Yunya Zhou,Hua Deng,Qianhong Wu,Bo Qin,Jianwei Liu,Yong Ding

DOI: https://doi.org/10.1016/j.future.2015.09.027

IF: 7.307

2015-01-01

Future Generation Computer Systems

Abstract:Proxy re-encryption (PRE) enables an authorized proxy to convert a ciphertext under Alice’s public key into a ciphertext under Bob’s public key without exposing the encrypted message. In existing PRE systems, the original ciphertexts and the re-encrypted ones are both required to be in the same cryptosystem, which limits their applications in cloud computing systems. In this paper, we propose a new proxy re-encryption pattern, referred to as an identity-based proxy re-encryption version 2 (IBPRE2). It allows an authorized proxy to convert a ciphertext of an identity-based broadcast encryption (IBBE) scheme into a ciphertext of an identity-based encryption (IBE) scheme. With IBPRE2, one can take advantage of IBBE to securely share data with a set of recipients, and then incorporate an additional one into the authorized set through the re-encryption mechanism, without decrypting the IBBE ciphertext nor leaking any sensitive information. We formalize the security requirements in IBPRE2 and propose a provably CCA-secure scheme. The unique feature of ciphertext transformation from a complicated cryptosystem to a simple one makes our IBPRE2 a versatile cryptographic tool to secure outsourced data in cloud computing.

Lu Yan,Haozhe Qin,Kexin Yang,Heye Xie,Xu An Wang,Shuanggen Liu

DOI: https://doi.org/10.3390/electronics13030534

IF: 2.9

2024-01-29

Electronics

Abstract:The popularity of secure cloud data sharing is on the rise, but it also comes with significant concerns about privacy violations and data tampering. While existing Proxy Re-Encryption (PRE) schemes effectively protect data in the cloud, challenges persist with certificate administration and key escrow. Moreover, the increasing number of users and prevalence of lightweight devices demand functional and cost-effective solutions. To address these issues, this paper presents a novel Pairing-free Certificate-Based Proxy Re-Encryption Plus scheme that leverages elliptic curve groups for improved effectiveness and performance. This scheme successfully resolves challenges related to certificate management and key escrow in traditional PRE schemes, while also introducing non-transferable and message-level fine-grained control characteristics. These enhancements bolster data security during sharing and minimize the risk of malicious information leakage. Our proposed scheme's correctness, security, and effectiveness are rigorously verified and analyzed. The results demonstrate that the scheme achieves the chosen ciphertext security in the random oracle model. Compared to current PRE schemes, our approach offers greater advantages, lower computational overhead, and enhanced suitability for practical cloud computing applications.

engineering, electrical & electronic,computer science, information systems,physics, applied

Yilei Wang,Dongjie Yan,Fagen Li,Hu Xiong

2017-01-01

Abstract:Proxy re-encryption (PRE) enables a semi-trusted proxy to delegate the decryption right by re-encrypting the ciphertext under the delegator’s public key to an encryption under the public key of delegatee. Fueled by the translation ability, PRE is regarded as a promising candidate to secure data sharing in a cloud environment. However, the security of the PRE will be totally destroyed in case the secret key of the delegator or the delegatee has been exposed. Despite the key exposure seems inevitable, the PRE scheme with resistance against secret key leakage has never been presented before. To deal with this intractable problem, we propose a key-insulated proxy reencryption (KIPRE) scheme by incorporating the mechanisms of PRE and key-insulated cryptosystem. In the proposed scheme, the lifetime of the secret key associated with the user, i.e., the delegator or the delegatee, has been divided into several periods. In each time period, the user can interact with his/her physically-secure but computation-limited helper to update his/her temporary secret key. On the contrary, the public keys of the users remained unchanged during the whole lifetime of the system. We then apply our KIPRE scheme to construct a practical solution to the problem of sharing sensitive information in public clouds with resilience to the key exposure. The performance evaluation and the security analysis demonstrate that our scheme is efficient and practical.

