Showing papers on "Proxy re-encryption published in 2023"

Attribute-Based Proxy Re-Encryption With Direct Revocation Mechanism for Data Sharing in Clouds

Abstract: Cloud computing, which provides adequate storage and computation capability, has been a prevalent information infrastructure. Secure data sharing is a basic demand when data was outsourced to a cloud server. Attribute-based proxy re-encryption has been a promising approach that allows secure encrypted data sharing on clouds. With attribute-based proxy re-encryption, a delegator can designate a set of shared users through issuing a re-encryption key which will be used by the cloud server to transform the delegator's encrypted data to the shared users'. However, the existing attribute-based proxy re-encryption schemes lack a mechanism of revoking users from the sharing set which is critical for data sharing systems. Therefore, in this paper, we propose a concrete attribute-based proxy re-encryption with direct revocation mechanism (ABPRE-DR) for encrypted data sharing that enables the cloud server to directly revoke users from the original sharing set involved in the re-encryption key. We implemented the new schemes and evaluated its performance. The experimental results show that the proposed ABPRE-DR scheme is efficient and practical.

A Blockchain and Proxy Re-encryption Based Approach for IoT Data Security: A Review

Abstract: Data sharing is viewed as one of the most advantageous parts in cloud computing since the expansion of the Internet of Things. As astounding as this technology has been, data security still remains as one of the hindrances ( the issues like data tampering, data leakage, privacy concerns, etc. are associated with it). In this survey paper, a “Proxy Re-encryption” proposal is made to assure safe data sharing in IoT devices and cloud based services. Data owners can share their ciphered data on the cloud storage i.e. Blockchain using identification-based encryption, while PRE model will allow authorized users to access the data. As the IoT devices have limited resources, a peripheral device acts as a proxy server to operate meticulous computations. Also, the advantages of information based networks are used to carry reserved contents in the proxy server constructively,thus providing improved service-quality. Further, Our proposed system is based on one of the innovative technologies i.e. blockchain which validates decentralization during sharing of data. It reduces the restrictions in the centralised system and achieves gentle access control of the data. Our proposed architecture overcomes several security constraints and maintains intense integrity and confidentiality.

FABRIC: Fast and Secure Unbounded Cross-System Encrypted Data Sharing in Cloud Computing

Abstract: Existing proxy re-encryption (PRE) schemes to secure cloud data sharing raise challenges such as supporting the heterogeneous system efficiently and achieving the unbounded feature. To address this problem, we proposed a fast and secure unbounded cross-domain proxy re-encryption scheme, named FABRIC, which enables the delegator to authorize the semi-trusted cloud server to convert one ciphertext of an identity-based encryption (IBE) scheme to another ciphertext of an attribute-based encryption (ABE) scheme. As the first scheme to achieve the feature mentioned above, FABRIC not only enjoys constant computation overhead in the encryption, decryption, and re-encryption phases when the quantity of attributes increases, but is also unbounded such that the new attributes or roles could be adopted into the system anytime. Furthermore, FABRIC achieves adaptive security under the decisional linear assumption (DLIN). Eventually, detailed theoretical and experimental analysis proved that FABRIC enjoys excellent performance in efficiency and practicality in the cloud computing scenario.

Outsourcing the Computation of Plaintext Encryption for Homomorphic Encryption

Abstract: Homomorphic encryption is a promising technology for private enhanced computing. It provides a data-centric privacy-preserving method that allows computing on encrypted data by a third proxy. However, lightweight terminals lack sufficient computing resources to perform a large amount of encryption operations in stream data applications, e.g., smart devices in blockchain network, sensors and cameras in urban intelligent transport. This paper presents a blinded encryption paradigm that outsources most computations to a third proxy, e.g., cloud computing and edge computing. It helps to eliminate the encryption overhead for lightweight terminals while preserving data privacy. The proposed paradigm is composed of plaintext blinding, blinded encryption, ciphertext recovery and one round of communication. Lightweight terminals only execute efficient plaintext blinding and ciphertext recovery to guarantee data privacy. The expensive computing for plaintext encryption is delegated to a third proxy through blinded encryption. In addition, the key analysis to achieve time consuming improvement is to overlap the communication latency with computation time. Furthermore, the security analysis demonstrates the outsourced encryption is secure under the assumption of secure blinding and recovery algorithms. Finally, the experiment shows our method outperforms the original version by 2x improvement from the prospective of resource consumption.

