With the rapid advancement of cloud computing technology,reversible data hiding algorithms in encrypted images(RDH-EI)have developed into an important field of study concentrated on safeguarding privacy in distributed...With the rapid advancement of cloud computing technology,reversible data hiding algorithms in encrypted images(RDH-EI)have developed into an important field of study concentrated on safeguarding privacy in distributed cloud environments.However,existing algorithms often suffer from low embedding capacities and are inadequate for complex data access scenarios.To address these challenges,this paper proposes a novel reversible data hiding algorithm in encrypted images based on adaptive median edge detection(AMED)and ciphertext-policy attributebased encryption(CP-ABE).This proposed algorithm enhances the conventional median edge detection(MED)by incorporating dynamic variables to improve pixel prediction accuracy.The carrier image is subsequently reconstructed using the Huffman coding technique.Encrypted image generation is then achieved by encrypting the image based on system user attributes and data access rights,with the hierarchical embedding of the group’s secret data seamlessly integrated during the encryption process using the CP-ABE scheme.Ultimately,the encrypted image is transmitted to the data hider,enabling independent embedding of the secret data and resulting in the creation of the marked encrypted image.This approach allows only the receiver to extract the authorized group’s secret data,thereby enabling fine-grained,controlled access.Test results indicate that,in contrast to current algorithms,the method introduced here considerably improves the embedding rate while preserving lossless image recovery.Specifically,the average maximum embedding rates for the(3,4)-threshold and(6,6)-threshold schemes reach 5.7853 bits per pixel(bpp)and 7.7781 bpp,respectively,across the BOSSbase,BOW-2,and USD databases.Furthermore,the algorithm facilitates permission-granting and joint-decryption capabilities.Additionally,this paper conducts a comprehensive examination of the algorithm’s robustness using metrics such as image correlation,information entropy,and number of pixel change rate(NPCR),confirming its high level of security.Overall,the algorithm can be applied in a multi-user and multi-level cloud service environment to realize the secure storage of carrier images and secret data.展开更多
Attribute-based encryption is drawing more attention with its inherent attractive properties which are potential to be widely used in the newly developing cloud computing. However, one of the main obstacles for its ap...Attribute-based encryption is drawing more attention with its inherent attractive properties which are potential to be widely used in the newly developing cloud computing. However, one of the main obstacles for its application is how to revoke the attributes of the users, though some ABE schemes have realized revocation, they mostly focused on the user revocation that revokes the user's whole attributes, or attribute revocation under the indirect revocation model such that all the users' private keys will be affected by the revocation. In this paper, we define the model of CP-ABE supporting the attribute revocation under the direct revocation model, in which the revocation list is embed in the ciphertext and none of the users' private keys will be affected by the revocation process. Then we propose a generic construction, and prove its security with the decision q-BDHE assumption.展开更多
In this paper, we present the first ciphertext-policy attribute-based encryption (CP-ABE) scheme for polynomial-size general circuits based on bilinear maps which is more suitable for practical use and more efficien...In this paper, we present the first ciphertext-policy attribute-based encryption (CP-ABE) scheme for polynomial-size general circuits based on bilinear maps which is more suitable for practical use and more efficient than multilinear maps. Our scheme uses a top-down secret sharing and FANOUT gate to resist the "backtracking attack" which is the main barrier expending access tree to general circuit. In the standard model, selective security of our scheme is proved. Comparing with current scheme for general circuits from bilinear maps, our work is more efficient.展开更多
