Showing papers on "Proxy re-encryption published in 2018"

IoT device security based on proxy re-encryption

Abstract: It appears that interest in the Internet of things (IoT) has recently reached its peak, with a great deal of focus from both the private and public sectors. IoT, a technology that enables the exchange of data through linkage among all objects surrounding the user, can create new services. Data communication among objects is not limited to personal information, but can also deliver different data types, such as sensing information collected from the surrounding environment. When such data is collected and used maliciously by an attacker, it is more vulnerable to threats than in conventional network environments. Security of all data transmitted in the IoT environment is therefore essential for preventing attacks. However, it is difficult to apply the conventional cipher algorithm to lightweight devices. Therefore, we propose a method for sharing and managing data using the conventional cipher algorithm on lightweight devices in various circumstances. This method implements proxy re-encryption in order to manage data with fewer encryptions, and provides a data sharing function to supplement the insufficient capacity of lightweight device networks.

Fine-Grained Two-Factor Protection Mechanism for Data Sharing in Cloud Storage

Abstract: Data sharing in cloud storage is receiving substantial attention in information communications technology because it can provide users with efficient and effective storage services. To protect the confidentiality of the shared sensitive data, cryptographic techniques are usually applied. However, the data protection is still posing significant challenges in cloud storage for data sharing. Among them, how to protect and revoke the cryptographic key is the fundamental challenge. To tackle this, we propose a new data protection mechanism for cloud storage, which holds the following properties. First, the cryptographic key is protected by the two factors. Only if one of the two factors works, the secrecy of the cryptographic key is held. Second, the cryptographic key can be revoked efficiently by integrating the proxy re-encryption and key separation techniques. Finally, the data is protected in a fine-grained way by adopting the attribute-based encryption technique. Furthermore, the security analysis and performance evaluation show that our proposal is secure and efficient, respectively.

A CCA-secure key-policy attribute-based proxy re-encryption in the adaptive corruption model for dropbox data sharing system

Abstract: The notion of attribute-based proxy re-encryption extends the traditional proxy re-encryption to the attribute-based setting. In an attribute-based proxy re-encryption scheme, the proxy can convert a ciphertext under one access policy to another ciphertext under a new access policy without revealing the underlying plaintext. Attribute-based proxy re-encryption has been widely used in many applications, such as personal health record and cloud data sharing systems. In this work, we propose the notion of key-policy attribute-based proxy re-encryption, which supports any monotonic access structures on users’ keys. Furthermore, our scheme is proved against chosen-ciphertext attack secure in the adaptive model.

Revisiting Proxy Re-encryption: Forward Secrecy, Improved Security, and Applications

Abstract: We revisit the notion of proxy re-encryption (\(\mathsf {PRE}\)), an enhanced public-key encryption primitive envisioned by Blaze et al. (Eurocrypt’98) and formalized by Ateniese et al. (NDSS’05) for delegating decryption rights from a delegator to a delegatee using a semi-trusted proxy. \(\mathsf {PRE}\) notably allows to craft re-encryption keys in order to equip the proxy with the power of transforming ciphertexts under a delegator’s public key to ciphertexts under a delegatee’s public key, while not learning anything about the underlying plaintexts.

A proxy broadcast re-encryption for cloud data sharing

Abstract: Proxy re-encryption (PRE) enables a semi-trusted proxy to automatically convert a delegator’s ciphertext to a delegate’s ciphertext without learning anything about the underlying plaintext. PRE schemes have broad applications, such as cloud data sharing systems, distributed file systems, email forward systems and DRM systems. In this paper, we introduced a new notion of proxy broadcast re-encryption (PBRE). In a PBRE scheme, a delegator, Alice, can delegate the decryption right to a set of users at a time, which means that Alice’s ciphertext can be broadcast re-encrypted. We propose a PBRE scheme and prove its security against a chosen-ciphertext attack (CCA) in the random oracle model under the decisional n-BDHE assumption. Furthermore, our scheme is collusion-resistant, which means the proxy cannot collude with a set of delegates to reveal the delegator’s private key.

