检索结果-内蒙古大学图书馆

Cross-Domain Inner-Product access control encryption for Secure EMR Flow in Cloud Edge

IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY 2024年 19卷 9866-9880页

作者： Shi, Caiqun Huang, Qinlong Jian, Rui Chi, Genghui Beijing Univ Posts & Telecommun Sch Cyberspace Secur Beijing 100876 Peoples R China Beijing Univ Posts & Telecommun Natl Engn Res Ctr Disaster Backup & Recovery Beijing 100876 Peoples R China

The quality of medical services is improved by sharing electronic medical records (EMRs) across multiple medical institutions via cloud edge. However, EMRs contain private information about patients, and cloud servers are untrustworthy, thus they cannot be shared arbitrarily among senders and receivers. access control encryption (ACE) is a preferred technique that produces encrypted EMRs and then restricts the capabilities of both senders and receivers to enforce the EMR flow via sanitizers. However, existing cross-domain ACE schemes employ a single sender authority to issue encryption keys for senders, which suffers from single point of failure and encryption key escrow that the sender authority can public EMRs arbitrarily. Moreover, they only support coarse-grained access structures such as AND gates, which is not suitable for flexible EMR sharing among medical institutions. To this end, we propose a cross-domain inner-product ACE (CD-IPACE) scheme that features decentralized encryption key generation and fine-grained access structures. Specifically, we construct CD-IPACE from inner-product encryption, threshold structure-preserving signature instantiated with a distributed key generation protocol, and non-interactive zero-knowledge proof, which prevents individual sender authorities from sending ciphertexts, and also protects both data and receiver privacy. Then, we design a secure EMR flow system in cloud edge named ESFlow based on CD-IPACE, which employs edge nodes as sanitizers to check encrypted EMRs and discard illegal ones. Finally, we demonstrate the security and practicality of ESFlow via formal security analysis and extensive experiments.

关键词： encryption Receivers Medical services access control Cryptography Cloud computing Privacy Hospitals Medical diagnostic imaging Flow production systems access control encryption privacy protection decentralized electronic medical records cloud edge

来源：评论

学校读者我要写书评

暂无评论

access control encryption without sanitizers for Internet of Energy

引用

INFORMATION SCIENCES 2021年 546卷 924-942页

作者： Wang, Peng Xiang, Tao Li, Xiaoguo Xiang, Hong Chongqing Univ Coll Comp Sci Chongqing 400044 Peoples R China Sch Big Data & Software Engn Chongqing 400044 Peoples R China Chongqing Univ Key Lab Dependable Serv Comp Cyber Phys Soc Minist Educ Chongqing Peoples R China

With the increasing popularity of Internet of Energy (IoE), more and more physical devices connected to IoE depend on the information system for energy control and coordination. Under this condition, how to achieve information flow control in IoE becomes a great challenge. access control encryption (ACE) is a promising technology to address the problem. However, existing ACE requires a centralized sanitizer, hindering its successful application in IoE. In this paper, we construct a new kind of ACE without sanitizers for IoE. We first construct a basic ACE scheme based on number-theoretic assumptions (i.e., DBDH assumption), and this scheme can control not only what users can read but also what they can write. To resist against the quantum attacks, we further construct a more secure ACE scheme based on learning with errors (LWE). We formally prove that our proposed two ACE schemes are secure under the proposed security definition, and we also evaluate the applicability and the efficiency of them in experiments. (c) 2020 Elsevier Inc. All rights reserved.

关键词： Internet of Energy access control encryption Subset predicate encryption Learning with errors

来源：评论

学校读者我要写书评

暂无评论

POSTER: Collaborative Authority-Based Searchable encryption Using access control encryption 21st

POSTER: Collaborative Authority-Based Searchable Encryption ...

引用

21st International Conference on Applied Cryptography and Network Security (ACNS)

作者： Xu, Dequan Peng, Changgen Tian, Youliang Liu, Hai Wang, Ziyue Wang, Weizheng Guizhou Univ Coll Comp Sci & Technol Key Lab Publ Big Data Guiyang 550025 Peoples R China Kanazawa Univ Grad Sch Nat Sci & Technol Kanazawa Ishikawa 9201192 Japan City Univ Hong Kong Dept Comp Sci Hong Kong Peoples R China

ISBN: (纸本)9783031411809;9783031411816

In this poster, we propose a novel searchable encryption (SE) scheme that leverages access control encryption to enhance the security and flexibility of search operations. Our approach requires collaborative authority users to authorize data users for SE requests, ensuring that only authorized users can access the encrypted data. The proposed scheme utilizes keyword and collaborative authority user IDs as attributes in the access control encryption, allowing for the design of different search permissions tailored to specific use cases. We conduct a thorough correctness analysis to demonstrate the robustness of our approach.

