Showing papers on "Proxy re-encryption published in 2021"

Revocable Identity-Based Broadcast Proxy Re-Encryption for Data Sharing in Clouds

Abstract: Cloud computing has become prevalent due to its nature of massive storage and vast computing capabilities. Ensuring a secure data sharing is critical to cloud applications. Recently, a number of identity-based broadcast proxy re-encryption (IB-BPRE) schemes have been proposed to resolve the problem. However, the IB-BPRE requires a cloud user (Alice) who wants to share data with a bunch of other users (e.g., colleagues) to participate the group shared key renewal process because Alice's private key is a prerequisite for shared key generation. This, however, does not leverage the benefit of cloud computing and causes the inconvenience for cloud users. Therefore, a novel security notion named revocable identity-based broadcast proxy re-encryption (RIB-BPRE) is presented to address the issue of key revocation in this work. In a RIB-BPRE scheme, a proxy can revoke a set of delegates, designated by the delegator, from the re-encryption key. The performance evaluation reveals that the proposed scheme is efficient and practical.

A Verifiable and Fair Attribute-based Proxy Re-encryption Scheme for Data Sharing in Clouds

Abstract: To manage outsourced encrypted data sharing in clouds, attribute-based proxy re-encryption (ABPRE) has become an elegant primitive. In ABPRE, a cloud server can transform an original recipient's ciphertext to a new one of a shared user's. As the transformation is computation consuming, a malicious cloud server may return an incorrect re-encrypted ciphertext to save its computation resources. Moreover, a shared user may accuse the cloud server of returning an incorrect re-encrypted ciphertext to refuse to pay the cost of using the cloud service. However, existing ABPRE schemes do not support a mechanism to achieve verifiability and fairness. In this paper, a novel verifiable and fair attribute-based proxy re-encryption (VF-ABPRE) scheme is introduced to support verifiability and fairness. The verifiability enables a shared user to verify whether the re-encrypted ciphertext returned by the server is correct and the fairness ensures a cloud server escape from malicious accusation if it has indeed conducted the re-encryption operation honestly. Additionally, we conduct a performance experiment to show the efficiency and practicality of the new VF-ABPRE scheme.

Proxy-Free Privacy-Preserving Task Matching with Efficient Revocation in Crowdsourcing

Abstract: Task matching in crowdsourcing has been extensively explored with the increasing popularity of crowdsourcing. However, privacy of tasks and workers is usually ignored in most of exiting solutions. In this paper, we study the problem of privacy-preserving task matching for crowdsourcing with multiple requesters and multiple workers. Instead of utilizing proxy re-encryption, we propose a proxy-free task matching scheme for multi-requester/multi-worker crowdsourcing, which achieves task-worker matching over encrypted data with scalability and non-interaction. We further design two different mechanisms for worker revocation including Server-Local Revocation (SLR) and Global Revocation (GR), which realize efficient worker revocation with minimal overhead on the whole system. The proposed scheme is provably secure in the random oracle model under the Decisional $q$ q -Combined Bilinear Diffie-Hellman ( $q$ q -DCDBH) assumption. Comprehensive theoretical analysis and detailed simulation results show that the proposed scheme outperforms the state-of-the-art work.

A Proxy Re-Encryption Approach to Secure Data Sharing in the Internet of Things Based on Blockchain

Abstract: The evolution of the Internet of Things has seen data sharing as one of its most useful applications in cloud computing. As eye-catching as this technology has been, data security remains one of the obstacles it faces since the wrongful use of data leads to several damages. In this article, we propose a proxy re-encryption approach to secure data sharing in cloud environments. Data owners can outsource their encrypted data to the cloud using identity-based encryption, while proxy re-encryption construction will grant legitimate users access to the data. With the Internet of Things devices being resource-constrained, an edge device acts as a proxy server to handle intensive computations. Also, we make use of the features of information-centric networking to deliver cached content in the proxy effectively, thus improving the quality of service and making good use of the network bandwidth. Further, our system model is based on blockchain, a disruptive technology that enables decentralization in data sharing. It mitigates the bottlenecks in centralized systems and achieves fine-grained access control to data. The security analysis and evaluation of our scheme show the promise of our approach in ensuring data confidentiality, integrity, and security.

