Generic Construction of Server-Aided Revocable Hierarchical Identity-Based Encryption with Decryption Key Exposure Resistance

In this paper, we extend the notion of server-aided revocable identity-based encryption (SR-IBE) to the hierarchical IBE (HIBE) setting and propose a generic construction of server-aided revocable hierarchical IBE (SR-HIBE) schemes with decryption key exposure resistance (DKER) from any (weak) L-level revocable HIBE scheme without DKER and (L+1)-level HIBE scheme. In order to realize the server-aided revocation mechanism, we use the “double encryption” technique, and this makes our construction has short ciphertext size. Furthermore, when the maximum hierarchical depth is one, we obtain a generic construction of SR-IBE schemes with DKER from any IBE scheme and two-level HIBE scheme

Server-Aided Revocable Predicate Encryption: Formalization and Lattice-Based Instantiation

Efficient user revocation is a necessary but challenging problem in many multi-user cryptosystems. Among known approaches, server-aided revocation yields a promising solution, because it allows to outsource the major workloads of system users to a computationally powerful third party, called the server, whose only requirement is to carry out the computations correctly. Such a revocation mechanism was considered in the settings of identity-based encryption and attribute-based encryption by Qin et al. (ESORICS 2015) and Cui et al. (ESORICS 2016), respectively. In this work, we consider the server-aided revocation mechanism in the more elaborate setting of predicate encryption (PE). The latter, introduced by Katz, Sahai, and Waters (EUROCRYPT 2008), provides fine-grained and role-based access to encrypted data and can be viewed as a generalization of identity-based and attribute-based encryption. Our contribution is two-fold. First, we formalize the model of server-aided revocable predicate encryption (SR-PE), with rigorous definitions and security notions. Our model can be seen as a non-trivial adaptation of Cui et al.'s work into the PE context. Second, we put forward a lattice-based instantiation of SR-PE. The scheme employs the PE scheme of Agrawal, Freeman and Vaikuntanathan (ASIACRYPT 2011) and the complete subtree method of Naor, Naor, and Lotspiech (CRYPTO 2001) as the two main ingredients, which work smoothly together thanks to a few additional techniques. Our scheme is proven secure in the standard model (in a selective manner), based on the hardness of the Learning With Errors (LWE) problem.Comment: 24 page

Internet of Things-aided Smart Grid: Technologies, Architectures, Applications, Prototypes, and Future Research Directions

Traditional power grids are being transformed into Smart Grids (SGs) to address the issues in existing power system due to uni-directional information flow, energy wastage, growing energy demand, reliability and security. SGs offer bi-directional energy flow between service providers and consumers, involving power generation, transmission, distribution and utilization systems. SGs employ various devices for the monitoring, analysis and control of the grid, deployed at power plants, distribution centers and in consumers' premises in a very large number. Hence, an SG requires connectivity, automation and the tracking of such devices. This is achieved with the help of Internet of Things (IoT). IoT helps SG systems to support various network functions throughout the generation, transmission, distribution and consumption of energy by incorporating IoT devices (such as sensors, actuators and smart meters), as well as by providing the connectivity, automation and tracking for such devices. In this paper, we provide a comprehensive survey on IoT-aided SG systems, which includes the existing architectures, applications and prototypes of IoT-aided SG systems. This survey also highlights the open issues, challenges and future research directions for IoT-aided SG systems

User-Centric Security and Privacy Mechanisms in Untrusted Networking and Computing Environments