ECT-ABE Algorithm-Based Secure Preserving Framework for Medical Big Data

Abstract: Cyber risks and data breaches have expanded considerably across a wide range of business areas. Due to digitalization and the Internet of Things (IoT), the medical community generates a massive amount of heterogeneous clinical records on a daily basis. This unprocessed heterogynous medical data contains a wealth of clinical information that is vital for the medical field's advancement. However, patient privacy concerns arise when storing and analysing this medical big data on a private cloud. In this present study, the Optimized Ciphertext Attribute-Based Encryption (ECT-ABE) algorithm is introduced to enhance the safety of healthcare cloud storage. Additionally, the suggested system design incorporates a separate proxy server to isolate communication between clients and the cloud server, hence limiting direct attacks on cloud servers and lowering computational pressure on cloud servers. In comparison to earlier methods, the proposed cryptosystem is faster to execute and produces a lighter ciphertext. Additionally, both re-encryption and pre-decryption require only a single arithmetic operation.

Identity-Based Proxy Re-Encryption Scheme Using Fog Computing and Anonymous Key Generation

Abstract: In the fog computing architecture, a fog is a node closer to clients and responsible for responding to users’ requests as well as forwarding messages to clouds. In some medical applications such as the remote healthcare, a sensor of patients will first send encrypted data of sensed information to a nearby fog such that the fog acting as a re-encryption proxy could generate a re-encrypted ciphertext designated for requested data users in the cloud. Specifically, a data user can request access to cloud ciphertexts by sending a query to the fog node that will forward this query to the corresponding data owner who preserves the right to grant or deny the permission to access his/her data. When the access request is granted, the fog node will obtain a unique re-encryption key for carrying out the re-encryption process. Although some previous concepts have been proposed to fulfill these application requirements, they either have known security flaws or incur higher computational complexity. In this work, we present an identity-based proxy re-encryption scheme on the basis of the fog computing architecture. Our identity-based mechanism uses public channels for key distribution and avoids the troublesome problem of key escrow. We also formally prove that the proposed protocol is secure in the IND-PrID-CPA notion. Furthermore, we show that our work exhibits better performance in terms of computational complexity.

Preventing Data Leakage in Cloud Servers through Watermarking and Encryption Techniques

Abstract: Abstract Due to the increasing utilization of various systems, services, and applications, sharing multimedia data has become a vital component of individuals' daily routines. However, data leakage is a common problem in cloud storage systems, which poses a significant threat to the confidentiality and copyright protection of multimedia information. To address this issue, digital watermarking has been suggested as an effective method for protecting copyright. The recommended approach combines watermarking and Proxy Re- (PRE) to ensure secure multimedia material exchange. Encryption techniques are also used to protect data from unauthorized access. The proposed method includes encrypting a secret key with a certain key, then combining it with encrypted key data, and ultimately embedding it into an image via the Least Significant Bit (LSB) technique. Once the sensitive information is inserted, the image can be encoded using the ECC Encryption method.Built-in data to the verification method allows authenticated individuals to recover the decryption key, which can identify unauthorized access and restrict content redistribution. The proposed application has the potential to prevent unauthorized access in cloud environments and ensure the security of sharing multimedia data.

