Non-Transferable Proxy Re-Encryption Scheme

SEC8: Selected topics in Information SecurityA proxy re-encryption (PRE) scheme allows a proxy to re-encrypt a ciphertext for Alice (delegator) to a ciphertext for Bob (delegatee) without seeing the underlying plaintext. However, existing PRE schemes generally suffer from at least one of the followings. Some schemes fail to provide the non-transferable property in which the proxy and the delegatee can collude to further delegate the decryption right to anyone. This is the main open problem left for PRE schemes. Other schemes assume the existence of a fully trusted private key generator (PKG) to generate the re-encryption key to be used by the proxy for re-encrypting a given ciphertext for a target delegatee. But this poses two problems in PRE schemes if the PKG is malicious: the PKG in their schemes may decrypt both original ciphertexts and re-encrypted ciphertexts (referred as the key escrow problem); and the PKG can generate reencryption key for arbitrary delegatees without permission from the delegator (we refer to it as the PKG despotism problem). In this paper, we propose the first non-transferable proxy re-encryption scheme which successfully achieves the nontransferable property. We show that the new scheme solved the PKG despotism problem and key escrow problem as well. © 2012 IEEE.published_or_final_versio

Non-Transferable Proxy Re-Encryption

Proxy re-encryption (PRE) allows a semi-trusted proxy to transform a ciphertext for Alice into a ciphertext of the same message for Bob. The traditional security notion of PRE focuses on preventing the proxy with the re-encryption key learning anything about the encrypted messages. However, such a basic security requirement is clearly not enough for many scenarios where the proxy can collude with Bob. A desirable security goal is therefore to prevent a malicious proxy colluding with Bob to re-delegate Alice’s decryption right. In 2005, Ateniese, Fu, Green and Hohenberger first proposed this intriguing problem called non-transferability, in the sense that the only way for Bob to transfer Alice’s decryption capability is to expose his own secret key. It captures the notion that Bob cannot collude with the proxy and transfer Alice’s decryption right without compromising his own decryption capability. However, over the last decade, no solutions have achieved this property. In this paper, we positively resolve this open problem. In particular, we give the first construction of nontransferable proxy re-encryption where the attacker is allowed to obtain one pair of keys consisting of Bob’s secret key and the corresponding re-encryption key. Using indistinguishability obfuscation and k-unforgeable authentication as main tools, our scheme is provably secure in the standard model. The essential idea behind our approach is to allow Bob’s secret key to be evoked in the process of decrypting Alice’s ciphertext while hiding the fact that only Bob could decrypt it by the obfuscated program. In addition, we also show a negative result: a CPA secure proxy re-encryption scheme with “error-freeness” property cannot be non-transferable

Non-Transferable Proxy Re-Encryption Scheme for Data Dissemination Control

A proxy re-encryption (PRE) scheme allows a proxy to re-encrypt a ciphertext for Alice (delegator) to a ciphertext for Bob (delegatee) without seeing the underlying plaintext. With the help of the proxy, Alice can delegate the decryption right to any delegatee. However, existing PRE schemes generally suffer from at least one of the followings. Some schemes fail to provide the non-transferable property in which the proxy and the delegatee can collude to further delegate the decryption right to anyone. This is the main open problem left for PRE schemes. Other schemes assume the existence of a fully trusted private key generator (PKG) to generate the re-encryption key to be used by the proxy for re-encrypting a given ciphertext for a target delegatee. But this poses two problems in PRE schemes if the PKG is malicious: the PKG in their schemes may decrypt both original ciphertexts and re-encrypted ciphertexts (referred as the key escrow problem); and the PKG can generate re-encryption key for arbitrary delegatees without permission from the delegator (we refer to it as the PKG despotism problem). In this paper, we propose the first non-transferable proxy re-encryption scheme which successfully achieves the non-transferable property. We also reduce the full trust in PKG, only a limited amount of trust is placed in the proxy and PKG. We show that the new scheme solved the PKG despotism problem and key escrow problem as well. Further, we find that the new scheme satisfies requirements of data dissemination control which is also a challenging goal for data security. We explore the potential of adopting our new scheme to achieve data dissemination control and implement a non-transferable re-encryption based encrypted PC/USB file system. Performance measurements of our scheme demonstrate that non-transferable re-encryption is practical and efficient

