Secure authentication using ciphertext policy attribute-based encryption in mobile multi-hop networks

With the dramatic increase of the number of mobile devices such as smartphones and tablet PCs, mobile traffic has increased enormously. Especially, the multimedia data accounts for bulk of the traffic transmitted in mobile networks. To accommodate this growth, device-to-device connection (D2D), which provides infra-connection off-loading, is receiving significant attention. However, we have observed that the majority of the current D2D protocols including Bluetooth and Wi-Fi Direct are vulnerable to man-in-the-middle (MITM) and replay attacks in mobile multi-hop networks. To resolve this problem, in this paper, we propose a novel D2D authentication protocol with a secure initial key establishment using ciphertext-policy attribute-based encryption (CP-ABE). By leveraging CP-ABE, the proposed scheme allows the communicating parties to mutually authenticate and derive the link key in an expressive and secure manner in a multi-hop network environment. We also propose several variations of the proposed scheme for different scenarios in a multi-hop networks without network infrastructure. We prove that the proposed scheme is secure against MITM and replay attack in D2D mobile multi-hop networks. Experimental results indicate that the proposed scheme incurs reasonable computation cost in the real world.     

Accountable authority key policy attribute-based encryption

We present an accountable authority key policy attribute-based encryption (A-KPABE) scheme.In this paper,we extend Goyal’s work to key policy attribute-based encryption setting.We first generalize the notion of accountable authority in key policy attribute-based encryption scenario,and then give a construction.In addition,our scheme is shown to be secure in the standard model under the modified Bilinear Decisional Diffie-Hellman (mBDDH) assumption.     

Complex and flexible data access policy in attribute-based encryption

The Journal of Supercomputing - With the development of cloud computing application, attribute-based encryption (ABE) with flexibly fine-grained data access control is widely adopted. However,...     

Hidden policy ciphertext-policy attribute-based encryption with keyword search against keyword guessing attack

Attribute-based encryption with keyword search (ABKS) enables data owners to grant their search capabilities to other users by enforcing an access control policy over the outsourced encrypted data. However, existing ABKS schemes cannot guarantee the privacy of the access structures, which may contain some sensitive private information. Furthermore, resulting from the exposure of the access structures, ABKS schemes are susceptible to an off-line keyword guessing attack if the keyword space has a polynomial size. To solve these problems, we propose a novel primitive named hidden policy ciphertext-policy attribute-based encryption with keyword search (HP-CPABKS). With our primitive, the data user is unable to search on encrypted data and learn any information about the access structure if his/her attribute credentials cannot satisfy the access control policy specified by the data owner. We present a rigorous selective security analysis of the proposed HP-CPABKS scheme, which simultaneously keeps the indistinguishability of the keywords and the access structures. Finally, the performance evaluation verifies that our proposed scheme is efficient and practical.     

Key escrow encryption Bill hits congress

After years of FBI Director Louis Freeh, White House operatives, and various National Security Agency (NSA) and Justice Department officials threats that failure by industry to voluntarily embrace government encryption key recovery schemes would result in mandatory programmes and legislation, such a forecast may have been realized.     

Ciphertext-policy attribute-based encryption supporting access policy update and its extension with preserved attributes

Attribute-based encryption (ABE) allows one-to-many encryption with static access control. In many occasions, the access control policy must be updated, but the original encryptor might be unavailable to re-encrypt the message, which makes it impractical. Unfortunately, to date the work in ABE does not consider this issue yet, and hence this hinders the adoption of ABE in practice. In this work, we consider how to update access policies in ciphertext-policy attribute-based encryption (CP-ABE) systems efficiently without encrypting each ciphertext with new access policies. We introduce a new notion of CP-ABE supporting access policy update that captures the functionalities of attribute addition and revocation to access policies. We formalize the security requirements for this notion and subsequently construct two provably secure CP-ABE schemes supporting AND-gate access policy with constant-size ciphertext for user decryption. The security of our schemes are proved under the augmented multi-sequences of exponents decisional Diffie–Hellman assumption. We also present a different construction in which certain attributes in an access policy can be preserved by the original encryptor, while other attributes can be revoked efficiently so that the ability of attribute revocation can be appropriately restrained.     

