A Hybrid Verifiable and Delegated Cryptographic Model in Cloud Computing

التحكم بالوصول مهم جدا في تبادل البيانات السحابية. و خاصة في مجالات مثل الرعاية الصحية, فمن الضروري ان تكون هناك ألية لمراقبة قائمة الدخول من اجل السرية و الوصول الامن للبيانات. و قد تم التشفير القائم على السمة لسنوات عديدة لتأمين البيانات و توفير الوصول المراقب. في هذا البحث اقترحنا اطاراً يدعم آلية التشفير الدارة و السمة التي تتضمن اطرافا متعددة. هم مالك البيانات , مستخدم البيانات , خادم السحابة و سلطة السمة. ومن السمات الهامة للنظام المقترح هو التفويض الذي يمكن التحقق منه لعملية فك التشفير الى خادم السحابة. مالك البيانات يقوم بتشفير البيانات و مندوبين عملية فك التشفير الى السحابة. خادم السحابة يؤدي فك التشفير الجزئي و من ثم يتم مشاركة بيانات فك التشفير النهائي للمستخدمين وفقاً للامتيازات. مالك البيانات يقلل من التعقيد الحسابي من خلال تفويض خادم السحابة علمية فك التشفير. قمنا ببناء تطبيق النموذج الاولي باستخدام منصة مايكروسوفت دوت نت لأثبات هذا المفهوم. و أظهرت النتائج التجريبية أن هناك وصولا خاضعا للرقابة مع تعدد أدوار المستعملين و حقوق التحكم في النفاذ من أجل النفاذ الآمن و السري إلى البيانات في الحوسبة السحابية.Access control is very important in cloud data sharing. Especially in the domains like healthcare, it is essential to have access control mechanisms in place for confidentiality and secure data access. Attribute based encryption has been around for many years to secure data and provide controlled access. In this paper, we proposed a framework that supports circuit and attributes based encryption mechanism that involves multiple parties. They are data owner, data user, cloud server and attribute authority. An important feature of the proposed system is the verifiable delegation of the decryption process to cloud server. Data owner encrypts data and delegates decryption process to cloud. Cloud server performs partial decryption and then the final decrypted data are shared for users as per the privileges. Data owner  thus reduces computational complexity by delegating decryption process cloud server. We built a prototype application using the Microsoft.NET platform for proof of the concept. The empirical results revealed that there is controlled access with multiple user roles and access control rights for secure and confidential data access in cloud computing

Hybrid Cryptography

This paper examines the methods in which the ideas behind a KEM--DEM hybrid encryption scheme can be extended to other types of asymmetric primitives, particularly to signcryption schemes. The central principle is a keyed symmetric algorithm can be used to provide a security service for in an asymmetric algorithm provided that that symmetric primitive is under the control of the asymmetric part of the cipher (say, if asymmetric techniques are used to generate the key that the symmetric primitive uses). This theory is applied to signcryption schemes with outsider security and an efficient, provably secure scheme, termed ECISS-KEM, is proposed. The theory is also applied to signature schemes, where it is shown that efficient hybrid signature schemes can never exist, and to signcryption schemes with insider security, where it is shown that several existing schemes can be considered hybrid signcryption schemes

TOWARDS EFFICIENT METADATA-HIDING CRYPTOGRAPHY

Although cryptography for confidential communications, computing on private data, and proving properties of secret values has seen much progress over recent years, there has been a noticeable lack of corresponding systems for hiding metadata. While many outside of the field believe that this is a problem that cannot be solved by technical means, to the credit of the cryptographic community, many cryptographic constructions have been proposed for various meta-data related problems, achieving strong security guarantees. However, these existing solutions either only work for limited settings or are too inefficient to implement in practice. In this work, we propose new custom cryptographic primitives that can be used to hide three different types of metadata in three different settings: receiver identity in store-and-forward systems, sender identity in verifiable email communications, and user device location in offline finding networks. Moreover, we show that these primitives can be efficiently constructed and instantiated: at least one construction for each primitive has been implemented and micro-benchmarks are present, with computation and time complexity that appears reasonable for each given application. This work motivates the exploration of other types of efficient metadata hiding cryptography to solve practical, real-world problems