With the development of cloud computing, many enterprises have been interested in outsourcing their data to cloud servers to decrease IT costs and rise capabilities of provided services. To afford confidentiality and ...
详细信息
With the development of cloud computing, many enterprises have been interested in outsourcing their data to cloud servers to decrease IT costs and rise capabilities of provided services. To afford confidentiality and fine-grained data access control, attribute-basedencryption (ABE) was proposed and used in several cloud storage systems. However, scalability and flexibility in key delegation and user revocation mechanisms are primary issues in ABE systems. In this paper, we introduce the concept of a fully distributed revocable ciphertext-policy hierarchical ABE (FDR-CP-HABE) and design the first FDR-CP-HABE scheme. Our scheme offers a high level of flexibility and scalability in the key delegation and user revocation phases. Moreover, our scheme is efficient and provides lightweight computation in the decryption phase. Indeed, by exploiting a computation outsourcing technique, most of the operations are executed by the powerful cloud server, and very few computations are left to the users. Also, the storage cost on the user side is significantly decreased as compared to similar schemes. Furthermore, using the hardness assumption of DBDH problem, we prove that our scheme is adaptively secure in the standard model. Our security analyses and implementation results indicate that our scheme is efficient, secure, and scalable. (C) 2020 Elsevier B.V. All rights reserved.
With the maturity of technologies such as Internet of Things (IoT) and Cloud Computing, more and more medical institutions share patient & x2019;s medical data in the IoT-connected healthcare system, whereas it al...
详细信息
With the maturity of technologies such as Internet of Things (IoT) and Cloud Computing, more and more medical institutions share patient & x2019;s medical data in the IoT-connected healthcare system, whereas it also brings hidden dangers to data security and privacy protection. The application of hierarchical attribute-based encryption (HABE) in IoT-connected healthcare system helps to solve the problem of data sharing with a large number of users. Delegation is a function of HABE, which can realize the transfer of hierarchical user access rights, effectively reducing the workload of the trusted authority. However, when & x201C;delegation & x201D;is used to generate decryption keys for users who do not comply with the access structure, the & x201C;key-delegation abuse & x201D;problem arises, which can seriously damage the privacy of patient & x2019;s data. Nevertheless, it has not attracted much attention in previous research. This paper proposes the problem of key-delegation abuse in Ciphertext-Policy hierarchical attribute-based encryption (CP-HABE). After the cryptanalysis of typical schemes, we conclude two reasons for key-delegation abuse in CP-HABE, which are randomizing the original key elements or keeping parts of them in a new decryption key. This paper proposes a new mechanism specifically by using directed graph and construct a CP-HABE scheme against key-delegation abuse (CP-HABE-AKDA). Aiming at the scenario of key leaking, we further present the traceable CP-HABE-AKDA solution for the IoT-connected healthcare system, which has the additional function of tracking and verifying the identity of key leaker.
For the mobile cloud service, the computation and power resources of the mobile terminal are limited. And the attribute-basedencryption algorithm has the uncertainty of the attribute expiration time, which highly lik...
详细信息
ISBN:
(纸本)9781728173276
For the mobile cloud service, the computation and power resources of the mobile terminal are limited. And the attribute-basedencryption algorithm has the uncertainty of the attribute expiration time, which highly likely results in the leakage of user privacy, and causes a huge waste of computation and bandwidth resources. To deal with these problems, a hierarchical attribute-based encryption with multi-authority for the mobile cloud service (HABEm) is proposed in this paper. A hierarchical multi-level authorization mechanism, referring to different levels of authorities, manages different attributes of mobile terminal. A proxy is introduced to delegate the high complexity decryption algorithm to improve the decryption efficiency of the mobile terminal. The mobile terminal performs attribute revocation through the authorization authority when the rank of the mobile terminal is changed. based on the deterministic assumption of the standard model, HABEm is proved to be CPA-safe in theory. The experiment results show that HABEm has higher decryption performance and is very suitable for the mobile cloud service environment.
The continuous auxiliary inputs leakage is more strong side-channel attacks. In this article, we first propose a continuous auxiliary inputs leakage model for the hierarchical attribute-based encryption scheme. Under ...
详细信息
The continuous auxiliary inputs leakage is more strong side-channel attacks. In this article, we first propose a continuous auxiliary inputs leakage model for the hierarchical attribute-based encryption scheme. Under the security model, an adversary has ability to gain partial updated master keys and updated secret keys continually by certain leakage attacks. Moreover, a resilient-leakage hierarchical attribute-based encryption scheme is constructed. The security proof for this scheme is provided under the standard model. Furthermore, we give the performance comparison between our scheme and relevant scheme. (C) 2016 John Wiley & Sons, Ltd.
Cloud computing has emerged as perhaps the hottest development in information technology at present. This new computing technology requires that the users ensure that their infrastructure is safety and that their data...
