Conditional Proxy Broadcast Re-Encryption

A*STA

Efficient Conditional Proxy Re-encryption with Chosen-Ciphertext Security

Recently, a variant of proxy re-encryption, named conditional proxy re-encryption (C-PRE), has been introduced. Compared with traditional proxy re-encryption, C-PRE enables the delegator to implement fine-grained delegation of decryption rights, and thus is more useful in many applications. In this paper, based on a careful observation on the existing definitions and security notions for C-PRE, we reformalize more rigorous definition and security notions for C-PRE. We further propose a more efficient C-PRE scheme, and prove its chosenciphertext security under the decisional bilinear Diffie-Hellman (DBDH) assumption in the random oracle model. In addition, we point out that a recent C-PRE scheme fails to achieve the chosen-ciphertext security

PRE+: dual of proxy re-encryption for secure cloud data sharing service

With the rapid development of very large, diverse, complex, and distributed datasets generated from internet transactions, emails, videos, business information systems, manufacturing industry, sensors and internet of things etc., cloud and big data computation have emerged as a cornerstone of modern applications. Indeed, on the one hand, cloud and big data applications are becoming a main driver for economic growth. On the other hand, cloud and big data techniques may threaten people and enterprises’ privacy and security due to ever increasing exposure of their data to massive access. In this paper, aiming at providing secure cloud data sharing services in cloud storage, we propose a scalable and controllable cloud data sharing framework for cloud users (called: Scanf). To this end, we introduce a new cryptographic primitive, namely, PRE+, which can be seen as the dual of traditional proxy re-encryption (PRE) primitive. All the traditional PRE schemes until now require the delegator (or the delegator and the delegatee cooperatively) to generate the re-encryption keys. We observe that this is not the only way to generate the re-encryption keys, the encrypter also has the ability to generate re-encryption keys. Based on this observation, we construct a new PRE+ scheme, which is almost the same as the traditional PRE scheme except the re-encryption keys generated by the encrypter. Compared with PRE, our PRE+ scheme can easily achieve the non-transferable property and message-level based fine-grained delegation. Thus our Scanf framework based on PRE+ can also achieve these two properties, which is very important for users of cloud storage sharing service. We also roughly evaluate our PRE+ scheme’s performance and the results show that our scheme is efficient and practica for cloud data storage applications.Peer ReviewedPostprint (author's final draft

MLAS: Multiple level authentication scheme for VANETs

The vehicular ad hoc network (VANET) is an emerging type of network which enables vehicles on roads to inter-communicate for driving safety. The basic idea is to allow arbitrary vehicles to broadcast ad hoc messages (e.g. traffic accidents) to other vehicles. However, this raises the concern of security and privacy. Messages should be signed and verified before they are trusted while the real identity of vehicles should not be revealed, but traceable by authorized party. Existing solutions either rely too heavily on a tamper-proof hardware device, or do not have an effective message verification scheme. In this paper, we propose a multiple level authentication scheme which still makes use of tamper-proof devices but the strong assumption that a long-term system master secret is preloaded into all tamper-proof devices is removed. Instead the master secret can be updated if needed to increase the security level. On the other hand, messages sent by vehicles are classified into two types - regular messages and urgent messages. Regular messages can be verified by neighboring vehicles by means of Hash-based Message Authentication Code (HMAC) while urgent messages can only be verified with the aid of RSUs nearby by means of a conditional privacy-preserving authentication scheme. Copyright 2011 ACM.postprintThe 6th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2011), Hong Kong, China, 22-24 March 2011. In Proceedings of 6th ACM ASIACCS, 2011, p. 471-47

Cost-effective secure e-health cloud system using identity based cryptographic techniques

Nowadays E-health cloud systems are more and more widely employed. However the security of these systems needs more consideration for the sensitive health information of patients. Some protocols on how to secure the e-health cloud system have been proposed, but many of them use the traditional PKI infrastructure to implement cryptographic mechanisms, which is cumbersome for they require every user having and remembering its own public/private keys. Identity based encryption (View the MathML sourceIBE) is a cryptographic primitive which uses the identity information of the user (e.g., email address) as the public key. Hence the public key is implicitly authenticated and the certificate management is simplified. Proxy re-encryption is another cryptographic primitive which aims at transforming a ciphertext under the delegator AA into another ciphertext which can be decrypted by the delegatee BB. In this paper, we describe several identity related cryptographic techniques for securing E-health system, which include new View the MathML sourceIBE schemes, new identity based proxy re-encryption (View the MathML sourceIBPRE) schemes. We also prove these schemes’ security and give the performance analysis, the results show our View the MathML sourceIBPRE scheme is especially highly efficient for re-encryption, which can be used to achieve cost-effective cloud usage.Peer ReviewedPostprint (author's final draft

Secure Authentication and Privacy-Preserving Techniques in Vehicular Ad-hoc NETworks (VANETs)

In the last decade, there has been growing interest in Vehicular Ad Hoc NETworks (VANETs). Today car manufacturers have already started to equip vehicles with sophisticated sensors that can provide many assistive features such as front collision avoidance, automatic lane tracking, partial autonomous driving, suggestive lane changing, and so on. Such technological advancements are enabling the adoption of VANETs not only to provide safer and more comfortable driving experience but also provide many other useful services to the driver as well as passengers of a vehicle. However, privacy, authentication and secure message dissemination are some of the main issues that need to be thoroughly addressed and solved for the widespread adoption/deployment of VANETs. Given the importance of these issues, researchers have spent a lot of effort in these areas over the last decade. We present an overview of the following issues that arise in VANETs: privacy, authentication, and secure message dissemination. Then we present a comprehensive review of various solutions proposed in the last 10 years which address these issues. Our survey sheds light on some open issues that need to be addressed in the future

Semantically Secured Non-Deterministic Blum–Goldwasser Time-Based One-Time Password Cryptography for Cloud Data Storage Security

The security level of outsourced data is significant in cloud storage. Few research works have been designed for secured cloud data storage. However, the data security level was lower because the authentication performance was not effective. In order to overcome such drawbacks, a Semantically Secured Non-Deterministic Blum–Goldwasser Time-Based One-Time Password Cryptography (SSNBTOPC) Technique is proposed. The SSNBTOPC Technique comprises three steps, namely key generation, data encryption and data decryption for improving cloud data storage security with lower cost. Initially, in SSNBTOPC Technique, the client registers his/her detail to the cloud server. After registering, the cloud server generates the public key and secret key for each client. Then, clients in cloud encrypt their data with the public key and send the encrypted data to the cloud server for storing it in the database. Whenever the client needs to store or access the data on cloud storage, the client sends the request message to the cloud server. After getting the requests, cloud server authenticates the clients using their secret key and Time-based One-Time Password (TOTP). After the verification process, SSNBTOPC Technique allows only authorized clients to get data on cloud storage. During data accessing process, the client data is decrypted with their private key. This helps for SSNBTOPC Technique to improve the cloud storage security with a minimal amount of time. The SSNBTOPC Technique carried outs the experimental evaluation using factors such as authentication accuracy, computational cost and data security level with respect to a number of client and data. The experimental result shows that the SSNBTOPC Technique is able to increases the data security level and also reduces the computational cost of cloud storage when compared to state-of-the-art works