A Hybrid Verifiable and Delegated Cryptographic Model in Cloud Computing

التحكم بالوصول مهم جدا في تبادل البيانات السحابية. و خاصة في مجالات مثل الرعاية الصحية, فمن الضروري ان تكون هناك ألية لمراقبة قائمة الدخول من اجل السرية و الوصول الامن للبيانات. و قد تم التشفير القائم على السمة لسنوات عديدة لتأمين البيانات و توفير الوصول المراقب. في هذا البحث اقترحنا اطاراً يدعم آلية التشفير الدارة و السمة التي تتضمن اطرافا متعددة. هم مالك البيانات , مستخدم البيانات , خادم السحابة و سلطة السمة. ومن السمات الهامة للنظام المقترح هو التفويض الذي يمكن التحقق منه لعملية فك التشفير الى خادم السحابة. مالك البيانات يقوم بتشفير البيانات و مندوبين عملية فك التشفير الى السحابة. خادم السحابة يؤدي فك التشفير الجزئي و من ثم يتم مشاركة بيانات فك التشفير النهائي للمستخدمين وفقاً للامتيازات. مالك البيانات يقلل من التعقيد الحسابي من خلال تفويض خادم السحابة علمية فك التشفير. قمنا ببناء تطبيق النموذج الاولي باستخدام منصة مايكروسوفت دوت نت لأثبات هذا المفهوم. و أظهرت النتائج التجريبية أن هناك وصولا خاضعا للرقابة مع تعدد أدوار المستعملين و حقوق التحكم في النفاذ من أجل النفاذ الآمن و السري إلى البيانات في الحوسبة السحابية.Access control is very important in cloud data sharing. Especially in the domains like healthcare, it is essential to have access control mechanisms in place for confidentiality and secure data access. Attribute based encryption has been around for many years to secure data and provide controlled access. In this paper, we proposed a framework that supports circuit and attributes based encryption mechanism that involves multiple parties. They are data owner, data user, cloud server and attribute authority. An important feature of the proposed system is the verifiable delegation of the decryption process to cloud server. Data owner encrypts data and delegates decryption process to cloud. Cloud server performs partial decryption and then the final decrypted data are shared for users as per the privileges. Data owner  thus reduces computational complexity by delegating decryption process cloud server. We built a prototype application using the Microsoft.NET platform for proof of the concept. The empirical results revealed that there is controlled access with multiple user roles and access control rights for secure and confidential data access in cloud computing

Mutual query data sharing protocol for public key encryption through chosen-ciphertext attack in cloud environment

In this paper, we are proposing a mutual query data sharing protocol (MQDS) to overcome the encryption or decryption time limitations of exiting protocols like Boneh, rivest shamir adleman (RSA), Multi-bit transposed ring learning parity with noise (TRLPN), ring learning parity with noise (Ring-LPN) cryptosystem, key-Ordered decisional learning parity with noise (kO-DLPN), and KD_CS protocol’s. Titled scheme is to provide the security for the authenticated user data among the distributed physical users and devices. The proposed data sharing protocol is designed to resist the chosen-ciphertext attack (CCA) under the hardness solution for the query shared-strong diffie-hellman (SDH) problem. The evaluation of proposed work with the existing data sharing protocols in computational and communication overhead through their response time is evaluated

A Password-Protected Secret Sharing Supporting Multiple Secrets

Password-Protected Secret Sharing (PPSS) presented by Bagherzandi et al. is proposed in order to resolve drawback of secret sharing which is unauthorized users can access storages storing partial information can reconstruct a secret. PPSS is a secret sharing that ensures only the owner of the secret who knows correct password to obtain the original secret by applying password authentication to partial information. But, their model requires secure channel between user and servers and independent secret/public key pair at the distribution phase for each secret. When a secret is large, their scheme encrypts the secret with symmetric key encryption (SKE) and the symmetric key with CPA secure public key encryption (PKE).Because of such combination, it seems difficult to prove strong security (i.e., CCA security) of their scheme at least in the standard model. In this paper, we propose a new PPSS model and scheme. Proposed model deals with multiple secrets with using a single secret key/public key pair and does not require secure channel during the distribution phase. Proposed scheme does not use a simple combination of SKE and PKE but use Kurosawa-Desmedt hybrid encryption that is proven to be CCA secure in the standard model, and is constructed by combining public key encryption part of this hybrid encryption with password authentication.The scheme is expected to be more secure than that of Bagherzandi et al