Zhiguang Qin,Shikun Wu,Hu Xiong

DOI: https://doi.org/10.1007/978-3-319-22047-5_17

2015-01-01

Abstract:Proxy re-encryption (PRE) has been considered as a promising candidate to secure data sharing in public cloud by enabling the cloud to transform the ciphertext to legitimate recipients on behalf of the data owner, and preserving data privacy from semi-trusted cloud. Certificateless proxy re-encryption (CL-PRE) not only eliminates the heavy public key certificate management in traditional public key infrastructure, but also solves the key escrow problem in the ID-based public key cryptography. By considering that the existing CL-PRE schemes either rely on expensive bilinear pairings or are proven secure under weak security models, we propose a strongly secure CL-PRE scheme without resorting to the bilinear pairing. The security of our scheme is proven to be secure against adaptive chosen ciphertext attack (IND-CCA) under a stronger security model in which the Type I adversary is allowed to replace the public key associated with the challenge identity. Furthermore, the simulation results demonstrate that our scheme is practical for cloud based data sharing in terms of communication overhead and computation cost for data owner, the cloud and data recipient.

Wei Luo,Wenping Ma

DOI: https://doi.org/10.1007/s10586-018-2862-z

2018-01-01

Cluster Computing

Abstract:With the rapid development of cloud computing, its security and privacy are of great concern. Since the cloud service provider is not completely trustworthy, the security of the outsourced files has become serious issues. Identity-based proxy re-encryption (IBPRE) schemes have been proposed to achieve feasible access control of encrypted data under the condition of guaranteeing the confidentiality of data, which can transfer the original ciphertexts to the re-encrypted ciphertexts for a designated decryptor. However, most of the existing IBPRE schemes either do not support revocation or computational complexity is too high. In this paper, we combine the properties of constrained pseudorandom functions (PRFs) and key homomorphic PRFs to construct a secure and efficient proxy re-encryption scheme for cloud computing. In our proposed scheme, the data owner authenticates the requesters and distributes the decryption keys by using an identity-based key exchange method. Meanwhile, a proxy re-encryption scheme is used to achieve data sharing and ciphertext update. We present the security proof of our scheme. In addition, compared with other existing schemes, our scheme has low computational complexity and communication cost.

Huidan Hu,Zhenfu Cao,Xiaolei Dong

DOI: https://doi.org/10.1109/access.2022.3200084

IF: 3.9

2022-01-01

IEEE Access

Abstract:Cloud computing with massive storage and computing capabilities has become widespread in actual applications. It is critical to ensure secure data sharing in cloud-based applications. Currently, numerous identity-based broadcast proxy re-encryption (IB-BPRE) schemes have been proposed to resolve the privacy issue. However, the existing IB-BPRE schemes cannot reach the transformation of the decryption right for outsourced encrypted data between the broadcast receiver sets (data user sets) delegated by the data owner (Alice) because it is difficult for the IB-BPRE to hold the character of multi-hop. Consequently, a new cryptographic primitive called autonomous path identity-based broadcast proxy re-encryption (APIB-BPRE) is presented to address the above issue. In an APIB-BPRE scheme, the delegator establishes an autonomous path involving preferred multiple broadcast receiver sets and the proxy can convert the decryption right for the broadcast receiver set into the decryption right for the next broadcast receiver set by the re-encryption key from the delegator. This solution is convenient and flexible for cloud users and utilizes the benefits of cloud computing. The evaluation and comparison indicate that our APIB-BPRE system is effective and practical.