Securely outsourcing the ciphertext-policy attribute-based encryption

Attribute-based Encryption (ABE) is a new and promising public key encryption that allows fine-grained authorization on data based on user attributes. Such property is favorable for multiple applications that require encrypted storage or access control on data, in particular: eHealth applications. However, ABE schemes are known not to be efficient in the encryption phase because ciphertext size and the time required to encrypt grow with the complexity of the access policy. Such drawback is critical in the context of pervasive computing, for instance, in the Internet of Things, where data producers are usually resource-constrained devices, e.g. smart phones or sensing platforms. In this work, we propose OEABE standing for Outsourcing mechanism for the Encryption of Ciphertext-Policy ABE (CP-ABE). We show how a user can offload expensive operations of CP-ABE encryption to a semi-trusted party in a secure manner. Our proposed mechanism requires only one exponentiation on resource-constrained devices. We provide also an informal security analysis of possible attacks from a semi-honest adversary against the proposed solution. To demonstrate the performance gains of our mechanism, we first conducted a performance estimation on an emulated Wismote sensor platform. Then, we implemented our proposal and did comparison to an existing implementation of CP-ABE on a laptop.     

Efficient attribute-based encryption with repeated attributes optimization

International Journal of Information Security - Internet of Things (IoT) is an integration of various technologies to provide technological enhancements. To enforce access control on low power...     

基于属性加密的雾协同云数据共享方案

为解决现有的属性加密数据共享方案粗粒度和开销大等问题,提出一种能保证数据隐私且访问控制灵活的雾协同云数据共享方案(FAC-ABE)。设计属性加密机制,将数据的访问控制策略分为个性化和专业化两种。通过个性化的访问策略,根据用户的经验和偏好,将数据共享给相应的云端。利用雾节点对数据分类,将共享的数据分流,保障数据共享给专业的云服务器。安全分析结果表明,该方案能保障数据机密性,实现更细粒度的访问控制。实验结果表明,用户能将加密开销转移到雾节点上,降低了云端用户开销。     

Image salient regions encryption for generating visually meaningful ciphertext image

Neural Computing and Applications - Image feature encryption is comprised of feature extraction and feature encryption. The existing feature encryption algorithms aim at extracting edge features as...     

Generic attribute revocation systems for attribute-based encryption in cloud storage

Frontiers of Information Technology & Electronic Engineering - Attribute-based encryption (ABE) has been a preferred encryption technology to solve the problems of data protection and access...     

Generic user revocation systems for attribute-based encryption in cloud storage

Cloud-based storage is a service model for businesses and individual users that involves paid or free storage resources. This service model enables on-demand storage capacity and management to users anywhere via the Internet. Because most cloud storage is provided by third-party service providers, the trust required for the cloud storage providers and the shared multi-tenant environment present special challenges for data protection and access control. Attribute-based encryption (ABE) not only protects data secrecy, but also has ciphertexts or decryption keys associated with fine-grained access policies that are automatically enforced during the decryption process. This enforcement puts data access under control at each data item level. However, ABE schemes have practical limitations on dynamic user revocation. In this paper, we propose two generic user revocation systems for ABE with user privacy protection, user revocation via ciphertext re-encryption (UR-CRE) and user revocation via cloud storage providers (UR-CSP), which work with any type of ABE scheme to dynamically revoke users.     

Efficient revocation in ciphertext-policy attribute-based encryption based cryptographic cloud storage

It is secure for customers to store and share their sensitive data in the cryptographic cloud storage.However,the revocation operation is a sure performance killer in the cryptographic access control system.To optimize the revocation procedure,we present a new efficient revocation scheme which is efficient,secure,and unassisted.In this scheme,the original data are first divided into a number of slices,and then published to the cloud storage.When a revocation occurs,the data owner needs only to retrieve one slice,and re-encrypt and re-publish it.Thus,the revocation process is accelerated by affecting only one slice instead of the whole data.We have applied the efficient revocation scheme to the ciphertext-policy attribute-based encryption(CP-ABE) based cryptographic cloud storage.The security analysis shows that our scheme is computationally secure.The theoretically evaluated and experimentally measured performance results show that the efficient revocation scheme can reduce the data owner’s workload if the revocation occurs frequently.     

Grover algorithm-based quantum homomorphic encryption ciphertext retrieval scheme in quantum cloud computing

Quantum Information Processing - An important topic in quantum information is the theory of error correction codes. Practical situations often involve quantum systems with states in an...