With the popularity of the Internet of Vehicles(IoV),a large amount of data is being generated every day.How to securely share data between the IoV operator and various value-added service providers becomes one of the...With the popularity of the Internet of Vehicles(IoV),a large amount of data is being generated every day.How to securely share data between the IoV operator and various value-added service providers becomes one of the critical issues.Due to its flexible and efficient fine-grained access control feature,Ciphertext-Policy Attribute-Based Encryption(CP-ABE)is suitable for data sharing in IoV.However,there are many flaws in most existing CP-ABE schemes,such as attribute privacy leakage and key misuse.This paper proposes a Traceable and Revocable CP-ABE-based Data Sharing with Partially hidden policy for IoV(TRE-DSP).A partially hidden access structure is adopted to hide sensitive user attribute values,and attribute categories are sent along with the ciphertext to effectively avoid privacy exposure.In addition,key tracking and malicious user revocation are introduced with broadcast encryption to prevent key misuse.Since the main computation task is outsourced to the cloud,the burden of the user side is relatively low.Analysis of security and performance demonstrates that TRE-DSP is more secure and practical for data sharing in IoV.展开更多
Distributed information systems require complex access control which depends upon attributes of protected data and access policies.Traditionally,to enforce the access control,a file server is used to store all data an...Distributed information systems require complex access control which depends upon attributes of protected data and access policies.Traditionally,to enforce the access control,a file server is used to store all data and act as a reference to check the user.Apparently,the drawback of this system is that the security is based on the file server and the data are stored in plaintext.Attribute-based encryption(ABE) is introduced first by Sahai and Waters and can enable an access control mechanism over encrypted data by specifying the users’ attributes. According to this mechanism,even though the file server is compromised,we can still keep the security of the data. Besides the access control,user may be deprived of the ability in some situation,for example paying TV.More previous ABE constructions are proven secure in the selective model of security that attacker must announce the target he intends to attack before seeing the public parameters.And few of previous ABE constructions realize revocation of the users’ key.This paper presents an ABE scheme that supports revocation and has full security in adaptive model.We adapt the dual system encryption technique recently introduced by Waters to ABE to realize full security.展开更多
Cloud storage is a service involving cloud service providers providingstorage space to customers. Cloud storage services have numerous advantages,including convenience, high computation, and capacity, thereby attracti...Cloud storage is a service involving cloud service providers providingstorage space to customers. Cloud storage services have numerous advantages,including convenience, high computation, and capacity, thereby attracting usersto outsource data in the cloud. However, users outsource data directly via cloudstage services that are unsafe when outsourcing data is sensitive for users. Therefore, cipher text-policy attribute-based encryption is a promising cryptographicsolution in a cloud environment, and can be drawn up for access control by dataowners (DO) to define access policy. Unfortunately, an outsourced architectureapplied with attribute-based encryption introduces numerous challenges, including revocation. This issue is a threat to the data security of DO. Furthermore,highly secure and flexible cipher text-based attribute access control with role hierarchy user grouping in cloud storage is implemented by extending the KUNodes(revocation) storage identity-based encryption. Result is evaluated using Cloudsim, and our algorithm outperforms in terms of computational cost by consuming32 MB for 150-MB files.展开更多
Monero uses ring signatures to protect users’privacy.However,Monero’s anonymity covers various illicit activities,such as money laundering,as it becomes difficult to identify and punish malicious users.Therefore,it ...Monero uses ring signatures to protect users’privacy.However,Monero’s anonymity covers various illicit activities,such as money laundering,as it becomes difficult to identify and punish malicious users.Therefore,it is necessary to regulate illegal transactions while protecting the privacy of legal users.We present a revocable linkable ring signature scheme(RLRS),which balances the privacy and supervision for privacy-preserving blockchain transactions.By setting the role of revocation authority,we can trace the malicious user and revoke it in time.We define the security model of the revocable linkable ring signature and give the concrete construction of RLRS.We employ accumulator and ElGamal encryption to achieve the functionalities of revocation and tracing.In addition,we compress the ring signature size to the logarithmic level by using non-interactive sum arguments of knowledge(NISA).Then,we prove the security of RLRS,which satisfies anonymity,unforgeability,linkability,and non-frameability.Lastly,we compare RLRS with other ring signature schemes.RLRS is linkable,traceable,and revocable with logarithmic communication complexity and less computational overhead.We also implement RLRS scheme and the results show that its verification time is 1.5s with 500 ring members.展开更多
The encryption of user data is crucial when employing electronic health record services to guarantee the security of the data stored on cloud servers.Attribute-based encryption(ABE)scheme is considered a powerful encr...The encryption of user data is crucial when employing electronic health record services to guarantee the security of the data stored on cloud servers.Attribute-based encryption(ABE)scheme is considered a powerful encryption technique that ofers fexible and fne-grained access control capabilities.Further,the multi-user collaborative access ABE scheme additionally supports users to acquire access authorization through collaborative works.However,the existing multi-user collaborative access ABE schemes do not consider the diferent weights of collaboration users.Therefore,using these schemes for weighted multi-user collaborative access results in redundant attributes,which inevitably reduces the efciency of the ABE scheme.This paper proposes a revocable and verifable weighted attribute-based encryption with collaborative access scheme(RVWABE-CA),which can provide efcient weighted multi-user collaborative access,user revocation,and data integrity verifcation,as the fundamental cornerstone for establishing a robust framework to facilitate secure sharing of electronic health records in a public cloud environment.In detail,this scheme employs a novel weighted access tree to eliminate redundant attributes,utilizes encryption version information to control user revocation,and establishes Merkle Hash Tree for data integrity verifcation.We prove that our scheme is resistant against chosen plaintext attack.The experimental results demonstrate that our scheme has signifcant computational efciency advantages compared to related works,without increasing storage or communication overhead.Therefore,the RVWABE-CA scheme can provide an efcient and fexible weighted collaborative access control and user revocation mechanism as well as data integrity verifcation for electronic health record systems.展开更多
