctly.
The verifier computesHence, the PA-SCESW scheme is complete.
Theorem 2. The PT-SCESW scheme is weakly indistinguishable if , , and are pseudorandom functions.
Proof. Let , and represent challengers. Suppose that there exists an adversary such that in the weak distinguishing game. Then, we know that hash function is distinguishable from the random function, which is against the assumption that they are pseudorandom functions. In particular, we consider a sequence of games by challengers , and and then prove the theorem by the hybrid argument. From literature , we know that as long as hash is a pseudorandom function as well as . Hence, and Theorem 2 is proved.
In this section, we first compare our schemes with SCE scheme in Encryption Phase, Comparison Phase, and Auditing Phase in experiments, as shown in Tables 3 and 4, respectively. In Auditing Phase, auditing costs of  are almost of PT-SCESW scheme, so we just evaluate the actual performance of PT-SCESW scheme in experiments. These experiments are conducted using C on a Ubuntu Server 15.04 with Intel Core i5 Processor 2.3 GHz and Paring Based Cryptography (PBC). In Table 3, is the bit of numbers such that