A New Kind of Conditional Proxy Re-Encryption for Secure Cloud Storage

Abstract: Secure cloud storage has important applications in our big data-driven society, and to achieve secure cloud storage, we need to enforce strong access control mechanism. Proxy re-encryption (PRE) has been shown to be an effective tool of constructing cryptographically enforced access control schemes. In a traditional PRE scheme, a semi-trusted proxy can convert all ciphertexts for a delegator to ciphertexts for a delegatee once the proxy obtains the relevant re-encryption key from the delegator. In many practical applications, however, a fine-grained delegation of decryption abilities may be demanded, and thus, the notion of conditional PRE (C-PRE) is introduced, which allows only the ciphertexts satisfying a concrete condition to be converted by the proxy. In this paper, we introduce a special kind of C-PRE, sender-specified PRE (SS-PRE), which enables the delegator to delegate the decryption right of the ciphertexts from a specified sender to his/her delegatee. We give a formal definition of SS-PRE and its security model. We also provide the concrete constructions of an IND-CPA secure SS-PRE scheme and an IND-CCA secure SS-PRE scheme with the properties of unidirectionality and single-use and prove the security of both schemes in the standard model. The detailed analysis shows that our new IND-CCA secure SS-PRE scheme achieves a higher efficiency in computation cost and ciphertext size than the conventional C-PRE schemes.

Credible gene detection and data sharing method based on blockchain and proxy re-encryption technologies

Abstract: The invention discloses a credible gene detection and data sharing method based on blockchain and proxy re-encryption technologies. The method is applied to an application system. The application system is based on an application management layer, a blockchain layer and a distributed data storage layer which are connected in sequence. According to the method, a credibility management scheme for adetection mechanism and hospital based on the blockchain technology is established, so the problem that a third party mechanism provides a detection result at will is solved. Moreover, on the basis ofa public key encryption scheme, privacy data of an individual user is protected, so the individual has complete control power and ownership over own gene data. A revocable proxy re-encryption schemeis realized in a blockchain smart contract, so a scientific research institution is guaranteed to obtain genome data after obtaining authorization of the individual user.

PRE+: dual of proxy re-encryption for secure cloud data sharing service

Abstract: In this paper, aiming at providing secure cloud data sharing services in cloud storage, we propose a scalable and controllable cloud data sharing framework for cloud users: Scanf. Towards proposing this framework, we introduce a new cryptographic primitive: PRE+, which can be seen as the dual of traditional proxy re-encryption (PRE) primitive. All the traditional PRE schemes until now require the delegator (or the delegator and the delegatee cooperatively) to generate the re-encryption keys. We observe that the encrypter also has the ability to generate re-encryption keys. Based on this observation, we construct a new PRE+ scheme, which is almost the same as the traditional PRE except the re-encryption keys generated by the encrypter. Compared with PRE, PRE+ can easily achieve the non-transferable property and message-level-based fine-grained delegation. Our Scanf framework based on PRE+ can also achieve these two properties, which is very important for cloud storage sharing service.

Secure sharing of mobile personal healthcare records using certificateless proxy re‐encryption in cloud

Abstract: The ubiquitous and timely access to personal health records help physicians to take critical decisions and save lives. Cloud computing has a potential to provide ubiquitous and on‐demand i...