Cloud data sharing is an important issue in modern times.To maintain the privacy and confidentiality of data stored in the cloud,encryption is an inevitable process before uploading the data.However,the centralized ma...Cloud data sharing is an important issue in modern times.To maintain the privacy and confidentiality of data stored in the cloud,encryption is an inevitable process before uploading the data.However,the centralized management and transmission latency of the cloud makes it difficult to support real-time processing and distributed access structures.As a result,fog computing and the Internet of Things(IoT)have emerged as crucial applications.Fog-assisted proxy re-encryption is a commonly adopted technique for sharing cloud ciphertexts.It allows a semitrusted proxy to transforma data owner’s ciphertext into another re-encrypted ciphertext intended for a data requester,without compromising any information about the original ciphertext.Yet,the user revocation and cloud ciphertext renewal problems still lack effective and secure mechanisms.Motivated by it,we propose a revocable conditional proxy re-encryption scheme offering ciphertext evolution(R-CPRE-CE).In particular,a periodically updated time key is used to revoke the user’s access privileges while an access condition prevents a malicious proxy from reencrypting unauthorized ciphertext.We also demonstrate that our scheme is provably secure under the notion of indistinguishability against adaptively chosen identity and chosen ciphertext attacks in the random oracle model.Performance analysis shows that our scheme reduces the computation time for a complete data access cycle from an initial query to the final decryption by approximately 47.05%compared to related schemes.展开更多
Cloud services,favored by many enterprises due to their high flexibility and easy operation,are widely used for data storage and processing.However,the high latency,together with transmission overheads of the cloud ar...Cloud services,favored by many enterprises due to their high flexibility and easy operation,are widely used for data storage and processing.However,the high latency,together with transmission overheads of the cloud architecture,makes it difficult to quickly respond to the demands of IoT applications and local computation.To make up for these deficiencies in the cloud,fog computing has emerged as a critical role in the IoT applications.It decentralizes the computing power to various lower nodes close to data sources,so as to achieve the goal of low latency and distributed processing.With the data being frequently exchanged and shared between multiple nodes,it becomes a challenge to authorize data securely and efficiently while protecting user privacy.To address this challenge,proxy re-encryption(PRE)schemes provide a feasible way allowing an intermediary proxy node to re-encrypt ciphertext designated for different authorized data requesters without compromising any plaintext information.Since the proxy is viewed as a semi-trusted party,it should be taken to prevent malicious behaviors and reduce the risk of data leakage when implementing PRE schemes.This paper proposes a new fog-assisted identity-based PRE scheme supporting anonymous key generation,equality test,and user revocation to fulfill various IoT application requirements.Specifically,in a traditional identity-based public key architecture,the key escrow problem and the necessity of a secure channel are major security concerns.We utilize an anonymous key generation technique to solve these problems.The equality test functionality further enables a cloud server to inspect whether two candidate trapdoors contain an identical keyword.In particular,the proposed scheme realizes fine-grained user-level authorization while maintaining strong key confidentiality.To revoke an invalid user identity,we add a revocation list to the system flows to restrict access privileges without increasing additional computation cost.To ensure security,it is shown that our system meets the security notion of IND-PrID-CCA and OW-ID-CCA under the Decisional Bilinear Diffie-Hellman(DBDH)assumption.展开更多
Hierarchical Identity-Based Broadcast Encryption (HIBBE) organizes users into a tree-like structure, and it allows users to delegate their decryption ability to subordinates and enable encryption to any subset of us...Hierarchical Identity-Based Broadcast Encryption (HIBBE) organizes users into a tree-like structure, and it allows users to delegate their decryption ability to subordinates and enable encryption to any subset of users while only intended users can decrypt. However, current HIBBE schemes do not support efficient revocation of private keys. Here, a new primitive called Revocable Hierarchical Identity-Based Broadcast Encryption (RHIBBE) is formalized that allows revocation of the HIBBE. Ciphertext indistinguishability is defined against the selectively Bounded Revocable Identity-Vector-Set and Chosen-Plaintext Attack (IND-sBRIVS-CPA). An IND-sBRIVS-CPA secure RHIBBE scheme is constructed with efficient revocation on prime-order bilinear groups. The unbounded version of the scheme is also shown to be secure but a little weaker than the former under the decisional n-Weak Bilinear Diffie-Hellman inversion assumption.展开更多
Attribute-Based Encryption(ABE)has emerged as a fundamental access control mechanism in data sharing,enabling data owners to define flexible access policies.A critical aspect of ABE is key revocation,which plays a piv...Attribute-Based Encryption(ABE)has emerged as a fundamental access control mechanism in data sharing,enabling data owners to define flexible access policies.A critical aspect of ABE is key revocation,which plays a pivotal role in maintaining security.However,existing key revocation mechanisms face two major challenges:(1)High overhead due to ciphertext and key updates,primarily stemming from the reliance on revocation lists during attribute revocation,which increases computation and communication costs.(2)Limited universality,as many attribute revocation mechanisms are tailored to specific ABE constructions,restricting their broader applicability.To address these challenges,we propose LUAR(Lightweight and Universal Attribute Revocation),a novel revocation mechanism that leverages Intel Software Guard Extensions(SGX)while minimizing its inherent limitations.Given SGX’s constrained memory(≈90 MB in a personal computer)and susceptibility to side-channel attacks,we carefully manage its usage to reduce reliance while mitigating potential collusion risks between cloud service providers and users.To evaluate LUAR’s lightweight and universality,we integrate it with the classic BSW07 scheme,which can be seamlessly replaced with other ABE constructions.Experimental results demonstrate that LUAR enables secure attribute revocation with low computation and communication overhead.The processing time within the SGX environment remains stable at approximately 55 ms,regardless of the complexity of access policies,ensuring no additional storage or computational burden on SGX.Compared to the Hardware-based Revocable Attribute-Based Encryption(HR-ABE)scheme(IEEE S&P 2024),LUAR incurs a slightly higher computational cost within SGX;however,the overall time from initiating a data request to obtaining plaintext is shorter.As access policies grow more complex,LUAR’s advantages become increasingly evident,showcasing its superior efficiency and broader applicability.展开更多