Our modern society is increasingly relying on the collection, processing, and sharing of digital information. There are two fundamental trends: (1) Enabled by the rapid developments in sensor, wireless, and networking technologies, communication and networking are becoming more and more pervasive and ad hoc. (2) Driven by the explosive growth of hardware and software capabilities, computation power is becoming a public utility and information is often stored in centralized servers which facilitate ubiquitous access and sharing. Many emerging platforms and systems hinge on both dimensions, such as E-healthcare and Smart Grid. However, the majority information handled by these critical systems is usually sensitive and of high value, while various security breaches could compromise the social welfare of these systems. Thus there is an urgent need to develop security and privacy mechanisms to protect the authenticity, integrity and confidentiality of the collected data, and to control the disclosure of private information. In achieving that, two unique challenges arise: (1) There lacks centralized trusted parties in pervasive networking; (2) The remote data servers tend not to be trusted by system users in handling their data. They make existing security solutions developed for traditional networked information systems unsuitable. To this end, in this dissertation we propose a series of user-centric security and privacy mechanisms that resolve these challenging issues in untrusted network and computing environments, spanning wireless body area networks (WBAN), mobile social networks (MSN), and cloud computing. The main contributions of this dissertation are fourfold. First, we propose a secure ad hoc trust initialization protocol for WBAN, without relying on any pre-established security context among nodes, while defending against a powerful wireless attacker that may or may not compromise sensor nodes. The protocol is highly usable for a human user. Second, we present novel schemes for sharing sensitive information among distributed mobile hosts in MSN which preserves user privacy, where the users neither need to fully trust each other nor rely on any central trusted party. Third, to realize owner-controlled sharing of sensitive data stored on untrusted servers, we put forward a data access control framework using Multi-Authority Attribute-Based Encryption (ABE), that supports scalable fine-grained access and on-demand user revocation, and is free of key-escrow. Finally, we propose mechanisms for authorized keyword search over encrypted data on untrusted servers, with efficient multi-dimensional range, subset and equality query capabilities, and with enhanced search privacy. The common characteristic of our contributions is they minimize the extent of trust that users must place in the corresponding network or computing environments, in a way that is user-centric, i.e., favoring individual owners/users

An Enhanced Multi-layered Cryptosystem Based Secure and Authorized De-duplicaton Model in Cloud Storage System

Data de-duplication is one of the essential data compression techniques for eliminating duplicate copies of repeating data, and it has been widely used in cloud storage to reduce the amount of storage space and save bandwidth. To protect the privacy of sensitive data while supporting de-duplication, the salt encryption technique has been proposed to encrypt the data before its outsourcing. To protect the data security in a better way, this paper makes the first attempt to formally address the problem of authorized data de-duplication. Different from traditional de-duplication systems, the derivative privileges of users are further considered in duplicate check besides the data itself. We also present various new de-duplication constructions which supports the authorized duplicate check in hybrid cloud architecture. Security analysis demonstrates that the scheme which we used is secure in terms of the definitions specified in the proposed security model. We enhance our system in security. Specially, we present a forward-looking scheme to support a stronger security by encrypting file with differential privilege keys. We show that our proposed authorized duplicate check scheme incurs minimal overhead compared to normal operations

Enhancing Security by Implementing Image based Encryption in Cloud Environment

In the realm of specialized life distributed computing has ended up basic part furthermore understanding the method for business is changing and is liable to keep changing into what's to come. Utilizing distributed storage administrations implies that you and others can get to and share documents over a scope of gadgets and position. Records, for example, photographs and recordings can some of the time be unmanageable to email in the event that they are too huge or you have apportion of information. You can transfer your information to a distributed storage supplier implies you can expediently flow your information with the assistance of cloud administration and you can impart your information records to anybody you pick. Since distributed computing offers circulated assets by means of system in the open environment in this manner it makes less secured. Information security has turned into a noteworthy issue in information sharing on cloud. The primary aphorism behind our framework is that it secures the information and creates the key for every exchange so every client can secure our common information by the outsider i.e. dishonest programmer. Individual information put away in the Cloud may contain account numbers, passwords, notes, and other imperative data that could be utilized and abused by a scalawag, a contender, or an official courtroom. These information are stored, replicated, and documented by Cloud Service Providers, regularly without client's approval and control. The framework proposed comprise of the key era rationale for cloud server which helps irregular key era security for ABS. What's more, our framework secures the information and produces the key for every exchange by utilizing property based mar

Review Paper on Privacy Preservation Techniques in Cloud

In this information world, large amounts of data are collected and analyzed every day. Cloud computing is the most known model for supporting large and complex data. Organizations are moving toward cloud computing for getting benefit of its cost reduction and elasticity features but cloud computing has potential risk and vulnerabilities. One of major problem in moving to cloud computing is its security and privacy concerns.Encryption is standalone problem for the security of data stored on the cloud. So we proposed method which combines the concept of encryption along with data deduplication methodology to enhance the privacy of data over cloud. Data deduplication is a specialized data compression technique for eliminating duplicate copies of repeating data in storage. In turns this technique saves the cost and time associated with redundant accessing and processing of data overhead involve as compared to normal operations.