Decentralized Attribute-Based Access Control with Attribute Revocation and Outsourced Decryption

Abstract: Decentralized ciphertext-policy attribute-based encryption (CP-ABE) is considered a promising cryptographic primitive to enable fine-grained access control over encrypted data. The revocation is a necessary mechanism in real-world access control systems. However, existing revocation mechanisms in CP-ABE either are triggered periodically and cannot revoke users in a timely manner, or require a trusted third-party proxy to assist in revocation. In this work, we present a decentralized CP-ABE scheme that supports periodic attribute-level revocation as well as immediate attribute-level revocation, simultaneously. It means that once an attribute key of a user naturally expires or is identified as leaked, that attribute will be revoked and then become unavailable instantly, remaining the users' other attributes still active. Moreover, we provide optional outsourced decryption capabilities. Resource-constrained users can choose to outsource partial decryption to any third-party proxy without disclosing the underlying plaintext. The performance analysis demonstrates that our proposal is better in functionality compared with existing schemes. Our scheme is proven secure against chosen-plaintext attacks in the random oracle model.

Online Medical System Using ElGamal

Abstract: Cost-effective and secure sharing of individual health records is now possible through the use of cloud services in the healthcare sector. Storing sensitive health information in the cloud raises concerns about its security, necessitating an assessment of the best means of protecting this information. As a result, we propose a strategy to facilitate the exchange of private health data in the cloud, which we refer to as Enhanced Security Services. These systems ensure the confidentiality of PHRs while also protecting the patient’s right to exercise autonomy over their own health information. Patients encrypt their data and store it on remote servers, allowing multiple parties access to specific sections of their medical records. Key pairs and re-encryption keys are initially generated and stored on a semi-trusted proxy and re-encryption server (SRS). This approach is safe because it uses both forward and backward access control and guards against insider threats. Using High-Level Petri Nets, we formally investigate and verify the efficacy of this strategy (HLPN). An evaluation of the personal health data methodology’s efficiency suggests it can exchange data safely via the cloud.

Secure Role Based Access Control Data Sharing Approach and Cloud Environment

Abstract: the primary objective of cloud storage is to maintain data integrity, which involves implementing measures to prevent unauthorized access and ensuring that data can be regenerated if mishandled. To achieve this, a proxy server will be assigned the task of protecting and restoring data in case of unauthorized modifications. Users' data will be stored in both public and private areas of the cloud, with only public data being accessible to users and private data being kept more secure. Cloud storage offers users various redundancy configurations to balance performance and fault tolerance, with data availability being critical in distributed storage systems, especially when node failures are common in real-life scenarios. In this research, a proposed aes 128 encryption algorithm and role-based access control (rbac) scheme are explored to provide secure data storage and sharing, as well as a secure user access policy. Additionally, a backup server approach is used as a proxy storage server for ad hoc data recovery for all distributed data servers. The experiment's analysis is proposed in both public and private cloud environments, utilizing keywords such as rbac, elgamal encryption scheme, proxy key generation, advanced encryption standard (aes), and more

A certificate-based proxy re-encryption plus scheme for secure medical data sharing

Abstract: The sharing of medical data is crucial for advancing medical research, but the risk of sharing medical data with malicious users poses a significant problem for smooth sharing among medical institutions. To address this issue, we propose a certificate-based proxy re-encryption plus (CBPRE+) scheme based on certificate-based proxy re-encryption (CBPRE) and message-level fine-grained controllable and non-transferable proxy re-encryption plus (PRE+). This scheme allows medical organizations to securely distribute their encrypted data to recipients through public cloud storage. The proposed scheme maintains the benefits of CBPRE, while additionally enabling fine-grained message-level sharing and non-transferability. This ensures that user data is only available to authorized health services, thereby preventing malicious disclosure. We validate and analyze the correctness, safety, and performance of our scheme, and our results show that the scheme has chosen-ciphertext security for the original ciphertext and chosen-plaintext security for the re-encrypted ciphertext. Our proposed scheme offers more advantages than the existing CBPRE scheme.

