2,721 research outputs found
Efficient Conditional Proxy Re-encryption with Chosen-Ciphertext Security
Recently, a variant of proxy re-encryption, named conditional proxy re-encryption (C-PRE), has been introduced. Compared with traditional proxy re-encryption, C-PRE enables the delegator to implement fine-grained delegation of decryption rights, and thus is more useful in many applications. In this paper, based on a careful observation on the existing definitions and security notions for C-PRE, we reformalize more rigorous definition and security notions for C-PRE. We further propose a more efficient C-PRE scheme, and prove its chosenciphertext security under the decisional bilinear Diffie-Hellman (DBDH) assumption in the random oracle model. In addition, we point out that a recent C-PRE scheme fails to achieve the chosen-ciphertext security
Efficient cryptographic primitives: Secure comparison, binary decomposition and proxy re-encryption
”Data outsourcing becomes an essential paradigm for an organization to reduce operation costs on supporting and managing its IT infrastructure. When sensitive data are outsourced to a remote server, the data generally need to be encrypted before outsourcing. To preserve the confidentiality of the data, any computations performed by the server should only be on the encrypted data. In other words, the encrypted data should not be decrypted during any stage of the computation. This kind of task is commonly termed as query processing over encrypted data (QPED).
One natural solution to solve the QPED problem is to utilize fully homomorphic encryption. However, fully homomorphic encryption is yet to be practical. The second solution is to adopt multi-server setting. However, the existing work is not efficient. Their implementations adopt costly primitives, such as secure comparison, binary decomposition among others, which reduce the efficiency of the whole protocols. Therefore, the improvement of these primitives results in high efficiency of the protocols. To have a well-defined scope, the following types of computations are considered: secure comparison (CMP), secure binary decomposition (SBD) and proxy re-encryption (PRE). We adopt the secret sharing scheme and paillier public key encryption as building blocks, and all computations can be done on the encrypted data by utilizing multiple servers. We analyze the security and the complexity of our proposed protocols, and their efficiencies are evaluated by comparing with the existing solutions.”--Abstract, page iii
Cost-effective secure e-health cloud system using identity based cryptographic techniques
Nowadays E-health cloud systems are more and more widely employed. However the security of these systems needs more consideration for the sensitive health information of patients. Some protocols on how to secure the e-health cloud system have been proposed, but many of them use the traditional PKI infrastructure to implement cryptographic mechanisms, which is cumbersome for they require every user having and remembering its own public/private keys. Identity based encryption (View the MathML sourceIBE) is a cryptographic primitive which uses the identity information of the user (e.g., email address) as the public key. Hence the public key is implicitly authenticated and the certificate management is simplified. Proxy re-encryption is another cryptographic primitive which aims at transforming a ciphertext under the delegator AA into another ciphertext which can be decrypted by the delegatee BB. In this paper, we describe several identity related cryptographic techniques for securing E-health system, which include new View the MathML sourceIBE schemes, new identity based proxy re-encryption (View the MathML sourceIBPRE) schemes. We also prove these schemes’ security and give the performance analysis, the results show our View the MathML sourceIBPRE scheme is especially highly efficient for re-encryption, which can be used to achieve cost-effective cloud usage.Peer ReviewedPostprint (author's final draft
Proxy Re-encryption based Fair Trade Protocol for Digital Goods Transactions via Smart Contracts
With the massive amount of digital data generated everyday, transactions of
digital goods become a trend. One of the essential requirements for such
transactions is fairness, which is defined as that both of the seller and the
buyer get what they want, or neither. Current fair trade protocols generally
involve a trusted third-party (TTP), which achieves fairness by heavily relying
on the TTP's behaviors and the two parties' trust in the TTP. With the
emergence of Blockchain, its decentralization and transparency make it a very
good candidate to replace the TTP. In this work, we attempt to design a secure
and fair protocol for digital goods transactions through smart contracts on
Blockchain. To ensure security of the digital goods, we propose an advanced
passive proxy re-encryption (PRE) scheme, which enables smart contracts to
transfer the decryption right to a buyer after receiving his/her payment.