Xu An Wang,Xiaoyuan Yang,Cong Li,Yudong Liu,Yong Ding

DOI: https://doi.org/10.2298/CSIS171218024W

2018-01-01

Computer Science and Information Systems

Abstract:Recently Liang et al. propose an interesting privacy-preserving ciphertext multi-sharing control for big data storage mechanism, which is based on the cryptographic primitive of anonymous multi-hop identity based conditional proxy re-encryption scheme AMH-IBCPRE. They propose a concrete AMH-IBCPRE scheme and conclude their scheme can achieve IND-sCon-sID-CCA secure (indistinguishable secure under selectively conditional selectively identity chosen ciphertext attack). However, our research show their scheme can not be IND-sCon-sID-CCA secure for single-hop and multi-hop data sharing. Also in 2014, Liang et al. propose an interesting deterministic finite automata-based functional proxy reencryption scheme DFA-based FPRE for secure public cloud data sharing, they also conclude their scheme can achieve IND-CCA secure (indistinguishable secure under chosen ciphertext attack), we also show their scheme can not be IND-CCA secure either. For these two proposals, the main reason of insecurity is that part of the re-encryption key has the same structure as the valid ciphertext, thus the adversary can query on the decryption oracle with this part of the re-encryption key to get secret keys, which will break the CCA-security of their scheme. We give an improved AMH-IBCPRE scheme and an improved DFA-based FPRE scheme for cloud data sharing and show the new schemes can resist our attack and be CCA-secure. We also demonstrate our improved AMH-IBCPRE scheme's efficiency compared with other related identity based proxy re-encryption schemes, the results show our scheme is almost the most efficient one.

Xu An Wang,Jianfeng Ma,Xiaoyuan Yang,Yuechuan Wei

DOI: https://doi.org/10.1007/978-3-662-49017-4_5

2015-01-01

Abstract:In proxy re-encryption $$\\mathsf{PRE}$$, a semi-trusted proxy can convert a ciphertext originally intended for Alice into one which can be decrypted by Bob, while the proxy can not know the underlying plaintext. In multi-use $$\\mathsf{PRE}$$ schemes, the ciphertext can be transformed from Alice to Bob and to Charlie and so on. Due to its ciphertext transformation property, it is difficult to achieve chosen ciphertext security for $$\\mathsf{PRE}$$, especially for multi-use $$\\mathsf{PRE}$$. $$\\mathsf{IBE}$$ is a new kind of public-key encryption where the recipient's public key is an arbitrary string that represents the recipient's identity. Identity based proxy re-encryption $$\\textsf {IBPRE}$$ is a primitive combing the feature of $$\\mathsf{IBE}$$ and $$\\mathsf{PRE}$$. In 2010 Wang et al. has proposed a multi-use unidirectional CCA-secure identity based proxy re-encryption $$\\textsf {IBPRE}$$ scheme, and in 2011 Luo et al. has proposed an unidirectional identity based proxy re-encryption scheme. Unfortunately, we show these two proposals are not secure and thus can not be applied directly in multi-user networks.

Hu Xiong,Yi Wang,Wenchao Li,Chien-Ming Chen

DOI: https://doi.org/10.1145/3318212

2019-01-01

ACM Transactions on Management Information Systems

Abstract:The convenience of the cloud-assisted Internet of Things has led to the need for improved protections for the large volumes of data collected from devices around the world and stored on cloud-based servers. Proxy re-encryption (PRE) has been presented as a suitable mechanism for secure transmission and sharing of files within the cloud. However, existing PRE schemes do not support unidirectional data transformation, fine-grained controls, multiple hops, and identity-based encryption simultaneously. To solve these problems, we propose a unidirectional multi-hop identity based-conditional PRE scheme that meets all of the above requirements. Our proposal has the additional benefits of a constant ciphertext size, non-interactivity, and collusion resistance. We also prove that our scheme is secure against adaptive identity chosen-ciphertext attacks in the standard model.

Xian Yong Meng,Zhong Chen,Xiang Yu Meng,Bing Sun

DOI: https://doi.org/10.4028/www.scientific.net/amm.571-572.74

2014-01-01

Applied Mechanics and Materials

Abstract:In this paper, an identity-based conditional proxy re-encryption (PRE) scheme is proposed, where a delegator provides a re-encryption key satisfying one condition to a semi-trusted proxy who can convert a ciphertext encrypted under the delegator’s public key into one that can be decrypted using the delegatee’s private key. We address the identity-based proxy re-encryption scheme, where the delegator and the delegatee request keys from a trusted party known as a key generator center (KGC), who generates private keys for delegator and delegatee based on their identities. Meanwhile, the identity-based conditional proxy re-encryption scheme satisfies the properties of PRE including unidirectionality, non-interactivity and multi-hop. Additionally, the identity-based conditional proxy re-encryption scheme is efficient in terms of both the communication cost and the computing cost, and can realize security secret sharing in cloud computing environments.

