Shi Lin,Li Cui,Niu Ke

DOI: https://doi.org/10.3390/s24020438

IF: 3.9

2024-01-11

Sensors

Abstract:In light of the existing security vulnerabilities within IoT publish–subscribe systems, our study introduces an improved end-to-end encryption approach using conditional proxy re-encryption. This method not only overcomes limitations associated with the reliance on a trusted authority and the challenge of reliably revoking users in previous proxy re-encryption frameworks, but also strengthens data privacy against potential collusion between the broker and subscribers. Through our innovative encryption protocol, unauthorized re-encryption by brokers is effectively prevented, enhancing secure communication between publisher and subscriber. Implemented on HiveMQ, an open-source MQTT platform, our prototype system demonstrates significant enhancements. Comparison to the state-of-the-art end-to-end encryption work, encryption overhead of our scheme is comparable to it, and the decryption cost is approximately half of it. Moreover, our solution significantly improves overall security without compromising the asynchronous communication and decentralized authorization foundational to the publish–subscribe model.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Jianhong Zhang,Wenle Bai,Yuehai Wang

DOI: https://doi.org/10.1109/access.2019.2899828

IF: 3.9

2019-01-01

IEEE Access

Abstract:The Internet of Things (IoT) is the internetworking of terminal physical devices depends on application programming interfaces and sensors to be connected to the Internet for collecting and exchanging data. According to the characteristics of IoT, it can provide rich services for the terminal user. However, the centralized cloud computing-based storage architecture in IoT faces many challenges, such as data security, identity privacy, and high latency. To overcome these challenges, this paper introduces an IoT network storage architecture based on mobile edge computing, which not only achieves low-latency message response and computation offloading of the terminal user but also preserves identity-privacy of the terminal user. Afterward, we presented a novel non-interactive pairing-free ID-based proxy re-signature scheme (ID-PRS), which is a kernel technique to construct the aforementioned storage architecture. Compared with most of proxy re-signature schemes constructed based on traditional public-key-infrastructure, the proposed scheme avoids expensive pairing operation and intricate certificate-maintenance. And it is demonstrated to be provably secure under the classic security assumptions: integer factoring problem and the RSA assumption. Finally, in contrast to the other two ID-PRS schemes, the proposed ID-PRS scheme has more advantages in terms of security, functionability, and computation costs. Thus, it is very suitable to be applied to the resource-constrained mobile users.

Hu Xiong,Lili Wang,Zhida Zhou,Zetong Zhao,Xin Huang,Saru Kumari

DOI: https://doi.org/10.1109/jiot.2021.3126230

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:Puncturable proxy re-encryption (PPRE) is envisioned to provide secure access control delegation and fine-grained forward security for asynchronous group messaging systems. Nevertheless, the existing PPRE scheme not only suffers from the burden of certificate management but also merely achieves selective security based on the nonstandard assumption. In this article, a puncturable identity-based PRE (P-IB-PRE) scheme is proposed to efficiently protect the security and privacy of the group message. The proposed scheme introduces a message server as the proxy to transform ciphertext for each participant in the group; thus, the heavy computation overhead is delegated to the message server with abundant resources. Most importantly, our scheme enables the recipient to revoke its private key’s decryption capability of the specific messages without affecting other messages. Moreover, the identity-based mechanism eliminates the burden of certificate management as well as improves efficiency. The proposed scheme achieves adaptive security under the standard decisional bilinear Diffie–Hellman (DBDH) assumption. Eventually, theoretical and experimental analyses demonstrate that the proposed scheme has an excellent performance in efficiency and practicality.

computer science, information systems,telecommunications,engineering, electrical & electronic

