Cloud services,favored by many enterprises due to their high flexibility and easy operation,are widely used for data storage and processing.However,the high latency,together with transmission overheads of the cloud ar...Cloud services,favored by many enterprises due to their high flexibility and easy operation,are widely used for data storage and processing.However,the high latency,together with transmission overheads of the cloud architecture,makes it difficult to quickly respond to the demands of IoT applications and local computation.To make up for these deficiencies in the cloud,fog computing has emerged as a critical role in the IoT applications.It decentralizes the computing power to various lower nodes close to data sources,so as to achieve the goal of low latency and distributed processing.With the data being frequently exchanged and shared between multiple nodes,it becomes a challenge to authorize data securely and efficiently while protecting user privacy.To address this challenge,proxy re-encryption(PRE)schemes provide a feasible way allowing an intermediary proxy node to re-encrypt ciphertext designated for different authorized data requesters without compromising any plaintext information.Since the proxy is viewed as a semi-trusted party,it should be taken to prevent malicious behaviors and reduce the risk of data leakage when implementing PRE schemes.This paper proposes a new fog-assisted identity-based PRE scheme supporting anonymous key generation,equality test,and user revocation to fulfill various IoT application requirements.Specifically,in a traditional identity-based public key architecture,the key escrow problem and the necessity of a secure channel are major security concerns.We utilize an anonymous key generation technique to solve these problems.The equality test functionality further enables a cloud server to inspect whether two candidate trapdoors contain an identical keyword.In particular,the proposed scheme realizes fine-grained user-level authorization while maintaining strong key confidentiality.To revoke an invalid user identity,we add a revocation list to the system flows to restrict access privileges without increasing additional computation cost.To ensure security,it is shown that our system meets the security notion of IND-PrID-CCA and OW-ID-CCA under the Decisional Bilinear Diffie-Hellman(DBDH)assumption.展开更多
Cloud data sharing is an important issue in modern times.To maintain the privacy and confidentiality of data stored in the cloud,encryption is an inevitable process before uploading the data.However,the centralized ma...Cloud data sharing is an important issue in modern times.To maintain the privacy and confidentiality of data stored in the cloud,encryption is an inevitable process before uploading the data.However,the centralized management and transmission latency of the cloud makes it difficult to support real-time processing and distributed access structures.As a result,fog computing and the Internet of Things(IoT)have emerged as crucial applications.Fog-assisted proxy re-encryption is a commonly adopted technique for sharing cloud ciphertexts.It allows a semitrusted proxy to transforma data owner’s ciphertext into another re-encrypted ciphertext intended for a data requester,without compromising any information about the original ciphertext.Yet,the user revocation and cloud ciphertext renewal problems still lack effective and secure mechanisms.Motivated by it,we propose a revocable conditional proxy re-encryption scheme offering ciphertext evolution(R-CPRE-CE).In particular,a periodically updated time key is used to revoke the user’s access privileges while an access condition prevents a malicious proxy from reencrypting unauthorized ciphertext.We also demonstrate that our scheme is provably secure under the notion of indistinguishability against adaptively chosen identity and chosen ciphertext attacks in the random oracle model.Performance analysis shows that our scheme reduces the computation time for a complete data access cycle from an initial query to the final decryption by approximately 47.05%compared to related schemes.展开更多
With the rapid development of web3.0 applications,the volume of data sharing is increasing,the inefficiency of big data file sharing and the problem of data privacy leakage are becoming more and more prominent,and the...With the rapid development of web3.0 applications,the volume of data sharing is increasing,the inefficiency of big data file sharing and the problem of data privacy leakage are becoming more and more prominent,and the existing data sharing schemes have been difficult to meet the growing demand for data sharing,this paper aims at exploring a secure,efficient and privacy-protecting data sharing scheme under web3.0 applications.Specifically,this paper adopts interplanetary file system(IPFS)technology to realize the storage of large data files to solve the problem of blockchain storage capacity limitation,and utilizes ciphertext policy attribute-based encryption(CP-ABE)and proxy re-encryption(PRE)technology to realize secure multi-party sharing and finegrained access control of data.This paper provides the detailed algorithm design and implementation of data sharing phases and processes,and analyzes the algorithms from the perspectives of security,privacy protection,and performance.展开更多