Ciphertext-policy attribute-based encryption(CP-ABE)is a promising cryptographic solution to the problem for enforcing fine-grained access control over encrypted data in the cloud.However,when applying CP-ABE to data ...Ciphertext-policy attribute-based encryption(CP-ABE)is a promising cryptographic solution to the problem for enforcing fine-grained access control over encrypted data in the cloud.However,when applying CP-ABE to data outsourcing scenarios,we have to address the challenging issue of policy updates because access control elements,such as users,attributes,and access rules may change frequently.In this paper,we propose a notion of access policy updatable ciphertext-policy attribute-based encryption(APU-CP-ABE)by combining the idea of ciphertext-policy attribute-based key encapsulation and symmetric proxy re-encryption.When an access policy update occurs,data owner is no longer required to download any data for re-encryption from the cloud,all he needs to do is generate a re-encryption key and produce a new encapsulated symmetric key,and then upload them to the cloud.The cloud server executes re-encryption without decryption.Because the re-encrypted ciphertext is encrypted under a completely new key,users cannot decrypt data even if they keep the old symmetric keys or parts of the previous ciphertext.We present an APU-CP-ABE construction based on Syalim et al.’s[Syalim,Nishide and Sakurai(2017)]improved symmetric proxy re-encryption scheme and Agrawal et al.’s[Agrawal and Chase(2017)]attribute-based message encryption scheme.It requires only 6 bilinear pairing operations for decryption,regardless of the number of attributes involved.This makes our construction particularly attractive when decryption is time-critical.展开更多
Renewable Energy Systems(RES)provide a sustainable solution to climate warming and environmental pollution by enhancing stability and reliability through status acquisition and analysis on cloud platforms and intellig...Renewable Energy Systems(RES)provide a sustainable solution to climate warming and environmental pollution by enhancing stability and reliability through status acquisition and analysis on cloud platforms and intelligent processing on edge servers(ES).However,securely distributing encrypted data stored in the cloud to terminals that meet decryption requirements has become a prominent research topic.Additionally,managing attributes,including addition,deletion,and modification,is a crucial issue in the access control scheme for RES.To address these security concerns,a trust-based ciphertext-policy attribute-based encryption(CP-ABE)device access control scheme is proposed for RES(TB-CP-ABE).This scheme effectivelymanages the distribution and control of encrypted data on the cloud through robust attribute key management.By introducing trust management mechanisms and outsourced decryption technology,the ES system can effectively assess and manage the trust worthiness of terminal devices,ensuring that only trusted devices can participate in data exchange and access sensitive information.Besides,the ES system dynamically evaluates trust scores to set decryption trust thresholds,thereby regulating device data access permissions and enhancing the system’s security.To validate the security of the proposed TB-CP-ABE against chosen plaintext attacks,a comprehensive formal security analysis is conducted using the widely accepted random oraclemodel under the decisional q-Bilinear Diffie-Hellman Exponent(q-BDHE)assumption.Finally,comparative analysis with other schemes demonstrates that the TB-CP-ABE scheme cuts energy/communication costs by 43%,and scaleswell with rising terminals,maintaining average latency below 50ms,ensuring real-time service feasibility.The proposed scheme not only provides newinsights for the secure management of RES but also lays a foundation for future secure energy solutions.展开更多
Attribute-based encryption(ABE)is a cryptographic framework that provides flexible access control by allowing encryption based on user attributes.ABE is widely applied in cloud storage,file sharing,e-Health,and digita...Attribute-based encryption(ABE)is a cryptographic framework that provides flexible access control by allowing encryption based on user attributes.ABE is widely applied in cloud storage,file sharing,e-Health,and digital rightsmanagement.ABE schemes rely on hard cryptographic assumptions such as pairings and others(pairingfree)to ensure their security against external and internal attacks.Internal attacks are carried out by authorized users who misuse their access to compromise security with potentially malicious intent.One common internal attack is the attribute collusion attack,in which users with different attribute keys collaborate to decrypt data they could not individually access.This paper focuses on the ciphertext-policy ABE(CP-ABE),a type of ABE where ciphertexts are produced with access policies.Our firstwork is to carry out the attribute collusion attack against several existing pairingfree CP-ABE schemes.As a main contribution,we introduce a novel attack,termed the anonymous key-leakage attack,concerning the context in which users could anonymously publish their secret keys associated with certain attributes on public platforms without the risk of detection.This kind of internal attack has not been defined or investigated in the literature.We then show that several prominent pairing-based CP-ABE schemes are vulnerable to this attack.We believe that this work will contribute to helping the community evaluate suitable CP-ABE schemes for secure deployment in real-life applications.展开更多