Fucai Luo,Haiyan Wang,Willy Susilo,Xingfu Yan,Xiaofan Zheng

DOI: https://doi.org/10.1109/tifs.2024.3357240

IF: 7.231

2024-02-02

IEEE Transactions on Information Forensics and Security

Abstract:Proxy re-encryption (PRE), as a promising cryptographic primitive for secure data sharing in clouds, has been widely studied for decades. PRE allows the proxies to use the re-encryption keys to convert ciphertexts computed under the delegator's public key into ones that can be decrypted using the delegatees' secret keys, without knowing anything about the underlying plaintext. This delegable property of decryption rights enables flexible cloud data sharing, but it raises an important issue: if some proxies reveal their re-encryption keys, or collude with some delegatees to create a pirate decoder, then anyone who gains access to the pirate decoder can decrypt all ciphertexts computed under the delegator's public key without the delegator's permission. This paper opens up a potentially new avenue of research to address the above (re-encryption) key abuse problem by proposing the first public trace-and-revoke PRE system, where the malicious delegatees and proxies involved in the generation of a pirate decoder can be identified by anyone who gains access to the pirate decoder, and their decryption capabilities can subsequently be revoked by the content distributor. Our construction is multi-hop, supports user revocation and public (black-box) traceability, and achieves significant efficiency advantages over previous constructions. Technically, our construction is a generic transformation from inner-product functional PRE (IPFPRE) that we introduce to trace-and-revoke PRE. In addition, we instantiate our generic construction of trace-and-revoke PRE from the Learning with Errors (LWE) assumption, which was widely believed to be quantum-resistant. This is achieved by proposing the first LWE-based IPFPRE scheme, which may be of independent interest. Finally, we conduct a comprehensive performance evaluation of our LWE-based trace-and-revoke PRE scheme, and the experimental results show that the proposed LWE-based trace-and-revoke PRE scheme is practical and outperforms current state-of-the-art traceable PRE schemes.

computer science, theory & methods,engineering, electrical & electronic

Chuan Qin,Jingwei Li,Patrick P. C. Lee

DOI: https://doi.org/10.1145/3032966

2016-12-19

Abstract:Rekeying refers to an operation of replacing an existing key with a new key for encryption. It renews security protection, so as to protect against key compromise and enable dynamic access control in cryptographic storage. However, it is non-trivial to realize efficient rekeying in encrypted deduplication storage systems, which use deterministic content-derived encryption keys to allow deduplication on ciphertexts. We design and implement REED, a rekeying-aware encrypted deduplication storage system. REED builds on a deterministic version of all-or-nothing transform (AONT), such that it enables secure and lightweight rekeying, while preserving the deduplication capability. We propose two REED encryption schemes that trade between performance and security, and extend REED for dynamic access control. We implement a REED prototype with various performance optimization techniques and demonstrate how we can exploit similarity to mitigate key generation overhead. Our trace-driven testbed evaluation shows that our REED prototype maintains high performance and storage efficiency.

Distributed, Parallel, and Cluster Computing,Cryptography and Security

Han-Yu Lin,Pei-Ru Chen

DOI: https://doi.org/10.3390/s24196290

2024-09-28

Abstract:As technology advances rapidly, a diverse array of Internet of Things (IoT) devices finds widespread application across numerous fields. The intelligent nature of these devices not only gives people more convenience, but also introduces new challenges especially in security when transmitting data in fog-based cloud environments. In fog computing environments, data need to be transmitted across multiple devices, increasing the risk of data being intercepted or tampered with during transmission. To securely share cloud ciphertexts, an alleged proxy re-encryption approach is a commonly adopted solution. Without decrypting the original ciphertext, such a mechanism permits a ciphertext intended for user A to be easily converted into the one intended for user B. However, to revoke the decryption privilege of data users usually relies on the system authority to maintain a user revocation list which inevitably increases the storage space. In this research, the authors come up with a fog-based proxy re-encryption system with revocable identity. Without maintaining the traditional user revocation list, the proposed scheme introduces a time-updated key mechanism. The time-update key could be viewed as a partial private key and should be renewed with different time periods. A revoked user is unable to obtain the renewed time-update key and hence cannot share or decrypt cloud ciphertexts. We formally demonstrate that the introduced scheme satisfies the security of indistinguishability against adaptively chosen identity and chosen plaintext attacks (IND-PrID-CPA) assuming the hardness of the Decisional Bilinear Diffie-Hellman (DBDH) problem in the random oracle model. Furthermore, compared with similar systems, the proposed one also has lower computational complexity as a whole.

Cong Peng,Jianhua Chen,Pandi Vijayakumar,Neeraj Kumar,Debiao He

DOI: https://doi.org/10.1145/3414475

IF: 5.3

2021-01-01

ACM Transactions on Internet Technology

Abstract:With the evolvement of the Internet of things (IoT), privacy and security have become the primary indicators for users to deploy IoT applications. In the gateway-based IoT architecture, gateways aggregate data collected by perception-layer devices and upload message packets to platforms, while platforms automatically push different categories of data to different applications. However, security in processes of data transmission via gateways, storage in platforms, access by applications is the major challenge for user privacy protection. To tackle this challenge, this article presents a secure IoT scheme based on a fine-grained multi-receive signcryption scheme to realize end-to-end secure transmission and data access control. To enhance the security of online application decryption keys, we design a distributed threshold decryption scheme based on secret-sharing. Moreover, from the provable security perspective, we demonstrate that the scheme can achieve the expected IND-CCA security and EUF-CMA security. After the performance analysis, evaluation results show that the computational performance is efficient and linearly subject to the number of messages and the number of receivers.