Objectives This study aimed to clarify the relationship between the content of proxy decision-making made by families of patients with malignant brain tumors regarding treatment policies and daily care and the cues le...Objectives This study aimed to clarify the relationship between the content of proxy decision-making made by families of patients with malignant brain tumors regarding treatment policies and daily care and the cues leading to those decisions.Methods Semi-structured personal interviews were used to collect data.Seven family members of patients with malignant brain tumors were selected to participate in the study by purposive sampling method from June to August 2022 in the Patient Family Association of Japan.Responses were content analyzed to explore the relationship between the content of decisions regarding“treatment policies”and“daily care”and the cues influencing those decisions.Semi-structured interviews were analyzed by using thematic analysis.Results The contents of proxy decisions regarding“treatment policies”included implementation,interruption,and termination of initial treatments,free medical treatments,use of respirators,and end-of-life sedation and included six cues:treatment policies suggested by the primary physician,information and knowledge about the disease and treatment obtained by the family from limited resources,perceived life threat from symptom worsening,words and reactions from the patient regarding treatment,patient’s personality and way of life inferred from their treatment preferences,family’s thoughts and values hoping for better treatment for the patient.Decisions for“daily care”included meal content and methods,excretion,mobility,maintaining cleanliness,rehabilitation,continuation or resignation from work,treatment settings(outpatient or inpatient),and ways to spend time outside and included seven cues:words and thoughts from the patient about their way of life,patient’s reactions and life history inferred from their preferred way of living,things the patient can do to maintain daily life and roles,awareness of the increasing inability to do things in daily life,family’s underlying thoughts and values about how to spend the remaining time,approval from family members regarding the care setting,advice from medical professionals on living at home.Conclusions For“treatment policies,”guidelines from medical professionals were a key cue,while for“daily care,”the small signs from the patients in their daily lives served as cues for proxy decision-making.This may be due to the lack of information available to families and the limited time available for discussion with the patient.Families of patients with malignant brain tumors repeatedly use multiple cues to make proxy decision-making under high uncertainty.Therefore,nurses supporting proxy decision-making should assess the family’s situation and provide cues that facilitate informed and confident decisions.展开更多
Conditional proxy re-encryption(CPRE)is an effective cryptographic primitive language that enhances the access control mechanism and makes the delegation of decryption permissions more granular,but most of the attribu...Conditional proxy re-encryption(CPRE)is an effective cryptographic primitive language that enhances the access control mechanism and makes the delegation of decryption permissions more granular,but most of the attribute-based conditional proxy re-encryption(AB-CPRE)schemes proposed so far do not take into account the importance of user attributes.A weighted attribute-based conditional proxy re-encryption(WAB-CPRE)scheme is thus designed to provide more precise decryption rights delegation.By introducing the concept of weight attributes,the quantity of system attributes managed by the server is reduced greatly.At the same time,a weighted tree structure is constructed to simplify the expression of access structure effectively.With conditional proxy re-encryption,large amounts of data and complex computations are outsourced to cloud servers,so the data owner(DO)can revoke the user’s decryption rights directly with minimal costs.The scheme proposed achieves security against chosen plaintext attacks(CPA).Experimental simulation results demonstrated that the decryption time is within 6–9 ms,and it has a significant reduction in communication and computation cost on the user side with better functionality compared to other related schemes,which enables users to access cloud data on devices with limited resources.展开更多
In 2005, Bao, et al. [Appl. Math. and Comput., vol.169, No.2, 2005] showed that Tzeng, et al.’s nonrepudiable threshold multi-proxy multi-signature scheme with shared verification was insecure, and proposed an improv...In 2005, Bao, et al. [Appl. Math. and Comput., vol.169, No.2, 2005] showed that Tzeng, et al.’s nonrepudiable threshold multi-proxy multi-signature scheme with shared verification was insecure, and proposed an improved scheme with no Share Distribution Center (SDC). This paper shows that Bao, et al.’s scheme suffers from the proxy relationship inversion attack and forgery attack, and pro- poses an improvement of Bao, et al.’s scheme.展开更多
Kang, et al. [Journal of Electronics(China), 23(2006)4] proposed a threshold multi-proxy multi-signature scheme, and claimed the scheme satisfies the security requirements of threshold multi-proxy multi-signature. How...Kang, et al. [Journal of Electronics(China), 23(2006)4] proposed a threshold multi-proxy multi-signature scheme, and claimed the scheme satisfies the security requirements of threshold multi-proxy multi-signature. However, in this paper, two forgery attacks are proposed to show that their schemes have serious security flaws. To overcome theses flaws, an improvement on Kang, et al.’s scheme is proposed.展开更多
A nominative multi-proxy signature in which the original signer authorizes a group of proxy signers is presented. Meanwhile, our proposed scheme is based on elliptic curve cryptosystem which is more efficient than the...A nominative multi-proxy signature in which the original signer authorizes a group of proxy signers is presented. Meanwhile, our proposed scheme is based on elliptic curve cryptosystem which is more efficient than the corresponding one based on traditional discrete logarithm.展开更多
基金supported in part by the National Science and Technology Council of Taiwan under the contract numbers NSTC 114-2221-E-019-055-MY2 and NSTC 114-2221-E-019-069.
