Searchable atribute-based mechanism with efficiient data sharing for secure cloud storage

To date, the growth of electronic personal data leads to a trend that data owners prefer to remotely outsource their data to clouds for the enjoyment of the high-quality retrieval and storage service without worrying the burden of local data management and maintenance. However, secure share and search for the outsourced data is a formidable task, which may easily incur the leakage of sensitive personal information. Efficient data sharing and searching with security is of critical importance. This paper, for the first time, proposes a searchable attribute-based proxy re-encryption system. When compared to existing systems only supporting either searchable attribute-based functionality or attribute-based proxy re-encryption, our new primitive supports both abilities and provides flexible keyword update service. Specifically, the system enables a data owner to efficiently share his data to a specified group of users matching a sharing policy and meanwhile, the data will maintain its searchable property but also the corresponding search keyword(s) can be updated after the data sharing. The new mechanism is applicable to many real-world applications, such as electronic health record systems. It is also proved chosen ciphertext secure in the random oracle model

Efficient cryptographic primitives: Secure comparison, binary decomposition and proxy re-encryption

”Data outsourcing becomes an essential paradigm for an organization to reduce operation costs on supporting and managing its IT infrastructure. When sensitive data are outsourced to a remote server, the data generally need to be encrypted before outsourcing. To preserve the confidentiality of the data, any computations performed by the server should only be on the encrypted data. In other words, the encrypted data should not be decrypted during any stage of the computation. This kind of task is commonly termed as query processing over encrypted data (QPED). One natural solution to solve the QPED problem is to utilize fully homomorphic encryption. However, fully homomorphic encryption is yet to be practical. The second solution is to adopt multi-server setting. However, the existing work is not efficient. Their implementations adopt costly primitives, such as secure comparison, binary decomposition among others, which reduce the efficiency of the whole protocols. Therefore, the improvement of these primitives results in high efficiency of the protocols. To have a well-defined scope, the following types of computations are considered: secure comparison (CMP), secure binary decomposition (SBD) and proxy re-encryption (PRE). We adopt the secret sharing scheme and paillier public key encryption as building blocks, and all computations can be done on the encrypted data by utilizing multiple servers. We analyze the security and the complexity of our proposed protocols, and their efficiencies are evaluated by comparing with the existing solutions.”--Abstract, page iii

PRE+: dual of proxy re-encryption for secure cloud data sharing service

With the rapid development of very large, diverse, complex, and distributed datasets generated from internet transactions, emails, videos, business information systems, manufacturing industry, sensors and internet of things etc., cloud and big data computation have emerged as a cornerstone of modern applications. Indeed, on the one hand, cloud and big data applications are becoming a main driver for economic growth. On the other hand, cloud and big data techniques may threaten people and enterprises’ privacy and security due to ever increasing exposure of their data to massive access. In this paper, aiming at providing secure cloud data sharing services in cloud storage, we propose a scalable and controllable cloud data sharing framework for cloud users (called: Scanf). To this end, we introduce a new cryptographic primitive, namely, PRE+, which can be seen as the dual of traditional proxy re-encryption (PRE) primitive. All the traditional PRE schemes until now require the delegator (or the delegator and the delegatee cooperatively) to generate the re-encryption keys. We observe that this is not the only way to generate the re-encryption keys, the encrypter also has the ability to generate re-encryption keys. Based on this observation, we construct a new PRE+ scheme, which is almost the same as the traditional PRE scheme except the re-encryption keys generated by the encrypter. Compared with PRE, our PRE+ scheme can easily achieve the non-transferable property and message-level based fine-grained delegation. Thus our Scanf framework based on PRE+ can also achieve these two properties, which is very important for users of cloud storage sharing service. We also roughly evaluate our PRE+ scheme’s performance and the results show that our scheme is efficient and practica for cloud data storage applications.Peer ReviewedPostprint (author's final draft

Offline privacy preserving proxy re-encryption in mobile cloud computing

This paper addresses the always online behavior of the data owner in proxy re- encryption schemes for re-encryption keys issuing. We extend and adapt multi-authority ciphertext policy attribute based encryption techniques to type-based proxy re-encryption to build our solution. As a result, user authentication and user authorization are moved to the cloud server which does not require further interaction with the data owner, data owner and data users identities are hidden from the cloud server, and re-encryption keys are only issued to legitimate users. An in depth analysis shows that our scheme is secure, flexible and efficient for mobile cloud computing

Mutual query data sharing protocol for public key encryption through chosen-ciphertext attack in cloud environment

In this paper, we are proposing a mutual query data sharing protocol (MQDS) to overcome the encryption or decryption time limitations of exiting protocols like Boneh, rivest shamir adleman (RSA), Multi-bit transposed ring learning parity with noise (TRLPN), ring learning parity with noise (Ring-LPN) cryptosystem, key-Ordered decisional learning parity with noise (kO-DLPN), and KD_CS protocol’s. Titled scheme is to provide the security for the authenticated user data among the distributed physical users and devices. The proposed data sharing protocol is designed to resist the chosen-ciphertext attack (CCA) under the hardness solution for the query shared-strong diffie-hellman (SDH) problem. The evaluation of proposed work with the existing data sharing protocols in computational and communication overhead through their response time is evaluated