Most research works nowadays deal with real-time Internetof Things (IoT) data. However, with exponential data volume increases,organizations need help storing such humongous amounts of IoT data incloud storage systems...Most research works nowadays deal with real-time Internetof Things (IoT) data. However, with exponential data volume increases,organizations need help storing such humongous amounts of IoT data incloud storage systems. Moreover, such systems create security issues whileefficiently using IoT and Cloud Computing technologies. Ciphertext-Policy Attribute-Based Encryption (CP-ABE) has the potential to make IoT datamore secure and reliable in various cloud storage services. Cloud-assisted IoTssuffer from two privacy issues: access policies (public) and super polynomialdecryption times (attributed mainly to complex access structures). We havedeveloped a CP-ABE scheme in alignment with a Hidden HierarchyCiphertext-Policy Attribute-Based Encryption (HH-CP-ABE) access structure embedded within two policies, i.e., public policy and sensitive policy.In this proposed scheme, information is only revealed when the user’sinformation is satisfactory to the public policy. Furthermore, the proposedscheme applies to resource-constrained devices already contracted tasks totrusted servers (especially encryption/decryption/searching). Implementingthe method and keywords search resulted in higher access policy privacy andincreased security. The new scheme introduces superior storage in comparisonto existing systems (CP-ABE, H-CP-ABE), while also decreasing storage costsin HH-CP-ABE. Furthermore, a reduction in time for key generation canalso be noted.Moreover, the scheme proved secure, even in handling IoT datathreats in the Decisional Bilinear Diffie-Hellman (DBDH) case.展开更多
For leakage-resilient ciphertext-policy attribute-based encryption (CP-ABE) at present, the size of the ciphertexts in most of them relies on the number of attributes. How to overcome this shortcoming is a challenge...For leakage-resilient ciphertext-policy attribute-based encryption (CP-ABE) at present, the size of the ciphertexts in most of them relies on the number of attributes. How to overcome this shortcoming is a challenge problem. Based on the Goldreich-Levin theorem and dual system encryption, an efficient CP-ABE scheme with constant size ciphertexts is proposed in this paper. It can tolerate leakage on master secret key and attribute-based secret keys with auxiliary inputs. Furthermore, the proposed scheme can be realized as resilience against continual leakage if keys are periodically updated. Under some static assumptions instead of other strong assumptions, the introduced scheme achieves adaptively security in the standard model.展开更多
基金the National Natural Science Foundation of China(Grant Numbers 622724786210245062102451).
文摘With the rapid advancement of cloud computing technology,reversible data hiding algorithms in encrypted images(RDH-EI)have developed into an important field of study concentrated on safeguarding privacy in distributed cloud environments.However,existing algorithms often suffer from low embedding capacities and are inadequate for complex data access scenarios.To address these challenges,this paper proposes a novel reversible data hiding algorithm in encrypted images based on adaptive median edge detection(AMED)and ciphertext-policy attributebased encryption(CP-ABE).This proposed algorithm enhances the conventional median edge detection(MED)by incorporating dynamic variables to improve pixel prediction accuracy.The carrier image is subsequently reconstructed using the Huffman coding technique.Encrypted image generation is then achieved by encrypting the image based on system user attributes and data access rights,with the hierarchical embedding of the group’s secret data seamlessly integrated during the encryption process using the CP-ABE scheme.Ultimately,the encrypted image is transmitted to the data hider,enabling independent embedding of the secret data and resulting in the creation of the marked encrypted image.This approach allows only the receiver to extract the authorized group’s secret data,thereby enabling fine-grained,controlled access.Test results indicate that,in contrast to current algorithms,the method introduced here considerably improves the embedding rate while preserving lossless image recovery.Specifically,the average maximum embedding rates for the(3,4)-threshold and(6,6)-threshold schemes reach 5.7853 bits per pixel(bpp)and 7.7781 bpp,respectively,across the BOSSbase,BOW-2,and USD databases.Furthermore,the algorithm facilitates permission-granting and joint-decryption capabilities.Additionally,this paper conducts a comprehensive examination of the algorithm’s robustness using metrics such as image correlation,information entropy,and number of pixel change rate(NPCR),confirming its high level of security.Overall,the algorithm can be applied in a multi-user and multi-level cloud service environment to realize the secure storage of carrier images and secret data.
