Order-preserving encryption using the hypergeomatric probability distribution leaks about the half bits of a plaintext and the distance between two arbitrary plaintexts. To solve these problems, Popa et al. proposed a mutable order-preserving encoding. This is a keyless encoding scheme that adopts an order-preserving index locating the corresponding ciphertext via tree-based data structures. Unfortunately, it has the following shortcomings. First, the frequency of the ciphertexts reveals that of the plaintexts. Second, the indices are highly correlated to the corresponding plaintexts. For these reasons, statistical cryptanalysis may identify the encrypted fields using public information. To overcome these limitations, we propose a multi-tree approach to the mutable order-preserving encoding. The cost of interactions increases by the increased number of trees, but the proposed scheme mitigates the distribution leakage of plaintexts and also reduces the problematic correlation to plaintexts.

Order-Preserving Encryption (OPE) is an encryption system that preserves the numerical (or alphabetical) order of plaintexts. Since many operations of communications and databases are based on order relations of data (plaintexts), OPE is regarded as a core technique for various applications. However, the intrinsic property of OPE makes constructing an efficient and secure OPE system hard to achieve. In particular, OPE can guarantee only limited security compared to general encryption systems. Only a few results on OPE systems were presented, and no theoretical research based on provable security has been presented until recently. Lately, some approaches have been suggested. However, every known result is unsatisfactory for formalizing the provable security of OPE systems. In this paper, we propose a new OPE system that employs only a simple pseudorandom number function, and therefore has an advantage for practical usage.

Privacy preserving association rule mining algorithms have been designed for discovering the relations between variables in data while maintaining the data privacy. In this article we revise one of the recently introduced schemes for association rule mining using fake transactions (fs). In particular, our analysis shows that the fs scheme has exhaustive storage and high computation requirements for guaranteeing a reasonable level of privacy. We introduce a realistic definition of privacy that benefits from the average case privacy and motivates the study of a weakness in the structure of fs by fake transactions filtering. In order to overcome this problem, we improve the fs scheme by presenting a hybrid scheme that considers both privacy and resources as two concurrent guidelines. Analytical and empirical results show the efficiency and applicability of our proposed scheme.

Power analysis exploits the leaked information gained from cryptographic devices including, but not limited to, power consumption generated during cryptographic operations. If a number of power traces are given to an attacker, it is possible to reveal a cryptographic key efficiently, sometimes within a few minutes, using various statistical methods. In this sense, software countermeasures including higher-order masking or software dual-rail with precharge logic have been proposed to produce randomized or constant power consumption during the key-dependent operations. However, they have critical disadvantages in terms of computational time and security. In this paper, we propose a new solution called “one-bit to four-bit dual conversion” for enhanced security against power analysis. For an exemplary embodiment of the proposed scheme, we apply it to an AES implementation and demonstrate its security and performance. The overall costs are approximately 148KB memory space for the lookup tables and about a 3-fold increase in execution time than the straightforward implementation of AES.

For reliable storage services, we need a way not only to monitor the state of stored data but also to recover the original data when some data loss is discovered. To solve the problem, a novel technique called HAIL has been proposed. Unfortunately, HAIL cannot support dynamic data which is changed according to users' modification queries. There are many applications where dynamic data are used. So, we need a way to support dynamic data in cloud services to use cloud storage system for various applications. In this paper, we propose a new technique that can support the use of dynamic data in cloud storage systems. For dynamic data update, we design a new data chunk generation strategy which guarantee efficient data insertion, deletion, and modification. Our technique requires O(1) operations for each data update when existing techniques require O(n) operations where n is the size of data.