Attribute-based encryption with verifiable outsourced decryption

Ministry of Education, Singapore under its Academic Research Funding Tier 1; Singapore Management University; Agency for Science, Technology and Research (A*STAR) SERC Gran

A Survey of Research Progress and Development Tendency of Attribute-Based Encryption

With the development of cryptography, the attribute-based encryption (ABE) draws widespread attention of the researchers in recent years. The ABE scheme, which belongs to the public key encryption mechanism, takes attributes as public key and associates them with the ciphertext or the user’s secret key. It is an efficient way to solve open problems in access control scenarios, for example, how to provide data confidentiality and expressive access control at the same time. In this paper, we survey the basic ABE scheme and its two variants: the key-policy ABE (KP-ABE) scheme and the ciphertext-policy ABE (CP-ABE) scheme. We also pay attention to other researches relating to the ABE schemes, including multiauthority, user/attribute revocation, accountability, and proxy reencryption, with an extensive comparison of their functionality and performance. Finally, possible future works and some conclusions are pointed out

Public Key Encryption with Keyword Search from Lattices in Multiuser Environments

A public key encryption scheme with keyword search capabilities is proposed using lattices for applications in multiuser environments. The proposed scheme enables a cloud server to check if any given encrypted data contains certain keywords specified by multiple users, but the server would not have knowledge of the keywords specified by the users or the contents of the encrypted data, which provides data privacy as well as privacy for user queries in multiuser environments. It can be proven secure under the standard learning with errors assumption in the random oracle model

Offline privacy preserving proxy re-encryption in mobile cloud computing

This paper addresses the always online behavior of the data owner in proxy re- encryption schemes for re-encryption keys issuing. We extend and adapt multi-authority ciphertext policy attribute based encryption techniques to type-based proxy re-encryption to build our solution. As a result, user authentication and user authorization are moved to the cloud server which does not require further interaction with the data owner, data owner and data users identities are hidden from the cloud server, and re-encryption keys are only issued to legitimate users. An in depth analysis shows that our scheme is secure, flexible and efficient for mobile cloud computing

IST Austria Thesis

Many security definitions come in two flavors: a stronger “adaptive” flavor, where the adversary can arbitrarily make various choices during the course of the attack, and a weaker “selective” flavor where the adversary must commit to some or all of their choices a-priori. For example, in the context of identity-based encryption, selective security requires the adversary to decide on the identity of the attacked party at the very beginning of the game whereas adaptive security allows the attacker to first see the master public key and some secret keys before making this choice. Often, it appears to be much easier to achieve selective security than it is to achieve adaptive security. A series of several recent works shows how to cleverly achieve adaptive security in several such scenarios including generalized selective decryption [Pan07][FJP15], constrained PRFs [FKPR14], and Yao’s garbled circuits [JW16]. Although the above works expressed vague intuition that they share a common technique, the connection was never made precise. In this work we present a new framework (published at Crypto ’17 [JKK+17a]) that connects all of these works and allows us to present them in a unified and simplified fashion. Having the framework in place, we show how to achieve adaptive security for proxy re-encryption schemes (published at PKC ’19 [FKKP19]) and provide the first adaptive security proofs for continuous group key agreement protocols (published at S&P ’21 [KPW+21]). Questioning optimality of our framework, we then show that currently used proof techniques cannot lead to significantly better security guarantees for "graph-building" games (published at TCC ’21 [KKPW21a]). These games cover generalized selective decryption, as well as the security of prominent constructions for constrained PRFs, continuous group key agreement, and proxy re-encryption. Finally, we revisit the adaptive security of Yao’s garbled circuits and extend the analysis of Jafargholi and Wichs in two directions: While they prove adaptive security only for a modified construction with increased online complexity, we provide the first positive results for the original construction by Yao (published at TCC ’21 [KKP21a]). On the negative side, we prove that the results of Jafargholi and Wichs are essentially optimal by showing that no black-box reduction can provide a significantly better security bound (published at Crypto ’21 [KKPW21c])

THE SYMMETRIC ENCRYPTION SCHEME FOR FORWARD SECURITY IN CLOUD COMPUTING

Cloud computing is the progressive industrial of IT projects, giving advantageous remote access to data storage and application services. While this re-appropriated storage model can possibly bring incredible prudent reserve funds for data proprietors and clients, however because of wide worries of data proprietors that their private data might be automatically uncovered or taken care of by cloud suppliers. In spite of the fact that start to finish encryption strategies have been proposed as promising answers for secure cloud data storage. In this article, we recognize the framework necessities and difficulties towards accomplishing protection guaranteed accessible re-appropriated cloud data services. This paper present a general system for this, utilizing accessible encryption procedures, which permits encoded data to be looked by clients without spilling data about the data itself and clients questions. The factual measure approach, i.e., pertinence score, from data recovery to fabricate a safe accessible file, and build up a one-to-many request safeguarding mapping procedure to appropriately secure those touchy score data. The subsequent structure can encourage effective server side positioning without losing watchword security

