Identity based proxy re-encryption scheme (IBPRE+) for secure cloud data sharing

(c) 2016 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other users, including reprinting/ republishing this material for advertising or promotional purposes, creating new collective works for resale or redistribution to servers or lists, or reuse of any copyrighted components of this work in other works.In proxy re-encryption (PRE), a proxy with re-encryption keys can transfer aciphertext computed under Alice's public key into a new one, which can be decrypted by Bob only with his secret key. Recently, Wang et al. introduced the concept of PRE plus (PRE+) scheme, which can be seen as the dual of PRE, and is almost the same as PRE scheme except that the re-encryption keys are generated by the encrypter. Compared to PRE, PRE+ scheme can easily achieve two important properties: first, the message-level based fine-grained delegation and, second, the non-transferable property. In this paper, we extend the concept of PRE+ to the identity based setting. We propose a concrete IBPRE+ scheme based on 3-linear map and roughly discuss its properties. We also demonstrate potential application of this new primitive to secure cloud data sharing.Peer ReviewedPostprint (author's final draft

A Type-and-Identity-based Proxy Re-Encryption Scheme and its Application in Healthcare

Proxy re-encryption is a cryptographic primitive developed to delegate the decryption right from one party (the delegator) to another (the delegatee). In a proxy re-encryption scheme, the delegator assigns a key to a proxy to re-encrypt all messages encrypted with his public key such that the re-encrypted ciphertexts can be decrypted with the delegatee’s private key. We propose a type-and-identity-based proxy re-encryption scheme based on the Boneh-Franklin Identity Based Encryption (IBE) scheme. In our scheme, the delegator can categorize messages into different types and delegate the decryption right of each type to the delegatee through a proxy. Our scheme enables the delegator to provide the proxy fine-grained re-encryption capability. As an application, we propose a fine-grained Personal Health Record (PHR) disclosure scheme for healthcare service by applying the proposed scheme

New Construction of Identity-based Proxy Re-encryption

A proxy re-encryption (PRE) scheme involves three parties: Alice, Bob, and a proxy. PRE allows the proxy to translate a ciphertext encrypted under Alice\u27s public key into one that can be decrypted by Bob\u27s secret key. We present a general method to construct an identity-based proxy re-encryption scheme from an existing identity-based encryption scheme. The transformed scheme satisfies the properties of PRE, such as unidirectionality, non-interactivity and multi-use. Moreover, the proposed scheme has master key security, allows the encryptor to decide whether the ciphertext can be re-encrypted

Identity-based data storage in cloud computing

Identity-based proxy re-encryption schemes have been proposed to shift the burden of managing numerous files from the owner to a proxy server. Nevertheless, the existing solutions suffer from several drawbacks. First, the access permission is determined by the central authority, which makes the scheme impractical. Second, they are insecure against collusion attacks. Finally, only queries from the same domain (intra-domain) are considered. We note that one of the main applications of identity-based proxy re-encryption schemes is in the cloud computing scenario. Nevertheless, in this scenario, users in different domains can share files with each other. Therefore, the existing solutions do not actually solve the motivating scenario, when the scheme is applicable for cloud computing. Hence, it remains an interesting and challenging research problem to design an identity-based data storage scheme which is secure against collusion attacks and supports intra-domain and inter-domain queries. In this paper, we propose an identity-based data storage scheme where both queries from the intra-domain and inter-domain are considered and collusion attacks can be resisted. Furthermore, the access permission can be determined by the owner independently. © 2012 Elsevier B.V. All rights reserved

A CCA-secure collusion-resistant Identity-based Proxy Re-encryption Scheme

Cloud storage enables its users to store confidential information as encrypted files in the cloud. A cloud user (say Alice) can share her encrypted files with another user (say Bob) by availing proxy re-encryption services of the cloud. Proxy Re-Encryption (PRE) is a cryptographic primitive that allows transformation of ciphertexts from Alice to Bob via a semi-trusted proxy, who should not learn anything about the shared message. Typically, the re-encryption rights are enabled only for a bounded, fixed time and malicious parties may want to decrypt or learn messages encrypted for Alice, even beyond that time. The basic security notion of PRE assumes the proxy (cloud) is semi-trusted, which is seemingly insufficient in practical applications. The proxy may want to collude with Bob to obtain the private keys of Alice for later use. Such an attack is called collusion attack, allowing colluders to illegally access all encrypted information of Alice in the cloud. Hence, achieving collusion resistance is indispensable to real-world scenarios. Realizing collusion-resistant PRE has been an interesting problem in the ID-based setting. To this end, several attempts have been made to construct a collusion-resistant IB-PRE scheme and we discuss their properties and weaknesses in this paper. We also present a new collusion-resistant IB-PRE scheme that meets the adaptive CCA security under the decisional bilinear Diffie-Hellman hardness assumption and its variant in the random oracle model

Controlled secure social cloud data sharing based on a novel identity based proxy re-encryption plus scheme

Currently we are witnessing a rapid integration of social networks and cloud computing, especially on storing social media contents on cloud storage due to its cheap management and easy accessing at any time and from any place. However, how to securely store and share social media contents such as pictures/videos among social groups is still a very challenging problem. In this paper, we try to tackle this problem by using a new cryptographic primitive: identity based proxy re-encryption plus (IBPRE ), which is a variant of proxy re-encryption (PRE). In PRE, by using re-encryption keys, a ciphertext computed for Alice can be transferred to a new one for Bob. Recently, the concept of PRE plus (PRE) was introduced by Wang et al. In PRE, all the algorithms are almost the same as traditional PRE, except the re-encryption keys are generated by the encrypter instead of the delegator. The message-level based fine-grained delegation property and the weak non-transferable property can be easily achieved by PRE , while traditional PRE cannot achieve them. Based on the 3-linear map, we first propose a new IBE scheme and a new IBPRE scheme, we prove the security of these schemes and give the properties and performance analysis of the new IBPRE scheme. Finally, we propose a new framework based on this new primitive for secure cloud social data sharingPeer ReviewedPostprint (author's final draft