Your search keyword '"Access structure"' showing total 543 results

1. An Expressive Fully Policy-Hidden Ciphertext Policy Attribute-Based Encryption Scheme With Credible Verification Based on Blockchain

Author

Zheng Li, Yilin Yuan, Jianbiao Zhang, and Zhaoqian Zhang

Subjects

Scheme (programming language), Correctness, Computer Networks and Communications, Computer science, business.industry, Cloud computing, Computer security, computer.software_genre, Encryption, Computer Science Applications, Data sharing, Hardware and Architecture, Signal Processing, Ciphertext, Attribute-based encryption, business, computer, Information Systems, computer.programming_language, Access structure

Abstract

As the public cloud becomes one of the leading ways in data sharing nowadays, data confidentiality and user privacy are increasingly critical. Partially policy-hidden ciphertext policy attribute-based encryption (CP-ABE) can effectively protect data confidentiality while reducing privacy leakage by hiding part of the access structure. However, it cannot satisfy the need of data sharing in the public cloud with complex users and large amounts of data, both in terms of less expressive access structures and limited granularity of policy hiding. Moreover, the verification of access right to shared data and correctness of decryption are ignored or conducted by an untrusted third party, and the prime-order groups are seldom considered in the expressive policy-hidden schemes. This paper proposes a fully policy-hidden CP-ABE scheme constructed on LSSS access structure and prime-order groups for public cloud data sharing. To help users decrypt, HVE with a “convert step” is applied, which is more compatible with CP-ABE. Meanwhile, decentralized credible verification of access right to shared data and correctness of decryption based on blockchain are also provided. We prove the security of our scheme rigorously and compare the scheme with others comprehensively. The results show that our scheme performs better.

Published

2022

2. TRAC: Traceable and Revocable Access Control Scheme for mHealth in 5G-Enabled IIoT

Author

Qi Li, Yinghui Zhang, Bin Xia, Tao Zhang, and Haiping Huang

Subjects

Revocation list, Revocation, Computer science, business.industry, Access control, Cloud computing, Data_CODINGANDINFORMATIONTHEORY, Computer security, computer.software_genre, Encryption, Computer Science Applications, Control and Systems Engineering, Traitor tracing, Ciphertext, Electrical and Electronic Engineering, business, computer, Information Systems, Access structure

Abstract

Mobile healthcare (mHealth) enables people to collect and share their personal health records (PHRs) and gain rapid medical treatment via mobile 5G-enabled Industrial Internet of Things (IIoT) devices, which also brings the challenge of keeping the PHRs confidentiality and preventing unauthorized access. By the emerging Ciphertext-Policy Attribute-based Encryption (CP-ABE), the PHR owner can encrypt his PHR data under self-defined access policies. However, existing CP-ABE schemes are suffering from either heavy computation cost and storage overhead or traitor tracing and direct revocation. In this paper, we propose an efficient, traceable and revocable access control scheme named TRAC for mHealth in 5G-enabled IIoT. In TRAC, the ciphertext is composed of the attribute-relevant ciphertext encrypted under an AND-gate access structure and the identity-relevant ciphertext associated with some potential receivers. The malicious user who leaks his/her privilege to unauthorized entities will be precisely tracked and added in the revocation list, by which the cloud server can update the identity-relevant ciphertext by itself. The length of final ciphertext and the time of bilinear pairing operations used in decryption are constant. The security analysis and performance evaluation indicate the security, efficiency and practicality of TRAC.

Published

2022

3. Unbounded and Efficient Revocable Attribute-Based Encryption With Adaptive Security for Cloud-Assisted Internet of Things

Author

Hu Xiong, Xin Huang, Shui Yu, Minghao Yang, and Lili Wang

Subjects

Revocation, Computer Networks and Communications, Computer science, business.industry, Decision Linear assumption, Initialization, Cloud computing, Access control, Encryption, Computer Science Applications, Hardware and Architecture, Signal Processing, Attribute-based encryption, business, Information Systems, Computer network, Access structure

Abstract

Existing attribute-based encryption schemes with revocation to secure the cloud-assisted internet of things (IoTs) raise challenges such as eliminating the need for predefined public parameters in system initialization, performing the encryption and decryption operations efficiently and achieving adaptive security under standard security assumption. In this paper, we addresses these challenges by proposing an unbounded and efficient revocable attribute-based encryption scheme with adaptive security for cloud-assisted IoTs. Distinct from the previous approaches in this field, our scheme not only efficiently realizes access control over encrypted data in a fine-grained and revocable way, but also is proved to be adaptively secure under standard decision linear assumption. Meanwhile, the parameters don’t need to be pre-defined in the system initialization and thus our scheme satisfies the unbounded property. Moreover, the monotonic span program (MSP) is elegantly utilized as the access structure to reduce the number of bilinear pairing and exponentiation operations for encryption and decryption. Theoretical performance analysis and experiment evaluation disclose that our proposed scheme owns outstanding feasibility, efficiency, and effectiveness.

Published

2022

4. Privacy information verification of homomorphic algorithm for aggregated data based on fog layer structure

Author

Xin Li, Zhenmin Qiao, and Ruitao Liu

Subjects

Upload, Computer Networks and Communications, business.industry, Computer science, Node (networking), Ciphertext, Process (computing), Homomorphic encryption, Access control, Encryption, business, Algorithm, Access structure

Abstract

Becoming a vital position in the interconnection industry of the Internet of Things, IIoT has promoted the conversion of traditional industries to intelligent industries. However, it is necessary further to solve the security and privacy threats in IIoT while reducing communication bandwidth and computing resource consumption to carry out research. In order to solve the problem of user privacy leakage caused by the access structure, a fog computing-oriented access control structure hiding scheme is proposed in the paper. The Paillier homomorphic filter algorithm is introduced in the fog calculation. The Paillier homomorphic algorithm hides the mapping function in the access structure during the data upload process, achieving the effect of completely hiding the access structure. Moreover, the ciphertext is stored separately from the access structure, and the Paillier homomorphic algorithm is run through the fog node during the decryption process to detect whether the attributes of the data user exist in the hidden access structure. If it exists, reconstruct the mapping function and send it to the data user, who then downloads and decrypts the ciphertext. If it does not exist, it means that the data user does not meet the access conditions of the data, and there is no need to download and decrypt the ciphertext. Meanwhile, a simulation experiment platform is constructed in the paper to distinguish the performance of the method proposed in the paper from other similar methods, proving the efficiency and practicability of the scheme.

Published

2022

5. A Blockchain-Based CP-ABE Scheme with Partially Hidden Access Structures

Author

Yang Ba, Xuexian Hu, Zenghang Hao, Xincheng Yan, Chen Yue, and Xuewei Li

Subjects

Science (General), Article Subject, Computer Networks and Communications, Computer science, business.industry, Big data, Access control, Encryption, Data sharing, Q1-390, Data integrity, Ciphertext, Key (cryptography), T1-995, business, Technology (General), Information Systems, Access structure, Computer network

Abstract

Data sharing has become a key technology to break down data silos in the big data era. Ciphertext-policy attribute-based encryption (CP-ABE) is widely used in secure data-sharing schemes to realize flexible and fine-grained access control. However, in traditional CP-ABE schemes, the access structure is directly shared along with the ciphertext, potentially leading to users’ private information leakage. Outsourcing data to a centralized third party can easily result in privacy leakage and single-point bottlenecks, and the lack of transparency in data storage and sharing casts doubts whether users’ data are safe. To address these issues, we propose a blockchain-based CP-ABE scheme with partially hidden access structures (BCP-ABE-PHAS) to achieve fine-grained access control while ensuring user privacy. First, we propose an efficient CP-ABE scheme with partially hidden access structures, where the ciphertext size is constant. To assist data decryption, we design a garbled Bloom filter to help users quickly locate the position of wildcards in the access structure. Then, to improve storage efficiency and system scalability, we propose a data storage scheme that combines blockchain technology and the interplanetary file system, ensuring data integrity. Finally, we employ smart contracts for a transparent data storage and sharing process without third-party participation. Security analysis and performance evaluation show that the proposed BCP-ABE-PHAS scheme can preserve policy privacy with efficient storage and low computational overhead.

Published

2021

6. Secret Sharing Schemes from Linear Codes over F2+vF2+v2F2

Author

Zhu Shixin, LI Fulin, and Wang Yaru

Subjects

Discrete mathematics, Finite ring, business.industry, Applied Mathematics, Cryptography, Type (model theory), Linear code, Secret sharing, Finite field, Torsion (algebra), Electrical and Electronic Engineering, business, Mathematics, Access structure

Abstract

Secret sharing is an important concept in cryptography, however it is a difficult problem to determine the access structure of the secret sharing scheme based on a linear code. In this work, we construct two-weight linear codes over finite field by using linear codes over finite ring. We first study MacDonald codes over the finite ring $\mathbb{F}_2$+v$\mathbb{F}_2$+v2$\mathbb{F}_2$ with v3=v. Then we give torsion codes of MacDonald codes of type α and β, which are two-weight linear codes. Finally we give the access structures of secret sharing schemes based on the dual codes of the two-weight codes.

Published

2021

7. PAC: Privacy preserving proxy re-encryption for access control in public cloud

Author

Payal Chaudhari and Manik Lal Das

Subjects

Information Systems and Management, Computer science, business.industry, Cloud computing, Access control, Computer security, computer.software_genre, Proxy re-encryption, Computer Science Applications, Privacy preserving, Attribute-based encryption, business, Proxy (statistics), computer, Software, Anonymity, Access structure

Abstract

Proxy re-encryption is an essential prerequisite that facilitates a foreign entity (e.g., cloud server) to enforce the access of provisions of a document extended by one user to another user. While...

