Your search keyword '"Re-encryption"' showing total 85 results

51. A Fine-Grained User-Divided Privacy-Preserving Access Control Protocol in Smart Watch

Author

Liming Fang, Minghui Li, Lu Zhou, Hanyi Zhang, and Chunpeng Ge

Subjects

smart watch, privacy preservation, re-encryption, homomorphic computation, attribute-based encryption, Chemical technology, TP1-1185

Abstract

A smart watch is a kind of emerging wearable device in the Internet of Things. The security and privacy problems are the main obstacles that hinder the wide deployment of smart watches. Existing security mechanisms do not achieve a balance between the privacy-preserving and data access control. In this paper, we propose a fine-grained privacy-preserving access control architecture for smart watches (FPAS). In FPAS, we leverage the identity-based authentication scheme to protect the devices from malicious connection and policy-based access control for data privacy preservation. The core policy of FPAS is two-fold: (1) utilizing a homomorphic and re-encrypted scheme to ensure that the ciphertext information can be correctly calculated; (2) dividing the data requester by different attributes to avoid unauthorized access. We present a concrete scheme based on the above prototype and analyze the security of the FPAS. The performance and evaluation demonstrate that the FPAS scheme is efficient, practical, and extensible.

Published

2019

52. An Efficient Mixnet-Based Voting Scheme Providing Receipt-Freeness

Author

Aditya, Riza, Lee, Byoungcheon, Boyd, Colin, Dawson, Ed, Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Dough, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, Katsikas, Sokratis, editor, Lopez, Javier, editor, and Pernul, Günther, editor

Published

2004

53. Providing Receipt-Freeness in Mixnet-Based Voting Protocols

Author

Lee, Byoungcheon, Boyd, Colin, Dawson, Ed, Kim, Kwangjo, Yang, Jeongmo, Yoo, Seungjae, Goos, Gerhard, editor, Hartmanis, Juris, editor, van Leeuwen, Jan, editor, Lim, Jong-In, editor, and Lee, Dong-Hoon, editor

Published

2004

54. Encryption and Re-Randomization Techniques for Malware Propagation

Author

Fawad Khan, Ahsan Rasheed Abbasi, Shynar Mussiraliyeva, Mehreen Afzal, Waseem Iqbal, and Awais Ur Rehman

Subjects

Software_OPERATINGSYSTEMS, General Computer Science, Computer science, Paillier cryptosystem, homomorphic encryption, Cryptography, computer.software_genre, Computer security, Encryption, re-encryption, ElGamal, Public-key cryptography, RSA, malware encryption, Code (cryptography), Cryptosystem, General Materials Science, business.industry, Payload, General Engineering, TK1-9971, Information sensitivity, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Malware, Electrical engineering. Electronics. Nuclear engineering, business, computer

Abstract

Encryption, which is essential for the protection of sensitive information can also transform any malicious content to illegible form, which can then reside in any network, undetected. Encryption of malicious payload is used by malware authors to mask their code, however, the objective of hiding the malicious code can be further improved by techniques of re-randomization. The concept of re-randomization using asymmetric cryptography has been emerged as a new area of interest for malware designers. Re-randomizing is a technique which can prevent detection of source path of a malware and makes it indistinguishable. This article extends the idea of using asymmetric cryptography for re-randomization and has proposed a novel scheme using Pailliar’s asymmetric cryptosystem. Moreover, this research work illustrates the limitations of RSA for malware re-randomization. A comprehensive performance analysis of the re-randomization techniques for various malware payloads is also presented, which can be used for the detection of re-randomized malware effectively.

Published

2021

55. A cloud-based framework for verifiable privacy-preserving spectrum auction

Author

Xiuzhen Cheng, Bo Mei, Tian-Yi Song, Rongfang Bie, Chunqiang Hu, Wei Li, Maya Larson, and Ruinian Li

Subjects

TheoryofComputation_MISCELLANEOUS, Focus (computing), Re-encryption, Computer science, business.industry, Privacy-preservation auction, Homomorphic encryption, TheoryofComputation_GENERAL, Cloud computing, QA75.5-76.95, Encryption, Frequency allocation, Cognitive radio, Spectrum auction, Electronic computers. Computer science, Verifiable secret sharing, business, Computer network

Abstract

Spectrum auction is one of the most effective ways to achieve dynamic spectrum allocation in cognitive radio networks, and it provides one effective way to manage the spectrum demands of IoT devices with limited resources. Most spectrum auctions focus on protecting bidder privacy and achieving excellent social efficiency, but few tackles the verification of auction results that are controlled by the auctioneer. In this paper, we propose a cloud-based framework for verifiable privacy-preserving spectrum auctions. Our framework adopts a modified AFGH re-encryption algorithm that achieves both bid privacy protection and auction results verification at the same time. The cloud server helps to compute auction results based on homomorphic encryption, and an auctioneer decrypts the encrypted data from the server to obtain auction results. Meanwhile, the property of re-encryption makes it possible for any bidder to verify the auction results without compromising other bidders’ privacy.