Group signature allows the anonymity of a real signer in a group to be revoked by a trusted party called group manager. It also gives the group manager the absolute power of controlling the formation of the group. Rin...Group signature allows the anonymity of a real signer in a group to be revoked by a trusted party called group manager. It also gives the group manager the absolute power of controlling the formation of the group. Ring signature, on the other hand, does not allow anyone to revoke the signer anonymity, while allowing the real signer to form a group (also known as a ring) arbitrarily without being controlled by any other party. In this paper, we propose a new variant for ring signature, called Revocable Ring Signature. The signature allows a real signer to form a ring arbitrarily while allowing a set of authorities to revoke the anonymity of the real signer. This new variant inherits the desirable properties from both group signature and ring signature in such a way that the real signer will be responsible for what it has signed as the anonymity is revocable by authorities while the real signer still has the freedom on ring formation. We provide a formal security model for revocable ring signature and propose an efficient construction which is proven secure under our security model.展开更多
With the popularity of cloud computing and mobile Apps, on-demand services such as on-line music or audio streaming and vehicle booking are widely available nowadays. In order to allow efficient delivery and managemen...With the popularity of cloud computing and mobile Apps, on-demand services such as on-line music or audio streaming and vehicle booking are widely available nowadays. In order to allow efficient delivery and management of the services, for large-scale on-demand systems, there is usually a hierarchy where the service provider can delegate its service to a top-tier (e.g., countrywide) proxy who can then further delegate the service to lower level (e.g., region-wide) proxies. Secure (re-)delegation and revocation are among the most crucial factors for such systems. In this paper, we investigate the practical solutions for achieving re-delegation and revocation utilizing proxy signature. Although proxy signature has been extensively studied in the literature, no previous solution can achieve both properties. To fill the gap, we introduce the notion of revocable and re-delegable proxy signature that supports efficient revocation and allows a proxy signer to re-delegate its signing right to other proxy signers without the interaction with the original signer. We define the formal security models for this new primitive and present an efficient scheme that can achieve all the security properties. We also present a secure on-line revocable and re-delegate vehicle ordering system (RRVOS) as one of the applications of our proposed scheme.展开更多
Conditional proxy re-encryption(CPRE)is an effective cryptographic primitive language that enhances the access control mechanism and makes the delegation of decryption permissions more granular,but most of the attribu...Conditional proxy re-encryption(CPRE)is an effective cryptographic primitive language that enhances the access control mechanism and makes the delegation of decryption permissions more granular,but most of the attribute-based conditional proxy re-encryption(AB-CPRE)schemes proposed so far do not take into account the importance of user attributes.A weighted attribute-based conditional proxy re-encryption(WAB-CPRE)scheme is thus designed to provide more precise decryption rights delegation.By introducing the concept of weight attributes,the quantity of system attributes managed by the server is reduced greatly.At the same time,a weighted tree structure is constructed to simplify the expression of access structure effectively.With conditional proxy re-encryption,large amounts of data and complex computations are outsourced to cloud servers,so the data owner(DO)can revoke the user’s decryption rights directly with minimal costs.The scheme proposed achieves security against chosen plaintext attacks(CPA).Experimental simulation results demonstrated that the decryption time is within 6–9 ms,and it has a significant reduction in communication and computation cost on the user side with better functionality compared to other related schemes,which enables users to access cloud data on devices with limited resources.展开更多
Incorporating electric vehicles into smart grid,vehicle-to-Grid(V2G) makes it feasible to charge for large-scale electric vehicles,and in turn support electric vehicles,as mobile and distributed storage units,to disch...Incorporating electric vehicles into smart grid,vehicle-to-Grid(V2G) makes it feasible to charge for large-scale electric vehicles,and in turn support electric vehicles,as mobile and distributed storage units,to discharge to smart grid.In order to provide reliable and efficient services,the operator of V2 G networks needs to monitor realtime status of every plug-in electric vehicle(PEV) and then evaluate current electricity storage capability.Anonymity,aggregation and dynamic management are three basic but crucial characteristics of which the services of V2 G networks should be.However,few of existing authentication schemes for V2 G networks could satisfy them simultaneously.In this paper,we propose a secure and efficient authentication scheme with privacy-preserving for V2 G networks.The scheme makes the charging/discharging station authenticate PEVs anonymously and manage them dynamically.Moreover,the monitoring data collected by the charging/discharging station could be sent to a local aggregator(LAG)in batch mode.In particular,time overheads during verification stage are independent with the number of involved PEVs,and there is no need to update the membership certificate and key pair before PEV logs out.展开更多
In most existing CP-ABE schemes, there is only one authority in the system and all the public keys and private keys are issued by this authority, which incurs ciphertext size and computation costs in the encryption an...In most existing CP-ABE schemes, there is only one authority in the system and all the public keys and private keys are issued by this authority, which incurs ciphertext size and computation costs in the encryption and decryption operations that depend at least linearly on the number of attributes involved in the access policy. We propose an efficient multi-authority CP-ABE scheme in which the authorities need not interact to generate public information during the system initialization phase. Our scheme has constant ciphertext length and a constant number of pairing computations. Our scheme can be proven CPA-secure in random oracle model under the decision q-BDHE assumption. When user's attributes revocation occurs, the scheme transfers most re-encryption work to the cloud service provider, reducing the data owner's computational cost on the premise of security. Finally the analysis and simulation result show that the schemes proposed in this thesis ensure the privacy and secure access of sensitive data stored in the cloud server, and be able to cope with the dynamic changes of users' access privileges in large-scale systems. Besides, the multi-authority ABE eliminates the key escrow problem, achieves the length of ciphertext optimization and enhances the effi ciency of the encryption and decryption operations.展开更多