Published

2021

8. A CP-ABE scheme based on multi-authority in hybrid clouds for mobile devices

Author

Haibo Hong, Mande Xie, Jun Shao, and Yingying Ruan

Subjects

Scheme (programming language), Computer Networks and Communications, business.industry, Computer science, 020206 networking & telecommunications, Context (language use), Cloud computing, Access control, 02 engineering and technology, Encryption, Hardware and Architecture, Software deployment, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, business, Mobile device, computer, Software, Access structure, Computer network, computer.programming_language

Abstract

With the rapid development of cloud computing, the ensuing security issues have become increasingly prominent. In this context, attribute-based encryption (ABE) has gradually attracted widespread attentions due to its unique attribute matching mechanism. At the same time, mobile devices have put forward higher requirements for the design and deployment of ABE schemes. Therefore, in this paper, we propose an original hybrid cloud multi-authority ciphertext-policy attribute-based encryption (HCMACP-ABE) scheme. Specifically, we utilize the LSSS (Linear Secret-Sharing Schemes) access structure to realize secure access control, while the private cloud is responsible for maintaining the user’s authorization list and verifying the user. Finally, we prove that our proposal achieves IND-CCA secure and is efficient in a mobile hybrid cloud environment.

Published

2021

9. On ideal homomorphic secret sharing schemes and their decomposition

Author

Maghsoud Parviz, Shahram Khazaei, Mohammad-Mahdi Rafiei, F. Ghasemi, and Reza Kaboli

Subjects

Homomorphic secret sharing, Ideal (set theory), Theoretical computer science, business.industry, Applied Mathematics, Cryptography, Secret sharing, Computer Science Applications, Scheme (mathematics), Decomposition (computer science), business, Quotient, Access structure, Mathematics

Abstract

In 1992, Frankel and Desmedt introduced a technique that enables one to reduce the secret space of an ideal homomorphic secret sharing scheme (IHSSS) into any of its characteristic subgroups. In this paper, we propose a similar technique to reduce the secret space of IHSSSs called the quotient technique. By using the quotient technique, we show that it is possible to yield an ideal linear scheme from an IHSSS for the same access structure, providing an alternative proof of a recent result by Jafari and Khazaei. Moreover, we introduce the concept of decomposition of secret sharing schemes. We give a decomposition for IHSSSs, and as an application, we present a necessary and sufficient condition for an IHSSS to be mixed-linear. Continuing this line of research, we explore the decomposability of some other scheme classes.

Published

2021

10. An efficient outsourcing attribute-based encryption scheme in 5G mobile network environments

Author

Zhiqiang Zhang, Xueyan Liu, Xiaodong Yang, Longbo Han, and Suzhen Cao

Subjects

Computer Networks and Communications, business.industry, Computer science, 020206 networking & telecommunications, Plaintext, Data_CODINGANDINFORMATIONTHEORY, 02 engineering and technology, Encryption, Symmetric-key algorithm, Ciphertext, 0202 electrical engineering, electronic engineering, information engineering, Hybrid cryptosystem, 020201 artificial intelligence & image processing, Attribute-based encryption, Key encapsulation, business, Software, Computer network, Access structure

Abstract

Attribute-based encryption (ABE) provides a fine-grained access control mode for multiuser network environments. The popularity of 5th generation (5G) mobile network applications has greatly increased the data transmission rate, but mobile terminal devices with limited resources in the network have difficulty with the high computational overhead of ABE in wireless communication. In response to this problem, this paper proposes a hybrid encryption online/offline ciphertext policy attribute-based encryption (CP-ABE) scheme for 5G. In the scheme, the data owner uses symmetric encryption technology to perform data encapsulation on plaintext and outsources the encapsulated plaintext to the cloud user assistant (CUA) for offline calculation. Key encapsulation is performed on a symmetric key to form the final ciphertext, and it is uploaded to the cloud server. After the data user obtains the ciphertext, it is handed over to the CUA for offline decryption calculation. If the access structure is satisfied, the encapsulated ciphertext can be obtained, and then the symmetric key is used to decrypt the ciphertext. In the scheme, the correctness of the symmetric key can be verified to prevent malicious tampering in the process of transmission. It is indicated that the scheme is secure after being tested with the decisional q-Parallel Bilinear Diffie-Hellman Exponent (BDHE). Numerical analysis shows that the scheme has decreased computational overhead and can achieve fine-grained access control of user decryption rights.

Published

2021

11. Complex and flexible data access policy in attribute-based encryption

Author

Shengzhou Hu, Hua He, Xingfu Wang, and Tingting Zhong

Subjects

Theoretical computer science, business.industry, Computer science, Cloud computing, Expression (computer science), Encryption, Theoretical Computer Science, Random oracle, Data access, Hardware and Architecture, Ciphertext, Attribute-based encryption, business, Software, Information Systems, Access structure

Abstract

With the development of cloud computing application, attribute-based encryption (ABE) with flexibly fine-grained data access control is widely adopted. However, traditional data access structures are mainly constructed on independent and fixed attribute values. The data access policies in traditional ABE schemes don’t express the relationship of different attributes and the dynamic attribute values. Those seriously restrict wider application of ABE techonlogy. To resolve the problem, condition expression (CE) is first adopted to describe the demanded condition of attribute variables, which also includes combination operation related to many different attribute variables. A rule of CE is established to generate a concreted CE with unique form for an attribute condition. A running function of CE is presented to judge whether the related attribute values satisfy the specified CE automatically. In this article, we provide a ciphertext-policy ABE scheme which adopts the and-gate multi-value attribute access structure with additional CE (and-gate-CE), which has constant ciphertext length and can be proven CPA-secure under the decision q-BDHE assumption in random oracle model. Our scheme realizes to provide a more general data access policy with complicated and flexible CE in and-gate multi-value ABE scheme.

Published

2021

12. A Novel Attribute-Based Encryption Approach with Integrity Verification for CAD Assembly Models

Author

Yaqian Liang, Yueting Yang, Soonhung Han, Fazhi He, and Yuan Cheng

Subjects

Environmental Engineering, General Computer Science, Computer science, Materials Science (miscellaneous), General Chemical Engineering, Distributed computing, Energy Engineering and Power Technology, CAD, 02 engineering and technology, 010402 general chemistry, Merkle tree, Encryption, 01 natural sciences, Ciphertext, Co-design, Cloud manufacturing, Access structure, Information security, business.industry, General Engineering, 021001 nanoscience & nanotechnology, Engineering (General). Civil engineering (General), Cloud-based design and manufacture, 0104 chemical sciences, Tree (data structure), CAD assembly models, Attribute-based encryption, TA1-2040, 0210 nano-technology, business

Abstract

Cloud manufacturing is one of the three key technologies that enable intelligent manufacturing. This paper presents a novel attribute-based encryption (ABE) approach for computer-aided design (CAD) assembly models to effectively support hierarchical access control, integrity verification, and deformation protection for co-design scenarios in cloud manufacturing. An assembly hierarchy access tree (AHAT) is designed as the hierarchical access structure. Attribute-related ciphertext elements, which are contained in an assembly ciphertext (ACT) file, are adapted for content keys decryption instead of CAD component files. We modify the original Merkle tree (MT) and reconstruct an assembly MT. The proposed ABE framework has the ability to combine the deformation protection method with a content privacy of CAD models. The proposed encryption scheme is demonstrated to be secure under the standard assumption. Experimental simulation on typical CAD assembly models demonstrates that the proposed approach is feasible in applications.

Published

2021

13. Boolean functions with six-valued Walsh spectra and their application

Author

Xiaoni Du, Yanzhong Sun, Wengang Jin, and Cuiling Fan

Subjects

Discrete mathematics, Monomial, Computer Networks and Communications, business.industry, Applied Mathematics, Bent molecular geometry, 020206 networking & telecommunications, 0102 computer and information sciences, 02 engineering and technology, Coding theory, Lambda, 01 natural sciences, Secret sharing, Computational Theory and Mathematics, Symmetric-key algorithm, 010201 computation theory & mathematics, 0202 electrical engineering, electronic engineering, information engineering, Boolean function, business, Access structure, Mathematics

Abstract

Boolean functions play an important role in coding theory and symmetric cryptography. In this paper, three classes of Boolean functions with six-valued Walsh spectra are presented and their Walsh spectrum distributions are determined. They are derived from three classes of bent functions by complementing the values of the functions at three different points, where the bent functions are the Maiorana-McFarland types, Dillon $\mathcal {PS}_{ap}$ types and the monomial form $T{r^{n}_{1}}(\lambda x^{r(2^{m}-1)})$ , respectively. As an application, we construct some classes of binary linear codes and it turns out that these codes can be used in secret sharing schemes with interesting access structure.

Published

2021

14. APPLSS: Adaptive privacy preserved location sharing scheme based on attribute-based encryption

Author

Yu Li, Xi Lin, Shuaishuai Zhu, and Yiliang Han

Subjects

Service (business), 021110 strategic, defence & security studies, Computer Networks and Communications, business.industry, Computer science, Quality of service, 0211 other engineering and technologies, 020206 networking & telecommunications, Access control, 02 engineering and technology, Service provider, Encryption, Server, 0202 electrical engineering, electronic engineering, information engineering, Attribute-based encryption, Electrical and Electronic Engineering, business, Computer network, Access structure

Abstract

Unauthorized access to location information in location-based service is one of the most critical security threats to mobile Internet. In order to solve the problem of quality of location sharing while keeping privacy preserved, adaptive privacy preserved location sharing scheme called APPLSS is proposed, which is based on a new hierarchical ciphertext-policy attribute-based encryption algorithm. In the algorithm, attribute authority sets the attribute vector according to the attribute tags of registration from the location service providers. Then the attribute vector can be adaptively transformed into an access structure to control the encryption and decryption. The APPLSS offers a natural hierarchical mechanism in protecting location information when partially sharing it in mobile networks. It allows service providers access to end user's sensitive location more flexibly, and satisfies a sufficient-but-no-more strategy. For end-users, the quality of service is obtained while no extra location privacy is leaked. To improve service response performance, outsourced decryption is deployed to avoid the bottlenecks of the service providers and location information providers. The performance analysis and experiments show that APPLSS is an efficient and practical location sharing scheme.

