155 research outputs found
Anonymous and Adaptively Secure Revocable IBE with Constant Size Public Parameters
In Identity-Based Encryption (IBE) systems, key revocation is non-trivial.
This is because a user's identity is itself a public key. Moreover, the private
key corresponding to the identity needs to be obtained from a trusted key
authority through an authenticated and secrecy protected channel. So far, there
exist only a very small number of revocable IBE (RIBE) schemes that support
non-interactive key revocation, in the sense that the user is not required to
interact with the key authority or some kind of trusted hardware to renew her
private key without changing her public key (or identity). These schemes are
either proven to be only selectively secure or have public parameters which
grow linearly in a given security parameter. In this paper, we present two
constructions of non-interactive RIBE that satisfy all the following three
attractive properties: (i) proven to be adaptively secure under the Symmetric
External Diffie-Hellman (SXDH) and the Decisional Linear (DLIN) assumptions;
(ii) have constant-size public parameters; and (iii) preserve the anonymity of
ciphertexts---a property that has not yet been achieved in all the current
schemes
On the Application of Identity-Based Cryptography in Grid Security
This thesis examines the application of identity-based cryptography
(IBC) in designing security infrastructures for grid applications.
In this thesis, we propose a fully identity-based key infrastructure
for grid (IKIG). Our proposal exploits some interesting properties
of hierarchical identity-based cryptography (HIBC) to replicate
security services provided by the grid security infrastructure (GSI)
in the Globus Toolkit. The GSI is based on public key infrastructure
(PKI) that supports standard X.509 certificates and proxy
certificates. Since our proposal is certificate-free and has small
key sizes, it offers a more lightweight approach to key management
than the GSI. We also develop a one-pass delegation protocol that
makes use of HIBC properties. This combination of lightweight key
management and efficient delegation protocol has better scalability
than the existing PKI-based approach to grid security.
Despite the advantages that IKIG offers, key escrow remains an issue
which may not be desirable for certain grid applications. Therefore,
we present an alternative identity-based approach called dynamic key
infrastructure for grid (DKIG). Our DKIG proposal combines both
identity-based techniques and the conventional PKI approach. In this
hybrid setting, each user publishes a fixed parameter set through a
standard X.509 certificate. Although X.509 certificates are involved
in DKIG, it is still more lightweight than the GSI as it enables the
derivation of both long-term and proxy credentials on-the-fly based
only on a fixed certificate.
We also revisit the notion of secret public keys which was
originally used as a cryptographic technique for designing secure
password-based authenticated key establishment protocols. We
introduce new password-based protocols using identity-based secret
public keys. Our identity-based techniques can be integrated
naturally with the standard TLS handshake protocol. We then discuss
how this TLS-like identity-based secret public key protocol can be
applied to securing interactions between users and credential
storage systems, such as MyProxy, within grid environments
Fully Secure Spatial Encryption under Simple Assumptions with Constant-Size Ciphertexts
In this paper, we propose two new spatial encryption (SE) schemes based on existing inner product encryption (IPE) schemes.
Both of our SE schemes are fully secure under simple assumptions and in prime order bilinear groups.
Moreover, one of our SE schemes has constant-size ciphertexts.
Since SE implies hierarchical identity-based encryption (HIBE), we also obtain a fully secure HIBE scheme with constant-size ciphertexts under simple assumptions.
Our second SE scheme is attribute-hiding (or anonymous).
It has sizes of public parameters, secret keys and ciphertexts that are quadratically smaller than the currently known SE scheme with similar properties.
As a side result, we show that negated SE is equivalent to non-zero IPE.
