Proxy re-encryption

About: Proxy re-encryption is a research topic. Over the lifetime, 708 publications have been published within this topic receiving 33624 citations.

An Improved ID-Based Data Storage Scheme for Fog-Enabled IoT Environments

Abstract: In a fog-enabled IoT environment, a fog node is regarded as the proxy between end users and cloud servers to reduce the latency of data transmission, so as to fulfill the requirement of more real-time applications. A data storage scheme utilizing fog computing architecture allows a user to share cloud data with other users via the assistance of fog nodes. In particular, a fog node obtaining a re-encryption key of the data owner is able to convert a cloud ciphertext into the one which is decryptable by another designated user. In such a scheme, a proxy should not learn any information about the plaintext during the transmission and re-encryption processes. In 2020, an ID-based data storage scheme utilizing anonymous key generation in fog computing was proposed by some researchers. Although their protocol is provably secure in a proof model of random oracles, we will point out that there are some security flaws inherited in their protocol. On the basis of their work, we further present an improved variant, which not only eliminates their security weaknesses, but also preserves the functionalities of anonymous key generation and user revocation mechanism. Additionally, under the Decisional Bilinear Diffie–Hellman (DBDH) assumption, we demonstrate that our enhanced construction is also provably secure in the security notion of IND-PrID-CPA.

On the Security of a Conditional Proxy Re-Encryption

Abstract: To enable fine-grained delegations for proxy re-encryption systems, in AsiaCCS'09, Weng et al.'s introduced the concept of conditional proxy re-encryption (C-PRE), in which the proxy can convert a ciphertext only if a specified condition is satisfied. Weng et al. also proposed a C-PRE scheme, and claimed that their scheme is secure against chosen-ciphertext attack (CCA). In this paper, we show that their scheme is not CCA-secure under their defined security model.

Advanced Looping Broadcast Proxy Re-Encryption in Cloud computing

Abstract: Recently, various augmented Proxy Re-Encryptions (PRE), e.g. Conditional (CPRE), identity-based PRE (IPRE) and broadcast PRE (BPRE), have been proposed for adaptable applications. By joining CPRE, IPRE and BPRE, this paper proposes an adaptable primitive alluded to as conditional identity-based broadcast PRE (CIBPRE) and formalizes its semantic security. CIBPRE permits a sender to scramble a message to numerous recipients by determining these collectors' personalities, and the sender can appoint a re-encryption key to an intermediary so he can change over the underlying ciphertext into another one to another arrangement of proposed beneficiaries. Additionally, the re-encryption key can be connected with a condition to such an extent that exclusive the coordinating ciphertexts can be re-encoded, which permits the first sender to authorize get to control over his remote ciphertexts in a fine-grained way. We propose a proficient CIBPRE plot with provable security. In the instantiated scheme, the initial ciphertext, the re-encrypted ciphertext and the re-encryption key are all in consistent size, and the parameters to create a re-encryption key are autonomous of the first beneficiaries of any underlying ciphertext. At last, we demonstrate an utilization of our CIBPRE to secure cloud email system invaluable over existing secure email systems in view of Pretty Good Privacy protocol or identity-based encryption.

An Improved Scheme for Protecting Medical Data in Public Clouds

Abstract: Public Clouds offer a convenient way for storing and sharing the large amounts of medical data that are generated by, for example, wearable health monitoring devices. Nevertheless, using a public infrastructure raises significant security and privacy concerns. Even if the data are stored in an encrypted form, the data owner should share some information with the Cloud provider in order to enable the latter to perform access control; given the high sensitivity of medical data, even such limited information may jeopardize end-user privacy. In this paper we employ an access control delegation scheme to enable the users themselves to perform access control on their data, even though these are stored in a public Cloud. In our scheme access control policies are evaluated by a user-controlled gateway and Cloud providers are only entrusted with respecting the gateway’s decision. Furthermore, since medical data must often be shared with health providers of the user’s choice, we rely on a proxy re-encryption technique to allow such sharing to take place. Our scheme encrypts data before storing them in the Cloud and applies proxy re-encryption using Cloud resources to encrypt data separately for each (authorized) user. Our proxy re-encryption scheme ensures that misbehaving Cloud providers cannot use re-encryption keys to share content with unauthorized clients, while delegating the costly re-encryption operations to the Cloud.

In-Device Proxy Re-encryption Service for Information-Centric Networking Access Control

Abstract: Information Centric Networking (ICN), the security, privacy and access control mechanisms are deployed directly in the network layer. However, the gap between security in the network and application layers creates a vulnerable space for cyber attacks from inside a device. We adopt a proxy reencryption technique to facilitate a flexible ICN access control specific to applications. Unlike the existing work in which the proxy re-encryption is done in the network, we propose an In-device Proxy Re-Encryption Service (IPRES) for filling this security gap and for efficiency in both access control management and resource usage. We present the architecture and protocol of IPRES incorporating principles from security management specific to each application. Our evaluation shows that IPRES improves the state of the art by closing the security gap while it introduces acceptable operational and memory overheads at the device level.