The technology of wireless body area network (WBAN) has attracted intensive attention in recent years. For widespread deployment of WBANs, security and privacy issues must be addressed properly. Recently, Hu et al. pr...
详细信息
ISBN:
(纸本)9783319167459;9783319167442
The technology of wireless body area network (WBAN) has attracted intensive attention in recent years. For widespread deployment of WBANs, security and privacy issues must be addressed properly. Recently, Hu et al. proposed a fuzzy attribute-based signcryption scheme with the aim to provide security and privacy mechanisms in WBANs. In this paper, we first show Hu et al.'s scheme cannot achieve the claimed security properties. In particular, an adversary is capable of generating private keys for any set of attributes. Then we introduce a new cryptographic primitive named ciphertext-policyattribute-based ring signcryption (CP-ABRSC) by integrating the notion of ciphertext-policy attribute-based encryption with identity-based ring signature. We give formal syntax and security definitions for CP-ABRSC and present a provable secure CP-ABRSC scheme from bilinear pairings. Finally, we propose a novel access control framework for WBANs by exploiting CP-ABRSC scheme, which can not only provide semantic security, unforgeability and public authenticity, but also can provide participants privacy and fine-grained access control on encrypted health data.
ciphertext-policy attribute-based encryption (CP-ABE) is proposed to provide identity-based access control which is suitable for cloud storage services. In CP-ABE, because the authority is responsible for key manageme...
详细信息
ISBN:
(纸本)9781479989935
ciphertext-policy attribute-based encryption (CP-ABE) is proposed to provide identity-based access control which is suitable for cloud storage services. In CP-ABE, because the authority is responsible for key management, it must be trusted. There is only one authority in CP-ABE. Thus, CP-ABE may suffer a single point of failure. Although multi-authority ABE could solve this problem, attackers still can execute collusion attacks to compromise authorities. Thus, in this paper, we propose the threshold-based key generation approach (TKGA) for ciphertext-policy attribute-based encryption (CP-ABE). TKGA is a multi-authority approach which utilize the technologies of functional encryption and (n, k)-secret sharing. TKGA could efficiently impede collusion attacks because no single authority can directly generate secret keys. Thus, TKGA can be compromised if and only if at least k of n authorities are compromised by attackers. According to our security and performance evaluation, although TKGA has additional computation and communication overhead, TKGA can improve security by impeding collusion attacks.
In this work, we design a method for efficient revocation within ciphertext-policy attribute-based encryption scheme. Our main technical innovation is based on linear secret sharing and binary tree techniques, every u...
详细信息
In this work, we design a method for efficient revocation within ciphertext-policy attribute-based encryption scheme. Our main technical innovation is based on linear secret sharing and binary tree techniques, every user in system is assigned with both a set of attributes and a unique identifier. Any user can also be efficiently revoked by using this identifier. Furthermore, this technique resulted in two key contributions: the size of the cryptographic key material is smaller and encryption/decryption cannot be affected with an unbounded number of revoked users. Then, the scheme is proved to be secure under the q-MEBDH assumption in the standard model. The efficiency is also optimized that the size of user's private key has only a constant increase. The revocation information is embedded in the ciphertext so that the fine-grained access control is more flexible.
IoT and 5G-enabled smart healthcare allows medical practitioners to diagnose patients from any location via electronic health records (EHRs) by wireless body area network (WBAN) devices. Privacy, including the medical...
详细信息
IoT and 5G-enabled smart healthcare allows medical practitioners to diagnose patients from any location via electronic health records (EHRs) by wireless body area network (WBAN) devices. Privacy, including the medical practitioner's identity and the patient's EHR, can easily be leaked from hospitals or cloud servers, and secret keys used to access EHRs must be revoked after diagnosis. In response to the challenges associated with user authentication and secret key revocation, this paper proposes an access control scheme with privacy-preserving authentication and flexible revocation for smart healthcare using attribute-basedencryption (ABE), named PAFR-ABE, which provides access control to prevent malicious users from decrypting EHRs. Meanwhile, PAFR-ABE ensures privacy-preserving authentication for users during secret key generation, which safeguards users' identities and prevents unauthorized requests for secret keys. In addition, PAFR-ABE achieves flexible revocation and recovery of secret keys, which eliminates the need to update secret keys for unrevoked users. Security analysis indicates that PAFR-ABE meets the security requirements of an access control scheme for smart healthcare, especially in terms of forward security and backward security. Performance analysis shows that PAFR-ABE is efficient in the key generation and revocation algorithms compared with typical access control schemes.
In the last couple of decades, attribute-basedencryption (ABE) has been a promising encryption technique to realize fine-grained access control over encrypted data. ABE has appealing functionalities such as (i) acces...
详细信息
In the last couple of decades, attribute-basedencryption (ABE) has been a promising encryption technique to realize fine-grained access control over encrypted data. ABE has appealing functionalities such as (i) access control through encryption and (ii) encrypting a message to a group of recipients without knowing their actual identities. However, the existing state-of-the-art ABEs are based on number-theoretic hardness assumptions. These designs are not secure against attacks by quantum algorithms such as Shor algorithm. Moreover, existing Post-Quantum Cryptography (PQC)-based ABEs fail to provide long-term security. Therefore, there is a need for quantum secure ABE that can withstand quantum attacks and provides long-term security. In this work, for the first time, we introduce the notion of a quantum-secure ABE (qABE) framework that preserves the classical ABE's functionalities and resists quantum attacks. Next, we provide a generic construction of qABE which is able to transform any existing ABE into qABE scheme. Thereafter, we illustrate a concrete construction of a quantum ABE based on our generic transformation qABE and the Waters' ciphertext-policy ABE scheme.