详细信息
Cloud computing has emerged as perhaps the hottest development in information technology at present. This new computing technology requires that the users ensure that their infrastructure is safety and that their data and applications are protected. In addition, the customer must ensure that the provider has taken the proper security measures to protect their information. In order to achieve fine-grained and flexible access control for cloud computing, a new construction of hierarchical attribute-based encryption(HABE) with Ciphertext-Policy is proposed in this paper. The proposed scheme inherits flexibility and delegation of hierarchical identity-based cryptography, and achieves scalability due to the hierarchical structure. The new scheme has constant size ciphertexts since it consists of two group elements. In addition, the security of the new construction is achieved in the standard model which avoids the potential defects in the existing works. Under the decision bilinear Diffie-Hellman exponent assumption, the proposed scheme is provable security against Chosen-plaintext Attack(CPA). Furthermore, we also show the proposed scheme can be transferred to a CCA(Chosen-ciphertext Attack) secure scheme.
Epidemiological survey is an important means for the prevention and control of infectious diseases. Due to the particularity of the epidemic survey, 1) epidemiological survey in epidemic prevention and control has a w...
详细信息
Epidemiological survey is an important means for the prevention and control of infectious diseases. Due to the particularity of the epidemic survey, 1) epidemiological survey in epidemic prevention and control has a wide range of people involved, a large number of data collected, strong requirements for information disclosure and high timeliness of data processing;2) the epidemiological survey data need to be disclosed at different institutions and the use of data has different permission requirements. As a result, it easily causes personal privacy disclosure. Therefore, traditional access control technologies are unsuitable for the privacy protection of epidemiological survey data. In view of these situations, we propose a black box-assisted fine-grained hierarchical access control scheme for epidemiological survey data. Firstly, a black box-assisted multi-attribute authority management mechanism without a trusted center is established to avoid authority deception. Meanwhile, the establishment of a master key-free system not only reduces the storage load but also prevents the risk of master key disclosure. Secondly, a sensitivity classification method is proposed according to the confidentiality degree of the institution to which the data belong and the importance of the data properties to set fine-grained access permission. Thirdly, a hierarchical authorization algorithm combined with data sensitivity and hierarchical attribute-based encryption (ABE) technology is proposed to achieve hierarchical access control of epidemiological survey data. Efficiency analysis and experiments show that the scheme meets the security requirements of privacy protection and key management in epidemiological survey.
With rapid development of cloud computing, more and more enterprises will outsource their sensitive data for sharing in a cloud. To keep the shared data confidential against untrusted cloud service providers (CSPs), a...
详细信息
With rapid development of cloud computing, more and more enterprises will outsource their sensitive data for sharing in a cloud. To keep the shared data confidential against untrusted cloud service providers (CSPs), a natural way is to store only the encrypted data in a cloud. The key problems of this approach include establishing access control for the encrypted data, and revoking the access rights from users when they are no longer authorized to access the encrypted data. This paper aims to solve both problems. First, we propose a hierarchical attribute-based encryption scheme (HABE) by combining a hierarchical identity-basedencryption (HIBE) system and a ciphertext-policy attribute-basedencryption (CP-ABE) system, so as to provide not only fine-grained access control, but also full delegation and high performance. Then, we propose a scalable revocation scheme by applying proxy re-encryption (PRE) and lazy re-encryption (LRE) to the HABE scheme, so as to efficiently revoke access rights from users. (C) 2011 Elsevier Ltd. All rights reserved.
We proposed a novel solution to the privacy issues in medical data management systems with multi-user data-sharing requirement. Our solution leverages the blockchain technology, in combination with hierarchical Attrib...
详细信息
ISBN:
(纸本)9781728125305
We proposed a novel solution to the privacy issues in medical data management systems with multi-user data-sharing requirement. Our solution leverages the blockchain technology, in combination with hierarchical attribute-based encryption (HABE) to improve the access control mechanisms in such systems. While the blockchain security model guarantees the enforcement of patient-specified access policies, the principles of attribute-basedencryption enforce those policies through encryption as a secondary mechanism against unauthorized access.
In an attribute-basedencryption, the user is identified with help of some attributes and their functions for encryption and decryption of the data. The current techniques based on attribute-basedencryption have foun...
详细信息
In an attribute-basedencryption, the user is identified with help of some attributes and their functions for encryption and decryption of the data. The current techniques based on attribute-basedencryption have found that if user's access structure includes a considerable amount of attribute information labeled as Don't Care, then the encryption pairing operation has low calculation efficiency and ciphertext information redundancy. In this paper, we have proposed a hierarchical multi-authority attribute-basedencryption on prime order groups to tackle these problems. Our encryption technique has a polycentric attribute authorization system based on an AND gate access structure, with a unified attribute index established by each attribute authority throughout the system, to form a binary tree, i.e., attribute access tree. The state value of the parent node can be determined by the state of its child node in an attribute access tree. The attribute-basedencryption established in this manner is theoretically proven to effectively decrease the calculation amount for decryption and compress the redundant information in the ciphertext as much as possible. Our encryption technique has a theoretical and practical significance in the system of "large universe" constructions.
暂无评论