Showing papers on "Proxy re-encryption published in 2020"

A Lightweight and Formally Secure Certificate Based Signcryption With Proxy Re-Encryption (CBSRE) for Internet of Things Enabled Smart Grid

Abstract: A smart grid is a new ecosystem, which is made by combining a number of smart Internet of Things (IoT) devices that manage wide energy sources by increasing the efficiency and reliability of the smart energy systems. As the IoT devices in the smart grid ecosystem generate a gigantic amount of data that needs to be stored and managed in the cloud server. On the other hand, the stored data in the cloud server can be accessible to a number of data users, therefore the data need authenticity and secrecy. Here, to fulfill the security requirements of such type of communication, signcryption with proxy re-encryption technique is the most suitable option where a semi-trusted third party can alter a ciphertext that has been encrypted for one user into another ciphertext without seeing the original content of the message. However, the existing signcryption with proxy re-encryption schemes for the smart grid environment is suffering from more bandwidth space and greater computational time requirements. Thus, in this paper, we propose a lightweight certificate-based signcryption with a proxy re-encryption (CBSRE) scheme for smart grid based-IoT devices with the intention of reducing the computational and communicational costs. For the security and efficiency of the proposed CBSRE scheme, we used a hyperelliptic curve cryptosystem that uses small parameters with a key size of 80-bits. Furthermore, the proposed scheme provides the security requirements of confidentiality (IND-CBSRE-CCA2-I and IND-CBSRE-CCA2-II), unforgeability (EUF-CBSRE-CMA-I and EUF-CBSRE-CMA-II) and forward secrecy. Additionally, we compared our proposed CBSRE scheme with the existing proxy signcryption with re-encryption schemes and the final results show that the new scheme provides strong security with the expanse of minimal computational and communications resources.

Hybrid Lightweight Proxy Re-Encryption Scheme for Secure Fog-to-Things Environment

Abstract: Fog computing is a promising paradigm that can mitigate the heavy burden on cloud-central processing of the vast amount of IoT data. Although fog computing has the advantages of low latency, storage, and computing resources that serve IoT applications and things, it hardly suffers from security and privacy challenges. Proxy re-encryption (PRE) is an effective cryptographic solution to ensure the security of fog-to-things communication. However, in PRE schemes, the problem of a processing delay caused by offloading significant computational load to the proxy for re-encryption, and the heavy computation operations of data owner encryption and user decryption due to asymmetric cryptographic use, are still unresolved in the literature. In this paper, we propose a hybrid proxy re-encryption scheme that combines lightweight symmetric and asymmetric encryption algorithms to establish secure communications in fog-to-things computing. In the proposed scheme, the computational cost incurred by fog nodes to carry out the re-encryption process is highly efficient. Meanwhile, the scheme can reduce the encryption and decryption overheads for end-users with resource-constrained devices. Security and performance analyses are conducted, and the results indicate that our scheme is secure, highly efficient, and lightweight.

Towards a secure incremental proxy re‐encryption for e‐healthcare data sharing in mobile cloud computing

Abstract: Cloud computing provides universal access to a pool of shared resources to numerous stakeholders/shareholders of the e‐healthcare industry. The speedy adoption of cloud computing has inevitably raised security concerns for the outsourced data. Since mobile devices are resource constrained, the security solutions must discharge the computing comprehensive operations on the cloud for implementation. Conventionally, any modification to uploaded record would compel the mobile client to encrypt and compute the hash value from scratch. Through this paper, we intend to propose a pairing‐free incremental proxy re‐encryption scheme, without certificates, which would run proportionate to the number of modifications in time, instead of the document length for improvement in the file modification tasks. The proposed scheme shows a significant improvement in the file modification system regarding the energy consumption and the turnaround timer taken. The proposed scheme has been verified through a formal method using Z3 solver.

You Can Access but You Cannot Leak: Defending Against Illegal Content Redistribution in Encrypted Cloud Media Center

Abstract: The wide adoption of cloud greatly facilitates the sharing of explosively generated media content today, yet deprives content providers’ direct control over the outsourced media content. Thus, it is pivotal to build an encrypted cloud media center where only authorized access is allowed. Enforcing access control alone, however, cannot fully protect content providers’ interests, as authorized users may later become traitors that illegally redistribute media content to the public. Such realistic threat should have been seriously treated yet is largely overlooked in the literature. In this paper, we initiate the first study on secure media sharing with fair traitor tracing in the encrypted cloud media center, through a new marriage of proxy re-encryption (for secure media sharing) and fair watermarking (for fair traitor tracing). Our key insight is to fully leverage the homomorphic properties residing in proxy re-encryption to embrace operations in fair watermarking. Two protocols are proposed for different application scenarios. We also provide complexity analysis for performance, showing that our work can also be treated as secure outsourcing of fair watermarking, and thus kills two birds with one stone. We thoroughly analyze the security strengths and conduct extensive experiments to validate the effectiveness of our design.