Jianfei Sun,Hu Xiong,Hao Zhang,Li Peng

DOI: https://doi.org/10.1016/j.ins.2019.08.026

IF: 8.1

2020-01-01

Information Sciences

Abstract:Never before has data sharing been more convenient with the rapid popularity and wide adoption of cloud computing. However, mobile access and flexible search with security for outsourced data in heterogeneous systems are two major obstacles prior to practical deployment of cloud computing. To meet the requirements in secure mobile access and flexible search to sensitive data, this paper, for the first time, proposes a versatile primitive referred to as an identity based proxy re-encryption system with outsourced equality test (IBPRE-ET). This primitive allows a data owner in an identity based broadcast encryption system (IBBE) seamlessly to share his/her data with a data sharer in an identity based encryption system (IBE). Moreover, it supports a data sharer in an IBBE system to perform search functionality on ciphertexts related to a data sharer in an IBE system. We also formally prove that the proposed IBPRE-ET system is selective secure using a random oracle model. Meanwhile, the theoretic evaluation and experimental result demonstrate our scheme is practical in the heterogeneous system. Finally, we show an application of our IBPRE-ET to the collaborative office automation system.

Peng Xu,Tengfei Jiao,Qianhong Wu,Wei Wang,Hai Jin

DOI: https://doi.org/10.1109/tc.2015.2417544

2016-01-01

Abstract:Recently, a number of extended Proxy Re-Encryptions (PRE), e.g. Conditional (CPRE), identity-based PRE (IPRE) and broadcast PRE (BPRE), have been proposed for flexible applications. By incorporating CPRE, IPRE and BPRE, this paper proposes a versatile primitive referred to as conditional identity-based broadcast PRE (CIBPRE) and formalizes its semantic security. CIBPRE allows a sender to encrypt a message to multiple receivers by specifying these receivers’ identities, and the sender can delegate a re-encryption key to a proxy so that he can convert the initial ciphertext into a new one to a new set of intended receivers. Moreover, the re-encryption key can be associated with a condition such that only the matching ciphertexts can be re-encrypted, which allows the original sender to enforce access control over his remote ciphertexts in a fine-grained manner. We propose an efficient CIBPRE scheme with provable security. In the instantiated scheme, the initial ciphertext, the re-encrypted ciphertext and the re-encryption key are all in constant size, and the parameters to generate a re-encryption key are independent of the original receivers of any initial ciphertext. Finally, we show an application of our CIBPRE to secure cloud email system advantageous over existing secure email systems based on Pretty Good Privacy protocol or identity-based encryption.

Peng Xu,Jun Xu,Wei Wang,Hai Jin,Willy Susilo,Deqing Zou

DOI: https://doi.org/10.1145/2897845.2897923

2016-01-01

Abstract:Proxy Re-Encryption (PRE) is a favorable primitive to realize a cryptographic cloud with secure and flexible data sharing mechanism. A number of PRE schemes with versatile capabilities have been proposed for different applications. The secure data sharing can be internally achieved in each PRE scheme. But no previous work can guarantee the secure data sharing among different PRE schemes in a general manner. Moreover, it is challenging to solve this problem due to huge differences among the existing PRE schemes in their algebraic systems and public-key types. To solve this problem more generally, this paper uniforms the definitions of the existing PRE and Public Key Encryption (PKE) schemes, and further uniforms their security definitions. Then taking any uniformly defined PRE scheme and any uniformly defined PKE scheme as two building blocks, this paper constructs a Generally Hybrid Proxy Re-Encryption (GHPRE) scheme with the idea of temporary public and private keys to achieve secure data sharing between these two underlying schemes. Since PKE is a more general definition than PRE, the proposed GHPRE scheme also is workable between any two PRE schemes. Moreover, the proposed GHPRE scheme can be transparently deployed even if the underlying PRE schemes are implementing.