Accountable Proxy Re-Encryption for Secure Data Sharing

Abstract: Proxy re-encryption (PRE) provides a promising solution for encrypted data sharing in public cloud. When data owner Alice is going to share her encrypted data with data consumer Bob, Alice generates a re-encryption key and sends it to the cloud server (proxy); by using it, the proxy can transform Alice's ciphertexts into Bob's without learning anything about the underlying plaintexts. Despite that existing PRE schemes can prevent the proxy from recovering Alice's secret key by collusion attacks with Bob, due to the inherent functionality of PRE, it is inevitable that the proxy and Bob together are capable to gain and distribute Alices decryption capabilities. Even worse, the malicious proxy can deny that it has leaked the decryption capabilities and has very little risk of getting caught. To tackle this problem, we introduce the concept of Accountable Proxy Re-Encryption (APRE), whereby if the proxy is accused to abuse the re-encryption key for distributing Alice's decryption capability, a judge algorithm can decide whether it is innocent or not. We then present a non-interactive APRE scheme and prove its CPA security and accountability under DBDH assumption in the standard model. Finally, we show how to extend it to a CCA secure one.

A Blockchain-Based Proxy Re-Encryption With Equality Test for Vehicular Communication Systems

Abstract: Vehicular communication systems (VCS) are likely to play an increasingly important role in future smart city design, for example by improving road safety and traffic efficiency. However, there are underpinning security and privacy challenges, which may also result in under-utilization of vehicular data. In this paper, we introduce a new cryptographic primitive, namely: blockchain-based proxy re-encryption with equality test. Specifically, the proposed approach is designed to achieve reliable matching results by leveraging smart contracts, as well as efficient data sharing and privacy-preserving by combining the function of public-key encryption with equality test and proxy re-encryption. We also implement a prototype of the proposed approach and evaluate its performance with those of three other competing approaches. A comparative summary with three other competing approaches demonstrate that the proposed approach achieves all four features (i.e., decentralization, flexibility, non-interaction, and re-encryption). Findings from the prototype evaluation (using hyperledger fabric v1.4.2 as the test blockchain platform, and the fabric-sample repository) also demonstrate the utility of the proposed approach in practice.

A Pre-Authentication Approach to Proxy Re-Encryption in Big Data Context

Abstract: With the growing amount of data, the demand of big data storage significantly increases. Through the cloud center, data providers can conveniently share data stored in the center with others. However, one practically important problem in big data storage is privacy. During the sharing process, data is encrypted to be confidential and anonymous. Such operation can protect privacy from being leaked out. To satisfy the practical conditions, data tranmission with multi receivers is also considered. Furthermore, this paper proposes the notion of pre-authentication for the first time, i.e., only users with certain attributes that have already been authenticated can participate in the data transmission. The pre-authentication mechanism combines the advantages of proxy conditional re-encryption multi-sharing mechanism with the attribute-based authentication technique, thus achieving attributes authentication before re-encryption, and ensuring the security of the attributes and data. Finally this paper proves that the system can resist several attacks and the proposed pre-authentication mechanism could significantly enhance the system security level.

Blockchain-Based Digital Rights Management Scheme via Multiauthority Ciphertext-Policy Attribute-Based Encryption and Proxy Re-Encryption

Abstract: In order to ensure the confidentiality of digital contents, improve the fairness of digital copyright transactions, and reduce the time and management overhead of digital copyright owners, we proposed a blockchain-based digital rights management scheme. First, we designed a new multiauthority ciphertext-policy attribute-based encryption (MA-CPABE) scheme and showed that the new MA-CPABE has the indistinguishability of plaintext under adaptively chosen plaintext attack (IND-CPA) security and good performance. By combining the MA-CPABE and proxy re-encryption, the rights owner can flexibly sell the copyright to different users with once encryption by an agent who cannot access any information related to digital content when changing the ciphertext access policy as required. By using the smart contract of Ethereum, a fair trade of the decryption keys between the rights owner and rights requester is implemented. In order to further improve fairness, another blockchain is used as a ledge to store information related to digital rights, which greatly reduces the storage overhead in public blockchain. Security analysis shows that our scheme can provide IND-CPA security, resist collusion attacks, and protect the user’s privacy. Performance analysis shows that our scheme can provide a wealth of features to meet the various needs of users. The simulation results show that our scheme is very efficient compared to other schemes.