Improving secured ID-based authentication for cloud computing through novel hybrid fuzzy-based homomorphic proxy re-encryption

Abstract: Cloud computing environment (CCE) can empower an association to re-appropriate computing resources to increase monetary benefits For both developers and the cloud users (CUs), CCE is transparent Accordingly, it presents new difficulties when contrasted with precedent types of distributed computing The precision of assessment results in CCE security risk assessment to take care of the issue of the multifaceted nature of the system and the classified fuzzy cloud method (CFCM) applied to CCE chance ID stage that captures the CCE risk factors through a complete investigation of CCE security area Current CCE frameworks present a specific restriction on ensuring the client’s INFO privacy We offer a homomorphic proxy re-encryption (HPRE) in this paper that enables various CU to share INFO that they redistributed HPRE encrypted utilizing their PubKs with the plausibility by a close procedure such as INFO remotely The test of giving secrecy, uprightness, and access control (AC) of INFO facilitated on cloud stages is not provided for by conventional AC models CFCM models were created through the duration of numerous decades to satisfy the association’s necessities, which accepted full authority over the physical structure of the assets The hypothesis of the INFO proprietor, an INFO controller, and a supervisor is available in the equivalent trusted area Besides, CCESR features like the essential unit, fuzzy set (FS) hypothesis, and EW strategy utilized to precisely measure the likelihood of CCE security risks (SR) and the subsequent damages of CCESR estimation Eventually, the computation and authentication model specified, and the lack of CCE SECU threat evaluation examined

P2B: Privacy Preserving Identity-Based Broadcast Proxy Re-Encryption

Abstract: This paper proposes Privacy Preserving Identity-Based Broadcast Proxy Re-encryption (P2B) — a scheme to provide privacy preserving in identity-based broadcast proxy re-encryption. P2B uses Lagrange interpolation polynomial theorem to provide privacy to identities of the receiver group of broadcasted re-encrypted ciphertext. Proxy re-encryption is an efficient solution to securely share cloud data with receivers. For sharing data with a group of receivers, the sender needs to regenerate the re-encryption key for every receiver, which leads to an overhead on the sender side. To solve the issue, identity-based proxy re-encryption is extensible to identity-based broadcast proxy re-encryption. However, the later poses a privacy issue on the receiver side, as each receiver of the receiver group needs to know the other receiver's identity. We solve the problem using the Lagrange interpolation method. We prove that our scheme is secure against chosen plaintext attack using random oracle model and it successfully hides the identities of the receivers. Finally, we implement P2B and compare it with other existing systems. It is seen that P2B reduces the decryption time by $68\%$ than recent existing Broadcast proxy re-encryption schemes and $98\%$ than the existing privacy preserving schemes.

A Cloud-Assisted Proxy Re-Encryption Scheme for Efficient Data Sharing Across IoT Systems

Abstract: In recent years, the growth of IoT applications is rapid in nature and widespread across several domains. This tremendous growth of IoT applications leads to various security and privacy concerns. The existing security algorithms fail to provide improved security features across IoT devices due to its resource constrained nature (inability to handle a huge amount of data). In this context, the authors propose a cloud-assisted proxy re-encryption scheme for efficient data sharing across IoT systems. The proposed approach solves the root extraction problem using near-ring. This improves the security measures of the system. The security analysis of the proposed approach states that it provides improved security with lesser computational overheads.

Data sharing using proxy re-encryption based on DNA computing

Abstract: Cloud data sharing allows users to access data stored on the web object. Security and protecting cloud data sharing form different attacks is recently considered one of the most challenges. In this paper, we are proposing a framework for cloud data sharing protection against unauthorized access. The proposed framework is based on DNA-proxy re-encryption. Firstly, three keys are generated for the owner, proxy and the user who need to access the data. Then, the owner stores his data encrypted on the cloud using his key. If the user wants to access this data then he can access it via the proxy after re-encrypting using the second generated key for the proxy. Finally, the user can decrypt the re-encrypted data with the third generated key. The framework was implemented using various plaintext files and real DNA sequences. The experimental results show that the framework has an outstanding performance in terms of execution time.