Attribute-based encryption is drawing more attention with its inherent attractive properties which are potential to be widely used in the newly developing cloud computing. However, one of the main obstacles for its ap...Attribute-based encryption is drawing more attention with its inherent attractive properties which are potential to be widely used in the newly developing cloud computing. However, one of the main obstacles for its application is how to revoke the attributes of the users, though some ABE schemes have realized revocation, they mostly focused on the user revocation that revokes the user's whole attributes, or attribute revocation under the indirect revocation model such that all the users' private keys will be affected by the revocation. In this paper, we define the model of CP-ABE supporting the attribute revocation under the direct revocation model, in which the revocation list is embed in the ciphertext and none of the users' private keys will be affected by the revocation process. Then we propose a generic construction, and prove its security with the decision q-BDHE assumption.展开更多
Access control is a key mechanism to secure outsourced data in mobile clouds. Some existing solutions are proposed to enforce flexible access control on outsourced data or reduce the computations performed by mobile d...Access control is a key mechanism to secure outsourced data in mobile clouds. Some existing solutions are proposed to enforce flexible access control on outsourced data or reduce the computations performed by mobile devices. However, less attention has been paid to the efficiency of revocation when there are mobile devices needed to be revoked. In this paper, we put forward a new solution, referred to as flexible access control with outsourceable revocation(FACOR) for mobile clouds. The FACOR applies the attribute-based encryption to enable flexible access control on outsourced data, and allows mobile users to outsource the time-consuming encryption and decryption computations to proxies, with only requiring attributes authorization to be fully trusted. As an advantageous feature, FACOR provides an outsourceable revocation for mobile users to reduce the complicated attribute-based revocation operations. The security analysis shows that our FACOR scheme achieves data security against collusion attacks and unauthorized accesses from revoked users. Both theoretical and experimental results confirm that our proposed scheme greatly reliefs the mobile devices from heavy encryption and decryption computations, as well as the complicated revocation of access rights in mobile clouds.展开更多
Attribute revocation is inevitable and al- so important for Attribute-Based Encryption (ABE) in practice. However, little attention has been paid to this issue, and it retrains one of the rmin obsta-cles for the app...Attribute revocation is inevitable and al- so important for Attribute-Based Encryption (ABE) in practice. However, little attention has been paid to this issue, and it retrains one of the rmin obsta-cles for the application of ABE. Most of existing ABE schemes support attribute revocation work under indirect revocation model such that all the users' private keys will be affected when the revo-cation events occur. Though some ABE schemes have realized revocation under direct revocation model such that the revocation list is embedded in the ciphertext and none of the users' private keys will be affected by revocation, they mostly focused on the user revocation that revokes the user's whole attributes, or they can only be proven to be selectively secure. In this paper, we first define a model of adaptively secure ABE supporting the at- tribute revocation under direct revocation model. Then we propose a Key-Policy ABE (KP-ABE) scheme and a Ciphertext-Policy ABE (CP-ABE) scheme on composite order bilinear groups. Finally, we prove our schemes to be adaptively secure by employing the methodology of dual system eno cryption.展开更多
Despite that existing data sharing systems in online social networks(OSNs)propose to encrypt data before sharing,the multiparty access control of encrypted data has become a challenging issue.In this paper,we propose ...Despite that existing data sharing systems in online social networks(OSNs)propose to encrypt data before sharing,the multiparty access control of encrypted data has become a challenging issue.In this paper,we propose a secure data sharing scheme in 0SNs based on ciphertext-policy attribute-based proxy re-encryption and secret sharing.In order to protect users'sensitive data,our scheme allows users to customize access policies of their data and then outsource encrypted data to the OSNs service provider.Our scheme presents a multiparty access control model,which enables the disseminator to update the access policy of ciphertext if their attributes satisfy the existing access policy.Further,we present a partial decryption construction in which the computation overhead of user is largely reduced by delegating most of the decryption operations to the OSNs service provider.We also provide checkability on the results returned from the OSNs service provider to guarantee the correctness of partial decrypted ciphertext.Moreover,our scheme presents an efficient attribute revocation method that achieves both forward and backward secrecy.The security and performance analysis results indicate that the proposed scheme is secure and efficient in OSNs.展开更多
Attribute-based encryption(ABE) supports the fine-grained sharing of encrypted data.In some common designs,attributes are managed by an attribute authority that is supposed to be fully trustworthy.This concept implies...Attribute-based encryption(ABE) supports the fine-grained sharing of encrypted data.In some common designs,attributes are managed by an attribute authority that is supposed to be fully trustworthy.This concept implies that the attribute authority can access all encrypted data,which is known as the key escrow problem.In addition,because all access privileges are defined over a single attribute universe and attributes are shared among multiple data users,the revocation of users is inefficient for the existing ABE scheme.In this paper,we propose a novel scheme that solves the key escrow problem and supports efficient user revocation.First,an access controller is introduced into the existing scheme,and then,secret keys are generated corporately by the attribute authority and access controller.Second,an efficient user revocation mechanism is achieved using a version key that supports forward and backward security.The analysis proves that our scheme is secure and efficient in user authorization and revocation.展开更多
基金supported by the National Natural Science Foundation of China(No.62272076)。
文摘With the popularity of the Internet of Vehicles(IoV),a large amount of data is being generated every day.How to securely share data between the IoV operator and various value-added service providers becomes one of the critical issues.Due to its flexible and efficient fine-grained access control feature,Ciphertext-Policy Attribute-Based Encryption(CP-ABE)is suitable for data sharing in IoV.However,there are many flaws in most existing CP-ABE schemes,such as attribute privacy leakage and key misuse.This paper proposes a Traceable and Revocable CP-ABE-based Data Sharing with Partially hidden policy for IoV(TRE-DSP).A partially hidden access structure is adopted to hide sensitive user attribute values,and attribute categories are sent along with the ciphertext to effectively avoid privacy exposure.In addition,key tracking and malicious user revocation are introduced with broadcast encryption to prevent key misuse.Since the main computation task is outsourced to the cloud,the burden of the user side is relatively low.Analysis of security and performance demonstrates that TRE-DSP is more secure and practical for data sharing in IoV.