Universal Proxy Re-Encryption

Abstract: We put forward the notion of universal proxy re-encryption (UPRE). A UPRE scheme enables a proxy to convert a ciphertext under a (delegator) public key of any existing public-key encryption (PKE) scheme into another ciphertext under a (delegatee) public key of any existing PKE scheme (possibly different from the delegator one). The proxy has a re-encryption key generated from the delegator’s secret key and the delegatee public key. Thus UPRE generalizes proxy re-encryption by supporting arbitrary PKE schemes and allowing to convert ciphertexts into ones of possibly different PKE schemes. In this work, we provide syntax and definitions for both UPRE and a variant we call relaxed UPRE. The relaxed variant means that decryption algorithms for re-encrypted ciphertexts are slightly modified but still only use the original delegatee secret keys for decryption. construct a UPRE based on probabilistic indistinguishability obfuscation (PIO). It allows us to re-encrypt ciphertexts polynomially many times. construct relaxed UPRE from garbled circuits (GCs). We provide two variants of this construction, one which allows us to re-encrypt ciphertexts polynomially many times, and a second one which satisfies a stronger security requirement but only allows us to re-encrypt ciphertexts a constant number of times.

A Threshold Proxy Re-Encryption Scheme for Secure IoT Data Sharing Based on Blockchain

Abstract: The IoT devices deployed in various application scenarios will generate massive data with immeasurable value every day. These data often contain the user’s personal privacy information, so there is an imperative need to guarantee the reliability and security of IoT data sharing. We proposed a new encrypted data storing and sharing architecture by combining proxy re-encryption with blockchain technology. The consensus mechanism based on threshold proxy re-encryption eliminates dependence on the third-party central service providers. Multiple consensus nodes in the blockchain network act as proxy service nodes to re-encrypt data and combine converted ciphertext, and personal information will not be disclosed in the whole procedure. That eliminates the restrictions of using decentralized network to store and distribute private encrypted data safely. We implemented a lot of simulated experiments to evaluate the performance of the proposed framework. The results show that the proposed architecture can meet the extensive data access demands and increase a tolerable time latency. Our scheme is one of the essays to utilize the threshold proxy re-encryption and blockchain consensus algorithm to support IoT data sharing.

A Novel Revocable and Identity-Based Conditional Proxy Re-Encryption Scheme With Ciphertext Evolution for Secure Cloud Data Sharing

Abstract: Proxy re-encryption (PRE), with the unique ciphertext transformation ability, enables various ciphertext authorization applications to be implemented efficiently. However, most existing PRE schemes mainly focus on access authorization while ignoring the situation where the key needs to be changed and the ciphertext needs to be evolved, making the scheme’s practicability and security inadequate. Moreover, the few schemes that simultaneously combine ciphertext authorization, key update, and ciphertext evolution are not satisfactory in terms of security. For solving this problem, based on Xiong et al. ’s scheme, this paper proposes an improved revocable and identity-based conditional proxy re-encryption scheme with ciphertext evolution (RIB-CPRE-CE) for secure and efficient cloud data sharing. The proposed scheme inherits the characteristics of multi-use, constant ciphertext length, fine-grained authorization, collision-resistance security, and chosen ciphertext attack (CCA) security from the original method. Also, it supports updating ciphertext to adapt to the new key after changing the identity (key) or achieves authorization revocation by evolving ciphertext. Two new algorithms, URKeyGen and UpReEnc , have been integrated into the original delegation scheme to support ciphertext evolution. The formal definition, security model, concrete construction, and security analysis of RIB-CPRE-CE have been presented. The comparison and analysis show that the proposed scheme is practical and secure. Although it adds a ciphertext evolution function for supporting key update and delegation revocation, its efficiency and security are not reduced. The proposed scheme can also be used in other access authorization systems that need to change the key or revoke the authorization. It has certain practicability and security.