Published

2022

56. Efficiently Obfuscating Anonymous Re-encryption Functionality with Average-Case Virtual Black-Box Security.

Author

MINGWU ZHANG, YUDI ZHANG, HUA SHEN, CHUNMING TANG, and LEIN HARN

Subjects

DATA encryption, SERVER farms (Computer network management), DATA privacy, CLOUD computing, COMPUTER algorithms, DATA security

Abstract

Outsource computing might reveal some private information in open cloud systems and the concern of users' privacy will be a crucial issue. Program obfuscation is an important cryptographic primitive that perfectly hides the secrets inside a program while preserving its functionality. In this paper, we give a two-form re-encryption scheme that achieves the security against adaptively chosen-ciphertext attacks, which allows any third party (e.g., cloud server) to re-encrypt the ciphertext that delegates the decryption right from one to another. However, as the third party knows the sensitive secret (i.e., re-key), and thus we should guarantee the trustworthy of this cloud server. Based the re-encryption algorithm, we propose an efficient obfuscator that implements the re-encryption functionality in such a way that not only the private information is protected but also cloud users' privacy is preserved, and thus the re-encryption procedure can be run on untrusted outsourcing server. We prove the virtual black-box security of the obfuscation. The proposed obfuscator can be run on untrusted server to help the perform of the functionality of re-encryption without any sensitive secret revealing. [ABSTRACT FROM AUTHOR]

Published

2017

57. Searchable ciphertext-policy attribute-based encryption with revocation in cloud storage.

Author

Li, Jiguo, Shi, Yuerong, and Zhang, Yichen

Subjects

*REVOCATION, *CLOUD storage, *DATA encryption, *COMPUTER security, *COMPUTER algorithms

Abstract

To protect the sensitive data outsourced to cloud server, outsourcing data in an encrypted way has become popular nowadays. However, it is not easy to find the corresponding ciphertext efficiently, especially the large ciphertext stored on cloud server. Besides, some data owners do not want those users who attempt to decrypt to know the sensitive access structure of the ciphertext because of some business or private reasons. In addition, the user attributes revocation and key updating are important issues, which affect application of ciphertext-policy attribute-based encryption (CP-ABE) in cloud storage systems. To overcome the previous problems in cloud storage, we present a searchable CP-ABE with attribute revocation, where access structures are partially hidden so that receivers cannot extract sensitive information from the ciphertext. The security of our scheme can be reduced to the decisional bilinear Diffie-Hellman (DBDH) assumption and decisional linear (DL) assumption. Copyright © 2015 John Wiley & Sons, Ltd. [ABSTRACT FROM AUTHOR]

Published

2017

58. Two-party interactive secure deduplication with efficient data ownership management in cloud storage.

Author

Guo, Cheng, Wang, Litao, Tang, Xinyu, Feng, Bin, and Zhang, Guofeng

Subjects

*DATA management, *DATA encryption, *CLOUD storage, *ARTIFICIAL intelligence, *INFORMATION technology, *INTERNET of things

Abstract

Deduplication, which stores only one copy of duplicate data, is used extensively in cloud storage to reduce the overhead associated with storage. Unfortunately, client-side encryption prevents cloud storage from performing deduplication due to the randomness of traditional encryption. Some existing schemes can balance encryption and deduplication, but their interaction with third-party servers or online users adds additional overhead to the system. Also, the ownership of outsourced data will change frequently due to users' requests to upload/delete/modify the data. But many existing schemes that can achieve dynamic ownership management have security flaws or require users to manage multiple keys. By focusing on these troubles, we have developed a secure deduplication scheme that does not rely on any third-party entities and supports data ownership management. More specifically, we take advantage of elliptic curve cryptography to design a key-sharing method so that different owners of the same data can share a random key only by interacting with the cloud service provider. And the broadcast encryption is used to manage the ownership of data, and this allows the cloud service provider to control users' access to outsourced data by updating the broadcast key. In addition, the security analysis shows that the proposed scheme can meet the required security and that it outperforms other related schemes. The detailed simulation comparisons with other related schemes demonstrate that the proposed scheme has good performance. [ABSTRACT FROM AUTHOR]

Published

2023

59. WGRe:a re-encryption anonymous tunnel

Author

LU Tian-bo, QIN Bao-shan, LI Yang, and DING Li

Subjects

anonymous communication, re-encryption, MIX, Telecommunication, TK5101-6720

Abstract

The universal re-encryption scheme URE and its extension EURE were reviewed,discovering their vulnerabilities to Pfitzmann attack.Then a novel re-encryption scheme WGRe（WonGoo Re-encryption） was proposed.WGRe could en-sure the correctness of the outputs from a node and protect against replay attack,which was hard in layered encryption sys-tems.The experimental results show WGRe is practical and more efficient than URE and EURE schemes due to the fact that its ciphertext is only double the size of the corresponding plaintext,instead of four times as URE or EURE.