A Provably Secure Conditional Proxy Re-Encryption Scheme without Pairing

Blaze, Bleumer and Strauss introduced the notion of proxy re-encryption (PRE), which enables a semi-trusted proxy to transform ciphertexts under Alice\u27s public key into ciphertexts under Bob\u27s public key. The important property to note here is, the proxy should not learn anything about the plaintext encrypted. In 2009, Weng et al. introduced the concept of conditional proxy re-encryption (CPRE), which permits the proxy to re-encrypt only ciphertexts satisfying a condition specified by Alice into a ciphertext for Bob. CPRE enables fine-grained delegation of decryption rights useful in many practical scenarios, such as blockchain-enabled distributed cloud storage and encrypted email forwarding. Several CPRE schemes exist in the literature based on costly bilinear pairing operation in the random oracle model. We propose the first construction of an efficient CPRE scheme without pairing, satisfying chosen ciphertext security under the computational Diffie Hellman (CDH) assumption and its variant in the random oracle model

Affiliated Keyword Search Cognomiate Reviewer and Indite Accredit Envoy Inscription Province for E-Harch Clouds

We present a novel cryptographic primitive named as conjunctive keyword search with assigned analyzer and timing empowered intermediary re-encryption work (Re-dtPECK), which is a sort of a period subordinate SE conspire. It could empower patients to appoint incomplete access rights to others to work search works over their records in a constrained day and age. The length of the day and age for the delegatee to search and decode the delegator's scrambled reports can be controlled. Also, the delegatee could be naturally denied of the entrance and inquiry expert after a predetermined time of compelling time. It can likewise bolster the conjunctive keywords hunt and oppose the keyword speculating assaults. By the arrangement, just the assigned analyzer can test the presence of specific keywords. We define a framework demonstrate and a security display for the proposed Re-dtPECK plan to demonstrate that it is an effective plan demonstrated secure in the standard model

Controlled secure social cloud data sharing based on a novel identity based proxy re-encryption plus scheme

Currently we are witnessing a rapid integration of social networks and cloud computing, especially on storing social media contents on cloud storage due to its cheap management and easy accessing at any time and from any place. However, how to securely store and share social media contents such as pictures/videos among social groups is still a very challenging problem. In this paper, we try to tackle this problem by using a new cryptographic primitive: identity based proxy re-encryption plus (IBPRE ), which is a variant of proxy re-encryption (PRE). In PRE, by using re-encryption keys, a ciphertext computed for Alice can be transferred to a new one for Bob. Recently, the concept of PRE plus (PRE) was introduced by Wang et al. In PRE, all the algorithms are almost the same as traditional PRE, except the re-encryption keys are generated by the encrypter instead of the delegator. The message-level based fine-grained delegation property and the weak non-transferable property can be easily achieved by PRE , while traditional PRE cannot achieve them. Based on the 3-linear map, we first propose a new IBE scheme and a new IBPRE scheme, we prove the security of these schemes and give the properties and performance analysis of the new IBPRE scheme. Finally, we propose a new framework based on this new primitive for secure cloud social data sharingPeer ReviewedPostprint (author's final draft

Secure Data Sharing in Cloud Computing: A Comprehensive Review

Cloud Computing is an emerging technology, which relies on sharing computing resources. Sharing of data in the group is not secure as the cloud provider cannot be trusted. The fundamental difficulties in distributed computing of cloud suppliers is Data Security, Sharing, Resource scheduling and Energy consumption. Key-Aggregate cryptosystem used to secure private/public data in the cloud. This key is consistent size aggregate for adaptable decisions of ciphertext in cloud storage. Virtual Machines (VMs) provisioning is effectively empowered the cloud suppliers to effectively use their accessible resources and get higher benefits. The most effective method to share information resources among the individuals from the group in distributed storage is secure, flexible and efficient. Any data stored in different cloud data centers are corrupted, recovery using regenerative coding. Security is provided many techniques like Forward security, backward security, Key-Aggregate cryptosystem, Encryption and Re-encryption etc. The energy is reduced using Energy-Efficient Virtual Machines Scheduling in Multi-Tenant Data Centers

Public Key Encryption with Keyword Search from Lattices in Multiuser Environments

A public key encryption scheme with keyword search capabilities is proposed using lattices for applications in multiuser environments. The proposed scheme enables a cloud server to check if any given encrypted data contains certain keywords specified by multiple users, but the server would not have knowledge of the keywords specified by the users or the contents of the encrypted data, which provides data privacy as well as privacy for user queries in multiuser environments. It can be proven secure under the standard learning with errors assumption in the random oracle model