Published

2021

15. PHAS-HEKR-CP-ABE: partially policy-hidden CP-ABE with highly efficient key revocation in cloud data sharing system

Author

Hu Xiong, Zhiguang Qin, Wei Zhang, and Zhishuo Zhang

Subjects

Dictionary attack, General Computer Science, business.industry, Computer science, 020206 networking & telecommunications, Plaintext, Cloud computing, Data_CODINGANDINFORMATIONTHEORY, 02 engineering and technology, Computer security, computer.software_genre, Encryption, Secret sharing, Random oracle, Ciphertext, Key revocation, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, business, computer, Private information retrieval, Access structure

Abstract

In recent years, attribute-based encryption (ABE) provides a new idea to help researchers solving the problem of data privacy protection in cloud. But there are two issues in traditional ABE, the first issue is that the attributes in the access structures will be sent to users in cleartext together with the ciphertext. So a attacker has the opportunity to obtain some of the private information from the plaintext access structure. And the other issue is the traditional ABE scheme cannot revoke the users' illegal keys in an efficient way. To handle both of the above challenges, we come up with a large universe ciphertext-policy ABE (CP-ABE) scheme which supports partially hidden access structures (PHAS) and highly efficient key revocation at the same time in this paper. What's more, unlike most previous schemes, first our access structure is based on the expressive linear secret sharing scheme (LSSS) which supports both AND and OR gates in access formulas and second our scheme is built from the prime-order bilinear pairing groups. The comparison with other relevant works presents that our scheme is more comprehensive and efficient. Finally we rigorously prove and analyze that our scheme is selectively indistinguishable secure under chosen plaintext attacks (IND-CPA) in the random oracle model (ROM) and our access structure is really anonymous against off-line dictionary attacks.

Published

2021

16. Secure Ride-Sharing Services Based on a Consortium Blockchain

Author

Xiaohong Zhang and Di Wang

Subjects

Service (business), 021110 strategic, defence & security studies, Security analysis, Computer Networks and Communications, Computer science, business.industry, Node (networking), 0211 other engineering and technologies, 020302 automobile design & engineering, 02 engineering and technology, Encryption, Computer security, computer.software_genre, Computer Science Applications, 0203 mechanical engineering, Hardware and Architecture, Signal Processing, Ciphertext, Confidentiality, business, computer, Information Systems, Access structure

Abstract

Due to poor traffic conditions and the high costs of traveling by private cars, ride sharing has become a popular means to trip. In view of the security threats and centralization existing in the current ride-sharing service, we propose a secure ride-sharing scheme based on a consortium blockchain, which can guarantee the security, confidentiality, and privacy of data interaction via attribute-based proxy re-encryption algorithm. First, the passenger presets the access structure and encrypts the data using attribute-based encryption. The ciphertext is then sent to the roadside unit (RSU), which broadcasts the carpooling request to the driver. After receiving the request, the driver sends the itinerary attribute to RSU, which performs carpool matching according to received ciphertext and itinerary attributes, then the ciphertext is re-encrypted and sent to the matched driver. Second, the master node uses an improved Delegated Proof-of-Stake (DPoS) consensus to verify the carpool record, which is stored on the blockchain after the verification is successful. In case of disputes, block data can be utilized for traceability. Third, drivers and passengers use the credibility mechanism to score each other after ride sharing. In addition, trusted authority can reveal the real identity of malicious users. Finally, we conduct a security analysis and performance evaluation for our proposed scheme. The results manifest that our scheme not only meets the security and privacy requirements of ride-sharing services but also effectively resists potential security risks. Therefore, our scheme is feasible, efficient, and suitable for ride-sharing services.

Published

2021

17. ABKS-PBM: Attribute-Based Keyword Search With Partial Bilinear Map

Author

Mahdi Zareei, Nazri Kama, Faisal Alanazi, Masoom Alam, Adeel Anjum, Shawal Khan, and Shahzad Khan

Subjects

020203 distributed computing, 021110 strategic, defence & security studies, General Computer Science, business.industry, Computer science, Software as a service, 0211 other engineering and technologies, General Engineering, access control, Access control, Cloud computing, 02 engineering and technology, Encryption, Secret sharing, Attribute-based encryption, 0202 electrical engineering, electronic engineering, information engineering, Key (cryptography), Overhead (computing), General Materials Science, lcsh:Electrical engineering. Electronics. Nuclear engineering, searchable encryption, business, lcsh:TK1-9971, Access structure, Computer network

Abstract

The way services offered by cloud computing gets its unprecedented and undisputed popularity, so its security concerns. Among them the storage as service model (SaaS) is of the forefront of these concerns. SaaS liberates individuals and enterprises from management of IT infrastructure and data centers to concentrate on their core business. Because of untrusted and out-of-premise architecture users are reluctant to outsource their personal and important data. Encryption before outsourcing addresses some of these issues but at the same time strips the data of its useful operation such as sharing and searching. Now to address this issue, the combination of keyword based searchable encryption (KSE) and attribute-based encryption (ABE) leads to an attribute-based keyword searching (ABKS). The resultant combined concept is capable of fine-grained search operation in the multi-owner/multi-user (M/M) setting. However, the underlying costly pairing operation and complex secret sharing mechanism of ABE makes it unsuitable in practical application for resource-limited devices. On top of it, in most of the existing ABKS schemes the size of the secret key and its associated pairing operation linearly expands to the number of attributes. This paper aims at presenting a novel ABKS scheme with pairing-free access verification and constant size secret key based on AND gate access structure and ciphertext-policy (CP) framework. The security of the proposed work is reduced to the standard Decisional Diffie-Hellmen (DDH) assumption, and also collision free and error tolerant. Finally, the performance evaluation and experimental results shows that the proposed scheme improved the overall efficiency and communication overhead.

Published

2021

18. A Secure and Policy-Controlled Signature Scheme With Strong Expressiveness and Privacy-Preserving Policy

Author

Xurui Zheng, Fuyong Zheng, Xianming Liu, Dejun Wang, Jun Wang, and Bo Meng

Subjects

Information privacy, Theoretical computer science, Correctness, General Computer Science, Computer science, privacy-preserving, 02 engineering and technology, Permission, Encryption, Secret sharing, Random oracle, linear secret sharing scheme, 0202 electrical engineering, electronic engineering, information engineering, General Materials Science, Private information retrieval, Access structure, business.industry, composite order bilinear groups, General Engineering, 020206 networking & telecommunications, Signature (logic), Policy-controlled signature, 020201 artificial intelligence & image processing, lcsh:Electrical engineering. Electronics. Nuclear engineering, business, lcsh:TK1-9971

Abstract

The policy-controlled signature (PCS) scheme uses the access policy to control signature verification permission. However public access policy that may contain private information will leak user privacy. At the same time, the expressiveness of access structures in the PCS schemes is weak. Therefore, we propose a policy-controlled signature scheme with strong expressiveness and privacy-preserving policy (PCS-PP), in which linear secret sharing schemes is to design access structure which has strong expression, the three primes composite order bilinear groups is used to hide the attribute value into the attribute name that may expose the privacy data by data distortion concept. The proposed PCS-PP scheme not only has correctness and privacy-preserving policy, but also supports fine-grained signature verification. In addition, the unforgeability is proved in the random oracle model. Compared to the related schemes, the proposed PCS-PP scheme has superiority in features, computation cost and storage.

Published

2021

19. Secret sharing and duality

Author

László Csirmaz

Subjects

FOS: Computer and information sciences, Computer science, Computer Science - Information Theory, Open problem, Duality (mathematics), Cryptography, 0102 computer and information sciences, 02 engineering and technology, 94a15, 05B35, 94A15, 06D50, 94A62, 01 natural sciences, Secret sharing, 94a62, FOS: Mathematics, QA1-939, 0202 electrical engineering, electronic engineering, information engineering, Mathematics - Combinatorics, 05b35, matroid ports, Access structure, Discrete mathematics, ideal access structure, Ideal (set theory), business.industry, Information Theory (cs.IT), Applied Mathematics, 020206 networking & telecommunications, Computer Science Applications, Dual (category theory), Computational Mathematics, 010201 computation theory & mathematics, secret sharing, almost entropic polymatroid, matroid, duality, Combinatorics (math.CO), 06d50, business, Mathematics, Dual access

Abstract

Secret sharing is an important building block in cryptography. All explicit secret sharing schemes which are known to have optimal complexity are multi-linear, thus are closely related to linear codes. The dual of such a linear scheme, in the sense of duality of linear codes, gives another scheme for the dual access structure. These schemes have the same complexity, namely the largest share size relative to the secret size is the same. It is a long-standing open problem whether this fact is true in general: the complexity of any access structure is the same as the complexity of its dual. We give a partial answer to this question. An almost perfect scheme allows negligible errors, both in the recovery and in the independence. There exists an almost perfect ideal scheme on 174 participants whose complexity is strictly smaller than that of its dual.