文摘Cloud services,favored by many enterprises due to their high flexibility and easy operation,are widely used for data storage and processing.However,the high latency,together with transmission overheads of the cloud architecture,makes it difficult to quickly respond to the demands of IoT applications and local computation.To make up for these deficiencies in the cloud,fog computing has emerged as a critical role in the IoT applications.It decentralizes the computing power to various lower nodes close to data sources,so as to achieve the goal of low latency and distributed processing.With the data being frequently exchanged and shared between multiple nodes,it becomes a challenge to authorize data securely and efficiently while protecting user privacy.To address this challenge,proxy re-encryption(PRE)schemes provide a feasible way allowing an intermediary proxy node to re-encrypt ciphertext designated for different authorized data requesters without compromising any plaintext information.Since the proxy is viewed as a semi-trusted party,it should be taken to prevent malicious behaviors and reduce the risk of data leakage when implementing PRE schemes.This paper proposes a new fog-assisted identity-based PRE scheme supporting anonymous key generation,equality test,and user revocation to fulfill various IoT application requirements.Specifically,in a traditional identity-based public key architecture,the key escrow problem and the necessity of a secure channel are major security concerns.We utilize an anonymous key generation technique to solve these problems.The equality test functionality further enables a cloud server to inspect whether two candidate trapdoors contain an identical keyword.In particular,the proposed scheme realizes fine-grained user-level authorization while maintaining strong key confidentiality.To revoke an invalid user identity,we add a revocation list to the system flows to restrict access privileges without increasing additional computation cost.To ensure security,it is shown that our system meets the security notion of IND-PrID-CCA and OW-ID-CCA under the Decisional Bilinear Diffie-Hellman(DBDH)assumption.
基金supported in part by the National Science and Technology Council of Republic of China under the contract numbers NSTC 114-2221-E-019-055-MY2NSTC 114-2221-E-019-069.
文摘Cloud data sharing is an important issue in modern times.To maintain the privacy and confidentiality of data stored in the cloud,encryption is an inevitable process before uploading the data.However,the centralized management and transmission latency of the cloud makes it difficult to support real-time processing and distributed access structures.As a result,fog computing and the Internet of Things(IoT)have emerged as crucial applications.Fog-assisted proxy re-encryption is a commonly adopted technique for sharing cloud ciphertexts.It allows a semitrusted proxy to transforma data owner’s ciphertext into another re-encrypted ciphertext intended for a data requester,without compromising any information about the original ciphertext.Yet,the user revocation and cloud ciphertext renewal problems still lack effective and secure mechanisms.Motivated by it,we propose a revocable conditional proxy re-encryption scheme offering ciphertext evolution(R-CPRE-CE).In particular,a periodically updated time key is used to revoke the user’s access privileges while an access condition prevents a malicious proxy from reencrypting unauthorized ciphertext.We also demonstrate that our scheme is provably secure under the notion of indistinguishability against adaptively chosen identity and chosen ciphertext attacks in the random oracle model.Performance analysis shows that our scheme reduces the computation time for a complete data access cycle from an initial query to the final decryption by approximately 47.05%compared to related schemes.
基金supported by the National Natural Science Foundation of China(Grant No.U24B20146)the National Key Research and Development Plan in China(Grant No.2020YFB1005500)Beijing Natural Science Foundation Project(No.M21034).
文摘With the rapid development of web3.0 applications,the volume of data sharing is increasing,the inefficiency of big data file sharing and the problem of data privacy leakage are becoming more and more prominent,and the existing data sharing schemes have been difficult to meet the growing demand for data sharing,this paper aims at exploring a secure,efficient and privacy-protecting data sharing scheme under web3.0 applications.Specifically,this paper adopts interplanetary file system(IPFS)technology to realize the storage of large data files to solve the problem of blockchain storage capacity limitation,and utilizes ciphertext policy attribute-based encryption(CP-ABE)and proxy re-encryption(PRE)technology to realize secure multi-party sharing and finegrained access control of data.This paper provides the detailed algorithm design and implementation of data sharing phases and processes,and analyzes the algorithms from the perspectives of security,privacy protection,and performance.