Authorized Shared Electronic Medical Record System with Proxy Re-Encryption and Blockchain Technology

Abstract: With the popularity of the internet 5G network, the network constructions of hospitals have also rapidly developed. Operations management in the healthcare system is becoming paperless, for example, via a shared electronic medical record (EMR) system. A shared electronic medical record system plays an important role in reducing diagnosis costs and improving diagnostic accuracy. In the traditional electronic medical record system, centralized database storage is typically used. Once there is a problem with the data storage, it could cause data privacy disclosure and security risks. Blockchain is tamper-proof and data traceable. It can ensure the security and correctness of data. Proxy re-encryption technology can ensure the safe sharing and transmission of relatively sensitive data. Based on the above situation, we propose an electronic medical record system based on consortium blockchain and proxy re-encryption to solve the problem of EMR security sharing. Electronic equipment in this process is connected to the blockchain network, and the security of data access is ensured through the automatic execution of blockchain chaincodes; the attribute-based access control method ensures fine-grained access to the data and improves the system security. Compared with the existing electronic medical records based on cloud storage, the system not only realizes the sharing of electronic medical records, but it also has advantages in privacy protection, access control, data security, etc.

Ciphertext-policy attribute-based proxy re-encryption via constrained PRFs

Abstract: College of Computer Science and Technology, Qingdao University, Qingdao 266071, China; Guizhou Provincial Key Laboratory of Public Big Data, Guizhou University, Guiyang 550025, China; ISTD Pillar, Singapore University of Technology and Design (SUTD), Singapore 487372, Singapore; College of Computer Science and Engineering, Shandong University of Science and Technology, Qingdao 266590, China; College of Computer Science and Technology, Nanjing University of Aeronautics and Astronautics, Nanjing 211106, China; School of Computing and Information Technology, University of Wollongong, Wollongong NSW 2522, Australia

Parallel Proxy Re-Encryption Workload Distribution for Efficient Big Data Sharing in Cloud Computing

Abstract: Cloud computing enables users and organizations to conveniently store and share data in large volumes and to enjoy on-demand services. Security and the protection of big data sharing from various attacks is the most challenging issue. Proxy re-encryption (PRE) is an effective method to improve the security of data sharing in the cloud environment. However, in PRE schemes, offloading big data for re-encryption will impose a heavy computational burden on the cloud proxy server, resulting in an increased computation delay and response time for the users. In this paper, we propose a novel parallel PRE workload distribution scheme to dynamically route the big data re-encryption process into the fog of the network. Moreover, this paper proposes a dynamic load balancing technique to avoid an excessive workload for the fog nodes. It also uses lightweight asymmetric cryptography to provide end-to-end security for the big data sharing between users. Within the proposed scheme, the offloading overhead on the centralized cloud server is effectively mitigated. Meanwhile, the processing delay incurred by the big data re-encryption process is efficiently improved.

Lattice-Based HRA-secure Attribute-Based Proxy Re-Encryption in Standard Model

Abstract: Proxy re-encryption (PRE), introduced by Blaze, Bleumer, and Strauss at EUROCRYPT 98, offers delegation of decryption rights, i.e., it securely enables the re-encryption of ciphertexts from one key to another, without relying on trusted parties. PRE allows a semi-trusted third party termed as a “proxy” to securely divert ciphertexts of a user (delegator) to another user (delegatee) without revealing any information about the underlying messages to the proxy. Attribute-based proxy re-encryption (ABPRE) generalizes PRE by allowing such transformation of ciphertext under an access-policy into another ciphertext under a new access policy. Such a primitive facilitates fine-grained secure sharing of encrypted data in the cloud.

A Lightweight Proxy Re-Encryption Approach with Certificate-Based and Incremental Cryptography for Fog-Enabled E-Healthcare

