Jian Zhang,Yang,Yanjiao Chen,Jing Chen,Qian Zhang

DOI: https://doi.org/10.1016/j.comnet.2017.08.019

IF: 5.493

2017-01-01

Computer Networks

Abstract:With the growing popularity of cloud storage, to guarantee the security of outsourced data becomes more and more important. In this paper, we make the first attempt to explore the intrinsic relationship between secure cloud storage and homomorphic encryption scheme, based on which we present a Generic way to design a Secure Cloud Storage protocol, denoted as G-SCS, using any homomorphic encryption scheme (HES). The proposed G-SCS is secure under a definition that satisfy the security requirement of cloud storage. To address various issues in real application scenarios, we further extend the protocol to support deterministic and randomized auditing, data dynamics (i.e., data insertion, deletion and modification), as well as third-party public auditing, while preserving the efficiency and security of the protocol. By instantiating all abstract semantics in G-SCS, we construct three concrete secure cloud storage protocols using RSA-based, Paillier-based and DGHV-based HESs, which are multiplicatively, additively and fully HESs, respectively. We conduct extensive theoretical analysis and experimental evaluations to validate the practicability of the proposed protocol.

Peng Xu,Jun Xu,Wei Wang,Hai Jin,Willy Susilo,Deqing Zou

DOI: https://doi.org/10.1145/2897845.2897923

2016-01-01

Abstract:Proxy Re-Encryption (PRE) is a favorable primitive to realize a cryptographic cloud with secure and flexible data sharing mechanism. A number of PRE schemes with versatile capabilities have been proposed for different applications. The secure data sharing can be internally achieved in each PRE scheme. But no previous work can guarantee the secure data sharing among different PRE schemes in a general manner. Moreover, it is challenging to solve this problem due to huge differences among the existing PRE schemes in their algebraic systems and public-key types. To solve this problem more generally, this paper uniforms the definitions of the existing PRE and Public Key Encryption (PKE) schemes, and further uniforms their security definitions. Then taking any uniformly defined PRE scheme and any uniformly defined PKE scheme as two building blocks, this paper constructs a Generally Hybrid Proxy Re-Encryption (GHPRE) scheme with the idea of temporary public and private keys to achieve secure data sharing between these two underlying schemes. Since PKE is a more general definition than PRE, the proposed GHPRE scheme also is workable between any two PRE schemes. Moreover, the proposed GHPRE scheme can be transparently deployed even if the underlying PRE schemes are implementing.

Peng Xu,Hongwu Chen,Deqing Zou,Hai Jin

DOI: https://doi.org/10.1007/s11434-014-0521-1

2014-01-01

Abstract:Cloud is an emerging computing paradigm.It has drawn extensive attention from both academia and industry.But its security issues have been considered as a critical obstacle in its rapid development.When data owners store their data as plaintext in cloud,they lose the security of their cloud data due to the arbitrary accessibility,specially accessed by the un-trusted cloud.In order to protect the confidentiality of data owners’cloud data,a promising idea is to encrypt data by data owners before storing them in cloud.However,the straightforward employment of the traditional encryption algorithms can not solve the problem well,since it is hard for data owners to manage their private keys,if they want to securely share their cloud data with others in a fine-grained manner.In this paper,we propose a fine-grained and heterogeneous proxy re-encryption(FHPRE)system to protect the confidentiality of data owners’cloud data.By applying the FH-PRE system in cloud,data owners’cloud data can be securely stored in cloud and shared in a fine-grained manner.Moreover,the heterogeneity support makes our FH-PRE system more efficient than the previous work.Additionally,it provides the secure data sharing between two heterogeneous cloud systems,which are equipped with different cryptographic primitives.

Kai He,Xueqiao Liu,Huaqiang Yuan,Wenhong Wei,Kaitai Liang

DOI: https://doi.org/10.1007/978-3-319-72359-4_7

2017-01-01

Abstract:Outsource local data to remote cloud has become prevalence for Internet users to date. While being unable to "handle" (outsourced) data at hand, Internet users may concern about the confidentiality of data but also further operations over remote data. This paper deals with the case where a secure data sharing mechanism is needed when data is encrypted and stored in remote cloud. Proxy re-encryption (PRE) is a promising cryptographic tool for secure data sharing. It allows a "honest-but-curious" third party (e.g., cloud server), which we call "proxy", to convert all ciphertexts encrypted for a delegator into those intended for a delegatee. The delegatee can further gain access to the plaintexts with private key, while the proxy learns nothing about the underlying plaintexts. Being regarded as a general extension of PRE, conditional PRE supports a fine-grained level of data sharing. In particular, condition is embedded into ciphertext that offers a chance for the delegator to generate conditional re-encryption key to control with which ciphertexts he wants to share. In this paper, for the first time, we introduce a new notion, called "hierarchical conditional" PRE. The new notion allows re-encryption rights to be "re-delegated" for "low-level" encrypted data. We propose the seminal scheme satisfying the notion in the context of identity-based encryption and further, prove it secure against chosen-ciphertext security.