Published

2020

20. Attribute-Based Encryption With Parallel Outsourced Decryption for Edge Intelligent IoV

Author

Shahid Mumtaz, Keping Yu, Mamoun Alazab, Chaosheng Feng, Moayad Aloqaily, and Zhihan Lv

Subjects

Computer Networks and Communications, business.industry, Computer science, Distributed computing, Aerospace Engineering, 020302 automobile design & engineering, Cloud computing, Data_CODINGANDINFORMATIONTHEORY, 02 engineering and technology, Encryption, Electronic mail, Tree (data structure), 0203 mechanical engineering, Automotive Engineering, The Internet, Enhanced Data Rates for GSM Evolution, Attribute-based encryption, Electrical and Electronic Engineering, business, Access structure

Abstract

Edge intelligence is an emerging concept referring to processes in which data are collected and analyzed and insights are delivered close to where the data are captured in a network using a selection of advanced intelligent technologies. As a promising solution to solve the problems of insufficient computing capacity and transmission latency, the edge intelligence-empowered Internet of Vehicles (IoV) is being widely investigated in both academia and industry. However, data sharing security in edge intelligent IoV is a challenge that should be solved with priority. Although attribute-based encryption (ABE) is capable of addressing this challenge, many time-consuming modular exponential operations and bilinear pair operations as well as serial computing cause ABE to have a slow decryption speed. Consequently, it cannot address the response time requirement of edge intelligent IoV. Given this problem, an ABE model with parallel outsourced decryption for edge intelligent IoV, called ABEM-POD , is proposed. It includes a generic parallel outsourced decryption method for ABE based on Spark and MapReduce. This method is applicable to all ABE schemes with a tree access structure and can be applied to edge intelligent IoV. Any ABE scheme based on the proposed model not only supports parallel outsourced decryption but also has the same security as the original scheme. In this paper, ABEM-POD has been applied to three representative ABE schemes, and the experiments show that the proposed ABEM-POD is efficient and easy to use. This approach can significantly improve the speed of outsourced decryption to address the response time requirement for edge intelligent IoV.

Published

2020

21. Advanced attribute-based encryption protocol based on the modified secret sharing scheme

Author

Evgeniy O. Kiktenko, Mikhail A. Kudinov, Alexey Anatol'evich Chilikov, and Aleksey Fedorov

Subjects

Scheme (programming language), 021110 strategic, defence & security studies, Theoretical computer science, business.industry, Computer science, 0211 other engineering and technologies, 02 engineering and technology, Construct (python library), Cryptographic protocol, Encryption, Secret sharing, Computational Theory and Mathematics, Hardware and Architecture, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, Computer Science (miscellaneous), Attribute-based encryption, business, Protocol (object-oriented programming), computer, Software, Access structure, computer.programming_language

Abstract

We construct a new protocol for attribute-based encryption with the use of the modification of the standard secret sharing scheme. In the suggested modification of the secret sharing scheme, only one master key for each user is required that is achieved by linearly enlarging public parameters in access formula. We then use this scheme for designing an attribute-based encryption protocol related to some access structure in terms of attributes. We demonstrate that the universe of possible attributes does not affect the resulting efficiency of the scheme. The security proofs for both constructions are provided.

Published

2020

22. An attribute-based keyword search for m-Health networks

Author

Mamta and Brij B. Gupta

Subjects

021110 strategic, defence & security studies, Computational complexity theory, business.industry, Computer science, 0211 other engineering and technologies, 02 engineering and technology, Computer security model, Encryption, Computational Theory and Mathematics, Hardware and Architecture, 020204 information systems, Server, Ciphertext, 0202 electrical engineering, electronic engineering, information engineering, Computer Science (miscellaneous), business, Mobile device, Software, AND gate, Computer network, Access structure

Abstract

m-Health stands for mobile health, where mobile devices are used for collecting and distributing health-related data. As the information related to personal health is sensitive in nature, so it should be encrypted first before storing it at the potentially untrusted servers. However, encryption severely affects basic sharing and search operations. To address these issues, a combination of attribute-based encryption and searchable encryption is devised, which enables secure fine-grained search over encrypted data. But the resultant technique incurs high computational complexity, which makes it unsuitable for resource-constrained mobile devices. So, in order to deploy it to mobile devices, searchable encryption should generate constant size secret keys and ciphertexts. However, in existing attribute-based keyword search (ABKS) schemes, the size of the secret key and the ciphertext is proportional to the number of attributes, thus resulting in linear complexity. In this paper, we have proposed a novel ABKS scheme with constant-size secret keys and ciphertexts, thus further reducing the computational cost. Our scheme uses a ciphertext-policy (CP) design framework and supports an AND gate access structure. Further, the proposed CP-ABKS scheme can be proved secure in the selective security model under augmented multi-sequence of exponents decisional Diffie-Hellman assumption.

Published

2020

23. A New Approach to Verifying and Sharing a Secret QR Code using Elliptic Curves

Author

Hind Ikni and Hichem Bouchakour Errahmani

Subjects

Discrete logarithm, Computer science, business.industry, Code (cryptography), Cryptography, Verifiable secret sharing, Shared secret, Elliptic curve cryptography, business, Wireless sensor network, Computer network, Access structure

Abstract

One of the modern applications of cryptography is the sharing of secrets in occurrence keys. Indeed, the need to establish a shared secret key in a multi-user system clearly remains a major problem of trust between users. Therefore, one solution is to share this secret key between users seamlessly. New technologies embedded systems such as sensor networks provide an ideal platform for sharing secrets. In addition, elliptic curves offer an adequate solution for reducing the size of keys, which is suitable for embedded systems. In this article, we propose an approach for sharing a secret leaked in a QR code adapted for a multiuser system, where each user has the ability to verify its share by an access structure. The system allows a recovery without loss of data in this case the QR code used.

Published

2020

24. Efficient attribute-based encryption with repeated attributes optimization

Author

Fawad Khan, Tahreem Yaqoob, Hui Li, Yinghui Zhang, and Haider Abbas

Subjects

Computer Networks and Communications, Computer science, business.industry, Distributed computing, Cryptography, Access control, Encryption, Secret sharing, Ciphertext, Overhead (computing), Attribute-based encryption, Safety, Risk, Reliability and Quality, business, Software, Information Systems, Access structure

Abstract

Internet of Things (IoT) is an integration of various technologies to provide technological enhancements. To enforce access control on low power operated battery constrained devices is a challenging issue in IoT scenarios. Attribute-based encryption (ABE) has emerged as an access control mechanism to allow users to encrypt and decrypt data based on an attributes policy. However, to accommodate the expressiveness of policy for practical application scenarios, attributes may be repeated in a policy. For certain policies, the attributes repetition cannot be avoided even after applying the boolean optimization techniques to attain an equivalent smaller length boolean formula. For such policies, the evaluated secret shares are also multiple for repeated attributes; hence, the ciphertext computed for those irreducible policies is long and computational effort is more. To address this issue, a new CP-ABE scheme is proposed which employs our Repeated Attributes Optimization algorithm by which the Linear Secret Sharing Scheme matrix sent along with ciphertext will contain the access structure of policy including attributes appearing multiple times, but the ciphertext will only be evaluated for unique non-repeated attributes. Security and performance analysis show that the proposed construction fulfils its goals of achieving desired security with low communication overhead and computational cost for resource-constrained devices.

Published

2020

25. Attribute-Based Authenticated Group Key Transfer Protocol without Pairing

Author

Abhimanyu Kumar and Reshu Verma

Subjects

Authentication, business.industry, Computer science, 020206 networking & telecommunications, Access control, 02 engineering and technology, Computer security, computer.software_genre, Computer Science Applications, Shamir's Secret Sharing, 0202 electrical engineering, electronic engineering, information engineering, Key (cryptography), 020201 artificial intelligence & image processing, Session (computer science), Electrical and Electronic Engineering, business, Protocol (object-oriented programming), computer, Group key, Access structure

Abstract

Group key establishment protocol is the primary requirement of several group-ware applications, like secure conferences, pay per view, collaborative work space that needs to establish a secure session among a group of participants. However, some of the applications often need to establish a secure session among the participants without knowing their actual identities. In such cases, the legitimacy of participants is decided based up on a descriptive set of attributes usually called as access structure. The participants should have sufficient set of attributes to satisfy the access structure, which are to consider as authenticated and eligible for the group conversation. This paper introducing an attribute based authenticated group key transfer protocol without using bilinear pairing. Group key management based on attributes gives fine-grained access control over the group of members that are authenticated by the set of attributes. The proposed protocol uses, Shamir Secret Sharing and elliptic curve arithmetic instead of bilinear pairing computations. The members are authenticated based on the access structure defined by the session initiator. The group key is securely transferred to only those participants, who are authenticated by their attributes. The authentication process of proposed protocol is information theoretically secure, while the key confidentiality relies on the intractability of Elliptic Curve Discrete Logarithm Problem.