关键词： Searchable encryption access control encryption Collaborative authority Data privacy

来源：评论

学校读者我要写书评

暂无评论

access control encryption from Group encryption 19th

Access Control Encryption from Group Encryption

引用

19th International Conference on Applied Cryptography and Network Security (ACNS)

作者： Wang, Xiuhua Wong, Harry W. H. Chow, Sherman S. M. Chinese Univ Hong Kong Dept Informat Engn Shatin Hong Kong Peoples R China

ISBN: (纸本)9783030783723

access control encryption (ACE) enforces both read and write permissions. It kills off any unpermitted subliminal message channel via the help of a sanitizer who knows neither of the plaintext, its sender and receivers, nor the access control policy. This work aims to solve the open problem left by the seminal work of Damgard et al. (TCC 2016), namely, "to construct practically interesting ACE from noisy, post-quantum assumptions such as LWE." We start with revisiting group encryption (GE), which allows anyone to encrypt to a certified group member, whom remains anonymous unless the opening authority decided to reveal him/her. We propose: 1) the notion of sanitizable GE (SGE), with specific changes for non-interactive proof, 2) the notion of traceable ACE (tACE), which helps damage control by tracing after-the-fact if some secret were leaked unluckily, 3) a generic construction of (t)ACE for equality policy (ACE-EP) from SGE, 4) a generic construction of ACE for general policy from ACE-EP, 5) a lattice-based instantiation of SGE, which comes with 6) a simple mechanism for checking that the randomness of ciphertexts can span the randomness space.

关键词： access control encryption Group encryption Lattice-based encryption Learning with error Post-quantum security Chosen-ciphertext security Sanitization Traceability

来源：评论

学校读者我要写书评

暂无评论

Key-aggregate based access control encryption for flexible cloud data sharing

引用

COMPUTER STANDARDS & INTERFACES 2024年 88卷

作者： Liu, Jinlu Qin, Jing Wang, Wenchao Mei, Lin Wang, Huaxiong Shandong Univ Sch Math Jinan 250100 Shandong Peoples R China Nanjing Univ Sci & Technol Sch Math & Stat Nanjing 210000 Peoples R China Nanyang Technol Univ Sch Phys & Math Sci Singapore 639798 Singapore

Cloud computing has become the priority for users to store and share data due to its numerous tempting advantages. The "encryption-before-outsourcing" mechanism is necessary to protect data privacy against the semi-trusted cloud server. Key-Aggregate Cryptosystem (KAC) is a novel encryption paradigm for cloud data sharing. It enables users to decrypt multiple data encrypted with different keys using a constant size aggregate key. When selectively sharing data, the KAC effectively addresses the challenges of expensive key management in symmetric encryption (SE) and eliminates the need for multiple copies of ciphertexts in public key encryption (PKE). However, previous KAC schemes can only control what data users are allowed to receive by distributing aggregate keys, but not what data users can send. This limitation could potentially allow a malicious data owner to leak sensitive information by distributing aggregate keys to unauthorized users. Therefore, this paper aims to design the key-aggregate cryptosystem with bidirectional access control, which can control both what the user can receive and what the data owner can send. Inspired by access control encryption (ACE), we first propose a key-aggregate based access control encryption with user level (KA-ACE-UL) system that can control whether a sender can share his data with a receiver. Then, we investigate a finer-grained access control policy and propose a key-aggregate based access control encryption with user-data level (KA-ACE-UDL) system that can control the data classes a sender can share with a receiver. We instantiate the KA-ACE-UL and KA-ACE-UDL schemes based on Chu et al.'s KAC scheme. We prove our proposed schemes can achieve both secure data storage and controlled data sharing, ensuring security against unauthorized receivers and malicious senders. Finally, theoretical performance analysis and practical experiments show the efficiency of our proposed schemes.