Jingwei Li,Chuan Qin,Patrick P. C. Lee,Jin Li

DOI: https://doi.org/10.1109/dsn.2016.62

2016-01-01

Abstract:Rekeying refers to an operation of replacing an existing key with a new key for encryption. It renews security protection, so as to protect against key compromise and enable dynamic access control in cryptographic storage. However, it is non-trivial to realize efficient rekeying in encrypted deduplication storage systems, which use deterministic content-derived encryption keys to allow deduplication on ciphertexts. We design and implement REED, a rekeying-aware encrypted deduplication storage system. REED builds on a deterministic version of all-or-nothing transform (AONT), such that it enables secure and lightweight rekeying, while preserving the deduplication capability. We propose two REED encryption schemes that trade between performance and security, and extend REED for dynamic access control. We implement a REED prototype with various performance optimization techniques. Our trace-driven testbed evaluation shows that our REED prototype maintains high performance and storage efficiency.

Yuriy Polyakov,Kurt Rohloff,Gyana Sahu,Vinod Vaikuntanathan

DOI: https://doi.org/10.1145/3128607

IF: 2.717

2017-10-26

ACM Transactions on Privacy and Security

Abstract:We develop two IND-CPA-secure multihop unidirectional Proxy Re-Encryption (PRE) schemes by applying the Ring-LWE (RLWE) key switching approach from the homomorphic encryption literature. Unidirectional PRE is ideal for secure publish-subscribe operations where a publisher encrypts information using a public key without knowing upfront who the subscriber will be and what private key will be used for decryption. The proposed PRE schemes provide a multihop capability, meaning that when PRE-encrypted information is published onto a PRE-enabled server, the server can either delegate access to specific clients or enable other servers the right to delegate access. Our first scheme (which we call NTRU-ABD-PRE) is based on a variant of the NTRU-RLWE homomorphic encryption scheme. Our second and main PRE scheme (which we call BV-PRE) is built on top of the Brakerski-Vaikuntanathan (BV) homomorphic encryption scheme and relies solely on the RLWE assumption. We present an open-source C++ implementation of both schemes and discuss several algorithmic and software optimizations. We examine parameter selection tradeoffs in the context of security, runtime/latency, throughput, ciphertext expansion, memory usage, and multihop capabilities. Our experimental analysis demonstrates that BV-PRE outperforms NTRU-ABD-PRE in both single-hop and multihop settings. The BV-PRE scheme has a lower time and space complexity than existing IND-CPA-secure lattice-based PRE schemes and requires small concrete parameters, making the scheme computationally efficient for use on low-resource embedded systems while still providing 100 bits of security. We present practical recommendations for applying the PRE schemes to several use cases of ad hoc information sharing for publish-subscribe operations.

computer science, information systems

Qingyang Zhang,Jie Cui,Hong Zhong,Lu Liu

DOI: https://doi.org/10.1145/3529510

2022-04-19

ACM Transactions on Sensor Networks

Abstract:With the development of IoT, more and more data is offloaded from the cloud to the edge for computing, eventually forming a collaborative computing model at the edge. However, in this model, the problem of secure data transmission has not been solved. In this model, data is transmitted and forwarded in multiple messaging systems, and existing security schemes cannot achieve end-to-end security in a multi-hop, broadcast transmission model. Therefore, in this paper, we propose a new security scheme based on proxy re-encryption and broadcast encryption techniques. Moreover, the performance and security of the scheme are further enhanced by using online-offline techniques and a trusted execution environment when integrating the scheme with edge collaboration. Finally, this paper proves the security of the scheme in theory, compares the functionality of the scheme, analyzes the theoretical performance of the scheme, and finally measures the actual performance of the scheme in the edge collaboration system.

computer science, information systems,telecommunications

Yilei Wang,Dongjie Yan,Fagen Li,Hu Xiong

2017-01-01

Abstract:Proxy re-encryption (PRE) enables a semi-trusted proxy to delegate the decryption right by re-encrypting the ciphertext under the delegator’s public key to an encryption under the public key of delegatee. Fueled by the translation ability, PRE is regarded as a promising candidate to secure data sharing in a cloud environment. However, the security of the PRE will be totally destroyed in case the secret key of the delegator or the delegatee has been exposed. Despite the key exposure seems inevitable, the PRE scheme with resistance against secret key leakage has never been presented before. To deal with this intractable problem, we propose a key-insulated proxy reencryption (KIPRE) scheme by incorporating the mechanisms of PRE and key-insulated cryptosystem. In the proposed scheme, the lifetime of the secret key associated with the user, i.e., the delegator or the delegatee, has been divided into several periods. In each time period, the user can interact with his/her physically-secure but computation-limited helper to update his/her temporary secret key. On the contrary, the public keys of the users remained unchanged during the whole lifetime of the system. We then apply our KIPRE scheme to construct a practical solution to the problem of sharing sensitive information in public clouds with resilience to the key exposure. The performance evaluation and the security analysis demonstrate that our scheme is efficient and practical.