Sharing your privileges securely: a key-insulated attribute based proxy re-encryption scheme for IoT

Abstract: Attribute based proxy re-encryption (ABPRE) combines the merits of proxy re-encryption and attribute based encryption, which allows a delegator to re-encrypt the ciphertext according to the delegatees’ attributes. The theoretical foundations of ABPRE has been well studied, yet to date there are still issues in schemes of ABPRE, among which time-bounded security and key exposure protection for the re-encryption keys are the most concerning ones. Within the current ABPRE framework, the re-encryption keys are generated independently of the system time segments and the forward security protection is not guaranteed when the users’ access privileges are altered. In this paper, we present a key-insulated ABPRE scheme for IoT scenario. We realize secure and fine-grained data sharing by utilizing attribute based encryption over the encrypted data, as well as adopting key-insulation mechanism to provide forward security for re-encryption keys and private keys of users. In particular, the lifetime of the system is divided into several time slices, and when system enters into a new slice, the user’s private keys need are required to be refreshed. Therefore, the users’ access privileges in our system are time-bounded, and both re-encryption keys and private keys can be protected, which will enhance the security level during data re-encryption, especially in situations when key exposure or privilege alternation happens. Our scheme is proved to be secure under MDBDH hardness assumptions as well as against collusion attack. In addition, the public parameters do not have to be changed during the evolution of users’ private keys, which will require less computation resources brought by parameter synchronization in IoT.

Improved functional proxy re-encryption schemes for secure cloud data sharing

Abstract: Recently Liang et al. propose an interesting privacy-preserving ciphertext multi-sharing control for big data storage mechanism, which is based on the cryptographic primitive of anonymous multi-hop identity based conditional proxy re-encryption scheme AMH-IBCPRE. They propose a concrete AMH-IBCPRE scheme and conclude their scheme can achieve IND-sCon-sID-CCA secure (indistinguishable secure under selectively conditional selectively identity chosen ciphertext attack). However, our research show their scheme can not be IND-sConsID- CCA secure for single-hop and multi-hop data sharing. Also in 2014, Liang et al. propose an interesting deterministic finite automata-based functional proxy reencryption scheme DFA-based FPRE for secure public cloud data sharing, they also conclude their scheme can achieve IND-CCA secure (indistinguishable secure under chosen ciphertext attack), we also show their scheme can not be IND-CCA secure either. For these two proposals, the main reason of insecurity is that part of the re-encryption key has the same structure as the valid ciphertext, thus the adversary can query on the decryption oracle with this part of the re-encryption key to get secret keys, which will break the CCA-security of their scheme.We give an improved AMH-IBCPRE scheme and an improved DFA-based FPRE scheme for cloud data sharing and show the new schemes can resist our attack and be CCA-secure.We also demonstrate our improved AMH-IBCPRE scheme’s efficiency compared with other related identity based proxy re-encryption schemes, the results show our scheme is almost the most efficient one.

A Secure Erasure Cloud Storage System Using Advanced Encryption Standard Algorithm and Proxy Re-Encryption

Abstract: Cloud computing is a model that treats the resources on the internet as an integrated entity, cloud. Organizations proposing computing services are termed cloud providers and normally charge for their services based on the consumption. Cloud storage is an improved way out to those who wish to pay consideration to the security issues of their data. Cloud storage provides enhanced security from the occurrence of viruses. It is difficult for the information to be retrieved by any unauthenticated user since the data is encrypted when it is stored in the server. The entire server is very much secured with innovative encryption system. The central focus of this paper is creating a protected storage system that provisions multiple tasks and this is thought-provoking when the storage system is dispersed and has no central power. Here, a proxy re-encryption scheme is suggested and combined with a distributed erasure code such that a secure and strong data storage and retrieval, but also lets a user to share his information on the cloud with a different user in the encrypted format itself. This paper facilitates the use of encoding the encrypted files and sharing files in the encrypted format itself. This paper uses the techniques of both encrypting and sharing the data. Erasure encoding supports sharing encrypted files and is valid in decentralized distributed system. A distributed erasure code is used to authorize the data safety in the dispersed cloud storage.