Published

2009

60. Hybrid-structured onion scheme against replay attack of MIX

Author

SHI Jin-qiao, FANG Bin-xing, GUO Li, and WANG Li-hong

Subjects

anonymous communication, MIX, re-encryption, hybrid-structured, Telecommunication, TK5101-6720

Abstract

Replay attack against MIX was studied and a hybrid-structured onion scheme of MIX against replay attack was proposed.In hybrid scheme, probabilistic encryption and semantic security of universal re-encryption were utilized to protect MIX against replay attack, and the authentication property of layered encryption was utilized to protect integrity of messages.Meanwhile, symmetric encryption was imported to improve efficiency.Analysis shows that the hybrid-structured onion scheme can resist replay attack with guarantee of security and efficiency.

Published

2009

61. An efficient traceable access control scheme with reliable key delegation in mobile cloud computing.

Author

Guan, Zhitao, Li, Jing, Zhang, Ying, Xu, Ruzhi, Wang, Zhuxiao, and Yang, Tingting

Subjects

*CLOUD computing, *TRACE analysis, *MONOTONIC functions, *REAL variables, *DELEGATION of authority

Abstract

With the increasing number of mobile applications and the popularity of cloud computing, the combination of these two techniques that named mobile cloud computing (MCC) attracts great attention in recent years. However, due to the risks associated with security and privacy, mobility security protection in MCC has become an important issue. In this paper, we propose an efficient traceable access control scheme with reliable key delegation named KD-TABE in MCC. Firstly, we present a traceable CP-ABE system and realize key delegation without loss of traceability. Secondly, a new type of re-encryption method is proposed, which is based on an intuitive method that supports any monotonic access tree instead of the re-encryption key. Lastly, to reduce trust on authority, we separate the authority into three parts, and each authority is responsible for generating different components of the key. The analysis shows that the proposed scheme can meet the security requirement of MCC. In addition, it cost less compared with the other popular models. [ABSTRACT FROM AUTHOR]

Published

2016

62. Bilinear-map accumulator-based verifiable intersection operations on encrypted data in cloud.

Author

Li, Fuxiang, Zhou, Fucai, Yuan, Heqing, Xu, Zifeng, and Wang, Qiang

Subjects

DATA encryption, CLOUD computing, DATA mining, PATTERN matching, COMPUTER algorithms, CRYPTOGRAPHY

Abstract

The intersection operation on multisets has many applications in different scenarios, such as data mining and pattern matching. This motivates us to study the problem that when users outsource their private encrypted sets and delegate the set-intersection operation on the corresponding plaintexts to the cloud, the cloud can manage to conduct the operation and make the result verifiable without the decryption capability. We formally introduced a model of Verifiable Intersection Operations on Encrypted Data in Cloud and presented the definitions of the correctness and security properties. We also proposed a concrete scheme basing on the bilinear-map accumulator and re-encryption. The scheme was proved secure under some cryptographic assumptions. And the experimental results of the algorithm implementation show the scheme is partly practical for real scenarios. Copyright © 2016 John Wiley & Sons, Ltd. [ABSTRACT FROM AUTHOR]

Published

2016

63. A secure re-encryption scheme for data services in a cloud computing environment.

Author

Xiong, Lizhi, Xu, Zhengquan, and Xu, Yanyan

Subjects

DATA encryption, CLOUD computing, DISTRIBUTION (Probability theory), INFORMATION sharing, DATA privacy

Abstract

SUMMARY Cloud computing as a promising technology and paradigm can provide various data services, such as data sharing and distribution, which allows users to derive benefits without the need for deep knowledge about them. However, the popular cloud data services also bring forth many new data security and privacy challenges. Cloud service provider untrusted, outsourced data security, hence collusion attacks from cloud service providers and data users become extremely challenging issues. To resolve these issues, we design the basic parts of secure re-encryption scheme for data services in a cloud computing environment, and further propose an efficient and secure re-encryption algorithm based on the EIGamal algorithm, to satisfy basic security requirements. The proposed scheme not only makes full use of the powerful processing ability of cloud computing but also can effectively ensure cloud data security. Extensive analysis shows that our proposed scheme is highly efficient and provably secure under existing security model. Copyright © 2015 John Wiley & Sons, Ltd. [ABSTRACT FROM AUTHOR]

Published

2015

64. Commutative Re-encryption Techniques: Significance and Analysis.

Author

Islam, Nazmul, Rokibul Alam, Kazi Md., and Rahman, Shaikh Shiam

Subjects

*ENCRYPTION protocols, *COMMUTATIVE law (Mathematics), *KNOWLEDGE transfer, *INFORMATION technology security, *CRYPTOGRAPHY

Abstract

Commutative re-encryption techniques are important tools for different applications where the encryption and decryption operations are performed in arbitrary order. These techniques also enable one to transfer information securely in a network without any knowledge of public keys of other parties. The process of message transmission vastly depends on the performance of underlying commutative technique used for cryptographic operations. The aim of this paper is to inquest some recently invented commutative re-encryption techniques at every step of their operation and expose the technique with better performance. The content of the paper is broadly divided into three parts—describing the importance of the commutative re-encryption techniques, presenting some latest techniques along with proposing a modification for making their operations faster, and analyzing every operational step of both the naive and proposed techniques. The modification is proposed only for experimentally proved slow techniques to faster their operation and a comparison is made at the end to show the effectiveness of the modification in making the operations faster. [ABSTRACT FROM PUBLISHER]