Published

2020

26. Message randomization and strong security in quantum stabilizer-based secret sharing for classical secrets

Author

Ryutaroh Matsumoto

Subjects

FOS: Computer and information sciences, TheoryofComputation_MISCELLANEOUS, Scheme (programming language), Computer Science - Cryptography and Security, Theoretical computer science, Strong security, Computer Science - Information Theory, FOS: Physical sciences, Cryptography, 02 engineering and technology, 01 natural sciences, Secret sharing, Gilbert–Varshamove bound, Set (abstract data type), Encoding (memory), Computer Science::Multimedia, 0103 physical sciences, 0202 electrical engineering, electronic engineering, information engineering, 010306 general physics, Quantum, Computer Science::Cryptography and Security, Access structure, Mathematics, computer.programming_language, Flexibility (engineering), Quantum Physics, business.industry, Information Theory (cs.IT), Applied Mathematics, 94A62 81P70 94B65, 020206 networking & telecommunications, Quantum error-correcting code, Computer Science Applications, Quantum Physics (quant-ph), business, Cryptography and Security (cs.CR), computer

Abstract

We improve the flexibility in designing access structures of quantum stabilizer-based secret sharing schemes for classical secrets, by introducing message randomization in their encoding procedures. We generalize the Gilbert-Varshamov bound for deterministic encoding to randomized encoding of classical secrets. We also provide an explicit example of a ramp secret sharing scheme with which multiple symbols in its classical secret are revealed to an intermediate set, and justify the necessity of incorporating strong security criterion of conventional secret sharing. Finally, we propose an explicit construction of strongly secure ramp secret sharing scheme by quantum stabilizers, which can support twice as large classical secrets as the McEliece-Sarwate strongly secure ramp secret sharing scheme of the same share size and the access structure., Publisher's Open Access PDF. arXiv admin note: text overlap with arXiv:1811.05217

Published

2020

27. An attribute-based lightweight cloud data access control using hypergraph structure

Author

R. Mythili, T. Sai Raj, and Revathi Venkataraman

Subjects

020203 distributed computing, Cryptographic primitive, business.industry, Computer science, Cloud computing, Cryptography, Access control, 02 engineering and technology, Encryption, Theoretical Computer Science, File sharing, Hardware and Architecture, Ciphertext, 0202 electrical engineering, electronic engineering, information engineering, business, Cloud storage, Software, Information Systems, Computer network, Key size, Access structure, Signcryption

Abstract

Cloud file storage systems are the current trend of enterprises and also of individual users. Due to the malicious or unauthorized users, file sharing among the cloud users has become the biggest challenge in the recent times. Attribute-based signcryption (ABSC) is known as the versatile cryptographic primitive which achieves the fine-grained access control over robust cloud storage. ABSC combines attribute-based encryption (ABE) and attribute-based signatures to achieve privacy-oriented confidentiality along with the authenticity. Unfortunately, most of the present ABE and ABSC schemes leverage heavy computational overheads against the key length, the ciphertext size or the expressive access structures used. In this paper, a new ABSC scheme is devised to reduce computational overheads, more particularly, at cloud by introducing the more expressive hypergraph access structure, Attribute HyperGraph. On a positive note, the proposed system outperforms and shows less cloud computational timing without exponentiations unlike Deng et al. (IEEE Access 6:39473–39486, 2018. https://doi.org/10.1109/ACCESS.2018.2843778 ), Liu et al. (Future Gener Comput Syst 52:67–76, 2015. https://doi.org/10.1016/j.future.2014.10.014 ) and Li et al. (IEEE Trans Parallel Distrib Syst 25(8):2201–2210, 2014. https://doi.org/10.1109/TPDS.2013.271 ) schemes. Subsequently, the system does not incur any cryptographic computations associated with designcryption at cloud unlike Deng et al. (2018).

Published

2020

28. Ciphertext-Policy Hierarchical Attribute-Based Encryption Against Key-Delegation Abuse for IoT-Connected Healthcare System

Author

Han-Chieh Chao, Yun Liu, Xi Chen, and Yong Li

Subjects

Information privacy, General Computer Science, Computer science, key-delegation abuse, media_common.quotation_subject, Internet of Things, Data security, ciphertext-policy, 02 engineering and technology, Encryption, Computer security, computer.software_genre, law.invention, law, Ciphertext, 0202 electrical engineering, electronic engineering, information engineering, General Materials Science, Access structure, media_common, Delegation, business.industry, General Engineering, white box traceability, 020206 networking & telecommunications, hierarchical attribute-based encryption, Data sharing, 020201 artificial intelligence & image processing, Attribute-based encryption, lcsh:Electrical engineering. Electronics. Nuclear engineering, business, Cryptanalysis, computer, lcsh:TK1-9971

Abstract

With the maturity of technologies such as Internet of Things (IoT) and Cloud Computing, more and more medical institutions share patient's medical data in the IoT-connected healthcare system, whereas it also brings hidden dangers to data security and privacy protection. The application of Hierarchical Attribute-Based Encryption (HABE) in IoT-connected healthcare system helps to solve the problem of data sharing with a large number of users. Delegation is a function of HABE, which can realize the transfer of hierarchical user access rights, effectively reducing the workload of the trusted authority. However, when “delegation” is used to generate decryption keys for users who do not comply with the access structure, the “key-delegation abuse” problem arises, which can seriously damage the privacy of patient's data. Nevertheless, it has not attracted much attention in previous research. This paper proposes the problem of key-delegation abuse in Ciphertext-Policy Hierarchical Attribute-Based Encryption (CP-HABE). After the cryptanalysis of typical schemes, we conclude two reasons for key-delegation abuse in CP-HABE, which are randomizing the original key elements or keeping parts of them in a new decryption key. This paper proposes a new mechanism specifically by using directed graph and construct a CP-HABE scheme against key-delegation abuse (CP-HABE-AKDA). Aiming at the scenario of key leaking, we further present the traceable CP-HABE-AKDA solution for the IoT-connected healthcare system, which has the additional function of tracking and verifying the identity of key leaker.

Published

2020

29. Efficient and Expressive Access Control With Revocation for Privacy of PHR Based on OBDD Access Structure

Author

Beakcheol Jang, Jong Wook Kim, and Kennedy Edemacu

Subjects

Scheme (programming language), General Computer Science, Revocation, Computer science, business.industry, General Engineering, Data security, Access control, Cloud computing, attribute/user revocation, security and privacy, Computer security, computer.software_genre, Encryption, personal health record (PHR), ordered binary decision diagram (OBDD), Attribute-based encryption (ABE), General Materials Science, lcsh:Electrical engineering. Electronics. Nuclear engineering, business, computer, lcsh:TK1-9971, computer.programming_language, Access structure

Abstract

With the advancement of information and communication technology (ICT), the medical sector is undergoing a massive transformation. Health records are being digitized, stored remotely in the cloud and shared with different stakeholders. However, the use of the cloud for personal health record (PHR) storage presents data security and privacy challenges. Ciphertext-policy attribute-based encryption (CP-ABE) is being widely studied for fine-grained access control of PHRs in the cloud. Expressiveness, efficiency and attribute revocation, among others, are some key requirements of a cloud based health systems. But, many of the proposed CP-ABE schemes rely on access structures that are either restrictive or cumbersome and thus result in less expressive and efficient schemes. Many of the schemes also lack mechanisms for efficient and immediate attribute/user revocation. In this work, we propose an expressive and efficient access control scheme with attribute/user revocation based on ordered binary decision diagram (OBDD) access structure. We use the attribute group approach to achieve the attribute/user revocation in our work. Additionally, the ciphertexts and private keys are assigned version numbers to prevent the revoked group members from colluding with non-revoked members. Security and efficiency analysis show that our proposed scheme is secure, expressive and efficient.

Published

2020

30. Finding the maximal adversary structure from any given access structure

Author

Gengran Hu, Qiuxia Xu, and Chunming Tang

Subjects

TheoryofComputation_MISCELLANEOUS, Polynomial, Information Systems and Management, Theoretical computer science, business.industry, Computer science, 05 social sciences, Structure (category theory), 050301 education, Cryptography, 02 engineering and technology, Type (model theory), Adversary, Secret sharing, Computer Science Applications, Theoretical Computer Science, Artificial Intelligence, Control and Systems Engineering, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, business, 0503 education, Software, Access structure

Abstract

Secure multi-party computation is an important research area in cryptography, and the secret sharing scheme (SSS) is one of the main tools for constructing multi-party computation protocols. The access structure and the adversary structure are two important subsets of participants in an SSS. In general, the collection of all qualified subsets that can reconstruct the secret s, is known as an access structure, while no information regarding this secret is available to any unqualified subsets, and the collection of unqualified subsets is described as an adversary structure. The maximal adversary, which will become a qualified subset if any one participant not in this unqualified subset is added. At present, there is no effective algorithm to determine the maximal adversary structure for any given access structure. In this paper, we propose two algorithms to determine the maximal adversary structure from any given access structure, in which a binary tree is introduced to construct such algorithms. Moreover, a special type of access structure is established, from which the maximal adversary structure can be directly characterized, and the maximal adversary structure in this case is shown to be the largest when the number of participants of each qualified polynomial in the access structure is three.

Published

2020

31. Expressive Attribute-Based Encryption with Constant-Size Ciphertexts from the Decisional Linear Assumption

Author

Katsuyuki Takashima

Subjects

Pairwise independence, Lemma (mathematics), Theoretical computer science, Computer science, business.industry, Applied Mathematics, 020206 networking & telecommunications, 02 engineering and technology, Encryption, Computer Graphics and Computer-Aided Design, Pairing, Signal Processing, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Attribute-based encryption, Electrical and Electronic Engineering, business, Computer Science::Cryptography and Security, Access structure, Vector space, Standard model (cryptography)

Abstract

We propose a key-policy attribute-based encryption (KP-ABE) scheme with constant-size ciphertexts, whose selective security is proven under the decisional linear (DLIN) assumption in the standard model. The proposed scheme also has semi-adaptively security, which is a recently proposed notion of security. The access structure is expressive, that is given by non-monotone span programs. It also has fast decryption, i.e., a decryption includes only a constant number of pairing operations. As an application of our KP-ABE construction, we also propose a fully secure attribute-based signatures with constant-size secret (signing) keys from the DLIN. For achieving the above results, we employ a hierarchical reduction technique on dual pairing vector spaces and a modified form of pairwise independence lemma specific to our proposed schemes.