FFH-ABE: Fast File-Hierarchy Attribute-Based Encryption Scheme for the Internet of Things

Abstract: <p>With the rapid deployment of cloud computing and the exponential growth of data, it is a trend for users with limited resources to outsource the tasks of data sharing and platform building to proxy cloud service providers (PSCPs). However, the openness and uncontrollability of the computing environment pose a great threat to users’ sensitive data and personal privacy. The highly functional encryption mechanisms based on ciphertext-policy attribute-based encryption (CP-ABE) were proposed to address these problems of secure data sharing in the IoT. In this paper, we propose an efficient and flexible file-hierarchy CP-ABE scheme based on the linear secret sharing scheme (LSSS) matrix. First, we design a hierarchical access control matrix using LSSS that can encrypt and decrypt multiple files simultaneously with a single access policy. Second, we employ multiple access control matrices to make access control more flexible. Third, we prove that our scheme is secure against the chosen-plaintext attack (CPA) under the decisional bilinear Diffie-Hellman (DBDH) assumption. Furthermore, we optimize the access control structure, and conduct experimental comparisons with the existing schemes by theoretical analysis and experimental simulation, showing that our scheme achieves significant improvements in both computation and storage costs.</p>

FFH-ABE: Fast File-Hierarchy Attribute-Based Encryption Scheme for the Internet of Things

Abstract: <p>With the rapid deployment of cloud computing and the exponential growth of data, it is a trend for users with limited resources to outsource the tasks of data sharing and platform building to proxy cloud service providers (PSCPs). However, the openness and uncontrollability of the computing environment pose a great threat to users’ sensitive data and personal privacy. The highly functional encryption mechanisms based on ciphertext-policy attribute-based encryption (CP-ABE) were proposed to address these problems of secure data sharing in the IoT. In this paper, we propose an efficient and flexible file-hierarchy CP-ABE scheme based on the linear secret sharing scheme (LSSS) matrix. First, we design a hierarchical access control matrix using LSSS that can encrypt and decrypt multiple files simultaneously with a single access policy. Second, we employ multiple access control matrices to make access control more flexible. Third, we prove that our scheme is secure against the chosen-plaintext attack (CPA) under the decisional bilinear Diffie-Hellman (DBDH) assumption. Furthermore, we optimize the access control structure, and conduct experimental comparisons with the existing schemes by theoretical analysis and experimental simulation, showing that our scheme achieves significant improvements in both computation and storage costs.</p>

Identity-Based Unidirectional Collusion-Resistant Proxy Re-Encryption from U-LWE

Abstract: Identity-based proxy re-encryption (IB-PRE) converts the ciphertext encrypted under the delegator’s identity to the one encrypted under the delegatee’s identity through a semitrusted proxy without leaking delegator’s private key and the underlying plaintext. At present, the security of most IB-PRE schemes relies on the hardness of the discrete logarithm solution or large integer decomposition and cannot resist attacks of the quantum algorithms. The majority of the IB-PRE schemes over lattice are secure only in the random oracle model. Aiming at such problems, the paper constructs a secure IB-PRE scheme over lattice in the standard model. In the scheme, the underlying encryption scheme proposed by Gentry et al. in EUROCRYPT 2010 is adopted to reduce the storage space of ciphertext. The proposed scheme is unidirectional collusion-resistant multihop and anonymous, and it is semantically secure against selective identity and chosen plaintext attack based on Decisional Learning With Errors with uniformly distributed errors (D-U-LWE) hard problem in the standard model.