Furthermore, based on smart contracts and the proposed passive PRE scheme, a
fair trade protocol for digital goods transactions is proposed, whose fairness
is guaranteed by the arbitration protocol. The proposed protocol supports
Ciphertext publicity and repeatable sale, while involving less number of
interactions. Comprehensive experiment results validate the feasibility and
effectiveness of the proposed protocol
Building Secure and Anonymous Communication Channel: Formal Model and its Prototype Implementation
Various techniques need to be combined to realize anonymously authenticated
communication. Cryptographic tools enable anonymous user authentication while
anonymous communication protocols hide users' IP addresses from service
providers. One simple approach for realizing anonymously authenticated
communication is their simple combination, but this gives rise to another
issue; how to build a secure channel. The current public key infrastructure
cannot be used since the user's public key identifies the user. To cope with
this issue, we propose a protocol that uses identity-based encryption for
packet encryption without sacrificing anonymity, and group signature for
anonymous user authentication. Communications in the protocol take place
through proxy entities that conceal users' IP addresses from service providers.
The underlying group signature is customized to meet our objective and improve
its efficiency. We also introduce a proof-of-concept implementation to
demonstrate the protocol's feasibility. We compare its performance to SSL
communication and demonstrate its practicality, and conclude that the protocol
realizes secure, anonymous, and authenticated communication between users and
service providers with practical performance.Comment: This is a preprint version of our paper presented in SAC'14, March
24-28, 2014, Gyeongju, Korea. ACMSAC 201
Unlinkable content playbacks in a multiparty DRM system
We present a solution to the problem of privacy invasion in a multiparty
digital rights management scheme. (Roaming) users buy content licenses from a
content provider and execute it at any nearby content distributor. Our
approach, which does not need any trusted third party--in contrast to most
related work on privacy-preserving DRM--is based on a re-encryption scheme that
runs on any mobile Android device. Only a minor security-critical part needs to
be performed on the device's smartcard which could, for instance, be a SIM
card
CCA-secure unidirectional proxy re-encryption in the adaptive corruption model without random oracles
Proxy re-encryption (PRE), introduced by Blaze, Bleumer and Strauss in Eurocrypt\u2798, allows a semi-trusted proxy to convert a ciphertext originally intended for Alice into an encryption of the same message intended for Bob. PRE has recently drawn great interest, and many interesting PRE schemes have been proposed. However, up to now, it is still an important question to come up with a chosen-ciphertext secure unidirectional PRE in the adaptive corruption model. To address this problem, we propose a new unidirectional PRE scheme, and prove its chosen-ciphertext security in the adaptive corruption model without random oracles. Compared with the best known unidirectional PRE scheme proposed by Libert and Vergnaud in PKC\u2708, our schemes enjoys the advantages of both higher efficiency and stronger security
Cloud file sharing using PREaaS
This paper proposes a new method of features extraction for handwritten, printed and isolated numeral recognition. It is essential today for a company to store its data in an encrypted way when it uses Cloud Computing. However, the manipulation of this encrypted data remains complex, and it is very difficult in this case to be able to share the encrypted data between different users. One of the solutions for sharing encrypted data is to use PRE (Proxy Reencryption) which allows both the re-encryption of the data, but also the delegation of this operation by a third party via the use of a specific key. In this article, we propose a solution for sharing encrypted files between users that uses a classic storage system in the Cloud and PRE (re-encryption PRoxy). We present an improvement of an existing PRE algorithm by applying it to elliptical curves in order to improve its performance. Finally, we implement this architecture in the form of a cloud service called PREaaS (PRE as a Service) which allows this mechanism to be used on demand with an API
Data Service Outsourcing and Privacy Protection in Mobile Internet
Mobile Internet data have the characteristics of large scale, variety of patterns, and complex association. On the one hand, it needs efficient data processing model to provide support for data services, and on the other hand, it needs certain computing resources to provide data security services. Due to the limited resources of mobile terminals, it is impossible to complete large-scale data computation and storage. However, outsourcing to third parties may cause some risks in user privacy protection. This monography focuses on key technologies of data service outsourcing and privacy protection, including the existing methods of data analysis and processing, the fine-grained data access control through effective user privacy protection mechanism, and the data sharing in the mobile Internet
- …