Attribute-based proxy re-encryption method for revocation in cloud storage: Reduction of communication cost at re-encryption

Abstract: In recent years, many users have uploaded data to the cloud for easy storage and sharing with other users. At the same time, security and privacy concerns for the data are growing. Attribute-based encryption (ABE) enables both data security and access control by defining users with attributes so that only those users who have matching attributes can decrypt them. For real-world applications of ABE, revocation of users or their attributes is necessary so that revoked users can no longer decrypt the data. In actual implementations, ABE is used in hybrid with a symmetric encryption scheme such as the advanced encryption standard (AES) where data is encrypted with AES and the AES key is encrypted with ABE. The hybrid encryption scheme requires re-encryption of the data upon revocation to ensure that the revoked users can no longer decrypt that data. To re-encrypt the data, the data owner (DO) must download the data from the cloud, then decrypt, encrypt, and upload the data back to the cloud, resulting in both huge communication costs and computational burden on the DO depending on the size of the data to be re-encrypted. In this paper, we propose an attribute-based proxy re-encryption method in which data can be re-encrypted in the cloud without downloading any data by adopting both ABE and Syalim's encryption scheme. Our proposed scheme reduces the communication cost between the DO and cloud storage. Experimental results show that the proposed method reduces the communication cost by as much as one quarter compared to that of the trivial solution.

Supporting Privacy in a Cloud-Based Health Information System by Means of Fuzzy Conditional Identity-Based Proxy Re-encryption (FCI-PRE)

Abstract: Healthcare is traditionally a data-intensive domain, where physicians needs complete and updated anamnesis of their patients to take the best medical decisions Dematerialization of the medical documents and the consequent health information systems to share electronic health records among healthcare providers are paving the way to an effective solution to this issue However, they are also paving the way of non-negligible privacy issues that are limiting the full application of these technologies Encryption is a valuable means to resolve such issues, however the current schemes are not able to cope with all the needs and challenges that the cloud-based sharing of electronic health records imposes In this work we have investigated the use of a novel scheme where encryption is combined with biometric authentication, and defines a preliminary solution

A Fine-Grained Attribute Based Data Retrieval with Proxy Re-Encryption Scheme for Data Outsourcing Systems

Abstract: Attribute based encryption is suitable for data protection in data outsourcing systems such as cloud computing. However, the leveraging of encryption technique may retrain some routine operations over the encrypted data, particularly in the field of data retrieval. This paper presents an attribute based date retrieval with proxy re-encryption (ABDR-PRE) to provide both fine-grained access control and retrieval over the ciphertexts. The proposed scheme achieves fine-grained data access management by adopting KP-ABE mechanism, a delegator can generate the re-encryption key and search indexes for the ciphertexts to be shared over the target delegatee’s attributes. Throughout the process of data sharing, the data are transferred as ciphers thus the server and unauthorized users cannot acquire the sensitive information of the encrypted data so the privacy and confidentiality can be protected. By security analysis, the proposed scheme meets the security requirements confidentiality, keyword semantic security as well as collusion attack resistance.

Efficient Key-Aggregate Proxy Re-Encryption for Secure Data Sharing in Clouds

Abstract: Cloud computing undoubtedly is the most unparalleled technique in rapidly developing industries. Protecting sensitive files stored in the clouds from being accessed by malicious attackers is essential to the success of the clouds. In proxy re-encryption schemes, users delegate their encrypted files to other users by using re-encryption keys, which elegantly transfers the users' burden to the cloud servers. Moreover, one can adopt conditional proxy re-encryption schemes to employ their access control policy on the files to be shared. However, we recognize that the size of re-encryption keys will grow linearly with the number of the condition values, which may be impractical in low computational devices. In this paper, we combine a key-aggregate approach and a proxy re-encryption scheme into a key-aggregate proxy re-encryption scheme. It is worth mentioning that the proposed scheme is the first key-aggregate proxy re-encryption scheme. As a side note, the size of re-encryption keys is constant.

