The widespread adoption of cloud computing and the exponential growth of data highlight the need for secure data sharing and querying. Attribute-based keyword search (ABKS) has emerged as an efficient means of searching encrypted data stored in the cloud. However, existing ABKS schemes are vulnerable to quantum computer attacks, (insider) keyword guessing attacks (KGA), or incur high end-to-end delay. To address these vulnerabilities, this paper introduces a new concept called attribute-based authenticated encryption with keyword search (ABAEKS) and proposes an efficient ABAEKS scheme. Our ABAEKS has low end-to-end delay, and is resistant to both quantum computer attacks and (insider) KGA. In addition, we formalize the security model of ABAEKS system and prove its security in the random oracle model. Finally, we conduct a comprehensive performance evaluation of ABAEKS, and the experimental results show that our ABAEKS is computationally efficient and outperforms current state-of-the-art ABKS schemes.

With the rapid deployment of cloud computing and the exponential growth of data, it is a trend for users with limited resources to outsource the tasks of data sharing and platform building to proxy cloud service providers (PSCPs). However, the openness and uncontrollability of the computing environment pose a great threat to users’ sensitive data and personal privacy. The highly functional encryption mechanisms based on ciphertext-policy attribute-based encryption (CP-ABE)  were proposed to address these problems of secure data sharing in the IoT. In this paper, we propose an efficient and flexible file-hierarchy CP-ABE scheme based on the linear secret sharing scheme (LSSS) matrix. First, we design a hierarchical access control matrix using LSSS that can encrypt and decrypt multiple files simultaneously with a single access policy. Second, we employ multiple access control matrices to make access control more flexible. Third, we prove that our scheme is secure against the chosen-plaintext attack (CPA) under the decisional bilinear Diffie-Hellman (DBDH) assumption. Furthermore, we optimize the access control structure, and conduct experimental comparisons with the existing schemes by theoretical analysis and experimental simulation, showing that our scheme achieves significant improvements in both computation and storage costs.

In 2021, Jiang et al. proposed P2AE, a privacy preserving protocol in location-dependent mobile crowdsensing (DOI: 10.1109/TMC.2021.3112394).  One of the core techniques behind their scheme is a location-based symmetric key generation algorithm, which enables the service requestor and the mobile nodes in the task area to generate the same key themselves without revealing the location information.  However, in this comment, we will point out a flaw in their location-based symmetric key generation algorithm, which indicates that P2AE does not work.   In addition,  we propose a novel approach to achieve the location-based symmetric key generation using a witness encryption scheme.  This approach is feasible, but is currently inefficient due to the inefficiency of the underlying witness encryption scheme.

Federated learning (FL) is a promising collaborative machine learning (ML) framework allowing models to be trained on sensitive real-world data while preserving its privacy.  Unfortunately, recent attacks on FL demonstrate that local gradients provided by participating users may leak information about their local training data.  To address this privacy issue, the notion of secure aggregation was proposed and has been achieved by different approaches including secure multiparty computation (MPC),  homomorphic encryption (HE), functional encryption (FE), and double-masking. In 2023, Chang et al. proposed a novel privacy-preserving federated learning (PPFL) based on FE and claimed that their PPFL resolves the aforementioned privacy issue.  However, in this paper, we demonstrate that their PPFL is vulnerable to two attacks we design, and therefore their PPFL is insecure due to the above privacy issue.  We hope that by identifying the security problem, similar errors can be avoided in future designs of PPFL.

Federated learning (FL) allows a large number of users to collaboratively train machine learning (ML) models by sending only their local gradients to a central server for aggregation in each training iteration, without sending their raw training data. The main security issues of FL, that is, the privacy of the gradient vector and the correctness verification of the aggregated gradient, are gaining increasing attention from industry and academia. To protect the privacy of the gradient, a secure aggregation was proposed; to verify the correctness of the aggregated gradient, a verifiable secure aggregation that requires the server to provide a verifiable aggregated gradient was proposed. In 2021, Hahn et al. proposed VERSA, a verifiable secure aggregation (DOI:10.1109/TDSC.2021.3126323). However, in this paper, we will point out a flaw in VERSA, which indicates that VERSA does not work. To address the flaw, we present several approaches with different advantages and disadvantages. We hope that by identifying the flaw, similar errors can be avoided in future designs for verifiable secure aggregation.

With the increasing popularity of smart terminals, the Internet of Things (IoT) vastly expands the influence of information technology and creates great values to our society. The Internet of Medical Things (IoMT) is a typical application of the IoT specifically for medical and healthcare related purposes. In IoMT, personal health records (PHRs) generated by intelligent equipment are usually stored in a cloud sever managed by a semi-trusted cloud provider. However, there is still a possibility of the exposure of private information to unauthorized parties. In order to protect a patient’s private information, and ensure that doctors can search a patient’s PHRs without decrypting all ciphertexts, an efficient searchable encryption framework with weighted keywords is proposed in this paper. In this framework, we implement a weighted keyword model to raise the accuracy of search results, and reduce the computational and storage overhead. Besides, compared with the existing schemes, the framework is supportable of multi-search mechanism, which is adaptable to more application scenarios. Finally, the efficiency and security of this framework is proved through security and performance analysis in this paper.

Mobile crowdsensing (MCS) is a promising sensing paradigm which allows users to outsource a range of sensing tasks to a crowd of mobile workers with mobile devices. Location-dependent MCS, as the name implies, is a geographically-dependent sensing paradigm in which service requestors outsource location-specific tasks to many workers with mobile devices, and the workers accepting the tasks collect data at a particular location by physically arriving at the desired locations. Many efforts have been devoted to protecting location privacy of the workers accepting the tasks while ensuring task allocation accuracy and efficiency. In 2022, Wang et al. proposed BSIF, a blockchain-based MCS system (published in IEEE Journal on Selected Areas in Communications (JSAC)) that can prevent not only illegitimate participants but also location privacy leakage. For the purpose of protecting location privacy, they proposed a location-based symmetric key generation algorithm, which coordinates session keys for the target ranges between the service requestor and the workers accepting the tasks without revealing the location information. However, in this paper, we will point out a flaw in their location-based symmetric key generation algorithm, which indicates that BSIF does not work. Furthermore, we propose a novel approach to achieve the location-based symmetric key generation using a witness encryption scheme.