A Multi-User Ciphertext Policy Attribute-Based Encryption Scheme with Keyword Search for Medical Cloud System

Abstract: Population aging is currently a tough problem of many countries. How to utilize modern technologies (including both information and medical technologies) to improve the service quality of health information is an important issue. Personal Health Record (PHR) could be regarded as a kind of health information records of individuals. A ciphertext policy attribute-based encryption (CP-ABE) is a cryptographic primitive for fine-grained access control of outsourced data in clouds. In order to enable patients to effectively store his medical records and PHR data in medical clouds, we propose an improved multi-user CP-ABE scheme with the functionality of keyword search which enables data users to seek for specific ciphertext in the cloud server by using a specific keyword. Additionally, we adopt an independent proxy server in the proposed system architecture to isolate the communication between clients and the cloud server, so as to prevent cloud servers from suffering direct attacks and also reduce the computational loading of cloud servers. Compared with the previous approach, the proposed encryption algorithm takes less running time and the ciphertext length is also relatively short. Moreover, the procedures of re-encryption and pre-decryption only require one exponentiation computation, respectively.

An Improved Proxy Re-Encryption Scheme for IoT-Based Data Outsourcing Services in Clouds

Abstract: IoT-based data outsourcing services in clouds could be regarded as a new trend in recent years, as they could reduce the hardware and software cost for enterprises and obtain higher flexibility. To securely transfer an encrypted message in the cloud, a so-called proxy re-encryption scheme is a better alternative. In such schemes, a ciphertext designated for a data aggregation is able to be re-encrypted as one designated for another by a semi-trusted proxy without decryption. In this paper, we introduce a secure proxy re-encryption protocol for IoT-based data outsourcing services in clouds. The proposed scheme is provably secure assuming the hardness of the bilinear inverse Diffie–Hellman problem (BIDHP). In particular, our scheme is bidirectional and supports the functionality of multi-hop, which allows an uploaded ciphertext to be transformed into a different one multiple times. The ciphertext length of our method is independent of the number of involved IoT nodes. Specifically, the re-encryption process only takes one exponentiation computation which is around 54 ms when sharing the data with 100 IoT devices. For each IoT node, the decryption process only requires two exponentiation computations. When compared with a related protocol presented by Kim and Lee, the proposed one also exhibits lower computational costs.

Proxy re-encryption for fine-grained access control: Its applicability, security under stronger notions and performance

Abstract: Proxy Re-encryption (PRE) offers an efficient solution for enforcing access control on outsourced data through delegation of decryption rights of a delegator to a delegatee. However, to meet practical security requirements of an access control model, the delegator must control these delegations such that a re-encryption key enables the delegation of decryption rights of only a subset of the delegator’s ciphertexts. In this paper, we focus on a category of PRE-based primitives, which we refer to as “PRE with controlled delegation”. In these primitives, instead of the re-encryption key alone, the re-encryption key and authorization of the delegatee for a data item collectively determine whether the ciphertext transformation results in a valid re-encrypted ciphertext under the delegatee’s public key. This paper provides an exhaustive functional, security and performance analysis of all the existing schemes for PRE with controlled delegation in a concrete fine-grained access control model. We show that the traditional PRE security notions are insufficient to address all the security aspects of the access control model. Motivated by our analysis, we formulate stronger security notions and state the desirable efficiency requirements for PRE schemes applicable in the concrete fine-grained access control model. We show the validity of the proposed security notions by formally proving the insecurity of a conventional PRE scheme and security of one of the PRE schemes with controlled delegation under the proposed stronger PRE security notions. We critically analyze all schemes for PRE with controlled delegation under the proposed stronger security notions and with respect to the efficiency requirements. We show that no scheme for PRE with controlled delegation simultaneously satisfies the efficiency and security requirements formulated in this paper. Finally, we present possible future research directions to obtain a PRE-based solution that is secure under the proposed stronger security notions and satisfies all desirable performance requirements in a fine-grained access control model.

Constant-size CCA-secure multi-hop unidirectional proxy re-encryption from indistinguishability obfuscation

Abstract: In this paper, we utilize the recent advances in indistinguishability obfuscation, overcome several obstacles and propose a multi-hop unidirectional proxy re-encryption scheme. The proposed scheme is proved to be CCA-secure in the standard model (i.e., without using the random oracle heuristic), and its ciphertext remains constant-size regardless of how many times it has been transformed.