基金the National Natural Science Foundation of China(No.60972034)
文摘Distributed information systems require complex access control which depends upon attributes of protected data and access policies.Traditionally,to enforce the access control,a file server is used to store all data and act as a reference to check the user.Apparently,the drawback of this system is that the security is based on the file server and the data are stored in plaintext.Attribute-based encryption(ABE) is introduced first by Sahai and Waters and can enable an access control mechanism over encrypted data by specifying the users’ attributes. According to this mechanism,even though the file server is compromised,we can still keep the security of the data. Besides the access control,user may be deprived of the ability in some situation,for example paying TV.More previous ABE constructions are proven secure in the selective model of security that attacker must announce the target he intends to attack before seeing the public parameters.And few of previous ABE constructions realize revocation of the users’ key.This paper presents an ABE scheme that supports revocation and has full security in adaptive model.We adapt the dual system encryption technique recently introduced by Waters to ABE to realize full security.
文摘Cloud storage is a service involving cloud service providers providingstorage space to customers. Cloud storage services have numerous advantages,including convenience, high computation, and capacity, thereby attracting usersto outsource data in the cloud. However, users outsource data directly via cloudstage services that are unsafe when outsourcing data is sensitive for users. Therefore, cipher text-policy attribute-based encryption is a promising cryptographicsolution in a cloud environment, and can be drawn up for access control by dataowners (DO) to define access policy. Unfortunately, an outsourced architectureapplied with attribute-based encryption introduces numerous challenges, including revocation. This issue is a threat to the data security of DO. Furthermore,highly secure and flexible cipher text-based attribute access control with role hierarchy user grouping in cloud storage is implemented by extending the KUNodes(revocation) storage identity-based encryption. Result is evaluated using Cloudsim, and our algorithm outperforms in terms of computational cost by consuming32 MB for 150-MB files.
基金supported by the National Key R&D Program of China(2022YFB2701500)the National Natural Science Foundation of China(62272385,62202375)+4 种基金Shaanxi Distinguished Youth Project(2022JC-47)the Major Program of Shandong Provincial Natural Science Foundation for the Fundamental Research(ZR2022ZD03)the Key Research and Development Program of Shaanxi(2024GX-ZDCYL-01-09,2024GX-ZDCYL-01-15)Young Talent Fund of Association for Science and Technology in Shaanxi,China(20220134)Scientific Research Program Funded by Shaanxi Provincial Education Department,China(24JK0653).
文摘Monero uses ring signatures to protect users’privacy.However,Monero’s anonymity covers various illicit activities,such as money laundering,as it becomes difficult to identify and punish malicious users.Therefore,it is necessary to regulate illegal transactions while protecting the privacy of legal users.We present a revocable linkable ring signature scheme(RLRS),which balances the privacy and supervision for privacy-preserving blockchain transactions.By setting the role of revocation authority,we can trace the malicious user and revoke it in time.We define the security model of the revocable linkable ring signature and give the concrete construction of RLRS.We employ accumulator and ElGamal encryption to achieve the functionalities of revocation and tracing.In addition,we compress the ring signature size to the logarithmic level by using non-interactive sum arguments of knowledge(NISA).Then,we prove the security of RLRS,which satisfies anonymity,unforgeability,linkability,and non-frameability.Lastly,we compare RLRS with other ring signature schemes.RLRS is linkable,traceable,and revocable with logarithmic communication complexity and less computational overhead.We also implement RLRS scheme and the results show that its verification time is 1.5s with 500 ring members.
基金supported in part by the National Natural Science Foundation of China under Grant 61872409,Grant 61872152 and Grant 62272174in part by Guangdong Basic and Applied Basic Research Foundation under Grant 2020A1515010751+2 种基金in part by the Guangdong Major Project of Basic and Applied Basic Research under Grant 2019B030302008in part by the Science and Technology Program of Guangzhou under Grant 201902010081in part by Guangdong Basic and Applied Basic Research Foundation under Grant 2023A1515011194.
文摘The encryption of user data is crucial when employing electronic health record services to guarantee the security of the data stored on cloud servers.Attribute-based encryption(ABE)scheme is considered a powerful encryption technique that ofers fexible and fne-grained access control capabilities.Further,the multi-user collaborative access ABE scheme additionally supports users to acquire access authorization through collaborative works.However,the existing multi-user collaborative access ABE schemes do not consider the diferent weights of collaboration users.Therefore,using these schemes for weighted multi-user collaborative access results in redundant attributes,which inevitably reduces the efciency of the ABE scheme.This paper proposes a revocable and verifable weighted attribute-based encryption with collaborative access scheme(RVWABE-CA),which can provide efcient weighted multi-user collaborative access,user revocation,and data integrity verifcation,as the fundamental cornerstone for establishing a robust framework to facilitate secure sharing of electronic health records in a public cloud environment.In detail,this scheme employs a novel weighted access tree to eliminate redundant attributes,utilizes encryption version information to control user revocation,and establishes Merkle Hash Tree for data integrity verifcation.We prove that our scheme is resistant against chosen plaintext attack.The experimental results demonstrate that our scheme has signifcant computational efciency advantages compared to related works,without increasing storage or communication overhead.Therefore,the RVWABE-CA scheme can provide an efcient and fexible weighted collaborative access control and user revocation mechanism as well as data integrity verifcation for electronic health record systems.