Published

2020

32. Simplified Ciphertext Policy Attribute Based Encryption for Multimedia Applications

Author

J. Samson Immanuel, J. Joshua Daniel Raj, and P. Karthik

Subjects

Multimedia, Computer science, business.industry, 020206 networking & telecommunications, Cloud computing, 02 engineering and technology, Encryption, computer.software_genre, Tree (data structure), Ciphertext, Node (computer science), 0202 electrical engineering, electronic engineering, information engineering, General Earth and Planetary Sciences, Overhead (computing), 020201 artificial intelligence & image processing, Attribute-based encryption, business, computer, General Environmental Science, Access structure

Abstract

In this modern age we generate data from various sophisticated systems and technologies for our personal use, the security and privacy of the data becomes a major concern while sharing it over the cloud platform. The conventional CP-ABE scheme is used to secure different types of data.The CP-ABE uses the access policy in the form of access tree for generating keys to encrypt and decrypt data. However using an explicit access structure with several nodes requires more computational requirements and consumes significant amount of time to process every node of access structure and to encrypt the data. In this paper, to overcome these challenges, we proposed a simplified Ciphertext Policy Attribute Based Encryption for multimedia applications scheme without an access structure, which is more practical to secure the data with less overhead. In this proposed work, the owner of the data carefully frames the attribute string in a prescribed manner that can be used for encryption and decryption process. The performance measurement of the proposed scheme demonstrate that our system has high level of security with less computational requirements.

Published

2020

33. Multi-Receiver Authentication Scheme for General Access Structure

Author

Qiuxia Xu, Chunming Tang, and Jingtong Wang

Subjects

Scheme (programming language), access structure, General Computer Science, Computer science, Cryptography, 02 engineering and technology, Multi-receiver authentication scheme, Public-key cryptography, 0202 electrical engineering, electronic engineering, information engineering, Code (cryptography), General Materials Science, linear code, Access structure, computer.programming_language, adversary structure, Authentication, business.industry, General Engineering, 020206 networking & telecommunications, 020207 software engineering, Base (topology), lcsh:Electrical engineering. Electronics. Nuclear engineering, business, computer, lcsh:TK1-9971, Computer network

Abstract

Authentication is an important primitive of cryptography. With the rapid progress of network communication, the urgent data needs to ensure it integrity and privacy, therefore, the authentication of multi-receiver has a significant impact on the development of network interaction. R. Safavi-Nalni and H. Wang showed that authentication scheme based on Reed-Solomon code is unconditionally secure and allows multiple messages to be authenticated, but the number of receiver to verify is less than $q$ , where the messages are in $\mathbb {F}_{q}$ . In 2014, the secure multi-receiver authentication scheme base on linear code was proposed, however, this scheme can not realize any a given access structure. In this paper, we present a multi-receiver authentication scheme to realize any a given ideal access structure, and demonstrate that our scheme is unconditionally secure and allows $r$ messages to be authenticated with each receiver own private key.

Published

2020

34. Efficient Multi-authority Access Control using Attribute-based Encryption in Cloud Storage

Author

Praveen S. Challagidad and Mahantesh N. Birje

Subjects

business.industry, Computer science, 020206 networking & telecommunications, Access control, Cloud computing, 02 engineering and technology, Encryption, Data sharing, Data integrity, 0202 electrical engineering, electronic engineering, information engineering, General Earth and Planetary Sciences, 020201 artificial intelligence & image processing, Attribute-based encryption, business, Role hierarchy, Cloud storage, General Environmental Science, Computer network, Access structure

Abstract

Cloud users are outsourcing their data day-by-day resulting in huge amount of data storage in Cloud server. Cloud service provider (CSP) themselves may go for modifying the data that leads to data integrity problem. Unauthorized users illegally gain access to the data stored in cloud server. Therefore, providing protection, achieving privacy and access control for user’s data are big challenges in the Cloud. Ciphertext-policy attribute-based encryption (CP-ABE) is prominent encryption technique to solve the exigent dilemma of secure data sharing in cloud computing. The shared data files generally have the characteristic of multilevel hierarchy, predominantly in the areas of IT companies, healthcare and military; these areas require a multi-authority access control. However, the hierarchy construction of shared files and multi-authority access control approach are not been investigated in CP-ABE. This paper proposes an efficient multi-authority access control using attribute-based encryption scheme that achieves efficient, fine grained access control. The proposed scheme consists of one algorithm – (Role Hierarchy Algorithm (RHA) and Hierarchy Access Structure (HAS) to protect user’s data, achieve privacy, multi-authority access control and fine grained access to a stored data. The RHA algorithm classifies Cloud users into groups based on their assigned attributes. The HAS helps to define an access structure for fine grained and multi-authority access control of Cloud resources. Simulation results prove that the proposed RHA, HAS are efficient (in terms of time consumption and storage consumption for encryption, decryption) compared to existing works. The advantages of proposed scheme become more and more conspicuous when there is more number of files at Cloud storage server.

Published

2020

35. A Decryptable Attribute-Based Keyword Search Scheme on eHealth Cloud in Internet of Things Platforms

Author

Wei-Chuen Yau, Lifeng Guo, Syh-Yuan Tan, and Zhihao Li

Subjects

Cryptographic primitive, General Computer Science, business.industry, Computer science, Internet of Things, General Engineering, Cloud computing, Encryption, Public-key cryptography, Server, Attribute-based, Ciphertext, General Materials Science, eHealth, lcsh:Electrical engineering. Electronics. Nuclear engineering, searchable encryption, business, decryptable, lcsh:TK1-9971, Secure channel, Access structure, Computer network

Abstract

Recently, attribute-based keyword search (ABKS) schemes have been used to provide fine-grained search over encrypted data on eHealth cloud in the Internet of Things (IoT) platforms. As compared to conventional public key encryption with keyword search (PEKS) schemes, ABKS schemes provide more powerful and flexible search operations which allow encrypted data to be retrieved by multiple users that satisfy set of attributes. However, there are still some limitations and security issues on the existing ABKS schemes. Many of the existing ABKS schemes only support for the encryption of keyword and require a separate cryptographic primitive to encrypt the message. Also, most of the schemes cannot resist offline keyword guessing attacks by inside attackers (i.e., the honest-but-curious servers). A secure-channel is needed for most of the ABKS schemes to transmit the trapdoors between the server and receivers. To solve these problems, we propose a secure-channel free ciphertext-policy decryptable attribute-based keyword search (CP-DABKS) scheme. The proposed scheme allows the authorised user who satisfy the access structure to decrypt the ciphertext. Our scheme not only resists the insider keyword guessing attack, but also eliminates the secure channel for trapdoor transmission. We formally define and prove the security of the proposed CP-DABKS scheme. We also demonstrate its application on an eHealth cloud platform.

Published

2020

36. Novel Methodology to Validate DUTs Using Single Access Structure

Author

Vallabhuni Vijay, Chandra Shaker Pittala, Mohammad Khadir, G. Ajitha, J. Sravana, Rajeev Ratna Vallabhuni, S. China Venkateswarlu, and P. Saritha

Subjects

Computer science, business.industry, business, Computer hardware, Access structure

Published

2021

37. A Novel Threshold Secret Sharing Scheme for CP-ABE

Author

Sangeeta Mittal and Shardha Porwal

Subjects

TheoryofComputation_MISCELLANEOUS, Scheme (programming language), Secret share, Theoretical computer science, business.industry, Computer science, Lagrange polynomial, Encryption, Reconstruction method, Secret sharing, symbols.namesake, Tree structure, symbols, business, computer, computer.programming_language, Access structure

Abstract

Secret sharing is an integral part of CP-ABE implementation. Currently, Linear Secret Sharing Scheme (LSSS) and Lagrange interpolation are used in existing CP-ABE implementation. Implementation is complex and computational cost is high for generating the access tree structure using these schemes. In this paper, a novel construction of CP-ABE has been developed which implements counting based secret share generation and reconstruction method to generate access tree structure and reconstruct secret shares. The proposed development reduces the cost of access structure generation and reconstruction of secret and improves security by generating the large number of secret shares for small-sized secret. Hence, the new construction enhances the efficiency of encryption and decryption operations of CP-ABE.

Published

2021

38. A Survey on Secured Data Sharing using Ciphertext Policy Attribute Based Encryption in Cloud

Author

G A Thushara and S. Mary Saira Bhanu

Subjects

business.industry, Computer science, Information sharing, Cloud computing, Access control, Encryption, Computer security, computer.software_genre, Data sharing, Ciphertext, Attribute-based encryption, business, computer, Access structure

Abstract

Cloud computing facilitates the access of applications and data from any location by using any device with an internet connection. It enables multiple applications and users to access the same data resources. Cloud based information sharing is a technique that allows researchers to communicate and collaborate, that leads to major new developments in the field. It also enables users to access data over the cloud easily and conveniently. Privacy, authenticity and confidentiality are the three main challenges while sharing data in cloud. There are many methods which support secure data sharing in cloud environment such as Attribute Based Encryption(ABE), Role Based Encryption, Hierarchical Based Encryption, and Identity Based Encryption. ABE provides secure access control mechanisms for integrity. It is classified as Key Policy Attribute Based Encryption(KP-ABE) and Ciphertext Policy Attribute Based Encryption(CP-ABE) based on access policy integration. In KPABE, access structure is incorporated with user’s private key, and data are encrypted over a defined attributes. Moreover, in CPABE, access structure is embedded with ciphertext. This paper reviews CP-ABE methods that have been developed so far for achieving secured data sharing in cloud environment.