Accountable Proxy Re-Encryption for Secured Data Sharing

Abstract: Abstract: Proxy re-encryption (PRE) provides a promising solution for encrypted data sharing in public cloud. When data owner Alice is going to share her encrypted data with data consumer Bob, Alice generates a re-encryption key and sends it to the cloud server (proxy); by using it, the proxy can transform Alice’s ciphertexts into Bob’s without learning anything about the underlying plaintexts. Despite that existing PRE schemes can prevent the proxy from recovering Alice’s secret key by collusion attacks with Bob, due to the inherent functionality of PRE, it is inevitable that the proxy and Bob together are capable to gain and distribute Alices decryption capabilities. Even worse, the malicious proxy can deny that it has leaked the decryption capabilities and has very little risk of getting caught. To tackle this problem, we introduce the concept of Accountable Proxy ReEncryption (APRE), whereby if the proxy is accused to abuse the re-encryption key for distributing Alice’s decryption capability, a judge algorithm can decide whether it is innocent or not. We then present a non-interactive APRE scheme and prove its CPA security and accountability under DBDH assumption in the standard model. Finally, we show how to extend it to a CCA secure one.

Access control scheme based on blockchain and attribute-based searchable encryption in cloud environment

Abstract: Abstract With the rapid development of cloud computing technology, how to achieve secure access to cloud data has become a current research hotspot. Attribute-based encryption technology provides the feasibility to achieve the above goal. However, most of the existing solutions have high computational and trust costs. Furthermore, the fairness of access authorization and the security of data search can be difficult to guarantee. To address these issues, we propose a novel access control scheme based on blockchain and attribute-based searchable encryption in cloud environment. The proposed scheme achieves fine-grained access control with low computation consumption by implementing proxy encryption and decryption, while supporting policy hiding and attribute revocation. The encrypted file is stored in the IPFS and the metadata ciphertext is stored on the blockchain, which ensures data integrity and confidentiality. Simultaneously, the scheme enables the secure search of ciphertext keyword in an open and transparent blockchain environment. Additionally, an audit contract is designed to constrain user access behavior to dynamically manage access authorization. Security analysis proves that our scheme is resistant to chosen-plaintext attacks and keyword-guessing attacks. Theoretical analysis and experimental results show that our scheme has high computational and storage efficiency, which is more advantageous than other schemes.

Review On Prevention of Data Leakage in Cloud Server by Utilizing Watermarking and Double Encryption Techniques

Abstract: In today's world, the exchange of multimedia data has become an essential part of people's everyday routines, as they utilize various systems, services, and applications. Real-world cloud storage systems frequently experience data leaks, making secure data transmission and copyright protection of multimedia information difficult. To tackle the problem of safeguarding copyright, the implementation of digital watermarking has been proposed. This technique involves adding hidden information, such as confidential data, to digital media to authenticate its ownership. Encryption techniques are also employed to secure the data and prevent unauthorized access. The proposed approach suggests using both watermarking and proxy re-encryption techniques to efficiently exchange multimedia content. To secure confidential information, the process involves encrypting a private key with a specific encryption method that requires a key. Next, this encrypted key is combined with the user's private key and inserted into an image using the Least Significant Bit (LSB) technique. After the confidential information has been incorporated into the image, it can be encoded using the ECC Encryption technique. However, copyright protection remains a challenging and complex issue in the face of increasing internet and digital technology usage. The resulting image can be encoded using the ECC Encryption method. However, copyright protection remains a challenging and complex issue in the face of increasing internet and digital technology usage.

Attribute-Based Verifiable Conditional Proxy Re-Encryption Scheme

Abstract: There are mostly semi-honest agents in cloud computing, so agents may perform unreliable calculations during the actual execution process. In this paper, an attribute-based verifiable conditional proxy re-encryption (AB-VCPRE) scheme using a homomorphic signature is proposed to solve the problem that the current attribute-based conditional proxy re-encryption (AB-CPRE) algorithm cannot detect the illegal behavior of the agent. The scheme implements robustness, that is the re-encryption ciphertext, can be verified by the verification server, showing that the received ciphertext is correctly converted by the agent from the original ciphertext, thus, meaning that illegal activities of agents can be effectively detected. In addition, the article demonstrates the reliability of the constructed AB-VCPRE scheme validation in the standard model, and proves that the scheme satisfies CPA security in the selective security model based on the learning with errors (LWE) assumption.