Published

2015

65. Lattice-based obfuscation for re-encryption functions.

Author

Cheng, Rong and Zhang, Fangguo

Subjects

PUBLIC key cryptography, DATA encryption, COMPILERS (Computer programs), QUANTUM cryptography, CRYPTOGRAPHY

Abstract

Program obfuscation is a compiler that transfers a program into an unintelligible form while preserving the original functionality. Secure obfuscation for several particular function families has been raised out despite the general impossibility result presented by Barak et al. Re-encryption function is a useful primitive, which transforms ciphertexts for one party into ciphertexts under another party's public key. Hohenberger et al. constructed a special re-encryption function and securely obfuscated it in TCC'07, and the security is based on classical hardness assumption. In this paper, we construct a new re-encryption function and securely obfuscate it based on the standard learning with error (LWE) assumption. LWE is proved to be reducible to standard lattice problems, which are conjectured immune to quantum cryptanalysis or 'post-quantum'. Besides, we discuss about the relations between these two cryptographic primitives in detail: proxy re-encryption and obfuscation for re-encryption functions. Copyright © 2014 John Wiley & Sons, Ltd. [ABSTRACT FROM AUTHOR]

Published

2015

66. Secure Content Distribution Using Multi-hop Proxy Re-encryption.

Author

Lin, Han-Yu

Subjects

ENCRYPTION protocols, CONTENT delivery networks, COMPUTER simulation, PROXY, COMPUTER network security

Abstract

A proxy re-encryption (PRE) scheme allows a semi-trusted proxy to convert a ciphertext intended for some recipient, say Alice, into another ciphertext which can only be decrypted by the other designated one, say Bob. It is required that the semi-trusted proxy cannot learn any information about the encrypted message. When a PRE scheme enables the semi-trusted proxy to convert a ciphertext intended for Alice into the one intended for Bob and then again convert this ciphertext into another one intended for Candy and so on, it is called multi-hop PRE scheme. In this paper, the author will propose a new multi-hop PRE scheme for secure content distribution. The security assumption is based on the bilinear inverse Diffie-Hellman problem. Compared with related PRE schemes, ours can earn more computational efficiency. [ABSTRACT FROM AUTHOR]

Published

2015

67. Mixnets: Implementation and performance evaluation of decryption and re-encryption types.

Author

Ribarski, Pance and Antovski, Ljupcho

Abstract

The anonymous channels have been the essence of numerous protocols that include anonymous message passing between peers. The mixnet structure is one way to accomplish the anonymity. Since the publication of the Chaumian mixnet, there have been many practical implementations. There are two main approaches to implement mixnets: the decryption (Chaumian) and the re-encryption mixnets. In this paper we analyze four types of mixnets, from which one decryption and three re-encryption types. They were implemented in the Java programing language and evaluated on several criterias as: the number of messages, the total number of nodes, the number of threshold nodes, and the key length of underlying crypto system. In the results section we compare the results from the practical tests to answer the research question, which type of mixnets has better features. [ABSTRACT FROM PUBLISHER]

Published

2012

68. Re-encryption Optimization in CP-ABE Based Cryptographic Cloud Storage.

Author

Cheng, Yong, Ren, Jiangchun, Wang, Zhiying, Mei, Songzhu, and Zhou, Jie

Abstract

Nowadays, more and more customers begin to use the cryptographic cloud storage for protecting their data security. But the re-encryption caused by revocation is a sure performance killer in such a cryptographic access control system. We propose a novel scheme to reduce the consumption of the re-encryption process. This scheme is built on a series of cryptographic algorithms. The original data is split into several slices and these slices are published to the cloud storage. After a revocation occurs, we re-encrypt only one slice instead of the whole data. The comparison between our scheme and original one shows that the optimized scheme can reduce the costs of re-encryption significantly. [ABSTRACT FROM PUBLISHER]

Published

2012

69. Towards temporal access control in cloud computing.

Author

Zhu, Yan, Hu, Hongxin, Ahn, Gail-Joon, Huang, Dijiang, and Wang, Shanbiao

Abstract

Access control is one of the most important security mechanisms in cloud computing. Attribute-based access control provides a flexible approach that allows data owners to integrate data access policies within the encrypted data. However, little work has been done to explore temporal attributes in specifying and enforcing the data owner's policy and the data user's privileges in cloud-based environments. In this paper, we present an efficient temporal access control encryption scheme for cloud services with the help of cryptographic integer comparisons and a proxy-based re-encryption mechanism on the current time. We also provide a dual comparative expression of integer ranges to extend the power of attribute expression for implementing various temporal constraints. We prove the security strength of the proposed scheme and our experimental results not only validate the effectiveness of our scheme, but also show that the proposed integer comparison scheme performs significantly better than previous bitwise comparison scheme. [ABSTRACT FROM PUBLISHER]