基金supported in part by the National Science and Technology Council of Republic of China under the contract numbers NSTC 114-2221-E-019-055-MY2NSTC 114-2221-E-019-069.
文摘Cloud data sharing is an important issue in modern times.To maintain the privacy and confidentiality of data stored in the cloud,encryption is an inevitable process before uploading the data.However,the centralized management and transmission latency of the cloud makes it difficult to support real-time processing and distributed access structures.As a result,fog computing and the Internet of Things(IoT)have emerged as crucial applications.Fog-assisted proxy re-encryption is a commonly adopted technique for sharing cloud ciphertexts.It allows a semitrusted proxy to transforma data owner’s ciphertext into another re-encrypted ciphertext intended for a data requester,without compromising any information about the original ciphertext.Yet,the user revocation and cloud ciphertext renewal problems still lack effective and secure mechanisms.Motivated by it,we propose a revocable conditional proxy re-encryption scheme offering ciphertext evolution(R-CPRE-CE).In particular,a periodically updated time key is used to revoke the user’s access privileges while an access condition prevents a malicious proxy from reencrypting unauthorized ciphertext.We also demonstrate that our scheme is provably secure under the notion of indistinguishability against adaptively chosen identity and chosen ciphertext attacks in the random oracle model.Performance analysis shows that our scheme reduces the computation time for a complete data access cycle from an initial query to the final decryption by approximately 47.05%compared to related schemes.
基金supported in part by the National Science and Technology Council of Taiwan under the contract numbers NSTC 114-2221-E-019-055-MY2 and NSTC 114-2221-E-019-069.
文摘Cloud services,favored by many enterprises due to their high flexibility and easy operation,are widely used for data storage and processing.However,the high latency,together with transmission overheads of the cloud architecture,makes it difficult to quickly respond to the demands of IoT applications and local computation.To make up for these deficiencies in the cloud,fog computing has emerged as a critical role in the IoT applications.It decentralizes the computing power to various lower nodes close to data sources,so as to achieve the goal of low latency and distributed processing.With the data being frequently exchanged and shared between multiple nodes,it becomes a challenge to authorize data securely and efficiently while protecting user privacy.To address this challenge,proxy re-encryption(PRE)schemes provide a feasible way allowing an intermediary proxy node to re-encrypt ciphertext designated for different authorized data requesters without compromising any plaintext information.Since the proxy is viewed as a semi-trusted party,it should be taken to prevent malicious behaviors and reduce the risk of data leakage when implementing PRE schemes.This paper proposes a new fog-assisted identity-based PRE scheme supporting anonymous key generation,equality test,and user revocation to fulfill various IoT application requirements.Specifically,in a traditional identity-based public key architecture,the key escrow problem and the necessity of a secure channel are major security concerns.We utilize an anonymous key generation technique to solve these problems.The equality test functionality further enables a cloud server to inspect whether two candidate trapdoors contain an identical keyword.In particular,the proposed scheme realizes fine-grained user-level authorization while maintaining strong key confidentiality.To revoke an invalid user identity,we add a revocation list to the system flows to restrict access privileges without increasing additional computation cost.To ensure security,it is shown that our system meets the security notion of IND-PrID-CCA and OW-ID-CCA under the Decisional Bilinear Diffie-Hellman(DBDH)assumption.
基金supported by the National Key Research and Development Program of China (No. 2017YFB0802502)the National Natural Science Foundation of China (Nos. 61672083, 61370190, 61532021, 61472429, 61402029, 61702028, and 61571024)+3 种基金the National Cryptography Development Fund (No. MMJJ20170106)the Planning Fund Project of Ministry of Education (No. 12YJAZH136)the Beijing Natural Science Foundation (No. 4132056)the Fund of the State Key Laboratory of Information Security, the Institute of Information Engineering, and the Chinese Academy of Sciences (No. 2017-MS-02)
文摘Hierarchical Identity-Based Broadcast Encryption (HIBBE) organizes users into a tree-like structure, and it allows users to delegate their decryption ability to subordinates and enable encryption to any subset of users while only intended users can decrypt. However, current HIBBE schemes do not support efficient revocation of private keys. Here, a new primitive called Revocable Hierarchical Identity-Based Broadcast Encryption (RHIBBE) is formalized that allows revocation of the HIBBE. Ciphertext indistinguishability is defined against the selectively Bounded Revocable Identity-Vector-Set and Chosen-Plaintext Attack (IND-sBRIVS-CPA). An IND-sBRIVS-CPA secure RHIBBE scheme is constructed with efficient revocation on prime-order bilinear groups. The unbounded version of the scheme is also shown to be secure but a little weaker than the former under the decisional n-Weak Bilinear Diffie-Hellman inversion assumption.
基金support from the National Key Research and Development Program of China(Grant No.2021YFF0704102)the Chongqing Education Commission Key Project of Science and Technology Research(Grant No.KJZD-K202400610)the Chongqing Natural Science Foundation General Project(Grant No.CSTB2025NSCQ-GPX1263).