文摘Attribute-based encryption is drawing more attention with its inherent attractive properties which are potential to be widely used in the newly developing cloud computing. However, one of the main obstacles for its application is how to revoke the attributes of the users, though some ABE schemes have realized revocation, they mostly focused on the user revocation that revokes the user's whole attributes, or attribute revocation under the indirect revocation model such that all the users' private keys will be affected by the revocation. In this paper, we define the model of CP-ABE supporting the attribute revocation under the direct revocation model, in which the revocation list is embed in the ciphertext and none of the users' private keys will be affected by the revocation process. Then we propose a generic construction, and prove its security with the decision q-BDHE assumption.
基金Supported by the National Natural Science Foundation of China(61272488)Science and Technology on Information Assurance Laboratory(KJ-15-006)Fundamental and Frontier Technology Research of Henan Province(162300410192)
文摘In this paper, we present the first ciphertext-policy attribute-based encryption (CP-ABE) scheme for polynomial-size general circuits based on bilinear maps which is more suitable for practical use and more efficient than multilinear maps. Our scheme uses a top-down secret sharing and FANOUT gate to resist the "backtracking attack" which is the main barrier expending access tree to general circuit. In the standard model, selective security of our scheme is proved. Comparing with current scheme for general circuits from bilinear maps, our work is more efficient.
基金This research is funded by Science and Technology Program of Guangzhou(Grant No.201707010358).
文摘Ciphertext-policy attribute-based encryption(CP-ABE)is a promising cryptographic solution to the problem for enforcing fine-grained access control over encrypted data in the cloud.However,when applying CP-ABE to data outsourcing scenarios,we have to address the challenging issue of policy updates because access control elements,such as users,attributes,and access rules may change frequently.In this paper,we propose a notion of access policy updatable ciphertext-policy attribute-based encryption(APU-CP-ABE)by combining the idea of ciphertext-policy attribute-based key encapsulation and symmetric proxy re-encryption.When an access policy update occurs,data owner is no longer required to download any data for re-encryption from the cloud,all he needs to do is generate a re-encryption key and produce a new encapsulated symmetric key,and then upload them to the cloud.The cloud server executes re-encryption without decryption.Because the re-encrypted ciphertext is encrypted under a completely new key,users cannot decrypt data even if they keep the old symmetric keys or parts of the previous ciphertext.We present an APU-CP-ABE construction based on Syalim et al.’s[Syalim,Nishide and Sakurai(2017)]improved symmetric proxy re-encryption scheme and Agrawal et al.’s[Agrawal and Chase(2017)]attribute-based message encryption scheme.It requires only 6 bilinear pairing operations for decryption,regardless of the number of attributes involved.This makes our construction particularly attractive when decryption is time-critical.
基金supported by the Science and Technology Project of the State Grid Corporation of China,Grant number 5700-202223189A-1-1-ZN.
文摘Renewable Energy Systems(RES)provide a sustainable solution to climate warming and environmental pollution by enhancing stability and reliability through status acquisition and analysis on cloud platforms and intelligent processing on edge servers(ES).However,securely distributing encrypted data stored in the cloud to terminals that meet decryption requirements has become a prominent research topic.Additionally,managing attributes,including addition,deletion,and modification,is a crucial issue in the access control scheme for RES.To address these security concerns,a trust-based ciphertext-policy attribute-based encryption(CP-ABE)device access control scheme is proposed for RES(TB-CP-ABE).This scheme effectivelymanages the distribution and control of encrypted data on the cloud through robust attribute key management.By introducing trust management mechanisms and outsourced decryption technology,the ES system can effectively assess and manage the trust worthiness of terminal devices,ensuring that only trusted devices can participate in data exchange and access sensitive information.Besides,the ES system dynamically evaluates trust scores to set decryption trust thresholds,thereby regulating device data access permissions and enhancing the system’s security.To validate the security of the proposed TB-CP-ABE against chosen plaintext attacks,a comprehensive formal security analysis is conducted using the widely accepted random oraclemodel under the decisional q-Bilinear Diffie-Hellman Exponent(q-BDHE)assumption.Finally,comparative analysis with other schemes demonstrates that the TB-CP-ABE scheme cuts energy/communication costs by 43%,and scaleswell with rising terminals,maintaining average latency below 50ms,ensuring real-time service feasibility.The proposed scheme not only provides newinsights for the secure management of RES but also lays a foundation for future secure energy solutions.