An Efficient Privacy Preserving Scheme for Internet of Things Environment

Abstract: Abstract While Internet of Things (IoT) systems, including cloud-enabled IoT systems, are becoming the norm, ensuring the security and privacy of data without impacting performance remains challenging. In this paper, we demonstrate how one can outsource attribute-based encryption (ABE) operations (e.g., encryption and decryption) to proxy servers in order to reduce the computation overhead of encryption and decryption. Our proposed scheme is also designed to incur minimal storage overhead of the ciphertext (CT), by generating constant ciphertext, regardless of the number of access policy attributes required for encryption. We also evaluate the performance of our proposed scheme and demonstrate that our scheme is more efficient than two other schemes.

Attribute-based proxy re-encryption with keyword search on personal health record

Abstract: Personal health records (PHRs) contain sensitive health information that needs to be protected from unauthorized access. At the same time, patients may need to share their PHRs with healthcare providers or researchers to receive appropriate care or participate in medical studies. Attribute-based proxy re-encryption with keyword search (ABPRE-KS) is a what cryptographic technique that enables secure and controlled sharing of encrypted PHR data while preserving privacy and confidentiality of sensitive patient information. ABPRE-KS works by encryption of the PHR data using a key derived from the patient's attributes and allowing the patient to delegate access to the data to third parties using a proxy re-encryption scheme. To enable keyword search on the encrypted PHR data, an additional searchable encryption scheme can be used. ABPRE-KS provides a powerful tool for securely sharing and searching PHR and it can be used to facilitate better healthcare outcomes and medical research while protecting patient privacy.

CBP: Coalitional Game-Based Broadcast Proxy Re-encryption in IoT

Abstract: This paper proposes Coalitional Game-Based Broadcast Proxy Re-encryption in IoT a broadcast proxy re-encryption for adding new IoT devices. The proxy re-encryption is extended to broadcast proxy re-encryption to prevent re-calculation of the re-encryption key. However, the group of recipients needs to be pre-determined before the calculation of the re-encryption key. If any new IoT device requires the same data, an individual re-encryption key is generated for him/her. Hence, generating individual re-encryption key is an overhead for the organization. We propose a re-encryption key updation for the broadcast proxy re-encryption method. If excessive IoT devices want to join the group of the existing recipient, then updation needs to be done learnedly as an excessive number of recipients in a group increases the computation cost of the decryption extremely for all the members of the group. Therefore, we use the coalitional game theory to estimate the optimal number of new recipients from all new recipients. We update the re-encryption key for the optimal number of members and a separate re-encryption key is calculated for other recipients. We prove the correctness of the CBP. We prove that if any recipient behaves maliciously, s/he cannot get the secret key of the organization.

An Identity-Based Proxy Re-Encryption Scheme with Single-Hop Conditional Delegation and Multi-Hop Ciphertext Evolution for Secure Cloud Data Sharing

Abstract: Proxy re-encryption (PRE) provides a promising solution for applications requiring efficient and secure ciphertext conversion, such as secure cloud data sharing. While the one with the function of ciphertext evolution is more desirable for some long-term schemes involving key update. Recently, Yao et al. constructed an identity-based conditional proxy re-encryption scheme simultaneously supporting authorization and ciphertext evolution. However, its delegated ciphertext can be re-authorized, which may cause the authorization to exceed the original delegator’s expectation. In contrast, the single-hop PRE authorization scheme may be more appropriate for systems requiring better control over authorization. In this paper, an identity-based proxy re-encryption scheme with single-hop conditional delegation and multi-hop ciphertext evolution (IBPRE-SHCD-MHCE) is proposed. Also, its description, construction, and security analysis are given. The analysis and experimental comparison results show that the proposed scheme has improved the computational efficiency and storage consumption compared with the two underlying schemes.