Published

2021

39. An Attribute-Based Controlled Collaborative Access Control Scheme for Public Cloud Storage

Author

Na Gai, Yingjie Xue, David S. L. Wei, Peilin Hong, Jianan Hong, and Kaiping Xue

Subjects

021110 strategic, defence & security studies, Security analysis, Computer Networks and Communications, Computer science, business.industry, 0211 other engineering and technologies, Cryptography, Access control, 02 engineering and technology, Service provider, Permission, Encryption, Computer security, computer.software_genre, Safety, Risk, Reliability and Quality, business, Cloud storage, computer, Access structure

Abstract

In public cloud storage services, data are outsourced to semi-trusted cloud servers which are outside of data owners' trusted domain. To prevent untrustworthy service providers from accessing data owners' sensitive data, outsourced data are often encrypted. In this scenario, conducting access control over these data becomes a challenging issue. Attribute-based encryption (ABE) has been proved to be a powerful cryptographic tool to express access policies over attributes, which can provide a fine-grained, flexible, and secure access control over outsourced data. However, the existing ABE-based access control schemes do not support users to gain access permission by collaboration. In this paper, we explore a special attribute-based access control scenario where multiple users having different attribute sets can collaborate to gain access permission if the data owner allows their collaboration in the access policy. Meanwhile, the collaboration that is not designated in the access policy should be regarded as a collusion and the access request will be denied. We propose an attribute-based controlled collaborative access control scheme through designating translation nodes in the access structure. Security analysis shows that our proposed scheme can guarantee data confidentiality and has many other critical security properties. Extensive performance analysis shows that our proposed scheme is efficient in terms of storage and computation overhead.

Published

2019

40. Four classes of minimal binary linear codes with $$w_{min}/w_{max}<1/2$$ derived from Boolean functions

Author

Xia Li and Qin Yue

Subjects

Discrete mathematics, business.industry, Applied Mathematics, 020206 networking & telecommunications, Cryptography, 0102 computer and information sciences, 02 engineering and technology, Construct (python library), 01 natural sciences, Secret sharing, Computer Science Applications, 010201 computation theory & mathematics, Computer data storage, 0202 electrical engineering, electronic engineering, information engineering, Boolean function, business, Binary linear codes, Mathematics, Access structure

Abstract

Due to wide applications in communications, data storage, and cryptography, linear codes have received much attention in the past decades. As a subclass of linear codes, minimal linear codes can be used to construct secret sharing schemes with nice access structure. This paper gives the weight distributions of four classes of minimal binary linear codes with $$w_{min}/w_{max}

Published

2019

41. Secure Online/Offline Data Sharing Framework for Cloud-Assisted Industrial Internet of Things

Author

Ximeng Liu, Yinbin Miao, Kim-Kwang Raymond Choo, Qiuyun Tong, Robert H. Deng, and Hongwei Li

Subjects

021110 strategic, defence & security studies, Database, Computer Networks and Communications, Computer science, business.industry, 020208 electrical & electronic engineering, 0211 other engineering and technologies, Access control, Cloud computing, 02 engineering and technology, Computer security model, computer.software_genre, Encryption, Computer Science Applications, Data sharing, Hardware and Architecture, Signal Processing, 0202 electrical engineering, electronic engineering, information engineering, Industrial Internet, business, computer, Information Systems, Access structure

Abstract

Ciphertext-policy attribute-based keyword search (CP-ABKS) schemes facilitate the fine-grained keyword search over encrypted data, such as those sensed/collected from Industrial Internet of Things (IIoT) devices and stored in the cloud. However, existing CP-ABKS schemes generally have significant computation and storage requirements, which are beyond those of resource-constrained IIoT devices. Therefore, in this paper, we design a secure online/offline data sharing framework (DSF), which supports online/offline encryption and outsourced decryption. Using the healthcare setting as a case study, we demonstrate how DSF can be deployed in the cloud-assisted Healthcare IIoT (HealthIIoT) system. We not only prove that the DSF is selectively secure in the chosen access structure security model but also demonstrate its efficiency and feasibility in practical scenarios using experiments.

Published

2019

42. Dynamic Policy Attribute Based Encryption and its Application in Generic Construction of Multi-Keyword Search

Author

Mamta, Syed Taqi Ali, and Brij B. Gupta

Subjects

Marketing, Scheme (programming language), 020203 distributed computing, 021110 strategic, defence & security studies, Theoretical computer science, Relation (database), Computer Networks and Communications, business.industry, Computer science, Strategy and Management, 0211 other engineering and technologies, Cloud computing, Data_CODINGANDINFORMATIONTHEORY, 02 engineering and technology, Encryption, Computer Science Applications, Management Information Systems, Tree (data structure), Constant (computer programming), 0202 electrical engineering, electronic engineering, information engineering, Attribute-based encryption, business, computer, Access structure, computer.programming_language

Abstract

Attribute based encryption (ABE) is an encryption technique which provides a good solution to the security issues in the cloud environment. Through ABE, a data owner can achieve the fine-grained sharing of data encrypted under attributes or an access policy which they possess. The relation among these attributes is represented by the access policy which is expressed as an access tree. In this article, the authors first present an ABE scheme which supports frequent changes in the access tree and hence, it is named a dynamic policy ABE. Also, the proposed scheme generates secret keys of constant size which can save bandwidth. The proposed scheme is based on key-policy design and supports monotonic access structure that consists of AND, OR and Threshold gates. Inspired by the proposed dynamic policy ABE scheme the authors then present a multi-keyword search scheme which inherits all the features of the proposed ABE scheme. Therefore, it provides a constant size trapdoor and support for fast search. The construction of a multi-keyword search scheme is generic in nature and any ABE scheme can be converted to the multi-keyword search scheme using the transformation method given in the paper. Finally, the proposed schemes are proven to be secure under Decisional Bilinear Diffie-Hellman (DBDH) assumption.

Published

2019

43. Multi-level multi-secret sharing scheme for decentralized e-voting in cloud computing

Author

Xianmin Wang, Jing Li, Zhengan Huang, Yang Xiang, and Licheng Wang

Subjects

Information privacy, Computer Networks and Communications, Computer science, Wireless ad hoc network, business.industry, 020206 networking & telecommunications, Cloud computing, 02 engineering and technology, Cryptographic protocol, Trusted third party, Secret sharing, Theoretical Computer Science, Shared resource, Artificial Intelligence, Hardware and Architecture, 0202 electrical engineering, electronic engineering, information engineering, Cryptosystem, 020201 artificial intelligence & image processing, Homomorphism, business, Software, Access structure, Computer network

Abstract

The cryptosystem-based data privacy preserving methods employ high computing power of cloud servers, where the main feature is to allow resource sharing and provide multi-user independent services. Therefore, to achieve the rapid allocation and release of resource sharing in cloud computing, decentralized cryptographic protocols need to be proposed for multi-user consensus systems. In this work, we first present a multi-secret sharing scheme with multi-level access structure, where the secret reconstruction algorithm satisfies the additive homomorphism. The secret sharing scheme needs no trusted third parties and any user can play the role of dealer. In the designing, multiple target secrets are independently shared, where each subset of users forms a sub-access structure and shares one target secret only with a short secret share. This scheme is efficient and unconditionally secure. Furthermore, based on the multi-level access structures, a decentralized multi-role e-voting protocol is designed using Chinese Remainder Theorem, where each role’s election is associated with one sub-access structure. The voters employ a shared parameter to blind the sum of ballot values. Meanwhile, the e-voting scheme supports a public verification for the final election results. Compared with the existing e-voting protocols, our e-voting system does not require any authority center and the cloud server runs vote counting. And our e-voting scheme does not need any high-complexity computational cost operation such as module exponential operation, etc. Finally, the common feature of Blockchain and Ad Hoc networks is decentralized. Thus the main idea of this protocol without a trusted third party can be used to achieve a secure consensus among multiple nodes in Blockchain and Ad Hoc network, meanwhile, the consensus results can be verified.

Published

2019

44. How to construct a verifiable multi‐secret sharing scheme based on graded encoding schemes

Author

Massoud Hadian Dehkordi and Hossein Oraei

Subjects

TheoryofComputation_MISCELLANEOUS, Scheme (programming language), Theoretical computer science, Computer Networks and Communications, business.industry, Computer science, 020206 networking & telecommunications, Cryptography, 0102 computer and information sciences, 02 engineering and technology, 01 natural sciences, Secret sharing, Monotone polygon, 010201 computation theory & mathematics, Encoding (memory), 0202 electrical engineering, electronic engineering, information engineering, Verifiable secret sharing, business, computer, Software, Information Systems, Standard model (cryptography), computer.programming_language, Access structure

Abstract

In a verifiable multi-secret sharing scheme, a dealer distributes multiple secrets between a group of participants and also additional information is given that allows each participant to check whether his share is valid. In this study, the authors present a novel verifiable multi-secret sharing (VMSS) scheme with general access structure using monotone span programs, which its security is based on graded encoding schemes. More precisely, they reduce the hardness of graded decision-Diffie–Hellman problem to the computational security of the authors’ scheme in the standard model. To the best of the authors’ knowledge, this is the first study to present a VMSS scheme based on graded encoding schemes.