Published

2012

70. Enabling Re-encryption of Hierarchical Verifiable Permutation Scheme for Bittorrent Chunk Exchanges.

Author

Wang, Jian, Xu, Xiaolin, Wu, Xiumei, and Yang, Yinchun

Abstract

Peer-to-peer networks such as Bit Torrent swarms have gained popularity on Internet. One of the fundamental underlying mechanisms is to foster and enforce peer cooperativeness. As for fairly exchanging Bit Torrent chunks, peers may resort to encrypted chunk exchanges yet at the cost of delayed availability of plain chunks. In response, this paper presents a chunk encryption scheme for exchanging chunks between Bit Torrent peers. This scheme uses only permutation-based operations. Further, two layers of permutation are conducted in order to hide more chunk information. As counts of zero and one bits are unchanged, the verifiable characteristic can be achieved. Finally, re-encryption capability is introduced for mitigating delayed availability problems that occur under encrypted chunk exchanges. [ABSTRACT FROM PUBLISHER]

Published

2012

71. Securely Obfuscating Re-Encryption.

Author

Hohenberger, Susan, Rothblum, Guy, Shelat, Abhi, and Vaikuntanathan, Vinod

Subjects

DATA encryption, CRYPTOGRAPHY, COMPUTER security, DATA security, DATA protection, COMPUTER science, COMPUTER networks

Abstract

We present a positive obfuscation result for a traditional cryptographic functionality. This positive result stands in contrast to well-known impossibility results (Barak et al. in Advances in Cryptology-CRYPTO'01, ), for general obfuscation and recent impossibility and implausibility (Goldwasser and Kalai in 46th IEEE Symposium on Foundations of Computer Science (FOCS), pp. 553-562, ) results for obfuscation of many cryptographic functionalities. Whereas other positive obfuscation results in the standard model apply to very simple point functions (Canetti in Advances in Cryptology-CRYPTO'97, ; Wee in 37th ACM Symposium on Theory of Computing (STOC), pp. 523-532, ), our obfuscation result applies to the significantly more complex and widely-used re-encryption functionality. This functionality takes a ciphertext for message m encrypted under Alice's public key and transforms it into a ciphertext for the same message m under Bob's public key. To overcome impossibility results and to make our results meaningful for cryptographic functionalities, our scheme satisfies a definition of obfuscation which incorporates more security-aware provisions. [ABSTRACT FROM AUTHOR]

Published

2011

72. Secure deduplication for big data with efficient dynamic ownership updates.

Author

Xu, Lu-Jun, Hao, Rong, Yu, Jia, and Vijayakumar, Pandi

Subjects

*BIG data, *UPLOADING of data, *CLOUD storage

Abstract

With the explosive growth of data on the internet, the trend is for users to store these large amounts of data on the cloud. To protect the privacy of data, users need to encrypt their data before uploading them to the cloud. This brings a big challenge for cloud to perform deduplication. In order to tackle this challenge, we design a secure deduplication scheme for big data with efficient dynamic ownership updates. The proposed scheme can efficiently support user enrollment and revocation. We adopt a new locating technique to effectively locate the re-encrypted data block. As a result, only a small proportion of data needs to be re-encrypted. When one user deletes or updates one file, this user will lost the access to the original data. We also provide the security analysis and experimental evaluation results for the proposed scheme. [Display omitted] • We propose a secure deduplication scheme for big data with efficient dynamic ownership updates. • We utilize CP-ABE and re-encryption techniques to realize user enrollment and revocation. • We adopt the locating technique to effectively locate the data block to be re-encrypted. • Our proposed scheme achieves efficient deduplication for big data. [ABSTRACT FROM AUTHOR]

Published

2021

73. Obfuscating Re-encryption Algorithm With Flexible and Controllable Multi-Hop on Untrusted Outsourcing Server

Author

Yi Mu, Willy Susilo, Yan Jiang, and Mingwu Zhang

Subjects

General Computer Science, Computer science, media_common.quotation_subject, Average-case virtual black-box, controllable multi-hop, 0102 computer and information sciences, 02 engineering and technology, re-encryption, Encryption, Computer security, computer.software_genre, 01 natural sciences, obfuscation, Electronic mail, Oracle, Outsourcing, Server, Ciphertext, Obfuscation, 0202 electrical engineering, electronic engineering, information engineering, General Materials Science, media_common, Delegation, business.industry, General Engineering, 020206 networking & telecommunications, Plaintext, Obfuscation (software), 010201 computation theory & mathematics, lcsh:Electrical engineering. Electronics. Nuclear engineering, multilinear map, business, lcsh:TK1-9971, computer, Computer network