Privacy-Preserving GWAS Computation on Outsourced Data Encrypted under Multiple Keys Through Hybrid System

Abstract: Genome-wide association studies (GWAS) necessitate genomic information of a large population of an individual to achieve reliable results. The human genome can expose sensitive information and is potentially re-identifiable, which raises privacy and security concerns, making individuals deter from contributing their genomic information for such studies. Therefore, there is a need for secure and efficient analysis in which the data owners can securely allocate both the computation and storage on the untrusted cloud. Previous solutions used either a single key setting or far from being practical. Also, efficiency is a big limitation for real life applications. In this paper, we propose a novel hybrid solution that uses the concept of multi-key homomorphic encryption to encrypt ciphertexts using different public keys. To decrypt all the ciphertexts by using a single secret key, we add the re-encryption property of proxy re-encryption to multi-key homomorphic encryption. Also, our framework uses the recently introduced hardware-based architecture (i.e software guard extensions) to securely perform GWAS on genomic data in a privacy-preserving manner and ensure high efficiency by speeding up the computation while preserving the privacy of the data owners. To the best of our knowledge, our scheme is the first multi-key homomorphism combined with intel SGX for analyzing genomic data.

Multi-use Deterministic Public Key Proxy Re-Encryption from Lattices in the Auxiliary-Input Setting

Abstract: Proxy Re-Encryption (PRE) is a cryptographic primitive that allows a proxy to turn an Alice’s ciphertext into a Bob’s ciphertext on the same plaintext. All of the PRE schemes are public key encrypt...

Non-transitive and collusion resistant quorum controlled proxy re-encryption scheme for resource constrained networks

Abstract: We focus on proposing a threshold proxy re-encryption scheme for networks with resource constrained devices. We show that the existing quorum controlled proxy re-encryption scheme by Jakobsson does not meet the basic definition of proxy re-encryption scheme. Also, we show that the existing scheme is transitive, not collusion safe, and is transferable. We propose a gradual and simultaneous, collusion-safe, non-transitive quorum controlled proxy re-encryption scheme for delegating the ciphertext encrypted for one user to another user. The proposed scheme can be used in resource constrained networks such as hierarchical wireless sensor networks. As the proposed scheme is gradual and simultaneous, each node in the network needs to carry out the minimal computations. The proposed scheme is proved to be correct and is IND-CPA secure.

Proxy re-encryption architect for storing and sharing of cloud contents

Abstract: Internet-based online cloud services provide enormous volumes of storage space, tailor-made computing resources and eradicate the obligation of native machines for data maintenance as well. Cloud s...

Identity-Based Unidirectional Proxy Re-encryption in Standard Model: A Lattice-Based Construction

Abstract: Proxy re-encryption (PRE) securely enables the re-encryption of ciphertexts from one key to another, without relying on trusted parties, i.e., it offers delegation of decryption rights. PRE allows a semi-trusted third party termed as a “proxy” to securely divert encrypted files of user A (delegator) to user B (delegatee) without revealing any information about the underlying files to the proxy. To eliminate the necessity of having a costly certificate verification process, Green and Ateniese introduced an identity-based PRE (IB-PRE). The potential applicability of IB-PRE leads to intensive research from its first instantiation. Unfortunately, till today, there is no unidirectional IB-PRE secure in the standard model, which can withstand quantum attack. In this paper, we provide, for the first time, a concrete construction of unidirectional IB-PRE which is secure in standard model based on the hardness of learning with error problem. Our technique is to use the novel trapdoor delegation technique of Micciancio and Peikert. The way we use trapdoor delegation technique may prove useful for functionalities other than proxy re-encryption as well.

Group Delegated ID-Based Proxy Re-encryption for PHR

Abstract: In general, ID-based proxy re-encryption has the form of transferring data in a 1:1 manner between a data owner and data requestor Therefore, only the data owner has the authority to decrypt or re-encrypt data encrypted with their public key However, in an environment with data self-sovereignty, such as a personal health record, data are managed directly In such circumstances, if the owner of the data becomes unconscious or unable to control the data, there is no way to obtain the data

Improved collusion-resistant unidirectional proxy re-encryption scheme from lattice

