Dissertation•
Efficient Key Management for Data Security using TDES
28 Jul 2015-
About: The article was published on 2015-07-28 and is currently open access. It has received 2 citations till now. The article focuses on the topics: Encryption & Encryption software.
Citations
More filters
01 Apr 1997
TL;DR: The objective of this paper is to give a comprehensive introduction to applied cryptography with an engineer or computer scientist in mind on the knowledge needed to create practical systems which supports integrity, confidentiality, or authenticity.
Abstract: The objective of this paper is to give a comprehensive introduction to applied cryptography with an engineer or computer scientist in mind. The emphasis is on the knowledge needed to create practical systems which supports integrity, confidentiality, or authenticity. Topics covered includes an introduction to the concepts in cryptography, attacks against cryptographic systems, key use and handling, random bit generation, encryption modes, and message authentication codes. Recommendations on algorithms and further reading is given in the end of the paper. This paper should make the reader able to build, understand and evaluate system descriptions and designs based on the cryptographic components described in the paper.
2,188 citations
Journal Article•
TL;DR: The study proposes a mediated certificateless encryption scheme without pairing operations for securely sharing sensitive information in public clouds and proposes an extension to the above approach to improve the efficiency of encryption at the data owner.
Abstract: The study proposes a mediated certificateless encryption scheme without pairing operations for securely sharing sensitive information in public clouds. Mediated certificate less public key encryption (mCL-PKE) solves the key escrow problem in identity based encryption and certificate revocation problem in public key cryptography. However, existing mCL-PKE schemes are either inefficient because of the use of expensive pairing operations or vulnerable against partial decryption attacks. In order to address the performance and security issues, in this paper, we first propose a mCL-PKE scheme without using pairing operations. The study apply our mCL-PKE scheme to construct a practical solution to the problem of sharing sensitive information in public clouds. The cloud is employed as a secure storage as well as a key generation center. In our system, the data owner encrypts the sensitive data using the cloud generated users’ public keys based on its access control policies and uploads the encrypted data to the cloud. Upon successful authorization, the cloud partially decrypts the encrypted data for the users. The users subsequently fully decrypt the partially decrypted data using their private keys. The confidentiality of the content and the keys is preserved with respect to the cloud, because the cloud cannot fully decrypt the information. We also propose an extension to the above approach to improve the efficiency of encryption at the data owner. The study implements our mCL-PKE scheme and the overall cloud based system, and evaluates its security and performance. Our results show that our schemes are efficient and practical.
10 citations
References
More filters
01 Apr 1997
TL;DR: The objective of this paper is to give a comprehensive introduction to applied cryptography with an engineer or computer scientist in mind on the knowledge needed to create practical systems which supports integrity, confidentiality, or authenticity.
Abstract: The objective of this paper is to give a comprehensive introduction to applied cryptography with an engineer or computer scientist in mind. The emphasis is on the knowledge needed to create practical systems which supports integrity, confidentiality, or authenticity. Topics covered includes an introduction to the concepts in cryptography, attacks against cryptographic systems, key use and handling, random bit generation, encryption modes, and message authentication codes. Recommendations on algorithms and further reading is given in the end of the paper. This paper should make the reader able to build, understand and evaluate system descriptions and designs based on the cryptographic components described in the paper.
2,188 citations
"Efficient Key Management for Data S..." refers background or methods in this paper
...Decryption is defined as a process of reverting cipher text back to its actual form [1]....
[...]
...XTR security depends upon the complicated solving of discrete logarithm problems of a finite field [1]....
[...]
...10: Data modification by adversary [1]...
[...]
...One key is for enciphering and another key is for deciphering and also termed as asymmetrical key cryptography [1]....
[...]
...The computation uses the permuted block as an input to produce the pre output block and for a final interchange of block of 16 iterations in terms of the cipher function f operates on two blocks, one of 32 bits and another of 48 bits to produces a final block of 32 bits [1, 2]....
[...]
TL;DR: The security of HASBE is formally proved based on security of the ciphertext-policy attribute-based encryption (CP-ABE) scheme by Bethencourt and its performance and computational complexity are formally analyzed.