Abstract

An outsourcing re-encryption program can help a ciphertext owner (delegator) transform his/her ciphertext into another ciphertext of delegatee. For example, an e-mail receiver can re-transfer an encrypted e-mail to his secretary while allowing the e-mail to be readable for her. For a multi-hop re-encryption, the delegatee can re-encrypt the ciphertext to another user in delegation chain, repeatedly. Traditionally, this transformation is usually conducted by a proxy or an outsourcing server. However, the proxy or outsourcing server needs a re-encryption key (i.e., re-key) and the re-encryption program must execute in a black-box manner (cannot trace into or debug and monitor the program), and thus the outsource server must be semi-trusted . Actually, as the outsource program was run and fully controlled by the server, in this paper, we consider a stronger attack in the case that the re-encryption program was run on an untrusted/malicious server and even the server can trace into the codes and monitor the variables during the executing. We design a secure multi-hop re-encryption scheme, and then convert the re-encryption program into an obfuscated version with constant-hiding to ensure no sensitive information be revealed. The obfuscator of multi-hop re-encryption is to faithfully hide the program and its sensitive data that takes a re-encryption program/circuit as input and outputs another program with the same functionality, while revealing no more sensitive information (i.e., sensitive key and plaintext) than learns from the black-box oracle access to the original program. We also present a flexible and controllable construction of re-encryption scheme, functionality model and its obfuscation version in leveled multilinear groups, and exemplify some scenarios to deploy in various applications. Finally, we provide the performance analysis of the obfuscator, such as functionality preservation of consistency, polynomial slowdown of performance, and average-case virtual black-box of security, and show that the obfuscator is efficient and practical in use.

Published

2017

74. Sensors data collection framework using mobile identification with secure data sharing model

Author

Ahmed Elhadad, Fulayjan Alanazi, A. Ghareeb, and Safwat Hamad

Subjects

Measure (data warehouse), Data collection, General Computer Science, Re-encryption, business.industry, Computer science, Sensors, Cloud computing, Information repository, Proxy, Data sharing, Identification (information), Electrical and Electronic Engineering, business, Proxy (statistics), Computer network

Abstract

Sensors are the modules or electronic devices that are used to measure and get environmental events and send the captured data to other devices, usually computer processors allocated on the cloud. One of the most recent challenges is to protect and save the privacy issues of those sensors data on the cloud sharing. In this paper, sensors data collection framework is proposed using mobile identification and proxy re-encryption model for data sharing. The proposed framework includes: identity broker server, sensors managing and monitoring applications, messages queuing sever and data repository server. Finally, the experimental results show that the proposed proxy re-encryption model can work in real time.

Published

2019

75. A Hybrid Encryption Scheme with Key-cloning Protection: User / Terminal Double Authentication via Attributes and Fingerprints

Author

Chen, Chunlu, Anada, Hiroaki, Kawamoto, Junpei, and Sakurai, Kouichi

Subjects

Re-encryption, Key misuse, Terminal fingerprint

Published

2016

76. Attribute Based Storage Supporting Secure Deduplication of Encrypted Data in Cloud

Author

R. Manimekalai and M. Chandra Kumar Peter

Subjects

deduplication, Data_FILES, re-encryption

Abstract

Cloud computing offers a new way of service provision by re arranging various resources over the Internet. The most important and popular cloud service is data storage. In order to preserve the privacy of data holders, data are often stored in cloud in an encrypted form. However, encrypted data introduce new challenges for cloud data deduplication, which becomes crucial for big data storage and processing in cloud. Traditional deduplication schemes cannot work on encrypted data. Existing solutions of encrypted data deduplication suffer from security weakness. They cannot flexibly support data access control and revocation. Therefore, few of them can be readily deployed in practice. In this paper, we propose a scheme to deduplicate encrypted data stored in cloud based on ownership challenge and proxy re encryption. It integrates cloud data deduplication with access control. We evaluate its performance based on extensive analysis and computer simulations. The results show the superior efficiency and effectiveness of the scheme for potential practical deployment, especially for big data deduplication in cloud storage. R. Manimekalai | M. Chandra Kumar Peter "Attribute-Based Storage Supporting Secure Deduplication of Encrypted Data in Cloud" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-2 | Issue-4 , June 2018, URL: https://www.ijtsrd.com/papers/ijtsrd13014.pdf

Published

2018

77. A Searchable Re-encryption Storage Method in Cloud Environment

Author

Tang Junyong, Hong Bo, and Wang Hui

Subjects

0209 industrial biotechnology, lcsh:Computer engineering. Computer hardware, Database, Re-encryption, business.industry, Computer science, Software Engineering, Cloud computing, lcsh:TK7885-7895, 02 engineering and technology, computer.software_genre, Encryption, Reliability, lcsh:QA75.5-76.95, 020901 industrial engineering & automation, Computer Science, 0202 electrical engineering, electronic engineering, information engineering, Cloud Storage, Decrypt, 020201 artificial intelligence & image processing, lcsh:Electronic computers. Computer science, business, computer, Cloud storage, Reliability (statistics)

Abstract

Traditional cloud storage systems do not adapt well to different application environment and does not guarantee the integrity and confidentiality of cloud data. In order to solve the problems brought by the hysteretic and density in the cloud storage system,A Searchable Re-encryption Storage Method (SReCSM) is proposed in this paper. The central idea of the SReCSM is to generate a re-encryption key and decrypte while the keyword matched. Simulation results show that SReCSM introduced in this paper has better security and reliability.