文摘Objectives This study aimed to clarify the relationship between the content of proxy decision-making made by families of patients with malignant brain tumors regarding treatment policies and daily care and the cues leading to those decisions.Methods Semi-structured personal interviews were used to collect data.Seven family members of patients with malignant brain tumors were selected to participate in the study by purposive sampling method from June to August 2022 in the Patient Family Association of Japan.Responses were content analyzed to explore the relationship between the content of decisions regarding“treatment policies”and“daily care”and the cues influencing those decisions.Semi-structured interviews were analyzed by using thematic analysis.Results The contents of proxy decisions regarding“treatment policies”included implementation,interruption,and termination of initial treatments,free medical treatments,use of respirators,and end-of-life sedation and included six cues:treatment policies suggested by the primary physician,information and knowledge about the disease and treatment obtained by the family from limited resources,perceived life threat from symptom worsening,words and reactions from the patient regarding treatment,patient’s personality and way of life inferred from their treatment preferences,family’s thoughts and values hoping for better treatment for the patient.Decisions for“daily care”included meal content and methods,excretion,mobility,maintaining cleanliness,rehabilitation,continuation or resignation from work,treatment settings(outpatient or inpatient),and ways to spend time outside and included seven cues:words and thoughts from the patient about their way of life,patient’s reactions and life history inferred from their preferred way of living,things the patient can do to maintain daily life and roles,awareness of the increasing inability to do things in daily life,family’s underlying thoughts and values about how to spend the remaining time,approval from family members regarding the care setting,advice from medical professionals on living at home.Conclusions For“treatment policies,”guidelines from medical professionals were a key cue,while for“daily care,”the small signs from the patients in their daily lives served as cues for proxy decision-making.This may be due to the lack of information available to families and the limited time available for discussion with the patient.Families of patients with malignant brain tumors repeatedly use multiple cues to make proxy decision-making under high uncertainty.Therefore,nurses supporting proxy decision-making should assess the family’s situation and provide cues that facilitate informed and confident decisions.
基金Programs for Science and Technology Development of Henan Province,grant number 242102210152The Fundamental Research Funds for the Universities of Henan Province,grant number NSFRF240620+1 种基金Key Scientific Research Project of Henan Higher Education Institutions,grant number 24A520015Henan Key Laboratory of Network Cryptography Technology,grant number LNCT2022-A11.
文摘Conditional proxy re-encryption(CPRE)is an effective cryptographic primitive language that enhances the access control mechanism and makes the delegation of decryption permissions more granular,but most of the attribute-based conditional proxy re-encryption(AB-CPRE)schemes proposed so far do not take into account the importance of user attributes.A weighted attribute-based conditional proxy re-encryption(WAB-CPRE)scheme is thus designed to provide more precise decryption rights delegation.By introducing the concept of weight attributes,the quantity of system attributes managed by the server is reduced greatly.At the same time,a weighted tree structure is constructed to simplify the expression of access structure effectively.With conditional proxy re-encryption,large amounts of data and complex computations are outsourced to cloud servers,so the data owner(DO)can revoke the user’s decryption rights directly with minimal costs.The scheme proposed achieves security against chosen plaintext attacks(CPA).Experimental simulation results demonstrated that the decryption time is within 6–9 ms,and it has a significant reduction in communication and computation cost on the user side with better functionality compared to other related schemes,which enables users to access cloud data on devices with limited resources.
基金Supported by the National Natural Science Foundation of China (No.10671051)the Natural Science Foundation of Zhejiang Province (No.Y105067).
文摘In 2005, Bao, et al. [Appl. Math. and Comput., vol.169, No.2, 2005] showed that Tzeng, et al.’s nonrepudiable threshold multi-proxy multi-signature scheme with shared verification was insecure, and proposed an improved scheme with no Share Distribution Center (SDC). This paper shows that Bao, et al.’s scheme suffers from the proxy relationship inversion attack and forgery attack, and pro- poses an improvement of Bao, et al.’s scheme.
基金Supported by the National Natural Science Foundation of China (No.60503005)the Natural Science Foundation of Hunan Province (No.07JJ6110)
文摘Kang, et al. [Journal of Electronics(China), 23(2006)4] proposed a threshold multi-proxy multi-signature scheme, and claimed the scheme satisfies the security requirements of threshold multi-proxy multi-signature. However, in this paper, two forgery attacks are proposed to show that their schemes have serious security flaws. To overcome theses flaws, an improvement on Kang, et al.’s scheme is proposed.
文摘A nominative multi-proxy signature in which the original signer authorizes a group of proxy signers is presented. Meanwhile, our proposed scheme is based on elliptic curve cryptosystem which is more efficient than the corresponding one based on traditional discrete logarithm.
