Non-Transferable Proxy Re-Encryption Scheme

SEC8: Selected topics in Information SecurityA proxy re-encryption (PRE) scheme allows a proxy to re-encrypt a ciphertext for Alice (delegator) to a ciphertext for Bob (delegatee) without seeing the underlying plaintext. However, existing PRE schemes generally suffer from at least one of the followings. Some schemes fail to provide the non-transferable property in which the proxy and the delegatee can collude to further delegate the decryption right to anyone. This is the main open problem left for PRE schemes. Other schemes assume the existence of a fully trusted private key generator (PKG) to generate the re-encryption key to be used by the proxy for re-encrypting a given ciphertext for a target delegatee. But this poses two problems in PRE schemes if the PKG is malicious: the PKG in their schemes may decrypt both original ciphertexts and re-encrypted ciphertexts (referred as the key escrow problem); and the PKG can generate reencryption key for arbitrary delegatees without permission from the delegator (we refer to it as the PKG despotism problem). In this paper, we propose the first non-transferable proxy re-encryption scheme which successfully achieves the nontransferable property. We show that the new scheme solved the PKG despotism problem and key escrow problem as well. © 2012 IEEE.published_or_final_versio

Non-Transferable Proxy Re-Encryption

Proxy re-encryption (PRE) allows a semi-trusted proxy to transform a ciphertext for Alice into a ciphertext of the same message for Bob. The traditional security notion of PRE focuses on preventing the proxy with the re-encryption key learning anything about the encrypted messages. However, such a basic security requirement is clearly not enough for many scenarios where the proxy can collude with Bob. A desirable security goal is therefore to prevent a malicious proxy colluding with Bob to re-delegate Alice’s decryption right. In 2005, Ateniese, Fu, Green and Hohenberger first proposed this intriguing problem called non-transferability, in the sense that the only way for Bob to transfer Alice’s decryption capability is to expose his own secret key. It captures the notion that Bob cannot collude with the proxy and transfer Alice’s decryption right without compromising his own decryption capability. However, over the last decade, no solutions have achieved this property. In this paper, we positively resolve this open problem. In particular, we give the first construction of nontransferable proxy re-encryption where the attacker is allowed to obtain one pair of keys consisting of Bob’s secret key and the corresponding re-encryption key. Using indistinguishability obfuscation and k-unforgeable authentication as main tools, our scheme is provably secure in the standard model. The essential idea behind our approach is to allow Bob’s secret key to be evoked in the process of decrypting Alice’s ciphertext while hiding the fact that only Bob could decrypt it by the obfuscated program. In addition, we also show a negative result: a CPA secure proxy re-encryption scheme with “error-freeness” property cannot be non-transferable

Non-Transferable Proxy Re-Encryption Scheme for Data Dissemination Control

A proxy re-encryption (PRE) scheme allows a proxy to re-encrypt a ciphertext for Alice (delegator) to a ciphertext for Bob (delegatee) without seeing the underlying plaintext. With the help of the proxy, Alice can delegate the decryption right to any delegatee. However, existing PRE schemes generally suffer from at least one of the followings. Some schemes fail to provide the non-transferable property in which the proxy and the delegatee can collude to further delegate the decryption right to anyone. This is the main open problem left for PRE schemes. Other schemes assume the existence of a fully trusted private key generator (PKG) to generate the re-encryption key to be used by the proxy for re-encrypting a given ciphertext for a target delegatee. But this poses two problems in PRE schemes if the PKG is malicious: the PKG in their schemes may decrypt both original ciphertexts and re-encrypted ciphertexts (referred as the key escrow problem); and the PKG can generate re-encryption key for arbitrary delegatees without permission from the delegator (we refer to it as the PKG despotism problem). In this paper, we propose the first non-transferable proxy re-encryption scheme which successfully achieves the non-transferable property. We also reduce the full trust in PKG, only a limited amount of trust is placed in the proxy and PKG. We show that the new scheme solved the PKG despotism problem and key escrow problem as well. Further, we find that the new scheme satisfies requirements of data dissemination control which is also a challenging goal for data security. We explore the potential of adopting our new scheme to achieve data dissemination control and implement a non-transferable re-encryption based encrypted PC/USB file system. Performance measurements of our scheme demonstrate that non-transferable re-encryption is practical and efficient