This is somewhat interesting since the latter is known to be a special case of the former
Distributed Searchable Symmetric Encryption
Searchable Symmetric Encryption (SSE) allows a client to store encrypted data on a storage provider in such a way, that the client is able to search and retrieve the data selectively without the storage provider learning the contents of the data or the words being searched for. Practical SSE schemes usually leak (sensitive) information during or after a query (e.g., the search pattern). Secure schemes on the other hand are not practical, namely they are neither efficient in the computational search complexity, nor scalable with large data sets. To achieve efficiency and security at the same time, we introduce the concept of distributed SSE (DSSE), which uses a query proxy in addition to the storage provider.\ud
We give a construction that combines an inverted index approach (for efficiency) with scrambling functions used in private information retrieval (PIR) (for security). The proposed scheme, which is entirely based on XOR operations and pseudo-random functions, is efficient and does not leak the search pattern. For instance, a secure search in an index over one million documents and 500 keywords is executed in less than 1 second
Faster Secure Arithmetic Computation Using Switchable Homomorphic Encryption
Secure computation on encrypted data stored on untrusted clouds is an important goal. Existing secure arithmetic computation techniques, such as fully homomorphic encryption (FHE) and somewhat homomorphic encryption (SWH), have prohibitive performance and/or storage costs for the majority of practical applications. In this work, we investigate a new secure arithmetic computation primitive called switchable homomorphic encryption (SHE) that securely switches between existing inexpensive partially homomorphic encryption techniques to evaluate arbitrary arithmetic circuits over integers. SHE is suited for use in a two-cloud model that is practical, but which makes stronger assumptions than the standard single-cloud server model. The security of our SHE solution relies on two non-colluding parties, in which security holds as long as one of them is honest. We benchmark SHE directly against existing secure arithmetic computation techniques---FHE and SWH---on real clouds (Amazon and Rackspace)
using microbenchmarks involving fundamental operations utilized in many privacy-preserving computation applications. Experimentally, we find that SHE offers a new design point for computing on large data---it has reasonable ciphertext and key sizes, and is consistently faster by several (2--3) orders of magnitude compared to FHE and SWH on circuits involving long chain of multiplications. SHE exhibits slower performance only in certain cases, when batch (or parallel) homomorphic evaluation is possible, only against SWH schemes (which have limited expressiveness and potentially high ciphertext and key storage costs)
Revocable Identity-Based Encryption from Lattices
In this paper, we present an identity-based encryption (IBE) scheme from lattices with efficient key revocation.
We adopt multiple trapdoors from the Agrawal-Boneh-Boyen and Gentry-Peikerty-Vaikuntanathan lattice IBE schemes to realize key revocation, which in turn, makes use of binary-tree data structure.
Using our scheme, key update requires logarithmic complexity in the maximal number of users and linear in the number of revoked users for the relevant key authority.
We prove that our scheme is selective secure in the standard model and under the LWE assumption, which is as hard as the worst-case approximating short vectors on arbitrary lattices.
Moreover, our key revocation techniques from lattices can be applied to obtain revocable functional encryption schemes in the similar setting
Potential pharmacological chaperones targeting cancer-associated MCL-1 and Parkinson disease-associated α-synuclein
Pharmacological chaperones are small molecules that bind to proteins and stabilize them against thermal denaturation or proteolytic degradation, as well as assist or prevent certain protein-protein assemblies. These activities are being exploited for the development of treatments for diseases caused by protein instability and/or aberrant protein-protein interactions, such as those found in certain forms of cancers and neurodegenerative diseases. However, designing or discovering pharmacological chaperones for specific targets is challenging because of the relatively featureless protein target surfaces, the lack of suitable chemical libraries, and the shortage of efficient high-throughput screening methods. In this study, we attempted to address all these challenges by synthesizing a diverse library of small molecules that mimic protein α-helical secondary structures commonly found in protein-protein interaction surfaces. This was accompanied by establishing a facile "on-bead" high-throughput screening method that allows for rapid and efficient discovery of potential pharmacological chaperones and for identifying novel chaperones/inhibitors against a cancer-associated protein, myeloid cell leukemia 1 (MCL-1), and a Parkinson disease-associated protein, α-synuclein. Our data suggest that the compounds and methods described here will be useful tools for the development of pharmaceuticals for complex-disease targets that are traditionally deemed "undruggable.
- …