Improved ciphertext-policy time using short elliptic curve Diffie–Hellman

Ciphertext-policy attribute-based encryption (CP-ABE) is a suitable solution for the protection of data privacy and security in cloud storage services. In a CP-ABE scheme which provides an access structure with a set of attributes, users can decrypt messages only if they receive a key with the desired attributes. As the number of attributes increases, the security measures are strengthened proportionately, and they can be applied to longer messages as well. The decryption of these ciphertexts also requires a large decryption key which may increase the decryption time. In this paper, we proposed a new method for improving the access time to the CP using a new elliptic curve that enables a short key size to be distributed to the users that allows them to use the defined attributes for encryption and decryption. Each user has a specially created key which uses the defined attributes for encryption and decryption based on the Diffie-Hellman method. After the implement, the results show that this system saves nearly half of the execution time for encryption and decryption compared to previous methods. This proposed system provides guaranteed security by means of the elliptic curve discrete logarithmic problem

Secure Communication using Identity Based Encryption

Secured communication has been widely deployed to guarantee confidentiality and\ud integrity of connections over untrusted networks, e.g., the Internet. Although\ud secure connections are designed to prevent attacks on the connection, they hide\ud attacks inside the channel from being analyzed by Intrusion Detection Systems\ud (IDS). Furthermore, secure connections require a certain key exchange at the\ud initialization phase, which is prone to Man-In-The-Middle (MITM) attacks. In this paper, we present a new method to secure connection which enables Intrusion Detection and overcomes the problem of MITM attacks. We propose to apply Identity Based Encryption (IBE) to secure a communication channel. The key escrow property of IBE is used to recover the decryption key, decrypt network traffic on the fly, and scan for malicious content. As the public key can be generated based on the identity of the connected server and its exchange is not necessary, MITM attacks are not easy to be carried out any more. A prototype of a modified TLS scheme is implemented and proved with a simple client-server application. Based on this prototype, a new IDS sensor is developed to be capable of identifying IBE encrypted secure traffic on the fly. A deployment architecture of the IBE sensor in a company network is proposed. Finally, we show the applicability by a practical experiment and some preliminary performance measurements

A Survey on Homomorphic Encryption Schemes: Theory and Implementation

Legacy encryption systems depend on sharing a key (public or private) among the peers involved in exchanging an encrypted message. However, this approach poses privacy concerns. Especially with popular cloud services, the control over the privacy of the sensitive data is lost. Even when the keys are not shared, the encrypted material is shared with a third party that does not necessarily need to access the content. Moreover, untrusted servers, providers, and cloud operators can keep identifying elements of users long after users end the relationship with the services. Indeed, Homomorphic Encryption (HE), a special kind of encryption scheme, can address these concerns as it allows any third party to operate on the encrypted data without decrypting it in advance. Although this extremely useful feature of the HE scheme has been known for over 30 years, the first plausible and achievable Fully Homomorphic Encryption (FHE) scheme, which allows any computable function to perform on the encrypted data, was introduced by Craig Gentry in 2009. Even though this was a major achievement, different implementations so far demonstrated that FHE still needs to be improved significantly to be practical on every platform. First, we present the basics of HE and the details of the well-known Partially Homomorphic Encryption (PHE) and Somewhat Homomorphic Encryption (SWHE), which are important pillars of achieving FHE. Then, the main FHE families, which have become the base for the other follow-up FHE schemes are presented. Furthermore, the implementations and recent improvements in Gentry-type FHE schemes are also surveyed. Finally, further research directions are discussed. This survey is intended to give a clear knowledge and foundation to researchers and practitioners interested in knowing, applying, as well as extending the state of the art HE, PHE, SWHE, and FHE systems.Comment: - Updated. (October 6, 2017) - This paper is an early draft of the survey that is being submitted to ACM CSUR and has been uploaded to arXiv for feedback from stakeholder

Attribute-based encryption for cloud computing access control: A survey

National Research Foundation (NRF) Singapore; AXA Research Fun

STAIBT: Blockchain and CP-ABE Empowered Secure and Trusted Agricultural IoT Blockchain Terminal

The integration of agricultural Internet of Things (IoT) and blockchain has become the key technology of precision agriculture. How to protect data privacy and security from data source is one of the difficult issues in agricultural IoT research. This work integrates cryptography, blockchain and Interplanetary File System (IPFS) technologies, and proposes a general IoT blockchain terminal system architecture, which strongly supports the integration of the IoT and blockchain technology. This research innovatively designed a fine-grained and flexible terminal data access control scheme based on the ciphertext-policy attribute-based encryption (CP-ABE) algorithm. Based on CP-ABE and DES algorithms, a hybrid data encryption scheme is designed to realize 1-to-N encrypted data sharing. A "horizontal + vertical" IoT data segmentation scheme under blockchain technology is proposed to realize the classified release of different types of data on the blockchain. The experimental results show that the design scheme can ensure data access control security, privacy data confidentiality, and data high-availability security. This solution significantly reduces the complexity of key management, can realize efficient sharing of encrypted data, flexibly set access control strategies, and has the ability to store large data files in the agricultural IoT

Dynamic Policy Update on Cloud for File Access

In today’s era of digitalization everyone stores and access data online. Cloud computing has become prominent in data storage and access any where globally, but there is concern by data owners regarding data ownership. It is monotonous to assign access rights and simultaneously provide security in real time is a concern. To resolve this issue of access control in recent times Attribute based encryption method is widely preferred. One of the most popular method to handle access rights is by used is Attribute-based Encryption (ABE) method, the two ways for performing the implementation of ABE are ciphertext-policy and key-policy ABE. One of the widely practiced methods of safe communication is through cryptography. In this work we are proposing a method to handle access rights dynamically on the outlines of Ciphertext-policy attribute-based encryption (CP-ABE) scheme along with this we are using two symmetric encryption algorithm namely AES and Serpent for providing better security to the system. This work implements a new policy update method which helps to manage data access control in the dynamic policy update for data in the cloud storage. In this, same input key is utilized for the both encryption and decryption operation. Here two types of files are handled as an input such as Text file and image file. In experimental result, comparison of both algorithms is shown with the help of graphs with different parameters such as Time, Number of files, file size. And we have also shown the comparison of system having dynamic update policy and system with out in tabular form. We have also shown the comparative analysis of both algorithms that shows SERPENT encryption algorithm gives superior performance in Encryption