A Proxy Re-encryption with Keyword Search Scheme in Cloud Computing

Abstract: With the widespread use of cloud computing technology, more and more users and enterprises decide to store their data in a cloud server by outsourcing. However, these huge amounts of data may contain personal privacy, business secrets and other sensitive information of the users and enterprises. Thus, at present, how to protect, retrieve, and legally use the sensitive information while preventing illegal accesses are security challenges of data storage in the cloud environment. A new proxy re-encryption with keyword search scheme is proposed in this paper in order to solve the problem of the low retrieval efficiency of the encrypted data in the cloud server. In this scheme, the user data are divided into files, file indexes and the keyword corresponding to the files, which are respectively encrypted to store. The improved scheme does not need to re-encrypt partial file cipher-text as in traditional schemes, but re-encrypt the cipher-text of keywords corresponding to the files. Therefore the scheme can improve the computational efficiency as well as resist chosen keyword attack. And the scheme is proven to be indistinguishable under Hash Diffie-Hellman assumption. Furthermore, the scheme does not need to use any secure channels, making it more effective in the cloud environment.

Multi-key Homomorphic Proxy Re-Encryption

Abstract: In this paper, we propose a new notion of multi-key homomorphic proxy re-encryption (MH-PRE) in which inputs of homomorphic evaluation are encrypted by different public keys and the evaluated ciphertext is decrypted by a single secret key. We obtain it by adding the re-encryption property of proxy re-encryption to multi-key homomorphic encryption (MHE). MHE, firstly proposed by Lopez-Alt, Tromer and Vaikuntanathan (STOC 2012), can perform homomorphic evaluations on ciphertexts from different keys, but decrypting the output ciphertext of the homomorphic evaluation requires all the secret keys associated to the input ciphertexts. In order to decrypt the output ciphertext with a single secret key, we introduce the notion of the re-encryption to MHE. In particular, we construct an MH-PRE scheme by applying the key switching technique to the MHE scheme of Peikert and Shiehian (TCC 2016).

Identity-Based Multi-bit Proxy Re-encryption Over Lattice in the Standard Model

Abstract: Proxy re-encryption (PRE) allows a semi-trusted proxy to turn Alice’s ciphertexts into Bob’s ciphertexts, however, the proxy cannot get the corresponding plaintexts. Because of the special property, PRE achieves good reliability and secrecy. Nevertheless, most of the proposed proxy re-encryption schemes are based on the number theoretic problem and their security are proved in the random oracle. Therefore, this paper constructs an efficient and novel identity-based multi-bit PRE scheme based on the learning with errors (LWE) assumption and can resist to quantum attack. What’s more, it is proved to be CPA secure in the standard model and has the properties of multi-use and bidirectional.

Anonymous Attribute-Based Conditional Proxy Re-encryption

Abstract: Attribute-based conditional proxy re-encryption (AB-CPRE) enables ciphertext owners to carry out fine-grained decryption delegation control. In AB-CPRE schemes, we observe that the attributes associated with ciphertexts are explicitly stored along with the ciphertexts. This property is not appropriate for certain applications where attributes contain sensitive information.

Threshold Proxy Re-encryption and Its Application in Blockchain

Abstract: Since the proxy re-encryption has the limitation of distributed applications and the security risk of collusion attacks in semi-trusted distributed environments (e.g. cloud computing), the novel definition of threshold proxy re-encryption is proposed based on secret sharing and proxy re-encryption. According to the definition, the threshold proxy re-encryption scheme can be flexibly created with the standard cryptographic prototype. An efficient, secure, and implementable unidirectional threshold proxy re-encryption scheme is constructed by the combination of Shamir’s secret sharing, and is proved secure by using the intractability of discrete logarithms. This paper presents a consortium blockchain access permission scheme, which is built on the threshold proxy re-encryption scheme. When a new node joins a consortium blockchain, an access permission is achieved by the agreement on other existing nodes, instead of a centralized CA.

