32,965 research outputs found
Function-Private Subspace-Membership Encryption and Its Applications
Boneh, Raghunathan, and Segev (CRYPTO \u2713) have recently put forward the notion of function privacy and applied it to identity-based encryption, motivated by the need for providing predicate privacy in public-key searchable encryption. Intuitively, their notion asks that decryption keys reveal essentially no information on their corresponding identities, beyond the absolute minimum necessary. While Boneh et al. showed how to construct function-private identity-based encryption (which implies predicate-private encrypted keyword search), searchable encryption typically requires a richer set of predicates.
In this paper we significantly extend the function privacy framework. First, we introduce the new notion of subspace-membership encryption, a generalization of inner-product encryption, and formalize a meaningful and realistic notion for capturing its function privacy. Then, we present a generic construction of a function-private subspace-membership encryption scheme based on any inner-product encryption scheme. Finally, we show that function-private subspace-membership encryption can be used to construct function-private identity-based encryption. These are the first generic constructions of function-private encryption schemes based on non-function-private ones, resolving one of the main open problems posed by Boneh, Raghunathan, and Segev
REARRANGE BASED ON IDENTITY AND APPLICATION IN EMAIL IN THE CLOUD
Within a CIBPRE system, a trusted key generation center initializes the CIBPRE machine parameters and generates private keys for users. To securely share files to multiple recipients, a sender can secure the files by using the recipients' identities and file discussion conditions. If the sender later wishes to talk about some files related to a similar condition together with other receivers, the sender can delegate a tagged re-encrypted encryption key using the condition for the proxy, as well as the parameters to create the encryption secret of re-archiving. It is beyond the original recipients of these files. Conditional PREs, based on identity and transmission PREs, are suggested for flexible applications. CIBPRE allows a sender to secure a note to multiple receivers by indicating the identities of those receivers, and can also delegate a re-encryption encryption response to a proxy to convert the first encrypted text into a substitute for a different group of recipients. Recipients by CPRE, IPRE and BPRE, this document proposes a flexible primitive known as conditional emission based on PRE identity and formalizes its semantic security. In addition, the re-encryption encryption key can be connected with a condition so that only the corresponding encryption texts can be encrypted again, allowing the initial sender to enforce access control of their remote encryption texts in a very detailed. Finally, we show a credit card application on our CIBPRE to protect the cloud email system that is beneficial to existing secure email systems according to very good privacy protocol or file-based encryption identity
Secure data sharing and processing in heterogeneous clouds
The extensive cloud adoption among the European Public Sector Players empowered them to own and operate a range of cloud infrastructures. These deployments vary both in the size and capabilities, as well as in the range of employed technologies and processes. The public sector, however, lacks the necessary technology to enable effective, interoperable and secure integration of a multitude of its computing clouds and services. In this work we focus on the federation of private clouds and the approaches that enable secure data sharing and processing among the collaborating infrastructures and services of public entities. We investigate the aspects of access control, data and security policy languages, as well as cryptographic approaches that enable fine-grained security and data processing in semi-trusted environments. We identify the main challenges and frame the future work that serve as an enabler of interoperability among heterogeneous infrastructures and services. Our goal is to enable both security and legal conformance as well as to facilitate transparency, privacy and effectivity of private cloud federations for the public sector needs. © 2015 The Authors
Server-Aided Revocable Predicate Encryption: Formalization and Lattice-Based Instantiation
Efficient user revocation is a necessary but challenging problem in many
multi-user cryptosystems. Among known approaches, server-aided revocation
yields a promising solution, because it allows to outsource the major workloads
of system users to a computationally powerful third party, called the server,
whose only requirement is to carry out the computations correctly. Such a
revocation mechanism was considered in the settings of identity-based
encryption and attribute-based encryption by Qin et al. (ESORICS 2015) and Cui
et al. (ESORICS 2016), respectively.
In this work, we consider the server-aided revocation mechanism in the more
elaborate setting of predicate encryption (PE). The latter, introduced by Katz,
Sahai, and Waters (EUROCRYPT 2008), provides fine-grained and role-based access
to encrypted data and can be viewed as a generalization of identity-based and
attribute-based encryption. Our contribution is two-fold. First, we formalize
the model of server-aided revocable predicate encryption (SR-PE), with rigorous
definitions and security notions. Our model can be seen as a non-trivial
adaptation of Cui et al.'s work into the PE context. Second, we put forward a
lattice-based instantiation of SR-PE. The scheme employs the PE scheme of
Agrawal, Freeman and Vaikuntanathan (ASIACRYPT 2011) and the complete subtree
method of Naor, Naor, and Lotspiech (CRYPTO 2001) as the two main ingredients,
which work smoothly together thanks to a few additional techniques. Our scheme
is proven secure in the standard model (in a selective manner), based on the
hardness of the Learning With Errors (LWE) problem.Comment: 24 page
WARP: A ICN architecture for social data
Social network companies maintain complete visibility and ownership of the
data they store. However users should be able to maintain full control over
their content. For this purpose, we propose WARP, an architecture based upon
Information-Centric Networking (ICN) designs, which expands the scope of the
ICN architecture beyond media distribution, to provide data control in social
networks. The benefit of our solution lies in the lightweight nature of the
protocol and in its layered design. With WARP, data distribution and access
policies are enforced on the user side. Data can still be replicated in an ICN
fashion but we introduce control channels, named \textit{thread updates}, which
ensures that the access to the data is always updated to the latest control
policy. WARP decentralizes the social network but still offers APIs so that
social network providers can build products and business models on top of WARP.
Social applications run directly on the user's device and store their data on
the user's \textit{butler} that takes care of encryption and distribution.
Moreover, users can still rely on third parties to have high-availability
without renouncing their privacy
- …