1,340 research outputs found
On the Role of PKG for Proxy Re-encryption in Identity Based Setting
In 1998, Blaze, Bleumer, and Strauss proposed a kind of
cryptographic primitive called proxy re-encryption.
In proxy re-encryption, a proxy can transform a ciphertext computed
under Alice\u27s public key into one that can be opened under Bob\u27s
decryption key. In 2007, Matsuo proposed the concept of four types
of proxy re-encryption schemes: CBE(Certificate Based Public
Key Encryption) to IBE(Identity Based Encryption)(type 1),
IBE to IBE(type 2), IBE to CBE (type 3),
CBE to CBE (type 4). Now CBE to
IBE and IBE to IBE proxy re-encryption schemes are being
standardized by IEEEP1363.3 working group. In this
paper, based on we pay attention to the role of
PKG for proxy re-encryption in identity based setting. We find
that if we allow the PKG to use its master-key in the
process of generating re-encryption key for proxy re-encryption in
identity based setting, many open problems can be solved. Our main
results are as following: We construct the first proxy re-encryption
scheme from CBE to IBE which can resist malicious PKG
attack, the first proxy re-encryption scheme from IBE to CBE,
the second proxy re-encryption scheme based on a variant of
BB_1 IBE, the first proxy re-encryption scheme based on BB_2 IBE, the
first proxy re-encryption scheme based on SK IBE, we also
prove their security in their corresponding security models
Identity based proxy re-encryption scheme (IBPRE+) for secure cloud data sharing
(c) 2016 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other users, including reprinting/ republishing this material for advertising or promotional purposes, creating new collective works for resale or redistribution to servers or lists, or reuse of any copyrighted components of this work in other works.In proxy re-encryption (PRE), a proxy with re-encryption keys can transfer aciphertext computed under Alice's public key into a new one, which can be decrypted by Bob only with his secret key. Recently, Wang et al. introduced the concept of PRE plus (PRE+) scheme, which can be seen as the dual of PRE, and is almost the same as PRE scheme except that the re-encryption keys are generated by the encrypter. Compared to PRE, PRE+ scheme can easily achieve two important properties: first, the message-level based fine-grained delegation and, second, the non-transferable property. In this paper, we extend the concept of PRE+ to the identity based setting. We propose a concrete IBPRE+ scheme based on 3-linear map and roughly discuss its properties. We also demonstrate potential application of this new primitive to secure cloud data sharing.Peer ReviewedPostprint (author's final draft
A Type-and-Identity-based Proxy Re-Encryption Scheme and its Application in Healthcare
Proxy re-encryption is a cryptographic primitive developed to delegate the decryption right from one party (the delegator) to another (the delegatee). In a proxy re-encryption scheme, the delegator assigns a key to a proxy to re-encrypt all messages encrypted with his public key such that the re-encrypted ciphertexts can be decrypted with the delegatee’s private key. We propose a type-and-identity-based proxy re-encryption scheme based on the Boneh-Franklin Identity Based Encryption (IBE) scheme. In our scheme, the delegator can categorize messages into different types and delegate the decryption right of each type to the delegatee through a proxy. Our scheme enables the delegator to provide the proxy fine-grained re-encryption capability. As an application, we propose a fine-grained Personal Health Record (PHR) disclosure scheme for healthcare service by applying the proposed scheme
On Using Encryption Techniques to Enhance Sticky Policies Enforcement
How to enforce privacy policies to protect sensitive personal data has become an urgent research topic for security researchers, as very little has been done in this field apart from some ad hoc research efforts. The sticky policy paradigm, proposed by Karjoth, Schunter, and Waidner, provides very useful inspiration on how we can protect sensitive personal data, but the enforcement is very weak. In this paper we provide an overview of the state of the art in enforcing sticky policies, especially the concept of sticky policy enforcement using encryption techniques including Public-Key Encryption (PKE), Identity-Based Encryption (IBE), Attribute-Based Encryption (ABE), and Proxy Re-Encryption (PRE). We provide detailed comparison results on the (dis)advantages of these enforcement mechanisms. As a result of the analysis, we provide a general framework for enhancing sticky policy enforcement using Type-based PRE (TPRE), which is an extension of general PRE
Efficient Conditional Proxy Re-encryption with Chosen-Ciphertext Security
Recently, a variant of proxy re-encryption, named conditional proxy re-encryption (C-PRE), has been introduced. Compared with traditional proxy re-encryption, C-PRE enables the delegator to implement fine-grained delegation of decryption rights, and thus is more useful in many applications. In this paper, based on a careful observation on the existing definitions and security notions for C-PRE, we reformalize more rigorous definition and security notions for C-PRE. We further propose a more efficient C-PRE scheme, and prove its chosenciphertext security under the decisional bilinear Diffie-Hellman (DBDH) assumption in the random oracle model. In addition, we point out that a recent C-PRE scheme fails to achieve the chosen-ciphertext security
Building Secure and Anonymous Communication Channel: Formal Model and its Prototype Implementation
Various techniques need to be combined to realize anonymously authenticated
communication. Cryptographic tools enable anonymous user authentication while
anonymous communication protocols hide users' IP addresses from service
providers. One simple approach for realizing anonymously authenticated
communication is their simple combination, but this gives rise to another
issue; how to build a secure channel. The current public key infrastructure
cannot be used since the user's public key identifies the user. To cope with
this issue, we propose a protocol that uses identity-based encryption for
packet encryption without sacrificing anonymity, and group signature for
anonymous user authentication. Communications in the protocol take place
through proxy entities that conceal users' IP addresses from service providers.
The underlying group signature is customized to meet our objective and improve
its efficiency. We also introduce a proof-of-concept implementation to
demonstrate the protocol's feasibility. We compare its performance to SSL
communication and demonstrate its practicality, and conclude that the protocol
realizes secure, anonymous, and authenticated communication between users and
service providers with practical performance.Comment: This is a preprint version of our paper presented in SAC'14, March
24-28, 2014, Gyeongju, Korea. ACMSAC 201
- …