Improved efficiency of Kiltz07-KEM

Kiltz proposed a practical key encapsulation mechanism(Kiltz07-KEM) which is secure against adaptive chosen ciphertext attacks(IND-CCA2) under the gap hashed Diffie-Hellman(GHDH) assumption\cite{Kiltz2007}. We show a variant of Kiltz07-KEM which is more efficient than Kiltz07-KEM in encryption. The new scheme can be proved to be IND-CCA2 secure under the same assumption, GHDH

An instantiation of the Cramer-Shoup encryption paradigm using bilinear map groups

Item does not contain fulltex

Cryptanalysis and Improvement of an Efficient CCA Secure PKE Scheme

Recently in Chinese Journal of Computers, Kang et al. [12] proposed an efficient CCA secure public key encryption (PKE) scheme, and claimed that it is more efficient in the public/private keys than the famous CS98 and BMW05 CCA secure public key encryption scheme. However, in this paper we will show that their proposal is not secure at all. Furthermore, we improve their scheme to be a secure one and prove its security

Non-malleable encryption: simpler, shorter, stronger

In a seminal paper, Dolev et al. [15] introduced the notion of non-malleable encryption (NM-CPA). This notion is very intriguing since it suffices for many applications of chosen-ciphertext secure encryption (IND-CCA), and, yet, can be generically built from semantically secure (IND-CPA) encryption, as was shown in the seminal works by Pass et al. [29] and by Choi et al. [9], the latter of which provided a black-box construction. In this paper we investigate three questions related to NM-CPA security: 1. Can the rate of the construction by Choi et al. of NM-CPA from IND-CPA be improved? 2. Is it possible to achieve multi-bit NM-CPA security more efficiently from a single-bit NM-CPA scheme than from IND-CPA? 3. Is there a notion stronger than NM-CPA that has natural applications and can be achieved from IND-CPA security? We answer all three questions in the positive. First, we improve the rate in the scheme of Choi et al. by a factor O(λ), where λ is the security parameter. Still, encrypting a message of size O(λ) would require ciphertext and keys of size O(λ2) times that of the IND-CPA scheme, even in our improved scheme. Therefore, we show a more efficient domain extension technique for building a λ-bit NM-CPA scheme from a single-bit NM-CPA scheme with keys and ciphertext of size O(λ) times that of the NM-CPA one-bit scheme. To achieve our goal, we define and construct a novel type of continuous non-malleable code (NMC), called secret-state NMC, as we show that standard continuous NMCs are not enough for the natural “encode-then-encrypt-bit-by-bit” approach to work. Finally, we introduce a new security notion for public-key encryption that we dub non-malleability under (chosen-ciphertext) self-destruct attacks (NM-SDA). After showing that NM-SDA is a strict strengthening of NM-CPA and allows for more applications, we nevertheless show that both of our results—(faster) construction from IND-CPA and domain extension from one-bit scheme—also hold for our stronger NM-SDA security. In particular, the notions of IND-CPA, NM-CPA, and NM-SDA security are all equivalent, lying (plausibly, strictly?) below IND-CCA securit

PRE+: dual of proxy re-encryption for secure cloud data sharing service

With the rapid development of very large, diverse, complex, and distributed datasets generated from internet transactions, emails, videos, business information systems, manufacturing industry, sensors and internet of things etc., cloud and big data computation have emerged as a cornerstone of modern applications. Indeed, on the one hand, cloud and big data applications are becoming a main driver for economic growth. On the other hand, cloud and big data techniques may threaten people and enterprises’ privacy and security due to ever increasing exposure of their data to massive access. In this paper, aiming at providing secure cloud data sharing services in cloud storage, we propose a scalable and controllable cloud data sharing framework for cloud users (called: Scanf). To this end, we introduce a new cryptographic primitive, namely, PRE+, which can be seen as the dual of traditional proxy re-encryption (PRE) primitive. All the traditional PRE schemes until now require the delegator (or the delegator and the delegatee cooperatively) to generate the re-encryption keys. We observe that this is not the only way to generate the re-encryption keys, the encrypter also has the ability to generate re-encryption keys. Based on this observation, we construct a new PRE+ scheme, which is almost the same as the traditional PRE scheme except the re-encryption keys generated by the encrypter. Compared with PRE, our PRE+ scheme can easily achieve the non-transferable property and message-level based fine-grained delegation. Thus our Scanf framework based on PRE+ can also achieve these two properties, which is very important for users of cloud storage sharing service. We also roughly evaluate our PRE+ scheme’s performance and the results show that our scheme is efficient and practica for cloud data storage applications.Peer ReviewedPostprint (author's final draft