Abstract: Cloud computing has emerged as one of the most influential paradigms in the IT industry in recent years. Since this new computing technology requires users to entrust their valuable data to cloud providers, there have been increasing security and privacy concerns on outsourced data. Several schemes employing attribute-based encryption (ABE) have been proposed for access control of outsourced data in cloud computing; however, most of them suffer from inflexibility in implementing complex access control policies. In order to realize scalable, flexible, and fine-grained access control of outsourced data in cloud computing, in this paper, we propose hierarchical attribute-set-based encryption (HASBE) by extending ciphertext-policy attribute-set-based encryption (ASBE) with a hierarchical structure of users. The proposed scheme not only achieves scalability due to its hierarchical structure, but also inherits flexibility and fine-grained access control in supporting compound attributes of ASBE. In addition, HASBE employs multiple value assignments for access expiration time to deal with user revocation more efficiently than existing schemes. We formally prove the security of HASBE based on security of the ciphertext-policy attribute-based encryption (CP-ABE) scheme by Bethencourt and analyze its performance and computational complexity. We implement our scheme and show that it is both efficient and flexible in dealing with access control for outsourced data in cloud computing with comprehensive experiments.
497 citations
TL;DR: This work proposes a new Secure Outsourced ABE system, which supports both secure outsourced key-issuing and decryption and proposes an outsourced ABE construction which provides checkability of the outsourced computation results in an efficient way.
Abstract: Attribute-Based Encryption (ABE) is a promising cryptographic primitive which significantly enhances the versatility of access control mechanisms. Due to the high expressiveness of ABE policies, the computational complexities of ABE key-issuing and decryption are getting prohibitively high. Despite that the existing Outsourced ABE solutions are able to offload some intensive computing tasks to a third party, the verifiability of results returned from the third party has yet to be addressed. Aiming at tackling the challenge above, we propose a new Secure Outsourced ABE system, which supports both secure outsourced key-issuing and decryption. Our new method offloads all access policy and attribute related operations in the key-issuing process or decryption to a Key Generation Service Provider (KGSP) and a Decryption Service Provider (DSP), respectively, leaving only a constant number of simple operations for the attribute authority and eligible users to perform locally. In addition, for the first time, we propose an outsourced ABE construction which provides checkability of the outsourced computation results in an efficient way. Extensive security and performance analysis show that the proposed schemes are proven secure and practical.
403 citations
TL;DR: Li et al. as discussed by the authors presented a novel technique called slicing, which partitions the data both horizontally and vertically, and showed that slicing preserves better data utility than generalization and can be used for membership disclosure protection.
Abstract: Several anonymization techniques, such as generalization and bucketization, have been designed for privacy preserving microdata publishing. Recent work has shown that generalization loses considerable amount of information, especially for high-dimensional data. Bucketization, on the other hand, does not prevent membership disclosure and does not apply for data that do not have a clear separation between quasi-identifying attributes and sensitive attributes. In this paper, we present a novel technique called slicing, which partitions the data both horizontally and vertically. We show that slicing preserves better data utility than generalization and can be used for membership disclosure protection. Another important advantage of slicing is that it can handle high-dimensional data. We show how slicing can be used for attribute disclosure protection and develop an efficient algorithm for computing the sliced data that obey the l-diversity requirement. Our workload experiments confirm that slicing preserves better utility than generalization and is more effective than bucketization in workloads involving the sensitive attribute. Our experiments also demonstrate that slicing can be used to prevent membership disclosure.
320 citations
TL;DR: This article presents a highly regular and scalable AES hardware architecture, suited for full-custom as well as for semicustom design flows, that is scalable in terms of throughput and of the used key size.
Abstract: This article presents a highly regular and scalable AES hardware architecture, suited for full-custom as well as for semicustom design flows. Contrary to other publications, a complete architecture (even including CBC mode) that is scalable in terms of throughput and in terms of the used key size is described. Similarities of encryption and decryption are utilized to provide a high level of performance using only a relatively small area (10,799 gate equivalents for the standard configuration). This performance is reached by balancing the combinational paths of the design. No other published AES hardware architecture provides similar balancing or a comparable regularity. Implementations of the fastest configuration of the architecture provide a throughput of 241 Mbits/sec on a 0.6 /spl mu/m CMOS process using standard cells.
216 citations
"Efficient Key Management for Data S..." refers background or methods in this paper
...Similarly final permutation is performed on it and the resulting 64 bit block is the desired DES encrypted cipher text of the input plain text block [15]....
[...]
...They are shifted in different groups of key bits which are used in each sub key [15]....
[...]