Abstract: Proxy re-encryption (PRE) is a promising cryptographic structure for pervasive data sharing in cloud-based social networks, which enables a semi-trusted proxy to convert a ciphertext for Alice into a ciphertext for Bob without seeing the corresponding plaintext. Since the proxy is semi-trust, a PRE scheme which can resist the collusion attack will be of great practical value. Jiang et al. in 2015 and Kim and Jeong in 2016 have proposed collusion-resistant PRE (CR-PRE) schemes from the lattice by a similar technique, respectively. However, through the analysis of their schemes, the authors find that both of them have defects in the construction of the re-encryption key, which will lead to the re-encryption ciphertext cannot be decrypted or decrypted error with high probability. In this study, the authors first point out the defects in the work of Jiang et al. 's work and Kim and Jeong's work and propose an improved collusion-resistant unidirectional PRE scheme from lattice, based on learning with errors problems. In addition to solving the defects, CR-PRE still has many useful properties similar to the previous schemes, such as unidirectional, collusion resistant, chosen-plaintext attack secure and so on.

Proxy Re-Encryption Scheme For Complicated Access Control Factors Description in Hybrid Cloud

Abstract: Hybrid cloud has both the strong computing power of public cloud and easy control of private cloud. It provides users with robust services and convenience, meanwhile faces numerous security challenges. How to implement the effective access control is one of them, the purpose of which is deploying policy in private cloud to protect the ciphertext in public cloud. Furthermore, it becomes more and more difficult to describe the access control policy, which is suitable for multi-factor and dynamic updating. Considering the issues above, we propose a proxy re-encryption (PRE) scheme for complicated access control factors description in hybrid cloud. Firstly, we build the system model combining PRE with access control in hybrid cloud. Secondly, we design the algorithm for our scheme including the key construction with multi-factor and its weight, which achieve the target of dynamic updating. Finally, we analyze the security of this scheme by the mathematical method and performance by theory, experiment and comparisons with some other works. Our scheme has made the deployment of access control in hybrid cloud more reliable and scalable.

Accelerating Lattice Based Proxy Re-encryption Schemes on GPUs

Abstract: Proxy Re-Encryption (PRE) is an indispensable tool in many public-key cryptographic schemes that enables users to delegate decryption rights to other users via a proxy. In this work, we present a high performance implementation of PRE schemes on NVIDIA GPUs. We target two lattice based PRE schemes, BV-PRE and Ring-GSW PRE defined over polynomial rings. We design a parallel Number Theoretic Transform (NTT) procedure capable of working on arbitrary precision moduli (in CRT form) and demonstrate several low level and GPU optimizations techniques to accelerate the PRE schemes.

Privacy-Preserving and Efficient Sharing of Drone Videos in Public Safety Scenarios using Proxy Re-encryption

Abstract: Unmanned Aerial Vehicles (UAVs) also known as drones are being used in many applications where they can record or stream videos. One interesting application is the Intelligent Transportation Systems (ITS) and public safety applications where drones record videos and send them to a control center for further analysis. These videos are shared by various clients such as law enforcement or emergency personnel. In such cases, the recording might include faces of civilians or other sensitive information that might pose privacy concerns. While the video can be encrypted and stored in the cloud that way, it can still be accessed once the keys are exposed to third parties which is completely insecure. To prevent such insecurity, in this paper, we propose proxy re-encryption based sharing scheme to enable third parties to access only limited videos without having the original encryption key. The costly pairing operations in proxy re-encryption are not used to allow rapid access and delivery of the surveillance videos to third parties. The key management is handled by a trusted control center, which acts as the proxy to re-encrypt the data. We implemented and tested the approach in a realistic simulation environment using different resolutions under ns-3. The implementation results and comparisons indicate that there is an acceptable overhead while it can still preserve the privacy of drivers and passengers.

Decentranet - An Ethereum, Proxy Re-Encryption and IPFS Based Decentralized Internet

Abstract: The global daily data generation is estimated to be more than 2.5 quintillion bytes, and more than 90 percent of the total data produced is generated in the last two years. Most of this data is being generated and controlled by very few centralized agencies in the Web 2.0 internet architecture. This causes issues, including data manipulation, lack of privacy, and data leaks historically and is not just limited to the fields mentioned. This paper proposes a Web 3.0 based architecture which eliminates the centralized agencies and to promote a fully decentralized, secure, and transparent internet. It leverages IPFS, a peer to peer distributed hypermedia transfer protocol. Ethereum and smart contracts create a secure decentralized mechanism for initiating data-based payments. Furthermore, the proposed architecture uses zero-knowledge proofs and proxy re-encryption mechanisms to enhance the privacy of the nodes in the network.