Non-transferable unidirectional proxy re-encryption scheme for secure social cloud storage sharing

(c) 2016 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other users, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works for resale or redistribution to servers or lists, or reuse of any copyrighted components of this work in other works.Proxy re-encryption (PRE), introduced by Blaze et al. in 1998, allows a semi-trusted proxy with the re-encryption key to translatea ciphertext under the delegator into another ciphertext, which can be decrypted by the delegatee. In this process, the proxy is required to know nothing about the plaintext. Many PRE schemes have been proposed so far, however until now almost all the unidirectional PRE schemes suffer from the transferable property. That is, if the proxy and a set of delegatees collude, they can re-delegate the delegator's decryption rights to the other ones, while the delegator has no agreement on this. Thus designing non-transferable unidirectional PRE scheme is an important open research problem in the field. In this paper, we tackle this open problem by using the composite order bilinear pairing. Concretely, we design a non-transferable unidirectional PRE scheme based on Hohenberger et al.'s unidirectional PRE scheme. Furthermore, we discuss our scheme's application to secure cloud storage, especially for sharing private multimedia content for social cloud storage users.Peer ReviewedPostprint (author's final draft

Avoid illegal encrypted DRM content sharing with non-transferable re-encryption

Digital rights management (DRM) technology enables valuable electronic media content distribution while preserving content providers' rights and revenues. Traditional DRM system utilizes security techniques to restrict copying of media content or allow only a single copy to be made. However consumers are demanding for the right to make copies for personal use or the right to use content on any device. Several DRM infrastructures have been proposed for secure content sharing. These infrastructures usually require cooperation and participation of both DRM technology providers and content providers; however there is a popular flaw in these schemes: the malicious employees of DRM technology providers can distribute DRM enabled contents to any consumers or make copies of a purchased content accessible to any devices without letting content provider know, thus reducing content providers' benefit. In this paper, we propose a novel DRM infrastructure which is based on a non-transferable re-encryption scheme to solve the above problem inherent in existing DRM infrastructures. In the proposed infrastructure, DRM technology providers and content providers are required to cooperate to make a purchased digital content for a specific device accessible by other different devices, and get extra profit from providing such services. The system preserves DRM technology providers and content providers' security properties while achieving secure and mutual profitable DRM content sharing. Furthermore, we allow content providers to trace the content, and control the content sharing rights. Even when malicious employees in DRM technology providers and DRM agent collude, they cannot re-delegate access rights to any device without permission from content provider, thus preserving content provider's benefit. © 2011 IEEE.published_or_final_versionThe IEEE 13th International Conference on Communication Technology (ICCT 2011), Jinan, China, 25-28 September 2011. In Proceedings of the 13th ICCT, 2011, p. 703-70

PRE+: dual of proxy re-encryption for secure cloud data sharing service

With the rapid development of very large, diverse, complex, and distributed datasets generated from internet transactions, emails, videos, business information systems, manufacturing industry, sensors and internet of things etc., cloud and big data computation have emerged as a cornerstone of modern applications. Indeed, on the one hand, cloud and big data applications are becoming a main driver for economic growth. On the other hand, cloud and big data techniques may threaten people and enterprises’ privacy and security due to ever increasing exposure of their data to massive access. In this paper, aiming at providing secure cloud data sharing services in cloud storage, we propose a scalable and controllable cloud data sharing framework for cloud users (called: Scanf). To this end, we introduce a new cryptographic primitive, namely, PRE+, which can be seen as the dual of traditional proxy re-encryption (PRE) primitive. All the traditional PRE schemes until now require the delegator (or the delegator and the delegatee cooperatively) to generate the re-encryption keys. We observe that this is not the only way to generate the re-encryption keys, the encrypter also has the ability to generate re-encryption keys. Based on this observation, we construct a new PRE+ scheme, which is almost the same as the traditional PRE scheme except the re-encryption keys generated by the encrypter. Compared with PRE, our PRE+ scheme can easily achieve the non-transferable property and message-level based fine-grained delegation. Thus our Scanf framework based on PRE+ can also achieve these two properties, which is very important for users of cloud storage sharing service. We also roughly evaluate our PRE+ scheme’s performance and the results show that our scheme is efficient and practica for cloud data storage applications.Peer ReviewedPostprint (author's final draft