Abstract: Cloud computing aims to provide reliable, customized, and quality of service (QoS) guaranteed dynamic computing environments for end-users. However, there are applications such as e-health and emergency response monitoring that require quick response and low latency. Delays caused by transferring data over the cloud can seriously affect the performance and reliability of real-time applications. Before outsourcing e-health care data to the cloud, the user needs to perform encryption on these sensitive data to ensure its confidentiality. Conventionally, any modification to the user data requires encrypting the entire data and calculating the hash of the data from scratch. This data modification mechanism increases communication and computation costs over the cloud. The distributed environment of fog computing is used to overcome the limitations of cloud computing. This paper proposed a certificate-based incremental proxy re-encryption scheme (CB-PReS) for e-health data sharing in fog computing. The proposed scheme improves the file modification operations, i.e., updation, deletion, and insertion. The proposed scheme is tested on the iFogSim simulator. The iFogSim simulator facilitates the development of models for fog and IoT environments, and it also measures the impact of resource management techniques regarding network congestion and latency. Experiments depict that the proposed scheme is better than the existing schemes based on expensive bilinear pairing and elliptic curve techniques. The proposed scheme shows significant improvement in key generation and file modification time.

Hybrid Secure Cloud Storage data based on improved Encryption Scheme

Abstract: Cloud computing is a utility for data storage. Data storage security has become a primary challenge. The users can access, share & transacts the data as the cloud offers services based on the user demand. The Cloud data is originated from various sources, how secure the data is? Data security issues are increasing rapidly as data is flowing across the internet. To protect sensitive information there are many encryption techniques to hide the data from unauthenticated users. To secure the data encryption and decryption methods are used by which only authorized users can only retrieve the data. But sometimes Brute force method can recognize the hidden data. To enrich data confidentiality and authentication problems, a proposed method is used in which combination of AES and proxy re-encryption with Honey encryption is used. The system improves the data security for outsourced data. Honey encryption with hybrid cryptography can make unauthorized users to access only plausible looking messages.

Secure Outsourced Blockchain-Based Medical Data Sharing System Using Proxy Re-Encryption

Abstract: The security and privacy of electronic health records (EHRs) have received considerable attention from healthcare workers and researchers. To ensure security, various encryption and decryption schemes as well as key management protocols have been developed. However, owing to sharing and scalability issues, additional security technologies have been proposed. Nonetheless, these technologies cause other problems, such as efficiency issues. Blockchain-based EHR management systems have been proposed to overcome computational overhead. However, because most blockchain systems are installed by outsourcing companies, EHRs may be leaked to the company. Hence, we herein propose a blockchain-based EHR management scheme with proxy re-encryption. In this scheme, we set a proxy server that re-encrypts the ciphertext between file servers, thereby solving EHR sharing issues. Furthermore, because the server is separated from the blockchain system, the outsourcing company cannot manipulate the server or access the records. In addition, the blockchain assists in access control by using smart contracts, thereby enabling secure and efficient EHR sharing. By performing security analysis, we prove that our proposed scheme solves the aforementioned security problems. In addition, we experimentally demonstrate the efficient operation of the proposed system.

hPRESS: A Hardware-Enhanced Proxy Re-Encryption Scheme Using Secure Enclave

Abstract: Proxy re-encryption (PRE) allows a proxy to transform one ciphertext to another under different encryption keys while keeping the underlying plaintext secret. Because of the ciphertext transformability of PRE, there are many potential private communicating applications of this feature. However, existing PRE schemes are not as full-fledged as expected. The lack of necessary features makes them hard to apply in real-world scenarios. So far, there does not exist a unidirectional multihop PRE scheme with constant decryption efficiency and constant ciphertext size without extensions. Impractical performance and weak scalability also hinder PRE from most real-world applications. In this work, we present a new PRE scheme with secure hardware enclave named hPRESS (hardware-enhanced PRE scheme using secure enclave). To the best of our knowledge, hPRESS is the first unidirectional multihop PRE scheme which achieves both constant decryption efficiency and constant ciphertext size without extensions. A detailed security analysis demonstrates that our proposal is CCA secure based on the security of the underlying encryption schemes and the secure enclave. We also implement a prototype based on Intel SGX, one of the most popular secure enclave techniques in recent years, and evaluate its performance. The experimental results show that, compared with previous PRE schemes, our hPRESS is almost one order of magnitude faster in terms of the decryption and transformation.

