Constant-size threshold attribute based SignCryption for cloud applications

In this paper, we propose a novel constant-size threshold attribute-based signcryption scheme for securely sharing data through public clouds. Our proposal has several advantages. First, it provides flexible cryptographic access control, while preserving users’ privacy as the identifying information for satisfying the access control policy are not revealed. Second, the proposed scheme guarantees both data origin authentication and anonymity thanks to the novel use of attribute based signcryption mechanism, while ensuring the unlinkability between the different access sessions. Third, the proposed signcryption scheme has efficient computation cost and constant communication overhead whatever the number of involved attributes. Finally, our scheme satisfies strong security properties in the random oracle model, namely Indistinguishability against the Adaptive Chosen Ciphertext Attacks (IND-CCA2), Existential Unforgeability against Chosen Message Attacks (EUFCMA) and privacy preservation of the attributes involved in the signcryption process, based on the assumption that the augmented Multi-Sequence of Exponents Decisional Diffie-Hellman (aMSE-DDH) problem and the Computational Diffie Hellman Assumption (CDH) are hard

PHOABE : securely outsourcing multi-authority attribute based encryption with policy hidden for cloud assisted IoT

Attribute based encryption (ABE) is an encrypted access control mechanism that ensures efficient data sharing among dynamic group of users. Nevertheless, this encryption technique presents two main drawbacks, namely high decryption cost and publicly shared access policies, thus leading to possible users’ privacy leakage. In this paper, we introduce PHOABE, a Policy-Hidden Outsourced ABE scheme. Our construction presents several advantages. First, it is a multi-attribute authority ABE scheme. Second, the expensive computations for the ABE decryption process is partially delegated to a Semi Trusted Cloud Server. Third, users’ privacy is protected thanks to a hidden access policy. Fourth, PHOABE is proven to be selectively secure, verifiable and policy privacy preserving under the random oracle model. Five, estimation of the processing overhead proves its feasibility in IoT constrained environments

Accountable privacy preserving attribute based framework for authenticated encrypted access in clouds

In this paper, we propose an accountable privacy preserving attribute-based framework, called Ins-PAbAC, that combines attribute based encryption and attribute based signature techniques for securely sharing outsourced data contents via public cloud servers. The proposed framework presents several advantages. First, it provides an encrypted access control feature, enforced at the data owner’s side, while providing the desired expressiveness of access control policies. Second, Ins-PAbAC preserves users’ privacy, relying on an anonymous authentication mechanism, derived from a privacy preserving attribute based signature scheme that hides the users’ identifying information. Furthermore, our proposal introduces an accountable attribute based signature that enables an inspection authority to reveal the identity of the anonymously-authenticated user if needed. Third, Ins-PAbAC is provably secure, as it is resistant to both curious cloud providers and malicious users adversaries. Finally, experimental results, built upon OpenStack Swift testbed, point out the applicability of the proposed scheme in real world scenarios

Achieving Privacy-Preserving DSSE for Intelligent IoT Healthcare System

As the product of combining Internet of Things (IoT), cloud computing, and traditional healthcare, Intelligent IoT Healthcare (IIoTH) brings us a lot of convenience, meanwhile security and privacy issues have attracted great attention. Dynamic searchable symmetric encryption (DSSE) technique can make the user search the dynamic healthcare information from IIoTH system under the condition that the privacy is protected. In this article, a novel privacy-preserving DSSE scheme for IIoTH system is proposed. It is the first DSSE scheme designed for personal health record (PHR) files database with forward security. We construct the secure index based on hash chain and realize trapdoor updates for resisting file injection attacks. In addition, we realize fine-grained search over encrypted PHR files database of attribute-value type. When the user executes search operations, he/she gets only a matched attribute value instead of the whole file. As a result, the communication cost is reduced and the disclosure of patient's privacy is minimized. The proposed scheme also achieves attribute access control, which allows users have different access authorities to attribute values. The specific security analysis and experiments show the security and the efficiency of the proposed scheme

Distributed Multi-authority Attribute-based Encryption Scheme for Friend Discovery in Mobile Social Networks

AbstractIn recent years, the rapid expansion of the capability of portable devices, cloud servers and cellular network technologies is the wind beneath the wing of mobile social networks. Compared to traditional web-based online social networks, the mobile social networks can assist users to easily discover and make new social interaction with others. A challenging task is to protect the privacy of the users’ profiles and communications. Existing works are mainly based on traditional cryptographic methods, such as homomorphic and group signatures, which are very computationally costly. In this paper, we propose a novel distributed multi-authority attribute-based encryption scheme to efficiently achieve privacy-preserving without additional special signatures. In addition, the proposed scheme can achieve fine-grained and flexible access control. Detailed analysis demonstrates the effectiveness and practicability of our scheme

Outsourced decentralized multi-authority attribute based signature and its application in IoT

IoT devices often collect data and store the data in the cloud for sharing and further processing. A natural solution for secure access is directly using the device owner?s identity as the private key to generate a signature for data authentication. However this will simultaneously expose this identity. Attribute based signature (ABS), which takes the signer?s attributes instead of his/her identity as the private key, can realize data authentication while preserving the signer?s identity privacy. In ABS, there are multiple authorities that issue different private keys for signers based on their various attributes, and a central authority is usually established to manage all these attribute authorities. However, one security concern is that if the central authority is compromised, the whole system will be broken. In this paper, we present an outsourced decentralized multi-authority attribute based signature (ODMA-ABS) scheme. The proposed ODMAABS achieves attribute privacy and stronger authority-corruption resistance than existing multi-authority attribute based signature schemes. In addition, the overhead to generate a signature is further reduced by outsourcing expensive computation to a signing cloud server. We provide extensive security analysis and experimental simulation of the proposed scheme. We also propose an access control scheme that is based on ODMA-ABS

A PEFKS- and CP-ABE-Based Distributed Security Scheme in Interest-Centric Opportunistic Networks

Security is a crucial issue in distributed applications of multihop wireless opportunistic network due to the features of exposed on the fly communication, relaxed end-to-end connectivity, and vague destinations literately. In this paper, we focus on problems of user privacy leakage and end-to-end confidentiality invasion in content-based or interest-centric wireless opportunistic network. And we propose a public-encryption-with-fuzzy-keyword-search- (PEFKS-) and ciphertext-policy-attribute-based-encryption- (CP-ABE-) based distributed security scheme by refining and compromising two-pairing-based encryption, searchable encryption, and attribute-based encryption. Our scheme enables opportunistic forwarding according to fuzzy interests preserving full privacy of users and ensures end-to-end confidentiality with a fine-grained access control strategy in an interest-centric scenario of large-scale wireless opportunistic networks. Finally, we analyze and evaluate the scheme in terms of security and performance

Privacy-by-Design Regulatory Compliance Automation in Cloud Environment

The proposed Master's thesis revolves around the development of a privacy-preserving Attribute Verifier for regulatory compliance, first designed cryptographically, and then implemented in a Cloud Environment. The Attribute Verifier makes use of the Attribute Verification Protocol and its underlying encryption scheme, composed of Decentralized Attribute-Based Encryption (DABE) combined with a Zero- Knowledge Proof (ZKP) approach. The contribution of this work was integrating a ticketing system, concerning tickets of compliance, with the existing protocol, and automating the whole workflow, simulating all the actors involved, in AWS Cloud Environment. The major goal was to improve the security and privacy of sensitive data kept in the cloud as well as to comply with Cloud Regulatory, Standards, and different Data Protection Regulations. In particular, the use case covered in this Thesis refers to the General Protection Data Regulation (GDPR), specifically the compliance with Article 32. The word "Automation" in the title refers to the achievement of having automated in AWS Cloud Environment, through code, three main security objectives: Privacy, Identity and Access Management, and Attribute-based Access Control. A goal that was pursued because, in the majority of the cases, adherence to a Regulatory still requires heavy manual effort, especially when it's about pure Data Protection Regulations, i.e. in a legal setting. And when the manual effort is not required, confidentiality can be still heavily affected, and that's where the need for a privacy-by-design solution comes from. The Attribute Verifier was developed to verify the attributes of a Prover (e.g. a company, an institution, a healthcare provider, etc.) without revealing the actual attributes or assets and to grant access to encrypted data only if the verification is successful. The proposed example, among many applicable, it's the one a National Bank attempting to demonstrate to a Verifier, i.e. the European Central Bank, compliance with Article 32 of the GDPR