Published

2018

78. What If Keys Are Leaked? towards Practical and Secure Re-Encryption in Deduplication-Based Cloud Storage.

Author

You, Weijing, Lei, Lei, Chen, Bo, and Liu, Limin

Subjects

*CLOUD storage, *IMAGE encryption, *ENCRYPTION protocols, *SEDER, *CONFIDENTIAL communications

Abstract

By only storing a unique copy of duplicate data possessed by different data owners, deduplication can significantly reduce storage cost, and hence is used broadly in public clouds. When combining with confidentiality, deduplication will become problematic as encryption performed by different data owners may differentiate identical data which may then become not deduplicable. The Message-Locked Encryption (MLE) is thus utilized to derive the same encryption key for the identical data, by which the encrypted data are still deduplicable after being encrypted by different data owners. As keys may be leaked over time, re-encrypting outsourced data is of paramount importance to ensure continuous confidentiality, which, however, has not been well addressed in the literature. In this paper, we design SEDER, a SEcure client-side Deduplication system enabling Efficient Re-encryption for cloud storage by (1) leveraging all-or-nothing transform (AONT), (2) designing a new delegated re-encryption (DRE), and (3) proposing a new proof of ownership scheme for encrypted cloud data (PoWC). Security analysis and experimental evaluation validate security and efficiency of SEDER, respectively. [ABSTRACT FROM AUTHOR]

Published

2021

79. A Fine-Grained User-Divided Privacy-Preserving Access Control Protocol in Smart Watch.

Author

Fang, Liming, Li, Minghui, Zhou, Lu, Zhang, Hanyi, and Ge, Chunpeng

Subjects

*ACCESS control, *SMARTWATCHES, *WEARABLE technology, *INTERNET of things, *DATA privacy

Abstract

A smart watch is a kind of emerging wearable device in the Internet of Things. The security and privacy problems are the main obstacles that hinder the wide deployment of smart watches. Existing security mechanisms do not achieve a balance between the privacy-preserving and data access control. In this paper, we propose a fine-grained privacy-preserving access control architecture for smart watches (FPAS). In FPAS, we leverage the identity-based authentication scheme to protect the devices from malicious connection and policy-based access control for data privacy preservation. The core policy of FPAS is two-fold: (1) utilizing a homomorphic and re-encrypted scheme to ensure that the ciphertext information can be correctly calculated; (2) dividing the data requester by different attributes to avoid unauthorized access. We present a concrete scheme based on the above prototype and analyze the security of the FPAS. The performance and evaluation demonstrate that the FPAS scheme is efficient, practical, and extensible. [ABSTRACT FROM AUTHOR]

Published

2019

80. Hybrid Encryption Scheme Using Terminal Fingerprint and Its Application to Attribute-Based Encryption Without Key Misuse

Author

Chunlu Chen, Hiroaki Anada, Kouichi Sakurai, Junpei Kawamoto, Kyushu University [Fukuoka], Institute of Systems, Information Technologies and Nanotechnologies (ISIT), Ismail Khalil, Erich Neuhold, A Min Tjoa, Li Da Xu, Ilsun You, TC 5, TC 8, and WG 8.9

Subjects

Re-encryption, business.industry, Computer science, [SHS.INFO]Humanities and Social Sciences/Library and information sciences, Key misuse, Computer security, computer.software_genre, Encryption, Multiple encryption, Filesystem-level encryption, Probabilistic encryption, 56-bit encryption, 40-bit encryption, [INFO]Computer Science [cs], Attribute-based encryption, On-the-fly encryption, business, computer, Terminal fingerprint, Computer network

Abstract

Part 9: Cryptography; International audience; Internet services make sharing digital contents faster and easier but raise an issue of illegal copying and distribution of those digital contents at the same time. A lot of public key encryption schemes solve this issue. However, the secret key is not completely protected i.e. these kinds of encryption methods do not prevent illegal copying and distribution of secret keys. In this paper, we propose a hybrid encryption scheme that employ terminal fingerprints. This scheme is a template to avoid such misuse of secret keys, and can be applied to, for example, attribute-based encryption schemes. There terminal fingerprint information is used to create a second encryption key and secret key. Since the terminal fingerprint is assumed to be unchangeable and unknowable, we ensure that our secret keys are valid in the terminal where such secret keys were created.