In vehicular networks, caching content on an edge server (ES) is a popular method for quickly responding to massive vehicle service requests, reducing communication delays, and enhancing driver and passenger service e...
详细信息
In vehicular networks, caching content on an edge server (ES) is a popular method for quickly responding to massive vehicle service requests, reducing communication delays, and enhancing driver and passenger service experiences. However, after integrating ESs with vehicular networks to provide vehicles access to the cached content in these ESs, significant challenges regarding protecting the privacy of vehicle data and communication security arise. In this study, to address security and privacy-preserving issues, we propose a secure and revocable cache-based distributed data sharing scheme for vehicular networks wherein a token authentication mechanism and multi-authority ciphertext-policy attribute-based encryption are integrated. In this scheme, both authentication and authorization capabilities are delegated to an ES while restricting access to service content to only legal vehicles, achieving proper access control between vehicles and ESs, and effectively preserving the privacy of vehicle data. Moreover, we attributed the revocations of ESs to the associated attribute authorities, eliminating the need for a system-wide update of keying materials. Through rigorous security proofs and detailed security analyses, we demonstrate that the scheme meets the security requirements of vehicular networks and can resist more security attacks. The proposed scheme achieves better balance between computational and communication costs than related schemes.
The advancement of the digital economy relies on secure data sharing. However, most existing methods face challenges like single-points-of-failure, insufficient privacy protection, and low efficiency. To address these...
详细信息
The advancement of the digital economy relies on secure data sharing. However, most existing methods face challenges like single-points-of-failure, insufficient privacy protection, and low efficiency. To address these issues, this manuscript proposes a multi-authorization ciphertext-policy attribute-based encryption scheme to eliminate single-points-of-failure. The scheme achieves policy hiding using boolean sharing and pseudo-random functions, enhancing privacy protection. It also supports efficient user revocation and policy updates. Considering the constraints of practical environments, this manuscript employs an outsourcing computation and secure ciphertext de-duplication to reduce overhead. The scheme's adaptive security is proven under the standard model, and its performance is validated through simulations. The results demonstrate that this manuscript's scheme outperforms traditional multi-authorization ciphertext-policy attribute-based encryption in security and efficiency, making it ideal for resource-constrained data sharing scenarios.
ciphertext-policy attribute-based encryption (CP-ABE) is suitable for providing secure data-sharing services in the cloud storage scenario. However, attribute revocation in CP-ABE is a sticky issue. The research achie...
详细信息
ciphertext-policy attribute-based encryption (CP-ABE) is suitable for providing secure data-sharing services in the cloud storage scenario. However, attribute revocation in CP-ABE is a sticky issue. The research achievement on quantum computing makes the traditional CP-ABE no longer secure. Fortunately, lattice-based CP-ABE can resist quantum attacks. This paper proposes a lattice-based CP-ABE scheme with a tree access structure that supports the immediate revocation of attributes. This scheme is resistant to quantum and collusion attacks. When attribute revocation occurs, the semi-trusted third party implements the immediate attribute revocation to handle dynamic user permission changes immediately. The proposed re-encryption algorithm can effectively reduce the computational complexity of ciphertext re-encryption during attribute revocation, and the lazy ciphertext update method reduces the scope and size of the ciphertext update. Finally, it is shown that, under the standard model, the scheme is proven secure against chosen-plaintext attacks (CPA), and its security can be attributed to the learning with errors (LWE) difficulty problem.
The secure sharing and privacy protection of medical data are of great significance during the development of smart medical care. In order to achieve data sharing among medical institutions, ciphertext-policy attribut...
详细信息
Public clouds have drawn increasing attention from academia and industry due to their high computational and storage performance. attribute-basedencryption (ABE) is the most promising technology to simultaneously ach...
详细信息
Public clouds have drawn increasing attention from academia and industry due to their high computational and storage performance. attribute-basedencryption (ABE) is the most promising technology to simultaneously achieve confidentiality and fine-grained access control of the cloud-stored data. However, traditional ABE that relies on centralized authority faces several key management issues, such as the key escrow, key distribution, key tracking, key update, and heavy communication and computing overhead for users, which will cause security concerns and impede its widespread application. On the other hand, blockchain technology preserves distributed ledgers to ensure the immutability and transparency of data, which can further solve the security vulnerabilities caused by system centralization. This paper proposes a blockchain-assisted transformation method to solve all the key management problems mentioned above in ciphertext-policy ABE by utilizing technologies such as secret sharing protocols. In addition, our transformation method realizes two additional benefits: outsourced decryption and efficient user revocation, which are extremely valuable for practical implementations. We simulate a demonstration by adopting the most popular permissioned blockchain, Hyperledger Fabric. The security and efficiency analysis reveals that the scheme obtained from our transformation method can achieve replayable chosen-ciphertext security with extremely efficient decryption.
暂无评论