关键词： Cloud computing Data sharing Key-aggregate cryptosystem access control encryption

来源：评论

学校读者我要写书评

暂无评论

Cross-Domain Attribute-Based access control encryption 20th

Cross-Domain Attribute-Based Access Control Encryption

引用

20th International Conference on Cryptology and Network Security (CANS)

作者： Sedaghat, Mahdi Preneel, Bart Katholieke Univ Leuven Imec COSIC Leuven Belgium

ISBN: (纸本)9783030925482;9783030925475

Logic access control enforces who can read and write data;the enforcement is typically performed by a fully trusted entity. At TCC 2016, Damga'rd et al. proposed access control encryption (ACE) schemes where a predicate function decides whether or not users can read (decrypt) and write (encrypt) data, while the message secrecy and the users' anonymity are preserved against malicious parties. Subsequently, several ACE constructions with an arbitrary identity-based access policy have been proposed, but they have huge ciphertext and key sizes and/or rely on indistinguishability obfuscation. At IEEE S&P 2021, Wang and Chow proposed a Cross-Domain ACE scheme with constant-size ciphertext and arbitrary identity-based policy;the key generators are separated into two distinct parties, called Sender Authority and Receiver Authority. In this paper, we improve over their work with a novel construction that provides a more expressive access control policy based on attributes rather than on identities, the security of which relies on standard assumptions. Our generic construction combines Structure-Preserving Signatures, Non-Interactive Zero-Knowledge proofs, and Rerandomizable Ciphertext-Policy Attribute-Based encryption schemes. Moreover, we propose an efficient scheme in which the sizes of ciphertexts and encryption and decryption keys are constant and thus independent of the number of receivers and their attributes. Our experiments demonstrate that not only is our system more flexible, but it also is more efficient and results in shorter decryption keys (reduced from about 100 to 47 bytes) and ciphertexts (reduced from about 1400 to 1047).

关键词： access control encryption Ciphertext-Policy Attribute-Based encryption Structure-Preserving Signature Non-Interactive Zero-Knowledge Proofs

来源：评论

学校读者我要写书评

暂无评论

Decentralized access control encryption in Public Blockchain 1st

Decentralized Access Control Encryption in Public Blockchain

引用

1st International Conference on Blockchain and Trustworthy Systems (BlockSys)

作者： Yao, Zhongyuan Pan, Heng Si, Xueming Zhu, Weihua Henan Key Lab Publ Opin Intelligent Anal Zhengzhou 450001 Henan Peoples R China Zhongyuan Univ Technol Zhengzhou 450001 Henan Peoples R China Fudan Univ Shanghai 200433 Peoples R China

ISBN: (纸本)9789811527777;9789811527760

Since its invention, the public blockchain has attracted more attention from both the academia and industry because of its fully decentralization and persistency features. However, the privacy issue in public blockchain is still challengeable. While there exists privacy preservation mechanisms proposed for the public blockchain, almost all of them can only solve partial of the privacy issue, either user privacy or data privacy indeed, in it. In this work, we present a decentralized access control encryption scheme which ensures user and data privacy simultaneously in public blockchain. With our cryptographic solution, the validity of one specific transaction can be publicly verified, while its content can only be retrieved by its intended receivers. Moreover, the origin of this transaction cannot be identified by any participant except the receivers in the network. Our analysis shows that our solution is really suitable to deploy in public blockchain and is proven secure under mathematical assumptions.

关键词： Public blockchain User privacy Data privacy access control encryption Decentralized sanitizers

来源：评论

学校读者我要写书评

暂无评论

access control encryption with efficient verifiable sanitized decryption

引用

INFORMATION SCIENCES 2018年 465卷 72-85页

作者： Wang, Huige Chen, Kefei Liu, Joseph K. Hu, Ziyuan Long, Yu Anhui Sci & Technol Univ Network Engn Dept Chuzhou 233100 Anhui Peoples R China Hangzhou Normal Univ Sch Sci Hangzhou 310036 Zhejiang Peoples R China Shanghai Jiao Tong Univ Dept Comp Sci & Engn Shanghai 200240 Peoples R China Monash Univ Fac Informat Technol Melbourne Vic 3800 Australia Westone Cryptol Res Ctr Beijing 100070 Peoples R China