Published

2019

45. Progressive and hierarchical share-in-share scheme over cloud

Author

Tapasi Bhattacharjee and Santi P. Maity

Subjects

Theoretical computer science, Steganography, Computer Networks and Communications, Computer science, business.industry, ComputingMethodologies_IMAGEPROCESSINGANDCOMPUTERVISION, Image sharing, 020206 networking & telecommunications, Cloud computing, 02 engineering and technology, Robustness (computer science), Information hiding, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Affine transformation, Safety, Risk, Reliability and Quality, business, Software, Decoding methods, Access structure

Abstract

Recently sharing of secret information (image) before dissemination is gaining popularity as a means of reducing the vulnerability against the wide attacking surface on cloud computing. An integrated scheme comprising of secret image sharing (SIS) and data hiding is suggested here that offers progressive quality access control of the decoded images. This scheme is a (t,k,n)-hierarchical SIS technique that uses affine Boolean classification and compressed sensing (CS) in the share generation process. Prediction error representation of the secret image in spatial domain is explored to make the signal more sparse leading to CS reconstruction from less number of measurements. In the decoding process, an improved quality of the secret image is achieved with the involvement of ‘t’ essential stego shares (ESSs) and ‘k-t’ non-essential stego shares (NSSs) over ‘t’ ESSs and ‘n-k’ general shares (GSs). A large set of results illustrate the merits of the proposed method in terms of hierarchical access structure, flexible shadow size, progressive quality access on the decoded image and robustness against varieties of data manipulation.

Published

2019

46. Verifiably Multiplicative Secret Sharing

Author

Satoshi Obana and Maki Yoshida

Subjects

Discrete mathematics, business.industry, Computer science, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Multiplicative function, 020206 networking & telecommunications, Context (language use), Cryptography, Field (mathematics), 02 engineering and technology, Library and Information Sciences, Type (model theory), Secret sharing, Computer Science Applications, Cover (topology), Product (mathematics), 0202 electrical engineering, electronic engineering, information engineering, business, Information Systems, Access structure

Abstract

A $d$ -multiplicative secret sharing ( $d$ -MSS) scheme allows the players to multiply $d$ shared secrets without recovering the secrets by converting their shares locally into an additive sharing of the product. It has been proved that the $d$ -MSS among $n$ players is possible if and only if no $d$ unauthorized sets of players cover the whole set of players (type $Q_{d}$ ). Although this result implies some limitations on SS in the context of MPC, the $d$ -multiplicative property is still useful for simplifying complex tasks of MPC by computing the product of $d$ field elements directly and non-interactively without any setup. This paper aims to improve the usefulness of the $d$ -MSS by enhancing the security against malicious adversaries. First, we introduce the notion of verifiably multiplicative SS, verifiably MSS for short, which is mainly formalized for detecting malicious behaviors. Informally, an SS scheme is verifiably $d$ -multiplicative if the scheme is $d$ -multiplicative and further enables the players to locally generate a share of a proof that the summed value is correct (i.e., the product of $d$ shared secrets). Secondly, we prove that there is no error-free verifiably MSS scheme whose decoder of the proof is additive, and that by accepting an error probability that can be chosen arbitrarily, there exists a verifiably $d$ -MSS scheme realizing a given access structure if and only if the access structure is of type $Q_{d}$ . In the proposed construction, each share of a proof consists of only two field elements . This result means that we can efficiently achieve the optimal resiliency of the standard $d$ -MSS even against malicious adversaries. We note that by allowing a general class of decoders that includes a linear one, there is an error-free verifiably $d$ -MSS scheme if the access structure is of type $Q_{d+1}$ . Finally, we generalize the $d$ -multiplicative property to a $d$ -or-less version where the number $d'$ of multiplied secrets with $d'\leq d$ is not known in advance. We show that a $d$ -or-less MSS scheme can be constructed from any $d$ -MSS scheme of the same access structure with a constant overhead, and the feasibility of (verifiably) $d$ -MSS implies that of (verifiably) $d$ -or-less MSS.

Published

2019

47. Traceable-then-revocable ciphertext-policy attribute-based encryption scheme

Author

Baocang Wang, Zhenhua Liu, Peilin Zhou, and Shuhong Duan

Subjects

Revocation list, Software_OPERATINGSYSTEMS, Revocation, Computer Networks and Communications, business.industry, Computer science, 020206 networking & telecommunications, Data_CODINGANDINFORMATIONTHEORY, 02 engineering and technology, Encryption, Computer security, computer.software_genre, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Hardware and Architecture, Forward secrecy, Ciphertext, 0202 electrical engineering, electronic engineering, information engineering, Key (cryptography), Cryptosystem, 020201 artificial intelligence & image processing, Attribute-based encryption, business, computer, Software, Access structure

Abstract

A traceable ciphertext-policy attribute-based encryption (T-CPABE) scheme can trace a malicious user, who may leak her/his decryption privilege to a third party for some benefits. However, even if the malicious user is traced, the existing schemes cannot revoke her/him from the cryptosystems. Thus, it is necessary to embed a revocation mechanism into a T-CPABE scheme in practice. In this paper, we propose a ciphertext-policy attribute-based encryption scheme with white-box traceability and direct user revocation. In the proposed scheme, the ciphertext is related to an access structure and a revocation list R . The secret key is associated with an attribute set and a user’s identity assigned a leaf node in a binary tree. The value of a leaf node is used to trace a malicious user. Once a malicious user is caught, her/his identity is added in the revocation list R . Only the ciphertext components associated with the revocation list R are updated according to the new revocation list R ′ , and the updated ciphertext can provide forward security. Therefore, a user can decrypt a ciphertext if and only if she/he is not in the revocation list and her/his attribute set satisfies the access policy, simultaneously. Furthermore, our scheme is proved to be secure under selective access policy and chosen-plaintext attacks based on the decisional q -bilinear Diffie–Hellman exponent hardness assumption in the standard model.

Published

2019

48. Generalized general access structure in secret image sharing

Author

Xuehu Yan and Yuliang Lu

Subjects

Scheme (programming language), Theoretical computer science, business.industry, Computer science, Image sharing, 020207 software engineering, 02 engineering and technology, Modular design, Image (mathematics), Set (abstract data type), Green computing, Signal Processing, 0202 electrical engineering, electronic engineering, information engineering, Media Technology, 020201 artificial intelligence & image processing, Computer Vision and Pattern Recognition, Electrical and Electronic Engineering, business, Chinese remainder theorem, computer, Access structure, computer.programming_language

Abstract

Generally speaking, the probability of every qualified set is the same and fixed in conventional secret image sharing (SIS) for general access structure (GAS). In this paper, first we introduce generalized GAS (GGAS), which allows the user to assign probability to every qualified set. Then we design a SIS scheme for GGAS by Chinese remainder theorem (CRT). On one hand, for any qualified set, we can decode the secret image at pre-assigned probability. When we collect all the shares, we can losslessly decode the secret image. On the other hand, for any forbidden set, we will decode nothing of the secret image. We only employ modular operation to decode the secret image, which may be suitable for real-time and green computing scenarios. Experimental results and analyses are realized to examine the effectiveness of our scheme.

Published

2019

49. A Dispersed Multi-Value Attribute-Based Encryption With Mediated Obfuscation

Author

Yichen Zhang, Shengzhou Hu, and Jiguo Li

Subjects

General Computer Science, Computer science, business.industry, General Engineering, Plaintext, Computer security, computer.software_genre, Encryption, Public-key cryptography, Obfuscation, Ciphertext, the mediated obfuscation, General Materials Science, Chosen-plaintext attack, Attribute-based encryption, lcsh:Electrical engineering. Electronics. Nuclear engineering, Multi-authority attribute-based encryption, business, computer, lcsh:TK1-9971, independent management, Access structure

Abstract

The Multi-authority attribute-based encryption (MA-ABE) scheme can provide fine-grained data access control in many management domains monitored by different authorities for the cloud storage system. However, existed schemes do not support the flexible management of authorities. So, we present a new dispersed multi-value MA-ABE scheme with mediated obfuscation (DMV-ABE-WMO). In this scheme, each of attribute authorities ( $AAs$ ) works independently without any collaboration with other $AAs$ . For a data user (DU), data owner (DO) individually creates ciphertext in each management domain and each attribute authority ( $AA$ ) also individually generates a private key in each management domain, respectively. We use the mediated obfuscation (MO) model to embed a secret related to DU into all target components which are used to encrypt the plaintext. In MO model, an especial function program is coded into the form of a group element, which is obfuscated to make other participants know nothing about the inner program but can evaluate the value of the function program. Our scheme is based on multi-value access structure and is proved secure against chosen plaintext attack. Compared with the related schemes, our scheme is more suited for realizing the dynamic management in many domains.

Published

2019

50. Privacy-preserving multi-authority attribute-based encryption with dynamic policy updating in PHR

Author

Xixi Yan, Yuan Liu, Hao Ni, and Dezhi Han

Subjects

Scheme (programming language), General Computer Science, business.industry, Computer science, 020206 networking & telecommunications, Access control, 02 engineering and technology, Encryption, Computer security, computer.software_genre, Ciphertext, 0202 electrical engineering, electronic engineering, information engineering, Key (cryptography), 020201 artificial intelligence & image processing, Attribute-based encryption, business, computer, Standard model (cryptography), Access structure, computer.programming_language

Abstract

As a new kind of patient-centred health-records model, the personal health record (PHR) system can support the patient in sharing his/her health information online. Attribute-Based Encryption (ABE), as a new public key cryptosystem that guarantees fine-grained access control of outsourced encrypted data, has been used to design the PHR system. Considering that privacy preservation and policy updating are the key problems in PHR, a privacy-preserving multiauthority attribute-based encryption scheme with dynamic policy updating in PHR was proposed. In the scheme, each of the patient?s attributes is divided into two parts: attribute name and attribute value. The values of the user?s attributes will be hidden to prevent them from being revealed to any third parties. In addition, the Linear Secret-Sharing Scheme (LSSS) access structure and policy-updating algorithms are designed to support all types of policy updating (based on ?and?, ?or?, and ?not? operations). Finally, the scheme is demonstrated to be secure against chosen-plaintext attack under the standard model. Compared to the existing related schemes, the sizes of the user?s secret key and ciphertext are reduced, and the lower computing cost makes it more effective in the PHR system.

Published

2019