Non-Transferable Proxy Re-Encryption for Group Membership/ Non- Group Membership

In proxy re-encryption (PRE) scheme themessage is sent by a delegator to a delegatee with ahelp of the trusted third party proxy without knowingthe existing plaintext. PRE schemes are widely usedin various applications. However, the standard PREscheme has some proxy problems called private keygenerator (PKG) despotism problem. This means thatPKG can make re-encryption key without gettingpermission from the delegator. And also, most of thePRE schemes have the key-escrow problem. Ifsomeone can attack PKG in PRE scheme, they candecrypt both the original ciphertext and the reencryptedciphertext which means the key-escrowproblem. A solution for these two problems is to usenon-transferable PRE scheme. Non-transferable PREscheme solved the above PKG despotism problemand key-escrow problem. We would like to introduceour PRE scheme with a new approach. In ourscheme, there are three sub-processes, which arebased on non-transferable PRE scheme and groupsignature. Our scheme will provide the security fordelegator i, delegatee j (who is in the same groupwith delegator i), and delegatee k (who is in adifferent group from delegator i)

Protecting security in cloud and distributed environments

Encryption helps to ensure that information within a session is not compromised. Authentication and access control measures ensure legitimate and appropriate access to information, and prevent inappropriate access to such resources. While encryption, authentication and access control each has its own responsibility in securing a communication session, a combination of these three mechanisms can provide much better protection for information. This thesis addresses encryption, authentication and access control related problems in cloud and distributed environments, since these problems are very common in modern organization environment. The first one is a User-friendly Location-free Encryption System for Mobile Users (UFLE). It is an encryption and authentication system which provides maximum security to sensitive data in distributed environment: corporate, home and outdoors scenarios, but requires minimum user effort (i.e. no biometric entry, or possession of cryptographic tokens) to access the data. It makes users securely and easily access data any time and any place, as well as avoids data breach due to stolen/lost laptops and USB flash. The multi-factor authentication protocol provided in this scheme is also applicable to cloud storage. The second one is a Simple Privacy-Preserving Identity-Management for Cloud Environment (SPICE). It is the first digital identity management system that can satisfy “unlinkability”and “delegatable authentication” in addition to other desirable properties in cloud environment. Unlinkability ensures that none of the cloud service providers (CSPs), even if they collude, can link the transactions of the same user. On the other hand, delegatable authentication is unique to the cloud platform, in which several CSPs may join together to provide a packaged service, with one of them being the source provider which interacts with the clients and performs authentication, while the others are receiving CSPs which will be transparent to the clients. The authentication should be delegatable such that the receiving CSP can authenticate a user without a direct communication with either the user or the registrar, and without fully trusting the source CSP. The third one addresses re-encryption based access control issue in cloud and distributed storage. We propose the first non-transferable proxy re-encryption scheme [16] which successfully achieves the non-transferable property. Proxy re-encryption allows a third-party (the proxy) to re-encrypt a ciphertext which has been encrypted for one party without seeing the underlying plaintext so that it can be decrypted by another. A proxy re-encryption scheme is said to be non-transferable if the proxy and a set of colluding delegatees cannot re-delegate decryption rights to other parties. The scheme can be utilized for a content owner to delegate content decryption rights to users in the untrusted cloud storage. The advantages of using such scheme are: decryption keys are managed by the content owner, and plaintext is always hidden from cloud provider.published_or_final_versionComputer ScienceDoctoralDoctor of Philosoph