Non-transferable unidirectional proxy re-encryption scheme for secure social cloud storage sharing

(c) 2016 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other users, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works for resale or redistribution to servers or lists, or reuse of any copyrighted components of this work in other works.Proxy re-encryption (PRE), introduced by Blaze et al. in 1998, allows a semi-trusted proxy with the re-encryption key to translatea ciphertext under the delegator into another ciphertext, which can be decrypted by the delegatee. In this process, the proxy is required to know nothing about the plaintext. Many PRE schemes have been proposed so far, however until now almost all the unidirectional PRE schemes suffer from the transferable property. That is, if the proxy and a set of delegatees collude, they can re-delegate the delegator's decryption rights to the other ones, while the delegator has no agreement on this. Thus designing non-transferable unidirectional PRE scheme is an important open research problem in the field. In this paper, we tackle this open problem by using the composite order bilinear pairing. Concretely, we design a non-transferable unidirectional PRE scheme based on Hohenberger et al.'s unidirectional PRE scheme. Furthermore, we discuss our scheme's application to secure cloud storage, especially for sharing private multimedia content for social cloud storage users.Peer ReviewedPostprint (author's final draft

Identity based proxy re-encryption scheme (IBPRE+) for secure cloud data sharing

(c) 2016 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other users, including reprinting/ republishing this material for advertising or promotional purposes, creating new collective works for resale or redistribution to servers or lists, or reuse of any copyrighted components of this work in other works.In proxy re-encryption (PRE), a proxy with re-encryption keys can transfer aciphertext computed under Alice's public key into a new one, which can be decrypted by Bob only with his secret key. Recently, Wang et al. introduced the concept of PRE plus (PRE+) scheme, which can be seen as the dual of PRE, and is almost the same as PRE scheme except that the re-encryption keys are generated by the encrypter. Compared to PRE, PRE+ scheme can easily achieve two important properties: first, the message-level based fine-grained delegation and, second, the non-transferable property. In this paper, we extend the concept of PRE+ to the identity based setting. We propose a concrete IBPRE+ scheme based on 3-linear map and roughly discuss its properties. We also demonstrate potential application of this new primitive to secure cloud data sharing.Peer ReviewedPostprint (author's final draft

Controlled secure social cloud data sharing based on a novel identity based proxy re-encryption plus scheme

Currently we are witnessing a rapid integration of social networks and cloud computing, especially on storing social media contents on cloud storage due to its cheap management and easy accessing at any time and from any place. However, how to securely store and share social media contents such as pictures/videos among social groups is still a very challenging problem. In this paper, we try to tackle this problem by using a new cryptographic primitive: identity based proxy re-encryption plus (IBPRE ), which is a variant of proxy re-encryption (PRE). In PRE, by using re-encryption keys, a ciphertext computed for Alice can be transferred to a new one for Bob. Recently, the concept of PRE plus (PRE) was introduced by Wang et al. In PRE, all the algorithms are almost the same as traditional PRE, except the re-encryption keys are generated by the encrypter instead of the delegator. The message-level based fine-grained delegation property and the weak non-transferable property can be easily achieved by PRE , while traditional PRE cannot achieve them. Based on the 3-linear map, we first propose a new IBE scheme and a new IBPRE scheme, we prove the security of these schemes and give the properties and performance analysis of the new IBPRE scheme. Finally, we propose a new framework based on this new primitive for secure cloud social data sharingPeer ReviewedPostprint (author's final draft

