5 research outputs found
Constant-size threshold attribute based SignCryption for cloud applications
In this paper, we propose a novel constant-size threshold attribute-based signcryption scheme for securely
sharing data through public clouds. Our proposal has several advantages. First, it provides flexible cryptographic access control, while preserving users’ privacy as the identifying information for satisfying the access
control policy are not revealed. Second, the proposed scheme guarantees both data origin authentication and
anonymity thanks to the novel use of attribute based signcryption mechanism, while ensuring the unlinkability
between the different access sessions. Third, the proposed signcryption scheme has efficient computation cost
and constant communication overhead whatever the number of involved attributes. Finally, our scheme satisfies strong security properties in the random oracle model, namely Indistinguishability against the Adaptive
Chosen Ciphertext Attacks (IND-CCA2), Existential Unforgeability against Chosen Message Attacks (EUFCMA) and privacy preservation of the attributes involved in the signcryption process, based on the assumption
that the augmented Multi-Sequence of Exponents Decisional Diffie-Hellman (aMSE-DDH) problem and the
Computational Diffie Hellman Assumption (CDH) are hard
Coop-DAAB : cooperative attribute based data aggregation for Internet of Things applications
The deployment of IoT devices is gaining an expanding interest in our daily life. Indeed, IoT networks consist in interconnecting several smart and resource constrained devices to enable advanced services. Security management in IoT is a big challenge as personal data are shared by a huge number of distributed services and devices. In this paper, we propose a Cooperative Data Aggregation solution based on a novel use of Attribute Based signcryption scheme (Coop - DAAB). Coop - DAAB consists in distributing data signcryption operation between different participating entities (i.e., IoT devices). Indeed, each IoT device encrypts and signs in only one step the collected data with respect to a selected sub-predicate of a general access predicate before forwarding to an aggregating entity. This latter is able to aggregate and decrypt collected data if a sufficient number of IoT devices cooperates without learning any personal information about each participating device. Thanks to the use of an attribute based signcryption scheme, authenticity of data collected by IoT devices is proved while protecting them from any unauthorized access
PROUD : verifiable privacy-preserving outsourced attribute based signcryption supporting access policy update for cloud assisted IoT applications
The ever-growing number of Internet connected devices poses several cybersecurity risks. Most of the exchanged data between the
Internet of Things (IoT) devices are not adequately secured due to resource constraints on IoT devices. Attribute Based
SignCryption (ABSC) is a powerful cryptographic mechanism suitable for distributed environments, providing flexible access
control and data secrecy. However, it imposes high designcryption costs, and does not support access policy update (user
addition/revocation). This paper presents PROUD, an ABSC solution, to securely outsource data designcryption process to edge
servers in order to reduce the computation overhead on the user side. PROUD allows end-users to offload most of the
designcryption overhead to an edge server and verify the correctness of the received partially designcrypted data from the edge
server. Moreover, PROUD provides the access policy update feature with neither involving a proxy-server, nor re-signcrypting the
signcrypted message and re-distributing the users’ secret keys. The access policy update feature in PROUD does not affect the size
of the message received by the end-user which reduces the bandwidth and the storage usage. Our comprehensive theoretical and
experimental analysis prove that PROUD outperforms existing schemes in terms of functionality, communication and computation
overhead
Cryptographic Schemes based on Elliptic Curve Pairings
This thesis introduces the concept of certificateless public key
cryptography (CLPKC). Elliptic curve pairings are then used to
make concrete CL-PKC schemes and are also used to make other
efficient key agreement protocols.
CL-PKC can be viewed as a model for the use of public key cryptography
that is intermediate between traditional certificated PKC and ID-PKC.
This is because, in contrast to traditional public key cryptographic
systems, CL-PKC does not require the use of certificates to guarantee
the authenticity of public keys. It does rely on the use of a trusted
authority (TA) who is in possession of a master key. In this
respect, CL-PKC is similar to identity-based public key
cryptography (ID-PKC). On the other hand, CL-PKC does not suffer
from the key escrow property that is inherent in ID-PKC.
Applications for the new infrastructure are discussed.
We exemplify how CL-PKC schemes can be constructed by constructing
several certificateless public key encryption schemes and
modifying other existing ID based schemes. The lack of
certificates and the desire to prove the schemes secure in the
presence of an adversary who has access to the master key or has
the ability to replace public keys, requires the careful
development of new security models. We prove that some of our
schemes are secure, provided that the Bilinear Diffie-Hellman
Problem is hard.
We then examine Joux’s protocol, which is a one round, tripartite
key agreement protocol that is more bandwidth-efficient than any
previous three-party key agreement protocol, however, Joux’s protocol
is insecure, suffering from a simple man-in-the-middle attack. We
show how to make Joux’s protocol secure, presenting several tripartite,
authenticated key agreement protocols that still require only one round
of communication. The security properties of the new protocols are
studied. Applications for the protocols are also discussed