Secure Data Sharing in Cloud Usingan Efficient Inner-Product ProxyRe-Encryption Scheme

Abstract: With the ever-growing production of data coming from multiple, scattered, highly dynamical sources (like those found in IoT scenarios), many providers are motivated to upload their data to the cloud servers and share them with other persons with different purposes. However, storing data on cloud imposes serious concerns in terms of data confidentiality and access control. These concerns get more attention when data is required to be shared among multiple users with different access policies. In order to update access policy without making re-encryption, we propose an efficient inner-product proxy re-encryption scheme that provides a proxy server with a transformation key with which a delegator’s ciphertext associated with an attribute vector can be transformed to a new ciphertext associated with delegatee’s attribute vector set. Our proposed policy updating scheme enables the delegatee to decrypt the shared data with its own key without requesting a new decryption key. We experimentally analyze the efficiency of our scheme and show that our scheme is adaptive attribute-secure against chosen-plaintext under standard Decisional Linear (D-Linear) assumption.

Attribute-based ciphertext searching system and method in support of proxy re-encryption

Abstract: The invention discloses an attribute-based ciphertext searching system and method in support of proxy re-encryption. According to the method, two functions that a user securely carries out searching and effectively shares searching authority in a cloud environment are realized at the same time. According to the method, through adoption of an LSSS linear secret sharing scheme, an attribute of an access user can be described in fine granularity, and the relatively high computing efficiency is achieved. In a threshold generation phase, a blind technology is carried out on a user key through utilization of a random value, and then the user key is submitted to a cloud server, so the confidentiality and security of the user key are ensured. A searching authority entrusting problem when an authorization user is offline in practical application is taken into consideration. A proxy re-encryption technology is imported, and the cloud server converts a ciphertext, so the encryption/decryption pressure of a data owner is migrated, and the system efficiency is greatly improved.

Blockchain based Proxy Re-Encryption Scheme for Secure IoT Data Sharing

Abstract: Data is central to the Internet of Things (IoT) ecosystem. Most of the current IoT systems are using centralized cloud-based data sharing systems, which will be difficult to scale up to meet the demands of future IoT systems. Involvement of such third-party service provider requires also trust from both sensor owner and sensor data user. Moreover, the fees need to be paid for their services. To tackle both the scalability and trust issues and to automatize the payments, this paper presents a blockchain based proxy re-encryption scheme. The system stores the IoT data in a distributed cloud after encryption. To share the collected IoT data, the system establishes runtime dynamic smart contracts between the sensor and data user without the involvement of a trusted third party. It also uses a very efficient proxy re-encryption scheme which allows that the data is only visible by the owner and the person present in the smart contract. This novel combination of smart contracts with proxy re-encryption provides an efficient, fast and secure platform for storing, trading and managing of sensor data. The proposed system is implemented in an Ethereum based testbed to analyze the performance and the security properties.

A CCA-Secure Collusion-Resistant Identity-Based Proxy Re-Encryption Scheme

Abstract: Cloud storage enables its users to store confidential information as encrypted files in the cloud. A cloud user (say Alice) can share her encrypted files with another user (say Bob) by availing proxy re-encryption services of the cloud. Proxy Re-Encryption (PRE) is a cryptographic primitive that allows transformation of ciphertexts from Alice to Bob via a semi-trusted proxy, who should not learn anything about the shared message. Typically, the re-encryption rights are enabled only for a bounded, fixed time and malicious parties may want to decrypt or learn messages encrypted for Alice, even beyond that time. The basic security notion of PRE assumes the proxy (cloud) is semi-trusted, which is seemingly insufficient in practical applications. The proxy may want to collude with Bob to obtain the private keys of Alice for later use. Such an attack is called collusion attack, allowing colluders to illegally access all encrypted information of Alice in the cloud. Hence, achieving collusion resistance is indispensable to real-world scenarios. Realizing collusion-resistant PRE has been an interesting problem in the ID-based setting. To this end, several attempts have been made to construct a collusion-resistant IB-PRE scheme and we discuss their properties and weaknesses in this paper. We also present a new collusion-resistant IB-PRE scheme that meets the adaptive CCA security under the decisional bilinear Diffie-Hellman hardness assumption in the random oracle model.