Xin-peng ZHANG,Chun-xiang XU,Xiao-jun ZHANG,Jiang DENG,Xin Huang

DOI: https://doi.org/10.3969/j.issn.1001-0548.2016.06.015

2016-01-01

Abstract:Dynamic type information of ciphertext can be modified properly so that it can be well applied in a practical cloud storage environment. In order to meet the application requirements, Liuet al proposed a dynamic type and identity-based proxy re-encryption (PRE) scheme based on Ibraimiet al’s scheme. Their scheme not only keeps the traditional core function of PRE scheme, but also makes sure that the owner of ciphertext can modify the type information at any time. However, after careful security analysis it found that Liuet al.’s scheme has two security flaws. Firstly, the dynamic type information lacks of verification, the adversary can modify the type tag. Secondly, the dynamic type information causes a conditional chosen plaintext attack. Thus we further improve Liu et al.’s scheme and give the security analysis.

Song Luo,Qingni Shen,Zhong Chen

DOI: https://doi.org/10.1007/978-3-642-31912-9_8

2011-01-01

Abstract:Proxy re-encryption (PRE) allows the proxy to translate a ciphertext encrypted under Alice's public key into another ciphertext that can be decrypted by Bob's secret key. Identity-based proxy re-encryption (IB-PRE) is the development of identity-based encryption and proxy re-encryption, where ciphertexts are transformed from one identity to another. In this paper, we propose two novel unidirectional identity-based proxy re-encryption schemes, which are both non-interactive and proved secure in the standard model. The first scheme is a single-hop IB-PRE scheme and has master secret security, allows the encryptor to decide whether the ciphertext can be re-encrypted. The second scheme is a multi-hop IB-PRE scheme which allows the ciphertext re-encrypted multiple times but without the size of ciphertext growing linearly as previous multi-hop IB-PRE schemes.

Nabeil Eltayieb,Rashad Elhabob,Abdeldime M. S. Abdelgader,Yongjian Liao,Fagen Li,Shijie Zhou

DOI: https://doi.org/10.1016/j.future.2024.08.002

IF: 7.307

2024-01-01

Future Generation Computer Systems

Abstract:Cloud computing has enabled data-sharing to be more convenient than ever before. However, data security is a major concern that prevents cloud computing from being widely adopted. A potential solution to secure data-sharing in cloud computing is proxy re-encryption (PRE), which allows a proxy to transform encrypted data from one key to another without accessing the plaintext. When using PRE, various challenges arise, including the leak of information by a trusted third party, collusion attacks, and issues associated with revocation. To overcome these challenges, this paper proposes a novel Certificateless Proxy Reencryption with Cryptographic Reverse Firewall for Secure Cloud Data Sharing (CLPRE-CRF). The new scheme enables secure distribution of encrypted data from a data owner to users through public clouds. Meanwhile, the CLPRE-CRF scheme can resist exfiltration of secret information and forgery of ciphertext in case the scheme is compromised. In addition, the scheme provides a flexible revocation mechanism to prevent unauthorized access to private data. The security analysis demonstrates that the CLPRE-CRF resists chosen-plaintext attacks and collusion attacks. Moreover, performance evaluation indicates that our scheme achieves a 14% and 22% reduction in computation costs during the encryption and decryption algorithms, respectively. Therefore, the proposed CLPRE-CRF scheme is well-suited for cloud computing environments.

Peng Zeng,Kim-Kwang Raymond Choo

DOI: https://doi.org/10.1109/access.2018.2879479

IF: 3.9

2018-01-01

IEEE Access

Abstract:Secure cloud storage has important applications in our big data-driven society, and to achieve secure cloud storage, we need to enforce strong access control mechanism. Proxy re-encryption (PRE) has been shown to be an effective tool of constructing cryptographically enforced access control schemes. In a traditional PRE scheme, a semi-trusted proxy can convert all ciphertexts for a delegator to ciphertexts for a delegatee once the proxy obtains the relevant re-encryption key from the delegator. In many practical applications, however, a fine-grained delegation of decryption abilities may be demanded, and thus, the notion of conditional PRE (C-PRE) is introduced, which allows only the ciphertexts satisfying a concrete condition to be converted by the proxy. In this paper, we introduce a special kind of C-PRE, sender-specified PRE (SS-PRE), which enables the delegator to delegate the decryption right of the ciphertexts from a specified sender to his/her delegatee. We give a formal definition of SS-PRE and its security model. We also provide the concrete constructions of an IND-CPA secure SS-PRE scheme and an IND-CCA secure SS-PRE scheme with the properties of unidirectionality and single-use and prove the security of both schemes in the standard model. The detailed analysis shows that our new IND-CCA secure SS-PRE scheme achieves a higher efficiency in computation cost and ciphertext size than the conventional C-PRE schemes.

