A fully distributed revocable ciphertext-policy hierarchical attribute-based encryption without pairing

Several appealing features of cloud computing such as cost-effectiveness and user-friendliness have made many users and enterprises interested to outsource their sensitive data for sharing via cloud. However, it causes many new challenges toward data confidentiality, access control , scalability, and flexibility. Ciphertext-policy Hierarchical attribute-based encryption (CP-HABE) can be a promising solution to the mentioned problems. But, the existing HABE schemes have several limitations in their key delegation and user revocation mechanisms. In this work, to solve these problems, we introduce the concept of \textit{fully distributed revocable } CP-HABE (FDR-CP-HABE) system and propose the first FDR-CP-HABE scheme. The proposed scheme provides a high level of flexibility and scalability in the key delegation and user revocation mechanisms. Moreover, our proposed system is pairing-free and realizes lightweight computing in decryption phase. Indeed, by exploiting the computational operation outsourcing technique, most of the operations have been done by the powerful cloud service provider and very few computations have been leaved to the data user. Also, in our scheme the storage cost on the data user side has been decreased, compared to the other similar works. Moreover, using the hardness assumption of Decisional Bilinear Diffie-Hellman (DBDH) problem, we show that the proposed scheme is adaptively semantically secure in the standard model

Enhancing Attribute-Based Encryption with Attribute Hierarchy

Attribute-based encryption (ABE) has been envisioned as a promising cryptographic primitive for realizing secure and flexible access control. However, ABE is being criticized for its high scheme overhead as extensive pairing operations are usually required. In this paper, we focus on improving the efficiency of ABE by leveraging a previously overlooked fact, i.e., the often-found hierarchy relationships among the attributes that are inherent in many access control scenarios. As the first research effort along this direction, we coin the notion of hierarchical ABE (HABE), which can be viewed as the generalization of traditional ABE in the sense that both definitions are equal when all attributes are independent. We further give a concrete HABE construction considering a tree hierarchy among the attributes, which is provably secure. More importantly, our construction exhibits significant improvements over the traditional ABE when attribute hierarchies exist

Cryptographic Enforcement of Attribute-based Authentication

Doktorgradsavhandling,This dissertation investigates on the cryptographic enforcement about attributebased authentication (ABA) schemes. ABA is an approach to authenticate users via attributes, which are properties of users to be authenticated, environment conditions such as time and locations. By using attributes in place of users’ identity information, ABA can provide anonymous authentication, or more specifically, ABA enables to keep users anonymous from their authenticators. In addition, the property of least information leakage provides better protection for users’ privacy compared with public key based authentication approaches. These properties make it possible to apply ABA schemes in privacy preserving scenarios, for instance, cloud-based applications. The most important security requirements of ABA schemes consist of anonymity, traceability, unforgeability, unlinkability and collision resistance. In this dissertation, we combine these security requirements with other properties such as hierarchy to divide ABA schemes into different categories, based on which we use examples to demonstrate how to construct these schemes cryptographically. The main contributions of this dissertation include the following aspects: We categorize ABA schemes into different types and describe their structures as well as workflows, such that readers can gain a big picture and a clear view of different ABA schemes and their relations. This categorization serves as a guideline how to design and construct ABA schemes. We provide two examples to demonstrate how to construct ciphertext-policy attribute-based authentication (CP-ABA) schemes via two different approaches. Different from key-policy attribute-based authentication (KP-ABA) schemes, attribute keys generated in CP-ABA schemes are comparatively independent of relations among attributes. Thus compared with KP-ABA, CP-ABA extends the flexibility and usage scope of ABA schemes. We extend the core ABA schemes to hierarchical ABA (HABA) schemes by adding the property of hierarchy. Then we propose two different types of hierarchical structures, i.e., user related hierarchical ABA (U-HABA) and attribute related hierarchical ABA (A-HABA). According to these two hierarchical structures, an example is provided for each type to show how to use cryptographic primitives to build HABA schemes. All ABA schemes discussed above and proposed in this dissertation can be implemented to assist users to achieve anonymous authentication from their authenticators. Therefore, these schemes can offer more opportunities to protect users’ privacy, for example, in attribute-based access control (ABAC) and cloud-based services

Encriptação com predicados baseada em reticulados

Orientadores: Ricardo Dahab, Michel AbdallaTese (doutorado) - Universidade Estadual de Campinas, Instituto de ComputaçãoResumo: Em um sistema de criptografia funcional, uma autoridade de posse de uma chave mestra pode gerar uma chave secreta que permite o cálculo de uma função sobre a mensagem nos dados criptografados. Assim, é possível calcular tal função no texto cifrado usando somente a chave secreta. Exemplos importantes de criptografia funcional são Criptografia Baseada em Identidades, Criptografia Baseada em Atributos, Criptografia com Produto Escalar, Criptografia Difusa Baseada em Identidades, Criptografia de Vector Oculto, Criptografia Baseada em Certificados, Criptografia com Pesquisa de Palavra-Chave e Criptografia Baseada em Identidades com Curinga. Esquemas de criptografia com predicados são uma especialização de esquemas de criptografia funcionais, em que a função utilizada não fornece informações sobre a mensagem, mas determina se a decriptação deve ou não funcionar corretamente. Criptografia baseada em reticulados é uma importante alternativa para os principais sistemas criptográficos utilizados atualmente, uma vez que elas são supostamente seguras contra algoritmos quânticos. O Algoritmo de Shor é capaz de resolver o Problema da Fatoração Inteira e o Problema do Logaritmo Discreto em tempo polinomial em um computador quântico, quebrando os sistemas criptográficos mais usados e importantes atualmente, como o RSA, o Diffie-Hellman e a Criptografia de Curvas Elípticas. Neste trabalho nos concentramos em esquemas de criptografia com predicados baseados em reticulados. Nós estudamos e descrevemos os principais sistemas baseados em reticulados encontrados na literatura, estendendo-os a versões hierárquicas e mostrando como o uso de um reticulado com estrutura ideal afeta a prova de segurança. Para cada esquema, uma prova formal de segurança é detalhada, as análises de complexidade e do tamanho das variáveis são mostradas e a escolha dos parâmetros garantindo o funcionamento correto da decriptação é dadaAbstract: In a functional encryption system, an authority holding a master secret key can generate a key that enables the computation of some function on the encrypted data. Then, using the secret key the decryptor can compute the function from the ciphertext. Important examples of functional encryption are Identity-Based Encryption, Attribute-Based Encryption, Inner Product Encryption, Fuzzy Identity-Based Encryption, Hidden Vector Encryption, Certificate-Based Encryption, Public Key Encryption with Keyword Search and Identity-Based Encryption with Wildcards. Predicate encryption schemes are a specialization of functional encryption schemes, in which the function does not give information of the plaintext, but it determines whether the decryption should or should not work properly. Lattice-Based Cryptography is an important alternative to the main cryptographic systems used today, since they are conjectured to be secure against quantum algorithms. Shor's algorithm is capable of solving the Integer Factorization Problem and the Discrete Logarithm Problem in polynomial time on a quantum computer, breaking the most used and important cryptosystems such as RSA, Diffie-Hellman and Elliptic Curve Cryptography. In this work we focus on Lattice-Based Predicate Encryption. We study and describe the main lattice-based schemes found in the literature, extending them to hierarchical versions and showing how the use of ideal lattice affects their security proof. For each scheme, a formal proof of security is detailed, analyses of complexity and variable's size are shown and the parameter's choice ensuring that the decryption works correctly is givenDoutoradoCiência da ComputaçãoDoutora em Ciência da Computaçã