Lixue Sun,Chunxiang Xu,Fugeng Zeng

DOI: https://doi.org/10.1016/j.jpdc.2024.104956

IF: 4.542

2024-01-01

Journal of Parallel and Distributed Computing

Abstract:Cloud computing is a promising service architecture that enables a data owner to share data in an economic and efficient manner. To ensure data privacy, a data owner will generate the ciphertext of the data before outsourcing. Attribute-based encryption (ABE) provides an elegant solution for a data owner to enforce fine-grained access control on the data to be outsourced. However, ABE cannot support ciphertext transformation when needing to share the underlying data with a public-key infrastructure (PKI) user further. In addition, an untrusted cloud server may return random ciphertexts to the PKI user to save expensive computational costs of ciphertext transformation. To address above issues, we introduce a novel cryptographic primitive namely verifiable and hybrid attribute-based proxy re-encryption (VHABPRE). VHABPRE provides a transformation mechanism that re-encrypts an ABE ciphertext to a PKI-based public key encryption (PKE) ciphertext such that the PKI user can access the underlying data, meanwhile this PKI user can ensure the validity of the transformed ciphertext. By leveraging a key blinding technique and computing the commitment of the data, we construct two VHABPRE schemes to achieve flexible data sharing. We give formal security proofs and comprehensive performance evaluation to show the security and efficiency of the VHABPRE schemes.

Huidan Hu,Yuanjian Zhou,Zhenfu Cao,Xiaolei Dong

DOI: https://doi.org/10.3390/app12199586

2022-01-01

Abstract:Cloud computing has become popular in data sharing mainly because it has huge storage capacity and computing power. Securing the privacy of sensitive data for cloud-based data sharing is vital. Currently, there are various conditional proxy re-encryption (UPRE) schemes that have been proposed to resolve the privacy issue. Nevertheless, the existing UPRE schemes cannot allow the proxy (e.g., the cloud server) to transfer the outsourced encrypted data under the data owner's public key of any homomorphic encryption scheme into the encrypted data under the data user's public key of a homomorphic encryption scheme (possibly different from the data owner). The transformation of outsourced encrypted data between homomorphic encryption schemes is more suitable for the real data sharing in clouds. Consequently, we present the notion of universal conditional proxy re-encryption (UCPRE) to solve the issue of flexible transformation of outsourced encrypted data between homomorphic encryption schemes in cloud-based data sharing. UCPRE is lightweight in the sense that it only requires the re-encrypted key generation and re-encryption algorithms. We give the definition of UCPRE and prove that it is HRA secure without random oracle. Finally, we show that our UCPRE is efficient and rational compared to other existing CPRE schemes by instantiating our UCPRE.

Yilei Wang,Dongjie Yan,Fagen Li,Hu Xiong

2017-01-01

Abstract:Proxy re-encryption (PRE) enables a semi-trusted proxy to delegate the decryption right by re-encrypting the ciphertext under the delegator’s public key to an encryption under the public key of delegatee. Fueled by the translation ability, PRE is regarded as a promising candidate to secure data sharing in a cloud environment. However, the security of the PRE will be totally destroyed in case the secret key of the delegator or the delegatee has been exposed. Despite the key exposure seems inevitable, the PRE scheme with resistance against secret key leakage has never been presented before. To deal with this intractable problem, we propose a key-insulated proxy reencryption (KIPRE) scheme by incorporating the mechanisms of PRE and key-insulated cryptosystem. In the proposed scheme, the lifetime of the secret key associated with the user, i.e., the delegator or the delegatee, has been divided into several periods. In each time period, the user can interact with his/her physically-secure but computation-limited helper to update his/her temporary secret key. On the contrary, the public keys of the users remained unchanged during the whole lifetime of the system. We then apply our KIPRE scheme to construct a practical solution to the problem of sharing sensitive information in public clouds with resilience to the key exposure. The performance evaluation and the security analysis demonstrate that our scheme is efficient and practical.

Xirong Ma,Chuan Li,Yuchang Hu,Yunting Tao,Yali Jiang,Yanbin Li,Fanyu Kong,Chunpeng Ge

2024-07-09

Abstract:The demand for processing vast volumes of data has surged dramatically due to the advancement of machine learning technology. Large-scale data processing necessitates substantial computational resources, prompting individuals and enterprises to turn to cloud services. Accompanying this trend is a growing concern regarding data leakage and misuse. Homomorphic encryption (HE) is one solution for safeguarding data privacy, enabling encrypted data to be processed securely in the cloud. However, the encryption and decryption routines of some HE schemes require considerable computational resources, presenting non-trivial work for clients. In this paper, we propose an outsourced decryption protocol for the prevailing RLWE-based fully homomorphic encryption schemes. The protocol splits the original decryption into two routines, with the computationally intensive part executed remotely by the cloud. Its security relies on an invariant of the NTRU-search problem with a newly designed blinding key distribution. Cryptographic analyses are conducted to configure protocol parameters across varying security levels. Our experiments demonstrate that the proposed protocol achieves up to a $67\%$ acceleration in the client's local decryption, accompanied by a $50\%$ reduction in space usage.

Cryptography and Security

Hisham Abdallai,Xiong Hu,Abubaker Wahaballa,Nabeil Eltayieb,Mohammed Ramadan,Qin Zhiguang

DOI: https://doi.org/10.1109/ICOACS.2016.7563117

2016-01-01

Abstract:With the rapid development in cloud computing, public cloud data sharing concept has been extending and expanding by many scholars. In 2014, Liang et al. proposed a general notion for proxy re-encryption (PRE), which is called deterministic finite automata-based functional PRE (DFA-based FPRE). Motivated by the issues of efficiency and flexibility associated with this new primitive, we propose outsourcing decryption scheme to increase the flexibility of users by delegating their decryption rights to the semi trusted proxy. Through analysis we showed that our scheme is provably secure and efficient.

Wenxiu Ding,Zheng Yan,Robert H. Deng

DOI: https://doi.org/10.1016/j.ins.2017.05.004

IF: 8.1

2017-10-01

Information Sciences

Abstract:Cloud computing offers various services to users by re-arranging storage and computing resources. In order to preserve data privacy, cloud users may choose to upload encrypted data rather than raw data to the cloud. However, processing and analyzing encrypted data are challenging problems, which have received increasing attention in recent years. Homomorphic Encryption (HE) was proposed to support computation on encrypted data and ensure data confidentiality simultaneously. However, a limitation of HE is it is a single user system, which means it only allows the party that owns a homomorphic decryption key to decrypt processed ciphertexts. Original HE cannot support multiple users to access the processed ciphertexts flexibly. In this paper, we propose a Privacy-Preserving Data Processing (PPDP) system with the support of a Homomorphic Re-Encryption Scheme (HRES). The HRES extends partial HE from a single-user system to a multi-user one by offering ciphertext re-encryption to allow multiple users to access processed ciphertexts. Through the cooperation of a Data Service Provider (DSP) and an Access Control Server (ACS), the PPDP system can support seven basic operations over ciphertexts, which include Addition, Subtraction, Multiplication, Sign Acquisition, Comparison, Equivalent Test, and Variance. To enhance the flexibility and security of our system, we further apply multiple ACSs to take in charge of the data from their own users and design computing operations over ciphertexts belonging to multiple ACSs. We then prove the security of PPDP, analyze its performance and advantages by comparing with some latest work, and demonstrate its efficiency and effectiveness through simulations with regard to big data process.

computer science, information systems

Wei Luo,Wenping Ma

DOI: https://doi.org/10.1007/s10586-018-2862-z

2018-01-01

Cluster Computing

Abstract:With the rapid development of cloud computing, its security and privacy are of great concern. Since the cloud service provider is not completely trustworthy, the security of the outsourced files has become serious issues. Identity-based proxy re-encryption (IBPRE) schemes have been proposed to achieve feasible access control of encrypted data under the condition of guaranteeing the confidentiality of data, which can transfer the original ciphertexts to the re-encrypted ciphertexts for a designated decryptor. However, most of the existing IBPRE schemes either do not support revocation or computational complexity is too high. In this paper, we combine the properties of constrained pseudorandom functions (PRFs) and key homomorphic PRFs to construct a secure and efficient proxy re-encryption scheme for cloud computing. In our proposed scheme, the data owner authenticates the requesters and distributes the decryption keys by using an identity-based key exchange method. Meanwhile, a proxy re-encryption scheme is used to achieve data sharing and ciphertext update. We present the security proof of our scheme. In addition, compared with other existing schemes, our scheme has low computational complexity and communication cost.