Kwame Opuni-Boachie Obour Agyekum,Qi Xia,Emmanuel Boateng Sifah,Jianbin Gao,Hu Xia,Xiaojiang Du,Moshen Guizani

DOI: https://doi.org/10.3390/s19051235

2019-03-11

Abstract:Access and utilization of data are central to the cloud computing paradigm. With the advent of the Internet of Things (IoT), the tendency of data sharing on the cloud has seen enormous growth. With data sharing comes numerous security and privacy issues. In the process of ensuring data confidentiality and fine-grained access control to data in the cloud, several studies have proposed Attribute-Based Encryption (ABE) schemes, with Key Policy-ABE (KP-ABE) being the prominent one. Recent works have however suggested that the confidentiality of data is violated through collusion attacks between a revoked user and the cloud server. We present a secured and efficient Proxy Re-Encryption (PRE) scheme that incorporates an Inner-Product Encryption (IPE) scheme in which decryption of data is possible if the inner product of the private key, associated with a set of attributes specified by the data owner, and the associated ciphertext is equal to zero 0 . We utilize a blockchain network whose processing node acts as the proxy server and performs re-encryption on the data. In ensuring data confidentiality and preventing collusion attacks, the data are divided into two, with one part stored on the blockchain network and the other part stored on the cloud. Our approach also achieves fine-grained access control.

Zhiguang Qin,Hu Xiong,Shikun Wu,Jennifer Batamuliza

DOI: https://doi.org/10.1109/tsc.2016.2551238

IF: 11.019

2024-01-01

IEEE Transactions on Services Computing

Abstract:Never before have data sharing been more convenient with the rapid development and wide adoption of cloud computing. However, how to ensure the cloud user’s data security is becoming the main obstacles that hinder cloud computing from extensive adoption. Proxy re-encryption serves as a promising solution to secure the data sharing in the cloud computing. It enables a data owner to encrypt shared data in cloud under its own public key, which is further transformed by a semitrusted cloud server into an encryption intended for the legitimate recipient for access control. This paper gives a solid and inspiring survey of proxy re-encryption from different perspectives to offer a better understanding of this primitive. In particular, we reviewed the state-of-the-art of the proxy re-encryption by investigating the design philosophy, examining the security models and comparing the efficiency and security proofs of existing schemes. Furthermore, the potential applications and extensions of proxy re-encryption have also been discussed. Finally, this paper is concluded with a summary of the possible future work.

Shuanggen Liu,Hui Song,Xu An Wang,Yuxin He,Yifan Song

DOI: https://doi.org/10.1109/mnet.2024.3366508

IF: 10.294

2024-01-01

IEEE Network

Abstract:In the Internet of Vehicles (IoV), vehicle terminal and user information collection are the main data sources. But sharing these data can easily violate personal privacy and data security. To solve this problem, in this paper we propose a secure proxy re-encryption (PRE) scheme, which uses identity-based broadcast encryption to provide fine-grained control, while ensuring secure data sharing and preventing privacy leakage. The proposed scheme, called identity-based broadcast proxy re-encryption plus (PIB-PRE+), has non-transferability and non-transitivity to ensure the security of ciphertext. The PIB-PRE+ also provides privacy protection for users in the receiving set and supports flexible fine-grained delegation. Compared with other existing schemes, PIB-PRE+ provides some advantages in function and efficiency. Finally, we discuss the application of PIB-PRE+ in vehicle-to-network (V2N) communication. The research is helpful to improve the security and privacy of data sharing in IoV.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture