Enhance Data Security Protection for Data Sharing in Cloud Storage System

Cloud computing technology can be used in all types of organizations. There are many benefits to use cloud storage. The most notable is data accessibility. Data stored in the cloud can be accessed at any time any place. Another advantage of cloud storage is data sharing between users. By sharing storage and networks with many users it is also possible for unauthorized users to access our data. To provide confidentiality of shared sensitive data, the cryptographic techniques are applied. So protect the data from unauthorized users, the cryptographic key is main challenge. In this method a data protection for cloud storage 1) The key is protected by two factors: Secret key is stored in the computer and personal security device 2) The key can be revoked efficiently by implementing proxy re-encryption and key separation techniques. 3) The data is protected in a fine grained way by adopting the attribute based encryption technique. So our proposed method provides confidentiality on data

Group Selection and Key Management Strategies for Ciphertext-Policy Attribute-Based Encryption

Ciphertext-Policy Attribute-Based Encryption (CPABE) was introduced by Bethencourt, Sahai, and Waters, as an improvement of Identity Based Encryption, allowing fine grained control of access to encrypted files by restricting access to only users whose attributes match that of the monotonic access tree of the encrypted file. Through these modifications, encrypted files can be placed securely on an unsecure server, without fear of malicious users being able to access the files, while allowing each user to have a unique key, reducing the vulnerabilites associated with sharing a key between multiple users. However, due to the fact that CPABE was designed for the purpose of not using trusted servers, key management strategies such as efficient renewal and immediate key revocation are inherently prevented. In turn, this reduces security of the entire scheme, as a user could maliciously keep a key after having an attribute changed or revoked, using the old key to decrypt files that they should not have access to with their new key. Additionally, the original CPABE implementation provided does not discuss the selection of the underlying bilinear pairing which is used as the cryptographic primitive for the scheme. This thesis explores different possibilites for improvement to CPABE, in both the choice of bilinear group used, as well as support for key management that does not rely on proxy servers while minimizing the communication overhead. Through this work, it was found that nonsupersingular elliptic curves can be used for CPABE, and Barreto-Naehrig curves allowed the fastest encryption and key generation in CHARM, but were the slowest curves for decryption due to the large size of the output group. Key management was performed by using a key-insulation method, which provided helper keys which allow keys to be transformed over different time periods, with revocation and renewal through key update. Unfortunately, this does not allow immediate revocation, and revoked keys are still valid until the end of the time period during which they are revoked. Discussion of other key management methods is presented to show that immediate key revocation is difficult without using trusted servers to control access

Secure Data Exchange Using Authenticated Attribute-Based Encdryption with Revocation for Environmental Monitoring

Internet of things grown very rapidly, one of them is application smartcity for monitoring the environment. The environmental monitoring use the wireless sensor networks (WSN) technology to collect all of the data. All the data collected by the WSN will be sotred in the Data Center, where all of the data in the Data Center can be accessed by the user everytime and everywhere. The data center without security mechanism is very dangerous because all of data can be tracked and even modified by the users. There are need security mechanism for securing the data and monitoring access from each user. Chipertext Policy Attribute Based-Encryption (CP-ABE) with Authentication and Revocation can become a solution for this problem, where all of data in the data center can be protected with encryption and decryption mechanism. Its jut not protect the data, the security will give a guarantee for originality in the data and can give a control access for user who did the illegal access. The user who did the illegal access will be revoked by the system. Our security mechanism using the CP-ABE and timestamp digital signature using Rivest, Shamir Adleman (RSA) 2048 does not affect to performance of the system

Anonymous and Adaptively Secure Revocable IBE with Constant Size Public Parameters

In Identity-Based Encryption (IBE) systems, key revocation is non-trivial. This is because a user's identity is itself a public key. Moreover, the private key corresponding to the identity needs to be obtained from a trusted key authority through an authenticated and secrecy protected channel. So far, there exist only a very small number of revocable IBE (RIBE) schemes that support non-interactive key revocation, in the sense that the user is not required to interact with the key authority or some kind of trusted hardware to renew her private key without changing her public key (or identity). These schemes are either proven to be only selectively secure or have public parameters which grow linearly in a given security parameter. In this paper, we present two constructions of non-interactive RIBE that satisfy all the following three attractive properties: (i) proven to be adaptively secure under the Symmetric External Diffie-Hellman (SXDH) and the Decisional Linear (DLIN) assumptions; (ii) have constant-size public parameters; and (iii) preserve the anonymity of ciphertexts---a property that has not yet been achieved in all the current schemes

Self-Updatable Encryption: Time Constrained Access Control with Hidden Attributes and Better Efficiency

Revocation and key evolving paradigms are central issues in cryptography, and in PKI in particular. A novel concern related to these areas was raised in the recent work of Sahai, Seyalioglu, and Waters (Crypto 2012) who noticed that revoking past keys should at times (e.g., the scenario of cloud storage) be accompanied by revocation of past ciphertexts (to prevent unread ciphertexts from being read by revoked users). They introduced revocable-storage attribute-based encryption (RS-ABE) as a good access control mechanism for cloud storage. RS-ABE protects against the revoked users not only the future data by supporting key-revocation but also the past data by supporting ciphertext-update, through which a ciphertext at time $T$ can be updated to a new ciphertext at time $T+1$ using only the public key. Motivated by this pioneering work, we ask whether it is possible to have a modular approach, which includes a primitive for time managed ciphertext update as a primitive. We call encryption which supports this primitive a ``self-updatable encryption\u27\u27 (SUE). We then suggest a modular cryptosystems design methodology based on three sub-components: a primary encryption scheme, a key-revocation mechanism, and a time-evolution mechanism which controls the ciphertext self-updating via an SUE method, coordinated with the revocation (when needed). Our goal in this is to allow the self-updating ciphertext component to take part in the design of new and improved cryptosystems and protocols in a flexible fashion. Specifically, we achieve the following results: - We first introduce a new cryptographic primitive called self-updatable encryption (SUE), realizing a time-evolution mechanism. In SUE, a ciphertext and a private key are associated with time. A user can decrypt a ciphertext if its time is earlier than that of his private key. Additionally, anyone (e.g., a cloud server) can update the ciphertext to a ciphertext with a newer time. We also construct an SUE scheme and prove its full security under static assumptions. - Following our modular approach, we present a new RS-ABE scheme with shorter ciphertexts than that of Sahai et al. and prove its security. The length efficiency is mainly due to our SUE scheme and the underlying modularity. - We apply our approach to predicate encryption (PE) supporting attribute-hiding property, and obtain a revocable-storage PE (RS-PE) scheme that is selectively-secure. - We further demonstrate that SUE is of independent interest, by showing it can be used for timed-release encryption (and its applications), and for augmenting key-insulated encryption with forward-secure storage

Bounded-Collusion IBE from Key Homomorphism

In this work, we show how to construct IBE schemes that are secure against a bounded number of collusions, starting with underlying PKE schemes which possess linear homomorphisms over their keys. In particular, this enables us to exhibit a new (bounded-collusion) IBE construction based on the quadratic residuosity assumption, without any need to assume the existence of random oracles. The new IBE’s public parameters are of size O(tλlogI) where I is the total number of identities which can be supported by the system, t is the number of collusions which the system is secure against, and λ is a security parameter. While the number of collusions is bounded, we note that an exponential number of total identities can be supported. More generally, we give a transformation that takes any PKE satisfying Linear Key Homomorphism, Identity Map Compatibility, and the Linear Hash Proof Property and translates it into an IBE secure against bounded collusions. We demonstrate that these properties are more general than our quadratic residuosity-based scheme by showing how a simple PKE based on the DDH assumption also satisfies these properties.National Science Foundation (U.S.) (NSF CCF-0729011)National Science Foundation (U.S.) (NSF CCF-1018064)United States. Defense Advanced Research Projects Agency (DARPA FA8750-11-2-0225