Xin Qian,Zhen Yang,Shihui Wang,Yongfeng Huang

DOI: https://doi.org/10.1007/978-3-030-24274-9_8

2019-01-01

Abstract:To protect data sharing from leakage in untrusted cloud, proxy re-encryption is commonly exploited for access control. However, most proposed schemes require bilinear pair to attain secure data sharing, which gives too heavy burden on the data owner. In this paper, we propose a novel lightweight proxy re-encryption scheme without pairing. Our scheme builds the pre-encryption algorithm based on computational Diffie–Hellman problem, and designs a certificateless protocol based on a semi-trusted Key Generation Center. Theoretical analysis proves that our scheme is Chosen-Ciphertext-Attack secure. The performance is also shown to achieve less computation burden for the data owner compared with the state-of-the-art.

Juyan Li,Zhiqi Qiao,Kejia Zhang,Chen Cui

DOI: https://doi.org/10.3390/s21010288

2021-01-04

Abstract:The homomorphic proxy re-encryption scheme combines the characteristics of a homomorphic encryption scheme and proxy re-encryption scheme. The proxy can not only convert a ciphertext of the delegator into a ciphertext of the delegatee, but also can homomorphically calculate the original ciphertext and re-encryption ciphertext belonging to the same user, so it is especially suitable for cloud computing. Yin et al. put forward the concept of a strong collusion attack on a proxy re-encryption scheme, and carried out a strong collusion attack on the scheme through an example. The existing homomorphic proxy re-encryption schemes use key switching algorithms to generate re-encryption keys, so it can not resist strong collusion attack. In this paper, we construct the first lattice-based homomorphic proxy re-encryption scheme with strong anti-collusion (HPRE-SAC). Firstly, algorithm TrapGen is used to generate an encryption key and trapdoor, then trapdoor sampling is used to generate a decryption key and re-encryption key, respectively. Finally, in order to ensure the homomorphism of ciphertext, a key switching algorithm is only used to generate the evaluation key. Compared with the existing homomorphic proxy re-encryption schemes, our HPRE-SAC scheme not only can resist strong collusion attacks, but also has smaller parameters.

C P Gupta,Iti Sharma

DOI: https://doi.org/10.1109/nof.2013.6724526

2013-10-01

Abstract:With single computer's computation power not sufficing., need for sharing resources to manipulate and manage data through clouds is increasing rapidly. Hence., it is favorable to delegate computations or store data with a third party., the cloud provider. However., delegating data to third party poses the risks of data disclosure during computation. The problem can be addressed by carrying out computation without decrypting the encrypted data. The results are also obtained encrypted and can be decrypted at the user side. This requires modifying functions in such a way that they are still executable while privacy is ensured or to search an encrypted database. Homomorphic encryption provides security to cloud consumer data while preserving system usability. We propose a symmetric key homomorphic encryption scheme based on matrix operations with primitives that make it easily adaptable for different needs in various cloud computing scenarios.

Mouhib Ibtihal,El Ouadghiri Driss,Naanani Hassan

DOI: https://doi.org/10.4018/978-1-7998-1763-5.ch019

2020-01-01

Cryptography

Abstract:The integration of cloud computing with mobile computing and internet has given birth to mobile cloud computing. This technology offers many advantages to users, like Storage capacity, Reliability, Scalability and Real time data availability. Therefore, it is s increasing fast and it is inevitably integrated into everyday life. In MCC, data processing and data storage can be migrated into the cloud servers. However, the confidentiality of images and data is most important in today's environment. In this paper, we mainly focus on secure outsourcing of images. For this purpose, we propose a secure architecture composed by two clouds a private cloud dedicated for encryption/decryption and a second public cloud dedicated for storage. We have implemented the first cloud using openstack while respecting the encryption as a service concept. As an encryption scheme, we have used paillier's homomorphic cryptosystem designed specifically for images. The test of the homomorphic property is done by applying the Watermarking algorithm DWT.

English Else

Zhiguang Qin,Hu Xiong,Shikun Wu,Jennifer Batamuliza

DOI: https://doi.org/10.1109/tsc.2016.2551238

IF: 11.019

2024-01-01

IEEE Transactions on Services Computing

Abstract:Never before have data sharing been more convenient with the rapid development and wide adoption of cloud computing. However, how to ensure the cloud user’s data security is becoming the main obstacles that hinder cloud computing from extensive adoption. Proxy re-encryption serves as a promising solution to secure the data sharing in the cloud computing. It enables a data owner to encrypt shared data in cloud under its own public key, which is further transformed by a semitrusted cloud server into an encryption intended for the legitimate recipient for access control. This paper gives a solid and inspiring survey of proxy re-encryption from different perspectives to offer a better understanding of this primitive. In particular, we reviewed the state-of-the-art of the proxy re-encryption by investigating the design philosophy, examining the security models and comparing the efficiency and security proofs of existing schemes. Furthermore, the potential applications and extensions of proxy re-encryption have also been discussed. Finally, this paper is concluded with a summary of the possible future work.

xuejiao liu,yingjie xia,yang xiang,mohammad mehedi hassan,abdulhameed alelaiwi

DOI: https://doi.org/10.1109/SocialSec2015.13

2015-01-01

Abstract:Hybrid cloud is a widely used cloud architecture in large companies that can outsource data to the publiccloud, while still supporting various clients like mobile devices. However, such public cloud data outsourcing raises serious security concerns, such as how to preserve data confidentiality and how to regulate access policies to the data stored in public cloud. To address this issue, we design a hybrid cloud architecture that supports data sharing securely and efficiently, even with resource-limited devices, where private cloud serves as a gateway between the public cloud and the data user. Under such architecture, we propose an improved construction of attribute-based encryption that has the capability of delegating encryption/decryption computation, which achieves flexible access control in the cloud and privacy-preserving in datautilization even with mobile devices. Extensive experiments show the scheme can further decrease the computational cost and space overhead at the user side, which is quite efficient for the user with limited mobile devices. In the process of delegating most of the encryption/decryption computation to private cloud, the user can not disclose any information to the private cloud. We also consider the communication securitythat once frequent attribute revocation happens, our scheme is able to resist some attacks between private cloud and data user by employing anonymous key agreement.

Qi Wang,Dehua Zhou,Yanling Li

DOI: https://doi.org/10.48550/arXiv.1812.00599

2018-12-03

Cryptography and Security

Abstract:With the rapid development of cloud computing, the privacy security incidents occur frequently, especially data security issues. Cloud users would like to upload their sensitive information to cloud service providers in encrypted form rather than the raw data, and to prevent the misuse of data. The main challenge is to securely process or analyze these encrypted data without disclosing any useful information, and to achieve the rights management efficiently. In this paper, we propose the encrypted data processing protocols for cloud computing by utilizing additively homomorphic encryption and proxy cryptography. For the traditional homomorphic encryption schemes with many limitations, which are not suitable for cloud computing applications. We simulate a cloud computing scenario with flexible access control and extend the original homomorphic cryptosystem to suit our scenario by supporting various arithmetical calculations. We also prove the correctness and security of our protocols, and analyze the advantages and performance by comparing with some latest works.

En Zhang,Jie Peng,Ming Li

DOI: https://doi.org/10.1049/iet-ifs.2017.0026

2018-01-01

IET Information Security

Abstract:Secret sharing is an important component of cryptography protocols and has a wide range of practical applications. However, the existing secret sharing schemes cannot apply to computationally weak devices and cannot efficiently guarantee fairness. In this study, a novel outsourcing secret sharing scheme is proposed. In the setting of outsourcing secret sharing, clients only need a small amount of decryption and verification operations, while the expensive reconstruction computation and verifiable computation can be outsourced to cloud service providers (CSP). The scheme does not require complex interactive argument or zero-knowledge proof. The malicious behaviour of clients and CSP can be detected in time. Moreover, the CSP cannot get any useful information about the secret, and it is fair for every client to obtain the secret. At the end of this study, the authors prove the security of the proposed scheme and compare it with other secret sharing schemes.

Zhiniang Peng,Shaohua Tang,Linzhi Jiang

DOI: https://doi.org/10.1007/978-3-319-68542-7_8

2017-01-01

Abstract:In crypto 2013, Dan et al. proposed a symmetric proxy re-encryption scheme based on key homomorphic PRF. It can be used to ensure the data privacy in cloud storage systems. However, it only focuses on preventing a honest-but-curious proxy from learning anything about the encrypted data. Although it can be made to provide integrity without disrupting the key homomorphism property by using MAC then encrypt with counter-mode, it's not a symmetric authenticated proxy re-encryption scheme because only the data owner can verify the integrity of some encrypted data. In this paper, we propose a symmetric authenticated proxy re-encryption scheme which can prevent a malicious proxy from tampering users' data. It can update the authentication tag as well as the ciphertext so that any intended user can verify the integrity of the encrypted data.