文摘Attribute-Based Encryption(ABE)has emerged as a fundamental access control mechanism in data sharing,enabling data owners to define flexible access policies.A critical aspect of ABE is key revocation,which plays a pivotal role in maintaining security.However,existing key revocation mechanisms face two major challenges:(1)High overhead due to ciphertext and key updates,primarily stemming from the reliance on revocation lists during attribute revocation,which increases computation and communication costs.(2)Limited universality,as many attribute revocation mechanisms are tailored to specific ABE constructions,restricting their broader applicability.To address these challenges,we propose LUAR(Lightweight and Universal Attribute Revocation),a novel revocation mechanism that leverages Intel Software Guard Extensions(SGX)while minimizing its inherent limitations.Given SGX’s constrained memory(≈90 MB in a personal computer)and susceptibility to side-channel attacks,we carefully manage its usage to reduce reliance while mitigating potential collusion risks between cloud service providers and users.To evaluate LUAR’s lightweight and universality,we integrate it with the classic BSW07 scheme,which can be seamlessly replaced with other ABE constructions.Experimental results demonstrate that LUAR enables secure attribute revocation with low computation and communication overhead.The processing time within the SGX environment remains stable at approximately 55 ms,regardless of the complexity of access policies,ensuring no additional storage or computational burden on SGX.Compared to the Hardware-based Revocable Attribute-Based Encryption(HR-ABE)scheme(IEEE S&P 2024),LUAR incurs a slightly higher computational cost within SGX;however,the overall time from initiating a data request to obtaining plaintext is shorter.As access policies grow more complex,LUAR’s advantages become increasingly evident,showcasing its superior efficiency and broader applicability.
基金Dennis Y.W.Liu and Duncan S.Wong were supported by CityU grants(Project Nos.7001844,7001959,7002001).
文摘Group signature allows the anonymity of a real signer in a group to be revoked by a trusted party called group manager. It also gives the group manager the absolute power of controlling the formation of the group. Ring signature, on the other hand, does not allow anyone to revoke the signer anonymity, while allowing the real signer to form a group (also known as a ring) arbitrarily without being controlled by any other party. In this paper, we propose a new variant for ring signature, called Revocable Ring Signature. The signature allows a real signer to form a ring arbitrarily while allowing a set of authorities to revoke the anonymity of the real signer. This new variant inherits the desirable properties from both group signature and ring signature in such a way that the real signer will be responsible for what it has signed as the anonymity is revocable by authorities while the real signer still has the freedom on ring formation. We provide a formal security model for revocable ring signature and propose an efficient construction which is proven secure under our security model.
文摘With the popularity of cloud computing and mobile Apps, on-demand services such as on-line music or audio streaming and vehicle booking are widely available nowadays. In order to allow efficient delivery and management of the services, for large-scale on-demand systems, there is usually a hierarchy where the service provider can delegate its service to a top-tier (e.g., countrywide) proxy who can then further delegate the service to lower level (e.g., region-wide) proxies. Secure (re-)delegation and revocation are among the most crucial factors for such systems. In this paper, we investigate the practical solutions for achieving re-delegation and revocation utilizing proxy signature. Although proxy signature has been extensively studied in the literature, no previous solution can achieve both properties. To fill the gap, we introduce the notion of revocable and re-delegable proxy signature that supports efficient revocation and allows a proxy signer to re-delegate its signing right to other proxy signers without the interaction with the original signer. We define the formal security models for this new primitive and present an efficient scheme that can achieve all the security properties. We also present a secure on-line revocable and re-delegate vehicle ordering system (RRVOS) as one of the applications of our proposed scheme.
基金Programs for Science and Technology Development of Henan Province,grant number 242102210152The Fundamental Research Funds for the Universities of Henan Province,grant number NSFRF240620+1 种基金Key Scientific Research Project of Henan Higher Education Institutions,grant number 24A520015Henan Key Laboratory of Network Cryptography Technology,grant number LNCT2022-A11.
文摘Conditional proxy re-encryption(CPRE)is an effective cryptographic primitive language that enhances the access control mechanism and makes the delegation of decryption permissions more granular,but most of the attribute-based conditional proxy re-encryption(AB-CPRE)schemes proposed so far do not take into account the importance of user attributes.A weighted attribute-based conditional proxy re-encryption(WAB-CPRE)scheme is thus designed to provide more precise decryption rights delegation.By introducing the concept of weight attributes,the quantity of system attributes managed by the server is reduced greatly.At the same time,a weighted tree structure is constructed to simplify the expression of access structure effectively.With conditional proxy re-encryption,large amounts of data and complex computations are outsourced to cloud servers,so the data owner(DO)can revoke the user’s decryption rights directly with minimal costs.The scheme proposed achieves security against chosen plaintext attacks(CPA).Experimental simulation results demonstrated that the decryption time is within 6–9 ms,and it has a significant reduction in communication and computation cost on the user side with better functionality compared to other related schemes,which enables users to access cloud data on devices with limited resources.
基金the Natural Science Foundation of China(61102056,61201132)Fundamental Research Funds for the Central Universities of China(K5051301013)the 111 Project of China(B08038)
文摘Incorporating electric vehicles into smart grid,vehicle-to-Grid(V2G) makes it feasible to charge for large-scale electric vehicles,and in turn support electric vehicles,as mobile and distributed storage units,to discharge to smart grid.In order to provide reliable and efficient services,the operator of V2 G networks needs to monitor realtime status of every plug-in electric vehicle(PEV) and then evaluate current electricity storage capability.Anonymity,aggregation and dynamic management are three basic but crucial characteristics of which the services of V2 G networks should be.However,few of existing authentication schemes for V2 G networks could satisfy them simultaneously.In this paper,we propose a secure and efficient authentication scheme with privacy-preserving for V2 G networks.The scheme makes the charging/discharging station authenticate PEVs anonymously and manage them dynamically.Moreover,the monitoring data collected by the charging/discharging station could be sent to a local aggregator(LAG)in batch mode.In particular,time overheads during verification stage are independent with the number of involved PEVs,and there is no need to update the membership certificate and key pair before PEV logs out.