文摘Attribute-based encryption(ABE)is a cryptographic framework that provides flexible access control by allowing encryption based on user attributes.ABE is widely applied in cloud storage,file sharing,e-Health,and digital rightsmanagement.ABE schemes rely on hard cryptographic assumptions such as pairings and others(pairingfree)to ensure their security against external and internal attacks.Internal attacks are carried out by authorized users who misuse their access to compromise security with potentially malicious intent.One common internal attack is the attribute collusion attack,in which users with different attribute keys collaborate to decrypt data they could not individually access.This paper focuses on the ciphertext-policy ABE(CP-ABE),a type of ABE where ciphertexts are produced with access policies.Our firstwork is to carry out the attribute collusion attack against several existing pairingfree CP-ABE schemes.As a main contribution,we introduce a novel attack,termed the anonymous key-leakage attack,concerning the context in which users could anonymously publish their secret keys associated with certain attributes on public platforms without the risk of detection.This kind of internal attack has not been defined or investigated in the literature.We then show that several prominent pairing-based CP-ABE schemes are vulnerable to this attack.We believe that this work will contribute to helping the community evaluate suitable CP-ABE schemes for secure deployment in real-life applications.
文摘Most research works nowadays deal with real-time Internetof Things (IoT) data. However, with exponential data volume increases,organizations need help storing such humongous amounts of IoT data incloud storage systems. Moreover, such systems create security issues whileefficiently using IoT and Cloud Computing technologies. Ciphertext-Policy Attribute-Based Encryption (CP-ABE) has the potential to make IoT datamore secure and reliable in various cloud storage services. Cloud-assisted IoTssuffer from two privacy issues: access policies (public) and super polynomialdecryption times (attributed mainly to complex access structures). We havedeveloped a CP-ABE scheme in alignment with a Hidden HierarchyCiphertext-Policy Attribute-Based Encryption (HH-CP-ABE) access structure embedded within two policies, i.e., public policy and sensitive policy.In this proposed scheme, information is only revealed when the user’sinformation is satisfactory to the public policy. Furthermore, the proposedscheme applies to resource-constrained devices already contracted tasks totrusted servers (especially encryption/decryption/searching). Implementingthe method and keywords search resulted in higher access policy privacy andincreased security. The new scheme introduces superior storage in comparisonto existing systems (CP-ABE, H-CP-ABE), while also decreasing storage costsin HH-CP-ABE. Furthermore, a reduction in time for key generation canalso be noted.Moreover, the scheme proved secure, even in handling IoT datathreats in the Decisional Bilinear Diffie-Hellman (DBDH) case.
基金supported in part by the Nature Science Foundation of China (61472307, 61402112, 61100165, 61100231)Natural Science Basic Research Plan in Shaanxi Province of China (2016JM6004)
文摘For leakage-resilient ciphertext-policy attribute-based encryption (CP-ABE) at present, the size of the ciphertexts in most of them relies on the number of attributes. How to overcome this shortcoming is a challenge problem. Based on the Goldreich-Levin theorem and dual system encryption, an efficient CP-ABE scheme with constant size ciphertexts is proposed in this paper. It can tolerate leakage on master secret key and attribute-based secret keys with auxiliary inputs. Furthermore, the proposed scheme can be realized as resilience against continual leakage if keys are periodically updated. Under some static assumptions instead of other strong assumptions, the introduced scheme achieves adaptively security in the standard model.