PRE+: dual of proxy re-encryption for secure cloud data sharing service

With the rapid development of very large, diverse, complex, and distributed datasets generated from internet transactions, emails, videos, business information systems, manufacturing industry, sensors and internet of things etc., cloud and big data computation have emerged as a cornerstone of modern applications. Indeed, on the one hand, cloud and big data applications are becoming a main driver for economic growth. On the other hand, cloud and big data techniques may threaten people and enterprises’ privacy and security due to ever increasing exposure of their data to massive access. In this paper, aiming at providing secure cloud data sharing services in cloud storage, we propose a scalable and controllable cloud data sharing framework for cloud users (called: Scanf). To this end, we introduce a new cryptographic primitive, namely, PRE+, which can be seen as the dual of traditional proxy re-encryption (PRE) primitive. All the traditional PRE schemes until now require the delegator (or the delegator and the delegatee cooperatively) to generate the re-encryption keys. We observe that this is not the only way to generate the re-encryption keys, the encrypter also has the ability to generate re-encryption keys. Based on this observation, we construct a new PRE+ scheme, which is almost the same as the traditional PRE scheme except the re-encryption keys generated by the encrypter. Compared with PRE, our PRE+ scheme can easily achieve the non-transferable property and message-level based fine-grained delegation. Thus our Scanf framework based on PRE+ can also achieve these two properties, which is very important for users of cloud storage sharing service. We also roughly evaluate our PRE+ scheme’s performance and the results show that our scheme is efficient and practica for cloud data storage applications.Peer ReviewedPostprint (author's final draft

Avoid illegal encrypted DRM content sharing with non-transferable re-encryption

Digital rights management (DRM) technology enables valuable electronic media content distribution while preserving content providers' rights and revenues. Traditional DRM system utilizes security techniques to restrict copying of media content or allow only a single copy to be made. However consumers are demanding for the right to make copies for personal use or the right to use content on any device. Several DRM infrastructures have been proposed for secure content sharing. These infrastructures usually require cooperation and participation of both DRM technology providers and content providers; however there is a popular flaw in these schemes: the malicious employees of DRM technology providers can distribute DRM enabled contents to any consumers or make copies of a purchased content accessible to any devices without letting content provider know, thus reducing content providers' benefit. In this paper, we propose a novel DRM infrastructure which is based on a non-transferable re-encryption scheme to solve the above problem inherent in existing DRM infrastructures. In the proposed infrastructure, DRM technology providers and content providers are required to cooperate to make a purchased digital content for a specific device accessible by other different devices, and get extra profit from providing such services. The system preserves DRM technology providers and content providers' security properties while achieving secure and mutual profitable DRM content sharing. Furthermore, we allow content providers to trace the content, and control the content sharing rights. Even when malicious employees in DRM technology providers and DRM agent collude, they cannot re-delegate access rights to any device without permission from content provider, thus preserving content provider's benefit. © 2011 IEEE.published_or_final_versionThe IEEE 13th International Conference on Communication Technology (ICCT 2011), Jinan, China, 25-28 September 2011. In Proceedings of the 13th ICCT, 2011, p. 703-70

Flexible Session Management in a Distributed Environment

Many secure communication libraries used by distributed systems, such as SSL, TLS, and Kerberos, fail to make a clear distinction between the authentication, session, and communication layers. In this paper we introduce CEDAR, the secure communication library used by the Condor High Throughput Computing software, and present the advantages to a distributed computing system resulting from CEDAR's separation of these layers. Regardless of the authentication method used, CEDAR establishes a secure session key, which has the flexibility to be used for multiple capabilities. We demonstrate how a layered approach to security sessions can avoid round-trips and latency inherent in network authentication. The creation of a distinct session management layer allows for optimizations to improve scalability by way of delegating sessions to other components in the system. This session delegation creates a chain of trust that reduces the overhead of establishing secure connections and enables centralized enforcement of system-wide security policies. Additionally, secure channels based upon UDP datagrams are often overlooked by existing libraries; we show how CEDAR's structure accommodates this as well. As an example of the utility of this work, we show how the use of delegated security sessions and other techniques inherent in CEDAR's architecture enables US CMS to meet their scalability requirements in deploying Condor over large-scale, wide-area grid systems