基金supported by National Natural Science Foundation of China under Grant No.60873231Natural Science Foundation of Jiangsu Province under Grant No.BK2009426+1 种基金Major State Basic Research Development Program of China under Grant No.2011CB302903Key University Science Research Project of Jiangsu Province under Grant No.11KJA520002
文摘In most existing CP-ABE schemes, there is only one authority in the system and all the public keys and private keys are issued by this authority, which incurs ciphertext size and computation costs in the encryption and decryption operations that depend at least linearly on the number of attributes involved in the access policy. We propose an efficient multi-authority CP-ABE scheme in which the authorities need not interact to generate public information during the system initialization phase. Our scheme has constant ciphertext length and a constant number of pairing computations. Our scheme can be proven CPA-secure in random oracle model under the decision q-BDHE assumption. When user's attributes revocation occurs, the scheme transfers most re-encryption work to the cloud service provider, reducing the data owner's computational cost on the premise of security. Finally the analysis and simulation result show that the schemes proposed in this thesis ensure the privacy and secure access of sensitive data stored in the cloud server, and be able to cope with the dynamic changes of users' access privileges in large-scale systems. Besides, the multi-authority ABE eliminates the key escrow problem, achieves the length of ciphertext optimization and enhances the effi ciency of the encryption and decryption operations.
文摘Attribute-based encryption is drawing more attention with its inherent attractive properties which are potential to be widely used in the newly developing cloud computing. However, one of the main obstacles for its application is how to revoke the attributes of the users, though some ABE schemes have realized revocation, they mostly focused on the user revocation that revokes the user's whole attributes, or attribute revocation under the indirect revocation model such that all the users' private keys will be affected by the revocation. In this paper, we define the model of CP-ABE supporting the attribute revocation under the direct revocation model, in which the revocation list is embed in the ciphertext and none of the users' private keys will be affected by the revocation process. Then we propose a generic construction, and prove its security with the decision q-BDHE assumption.
基金supported in part by National High-Tech Research and Development Program of China(“863” Program)under Grant No.2015AA016004National Natural Science Foundation of China under Grants No.61173154,61272451,61572380
文摘Access control is a key mechanism to secure outsourced data in mobile clouds. Some existing solutions are proposed to enforce flexible access control on outsourced data or reduce the computations performed by mobile devices. However, less attention has been paid to the efficiency of revocation when there are mobile devices needed to be revoked. In this paper, we put forward a new solution, referred to as flexible access control with outsourceable revocation(FACOR) for mobile clouds. The FACOR applies the attribute-based encryption to enable flexible access control on outsourced data, and allows mobile users to outsource the time-consuming encryption and decryption computations to proxies, with only requiring attributes authorization to be fully trusted. As an advantageous feature, FACOR provides an outsourceable revocation for mobile users to reduce the complicated attribute-based revocation operations. The security analysis shows that our FACOR scheme achieves data security against collusion attacks and unauthorized accesses from revoked users. Both theoretical and experimental results confirm that our proposed scheme greatly reliefs the mobile devices from heavy encryption and decryption computations, as well as the complicated revocation of access rights in mobile clouds.
文摘Attribute revocation is inevitable and al- so important for Attribute-Based Encryption (ABE) in practice. However, little attention has been paid to this issue, and it retrains one of the rmin obsta-cles for the application of ABE. Most of existing ABE schemes support attribute revocation work under indirect revocation model such that all the users' private keys will be affected when the revo-cation events occur. Though some ABE schemes have realized revocation under direct revocation model such that the revocation list is embedded in the ciphertext and none of the users' private keys will be affected by revocation, they mostly focused on the user revocation that revokes the user's whole attributes, or they can only be proven to be selectively secure. In this paper, we first define a model of adaptively secure ABE supporting the at- tribute revocation under direct revocation model. Then we propose a Key-Policy ABE (KP-ABE) scheme and a Ciphertext-Policy ABE (CP-ABE) scheme on composite order bilinear groups. Finally, we prove our schemes to be adaptively secure by employing the methodology of dual system eno cryption.
基金supported by the National Natural Science Foundation of China under Grant No.61272519the Specialized Research Fund for the Doctoral Program of Higher Education under Grant No.20120005110017the National Key Technology R&D Program under Grant No.2012BAH06B02
文摘Despite that existing data sharing systems in online social networks(OSNs)propose to encrypt data before sharing,the multiparty access control of encrypted data has become a challenging issue.In this paper,we propose a secure data sharing scheme in 0SNs based on ciphertext-policy attribute-based proxy re-encryption and secret sharing.In order to protect users'sensitive data,our scheme allows users to customize access policies of their data and then outsource encrypted data to the OSNs service provider.Our scheme presents a multiparty access control model,which enables the disseminator to update the access policy of ciphertext if their attributes satisfy the existing access policy.Further,we present a partial decryption construction in which the computation overhead of user is largely reduced by delegating most of the decryption operations to the OSNs service provider.We also provide checkability on the results returned from the OSNs service provider to guarantee the correctness of partial decrypted ciphertext.Moreover,our scheme presents an efficient attribute revocation method that achieves both forward and backward secrecy.The security and performance analysis results indicate that the proposed scheme is secure and efficient in OSNs.
基金supported by the NSFC(61173141,U1536206,61232016, U1405254,61373133,61502242,61572258)BK20150925+3 种基金Fund of Jiangsu Engineering Center of Network Monitoring(KJR1402)Fund of MOE Internet Innovation Platform(KJRP1403)CICAEETthe PAPD fund
文摘Attribute-based encryption(ABE) supports the fine-grained sharing of encrypted data.In some common designs,attributes are managed by an attribute authority that is supposed to be fully trustworthy.This concept implies that the attribute authority can access all encrypted data,which is known as the key escrow problem.In addition,because all access privileges are defined over a single attribute universe and attributes are shared among multiple data users,the revocation of users is inefficient for the existing ABE scheme.In this paper,we propose a novel scheme that solves the key escrow problem and supports efficient user revocation.First,an access controller is introduced into the existing scheme,and then,secret keys are generated corporately by the attribute authority and access controller.Second,an efficient user revocation mechanism is achieved using a version key that supports forward and backward security.The analysis proves that our scheme is secure and efficient in user authorization and revocation.