access control encryption (ACE), as a new cryptographic framework was proposed by Damgard et al. (at TCC 2016), enables controlling both the writing users and the reading users. Recently, a number of access control encryptions are proposed, but none of them are able to implement the verifiability of the sanitized ciphertexts which may lead to incorrect decryption. To solve this problem, by adapting Kim and Wu's techniques (at ASIACRYPT 2017) and combining with the strong randomness extractor, we put forward a generic framework of access control encryption with verifiable sanitized decryption for arbitrary policy. The instantiabilities of the used building blocks from standard assumptions illustrates that our new construction works well. Moreover, we prove that our scheme not only satisfies the standard security definitions of access control encryption but also achieves the verifiability security for the sanitized ciphertexts. (C) 2018 Elsevier Inc. All rights reserved.

关键词： access control encryption No-Read rule No-Write rule Verifiable sanitized decryption

来源：评论

学校读者我要写书评

暂无评论

A Hierarchical access control encryption Scheme Based on Partially Ordered Set 2018

A Hierarchical Access Control Encryption Scheme Based on Par...

引用

2nd International Conference on Cryptography, Security and Privacy (ICCSP)

作者： Dang, Lintao Li, Qiang Wu, Jun Li, Jianhua Shanghai Jiao Tong Univ Sch Cyber Secur Shanghai 200240 Peoples R China Shanghai Key Lab Integrated Adm Technol Informat Shanghai 200240 Peoples R China

ISBN: (纸本)9781450363617

access control encryption (ACE) is a novel cryptographic primitive that controls not only what the users in a system can read, but also what they are allowed to write. Based on the concept of partially ordered set, this paper proposes a hierarchical access control encryption scheme (HACE), which, while maintaining the three properties of ACE: Correctness, No-Read Rule and No-Write Rule, enjoys the newly defined No-Leaking Hierarchy Rule under CPA attack in the random oracle model. This rule ensures that the sanitizer cannot learn any information about the access control hierarchy. The performance evaluation shows that the HACE scheme reduces the space overhead for the parameter storage compared with the ACE scheme for multiple identities.

关键词： access control encryption Partially Ordered Set Hierarchy

来源：评论

学校读者我要写书评

暂无评论

Strengthening access control encryption 23rd

Strengthening Access Control Encryption

引用

23rd International Conference on the Theory and Applications of Cryptology and Information Security (ASIACRYPT)

作者： Badertscher, Christian Matt, Christian Maurer, Ueli Swiss Fed Inst Technol Dept Comp Sci CH-8092 Zurich Switzerland

ISBN: (纸本)9783319706948;9783319706931

access control encryption (ACE) was proposed by Damg degrees ard et al. to enable the control of information flow between several parties according to a given policy specifying which parties are, or are not, allowed to communicate. By involving a special party, called the sanitizer, policy-compliant communication is enabled while policy-violating communication is prevented, even if sender and receiver are dishonest. To allow outsourcing of the sanitizer, the secrecy of the message contents and the anonymity of the involved communication partners is guaranteed. This paper shows that in order to be resilient against realistic attacks, the security definition of ACE must be considerably strengthened in several ways. A new, substantially stronger security definition is proposed, and an ACE scheme is constructed which provably satisfies the strong definition under standard assumptions. Three aspects in which the security of ACE is strengthened are as follows. First, CCA security (rather than only CPA security) is guaranteed, which is important since senders can be dishonest in the considered setting. Second, the revealing of an (unsanitized) ciphertext (e.g., by a faulty sanitizer) cannot be exploited to communicate more in a policy-violating manner than the information contained in the ciphertext. We illustrate that this is not only a definitional subtlety by showing how in known ACE schemes, a single leaked unsanitized ciphertext allows for an arbitrary amount of policy-violating communication. Third, it is enforced that parties specified to receive a message according to the policy cannot be excluded from receiving it, even by a dishonest sender.

关键词： access control encryption Information flow control Chosen-ciphertext attacks

来源：评论

学校读者我要写书评

暂无评论

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案：

请选择收藏分类：

通借通还

建议与咨询 留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案： 新增检索档案 确定 取消

请选择收藏分类： 新增自定义分类 确定 取消

通借通还

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

请选择保存的检索档案：

请选择收藏分类：