Published

2015

81. An Efficient Ciphertext-Policy Attribute-Based Access Control towards Revocation in Cloud Computing

Author

Hua Ma, Jin Li, Xiaofeng Chen, and Xingxing Xie

Subjects

outsourcing, Data_CODINGANDINFORMATIONTHEORY, revocation, re-encryption, attribute-based encryption

Abstract

Attribute-Based Encryption (ABE) is one of the new visions for finegrained access control in cloud computing. Plenty of research work has been done in both academic and industrial communities. However, before ABE can be deployed in data outsourcing systems, efficient enforcement of authorization policies and policy updates are the main obstacles. Therefore, in order to solve this problem, efficient and secure attribute and user revocation should be proposed in original ABE scheme, which is still a challenge in existing work. In this paper, we propose a new ciphertext-policy ABE (CP-ABE) construction with efficient attribute and user revocation, which largely eliminates the overhead computation at data service manager and data owner. Besides, we present an efficient access control mechanism based on the CP-ABE construction with one outsourcing computation service provider.

Published

2013

82. New Ciphertext-Policy Attribute-Based Access Control with Efficient Revocation

Author

Jin Li, Hua Ma, Xiaofeng Chen, Xingxing Xie, Xidian University, Guangzhou University, David Hutchison, Takeo Kanade, Madhu Sudan, Demetri Terzopoulos, Doug Tygar, Moshe Y. Vardi, Gerhard Weikum, Khabib Mustofa, Erich J. Neuhold, A Min Tjoa, Edgar Weippl, Ilsun You, Josef Kittler, Jon M. Kleinberg, Friedemann Mattern, John C. Mitchell, Moni Naor, Oscar Nierstrasz, C. Pandu Rangan, Bernhard Steffen, TC 5, and TC 8

Subjects

Cryptographic primitive, Revocation, Computer science, business.industry, [SHS.INFO]Humanities and Social Sciences/Library and information sciences, Cloud computing, Access control, 02 engineering and technology, Data_CODINGANDINFORMATIONTHEORY, Encryption, Computer security, computer.software_genre, revocation, re-encryption, Outsourcing, Attribute-based encryption, outsourcing, 020204 information systems, Ciphertext, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, [INFO]Computer Science [cs], business, computer

Abstract

Part 2: Asian Conference on Availability, Reliability and Security (AsiaARES); International audience; Attribute-Based Encryption (ABE) is one of the promising cryptographic primitives for fine-grained access control of shared outsourced data in cloud computing. However, before ABE can be deployed in data outsourcing systems, it has to provide efficient enforcement of authorization policies and policy updates. However, in order to tackle this issue, efficient and secure attribute and user revocation should be supported in original ABE scheme, which is still a challenge in existing work. In this paper, we propose a new ciphertext-policy ABE (CP-ABE) construction with efficient attribute and user revocation. Besides, an efficient access control mechanism is given based on the CP-ABE construction with an outsourcing computation service provider.

Published

2013

83. Mixnets: Implementation and Performance Evaluation of Decryption and Re-encryption Types

Author

Pance Ribarski and Ljupcho Antovski

Subjects

Structure (mathematical logic), Theoretical computer science, General Computer Science, Java, business.industry, Computer science, Message passing, Encryption, mixnets, decryption, re-encryption, e-voting, algorithms, performance, ElGamal, threshold, dealer, business, computer, ElGamal encryption, computer.programming_language, Key size

Abstract

The anonymous channels have been the essence of numerous protocols that include anonymous message passing between peers. The mixnet structure is one way to accomplish the anonymity . Since the publication of the Chaumian mixnet, there have been many practical implementations. There are two main approaches to implement mixnets: the decryption (Chaumian) and the re-encryption mixnets. In this paper we analyze four types of mixnets, from which one decryption and three re-encryption types. They were implemented in the Java programing language and evaluated on several criterias as: the number of messages, the total number of nodes, the number of threshold nodes, and the key length of underlying crypto system. In the results section we compare the results from the practical tests to answer the research question, which type of mixnets has better features.

Published

2012

84. Cryptanalysis of a universally verifiable efficient re-encryption mixnet

Author

Khazaei, Shahram, Terelius, Björn, Wikström, Douglas, Khazaei, Shahram, Terelius, Björn, and Wikström, Douglas

Abstract

We study the heuristically secure mix-net proposed by Puiggalí and Guasch (EVOTE 2010). We present practical attacks on both correctness and privacy for some sets of parameters of the scheme. Although our attacks only allow us to replace a few inputs, or to break the privacy of a few voters, this shows that the scheme can not be proven secure., QC 20220623

Published

2012

85. Using re-encryption to escrow private information escrow bound to multiple conditions

Author

Suriadi, Suriadi, Foo, Ernest, Smith, Jason, Suriadi, Suriadi, Foo, Ernest, and Smith, Jason

Abstract

In a sitting whereby a user interacts with multiple service providers, each service provider is likely to follow different privacy regulations according to the nature of the industry it belongs and the applicable legislative requirements. We propose a protocol that escrows users private information which is bound to multiple set of conditions in a federated single sign-on environment. An identity-based proxy re-encryption scheme is applied along with trusted computing technologies. A performance analysis is provided to show the increased performance of our protocol in comparison to the existing anonymous credential approach. The security properties of the protocol is formally evaluated using the coloured petri nets and state-space analysis techniques.

Published

2009