Attribute-Based Conditional Proxy Re-encryption in the Standard Model Under LWE

Abstract: Attribute-based conditional proxy re-encryption (AB-CPRE) allows delegators to carry out attribute-based control on the delegation of decryption by setting policies and attribute vectors. The fine-grained control of AB-CPRE makes it suitable for a variety of applications, such as cloud storage and distributed file systems. However, all existing AB-CPRE schemes are constructed under classical number-theoretic assumptions, which are vulnerable to quantum cryptoanalysis. Therefore, we propose the first AB-CPRE scheme based on the learning with errors (LWE) assumption. Constructed from fully key-homomorphic encryption (FKHE) and key-switching techniques, our scheme is unidirectional, single-hop, and enables a polynomial-depth boolean circuit as its policy. Furthermore, we split the ciphertext into two independent parts to avoid two-level or multi-level encryption/decryption mechanisms. Taking advantage of it, we then extend our single-hop AB-CPRE into an efficient and concise multi-hop one. No matter how many transformations are performed, the re-encrypted ciphertext is in constant size, and only one encryption/decryption algorithm is needed. Both of our schemes are proved to be selective secure against chosen-plaintext attacks (CPA) in the standard model.

Multi-user search on the encrypted multimedia database: lattice-based searchable encryption scheme with time-controlled proxy re-encryption

Abstract: Multimedia cloud storage which saves the huge storage overhead of local devices has attracted considerable attention. However, due to the lack of physical control of data, the privacy protection of data on the multimedia cloud has become one of the main concerns of users. Public-key encryption with keywords search (PEKS) is a technique that can keep the privacy and searchability of data in the cloud. In this paper, we present a PEKS with time-controlled proxy re-encryption model which allows the data owner to delegate the access right of the encrypted multimedia database to other users, to achieve the time-controlled multi-user search. Furthermore, it is designed to resist keywords guessing attack and support conjunctive keywords search. Compared with previous works which require a time server to generate a time seal for the generation of the search token, this model embeds the time information of accessing the encrypted database into public and secret key pairs of data users, which saves the managing overhead and reduces the security risks resulting from an extra server. In addition, most existing PEKS schemes were constructed based on the hardness of classical mathematical problems which can be broken by quantum computers. To address this issue, a lattice-based PEKS scheme based on the above model is proposed, which can be considered as the candidate for protecting multimedia data security in the quantum era.

SEMKC: Secure and Efficient Computation over Outsourced Data Encrypted under Multiple Keys

Abstract: Cloud computing is a popular paradigm to facilitate massive data computation and storage. The issue is challenging as data owners outsource their data after encryption to preserve privacy. In this work, we propose two efficient techniques namely SEMKC $^+$ + and SEMKC $^*$ * to compute remotely over encrypted data. SEMKC $^*$ * can be used for execution which has more number of multiplications and fewer additions, while SEMKC $^+$ + would be used for the process with more number of additions and fewer multiplications. Both the schemes facilitate to compute over the data from multiple owners encrypted with different keys, without leaking the privacy. Further, the scheme is proved to be secure on “Real world-Ideal world” paradigm. The performance comparison has been made with existing schemes and observed that our scheme requires less computation and communication in comparison to the other popular existing schemes.

IB-VPRE: adaptively secure identity-based proxy re-encryption scheme from LWE with re-encryption verifiability

Abstract: Identity-based proxy re-encryption (IB-PRE) can convert the ciphertext encrypted under Alice’s identity to Bob’s ciphertext of the same message by a semi-trusted proxy with the proper transformation key. The main purpose of our work is to enhance the security of IB-PRE. For outside attacks, all existing IB-PRE constructions from lattices have only achieved a limited or weak security model called IND-sID-CPA security. Therefore, by embedding re-encryption key generation and re-encryption algorithms appropriately in Agrawal et al.’s identity-based encryption scheme from lattices, we construct an IND-ID-CPA secure IB-PRE scheme over decisional learning with errors (LWE) under the standard model. For inside attacks, we propose a new primitive IB-VPRE by extending the basic IB-PRE scheme with a new functionality called re-encryption verifiability, meaning that a re-encrypted ciphertext receiver or a third party can verify whether the received ciphertext is correctly transformed from an original ciphertext or not, and thus can detect illegal activities of the proxy. We realize re-encryption verifiability using the homomorphic signature technique as a black box, making the resulting scheme non-interactive and quantum-immune after instanced by a lattice-based homomorphic signature scheme.