Conditional Attribute-Based Proxy Re-Encryption

Proxy re-encryption (PRE) is a cryptographic primitive that allows a semi-trusted proxy to transfer the decryption rights of ciphertexts in a secure and privacy-preserving manner. This versatile primitive has been extended to several powerful variants, leading to numerous applications, such as e-mail forwarding and content distribution. One such variant is attribute-based PRE (AB-PRE), which provides an expressible access control mechanism by allowing the proxy to switch the underlying policy of an attribute-based encryption (ABE) ciphertext. However, the function of AB-PRE is to convert the underlying policies of all ciphertexts indiscriminately, which lacks the flexibility of ciphertext transformation. Therefore, AB-PRE needs to support the property of conditional delegation. Among the other variants of PRE, there is a variant called conditional PRE (C-PRE), which allows fine-grained delegations by restricting the proxy to performing valid re-encryption only for a limited set of ciphertexts. Unfortunately, existing PRE schemes cannot simultaneously achieve expressible access control mechanisms and fine-grained delegations. Specifically, we require a PRE scheme, via which the proxy can convert the underlying policies of an ABE ciphertext only if this ciphertext is in the set of ciphertexts allowing the proxy to perform valid transformations. To address this problem, we formalize the notion of conditional attribute-based PRE (CAB-PRE) in the honest re-encryption attacks (HRA) model, which is more robust and implies chosen-plaintext attacks (CPA) security, and propose the first CAB-PRE scheme. To construct such a scheme, we design as a building block, the first adaptively HRA-secure (ciphertext-policy) AB-PRE based on the learning with errors (LWE) problem. This scheme solves the open problem left by Susilo et al. in ESORICS\u2721 about how to construct an HRA-secure (ciphertext-policy) AB-PRE scheme, and it should be of independent interest. Then, we introduce a well-matched conditional delegation mechanism for this AB-PRE scheme to derive our adaptively HRA-secure CAB-PRE scheme

A HYBRIDIZED ENCRYPTION SCHEME BASED ON ELLIPTIC CURVE CRYPTOGRAPHY FOR SECURING DATA IN SMART HEALTHCARE

Recent developments in smart healthcare have brought us a great deal of convenience. Connecting common objects to the Internet is made possible by the Internet of Things (IoT). These connected gadgets have sensors and actuators for data collection and transfer. However, if users' private health information is compromised or exposed, it will seriously harm their privacy and may endanger their lives. In order to encrypt data and establish perfectly alright access control for such sensitive information, attribute-based encryption (ABE) has typically been used. Traditional ABE, however, has a high processing overhead. As a result, an effective security system algorithm based on ABE and Fully Homomorphic Encryption (FHE) is developed to protect health-related data. ABE is a workable option for one-to-many communication and perfectly alright access management of encrypting data in a cloud environment. Without needing to decode the encrypted data, cloud servers can use the FHE algorithm to take valid actions on it. Because of its potential to provide excellent security with a tiny key size, elliptic curve cryptography (ECC) algorithm is also used. As a result, when compared to related existing methods in the literature, the suggested hybridized algorithm (ABE-FHE-ECC) has reduced computation and storage overheads. A comprehensive safety evidence clearly shows that the suggested method is protected by the Decisional Bilinear Diffie-Hellman postulate. The experimental results demonstrate that this system is more effective for devices with limited resources than the conventional ABE when the system’s performance is assessed by utilizing standard model

Secure data sharing in cloud computing: a comprehensive review

Cloud Computing is an emerging technology, which relies on sharing computing resources. Sharing of data in the group is not secure as the cloud provider cannot be trusted. The fundamental difficulties in distributed computing of cloud suppliers is Data Security, Sharing, Resource scheduling and Energy consumption. Key-Aggregate cryptosystem used to secure private/public data in the cloud. This key is consistent size aggregate for adaptable decisions of ciphertext in cloud storage. Virtual Machines (VMs) provisioning is effectively empowered the cloud suppliers to effectively use their accessible resources and get higher benefits. The most effective method to share information resources among the individuals from the group in distributed storage is secure, flexible and efficient. Any data stored in different cloud data centers are corrupted, recovery using regenerative coding. Security is provided many techniques like Forward security, backward security, Key-Aggregate cryptosystem, Encryption and Re-encryption etc. The energy is reduced using Energy-Efficient Virtual Machines Scheduling in Multi-Tenant Data Centers