Ning Yang,Hao Jiang,Daoxing Guo,Yuan Liu,Guoru Ding,Zhen Chen,Zhaohui Yang

DOI: https://doi.org/10.1109/lcomm.2024.3419829

IF: 3.5529

2024-01-01

IEEE Communications Letters

Abstract:The reliability and accuracy of cooperative spectrum sensing (CSS) in cognitive radio networks (CRNs) are highly dependent on the integrity of the shared spectrum sensing data. However, driven by selfishness and malicious intentions, secondary users (SUs) may launch SSDF attacks, resulting in the damage to the integrity of sensing data, which will seriously affect the performance of CRNs, especially under massive SSDF attacks. Therefore, a blockchain-based CSS model is firstly proposed and a reputation-based consensus mechanism, named proof of reputation (PoR), is designed to enable CSS to countermeasure massive SSDF attacks in an environmentally friendly manner while supporting the operation of blockchain. Secondly, a reputation evaluation scheme based on extended sensing time and transmission result is developed to evaluate the reputation of SUs. In addition, in order to maximize the recognition performance of SSDF attacks, a closed-form expression of the optimal decision threshold constrained by the misjudged probability of honest SU is derived. Finally, the effectiveness and superiority of the proposed PoR consensus algorithm against massive SSDF attacks are demonstrated by comparing the simulation with the existing solutions.

Hongchen Guo,Liren Chen,Xuhao Ren,Mingyang Zhao,Chunhai Li,Jingfeng Xue,Liehuang Zhu,Chuan Zhang

DOI: https://doi.org/10.1109/jiot.2024.3435729

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:With integrity and traceability, blockchains have been widely applied in Internet of Things (IoT) systems. However, immutable blockchains contradict recent data regulations (e.g., the right to be forgotten in GDPR), making redactable blockchain-based IoT emerge as a promising paradigm. In this paradigm, IoT users can specify expressive policies (i.e., containing multiple logical AND and OR operators) to achieve controllable data editability. Unfortunately, existing related schemes with expressive policies face several issues: high communication costs, data privacy leakage (i.e., data can be read by all users), and inefficient user revocation. This paper proposes a privacy-preserving and revocable redactable blockchain scheme in IoT systems, named BlockENC. BlockENC allows owners to specify expressive policies for controlling which users can read or edit their data and ensures downward compatible privileges (i.e., editable users own the privilege of readable users but not vice versa) under only O(n) communication costs (O(n2) in other schemes). The punchline of BlockENC is to define readability policies as subsets of editability policies and introduce access control trees to embed these policies in distributing data decryption keys and chameleon hash trapdoors. Moreover, drawing inspiration from ciphertext division mechanisms in proxy re-encryption techniques, BlockENC creates globally unique random values to reconstruct user keys, converting updating all existing keys or ciphertexts when user revocation cases occur into simply invalidating corresponding keys. Security analysis proves that BlockENC is secure against chosen-plaintext attacks. Experiments on the FISCO blockchain platform show that BlockENC achieves around 5× computation and 10× communication improvement over related works.

Jialu Hao,Cheng Huang,Jian Liu,Ming Xian,Xuemin (Sherman) Shen

DOI: https://doi.org/10.1109/glocom.2018.8647659

2018-01-01

Abstract:Data owners have benefited significantly from cloud computing for managing the numerous data produced by massive devices in various Internet of Things (IoT) applications, such as smart home and electronic healthcare. On the other hand, fine-grained access control on outsourced data is a big concern for data owners, after they lose physical control over their data. Key-policy attribute-based encryption (KP-ABE), which provides data confidentiality and fine-grained data access control simultaneously, can be naturally introduced in this cloud-based IoT paradigm. However, the primitive KP-ABE cannot achieve efficient data access control with flexible user revocation. In this paper, we propose an efficient and fine-grained data access control scheme based on the proxy re-encryption and key blinding techniques for cloud-based IoT. With the scheme, the decryption capability of misbehaving users can be efficiently revoked to prevent data disclosure. In addition, most of the costly update operations over ciphertexts and keys due to user revocation, are delegated to the cloud. Extensive experiment results demonstrate that our scheme is more efficient than existing solutions in terms of computation and communication overheads.

Kwame Opuni-Boachie Obour Agyekum,Qi Xia,Emmanuel Boateng Sifah,Jianbin Gao,Hu Xia,Xiaojiang Du,Moshen Guizani

DOI: https://doi.org/10.3390/s19051235

2019-03-11

Abstract:Access and utilization of data are central to the cloud computing paradigm. With the advent of the Internet of Things (IoT), the tendency of data sharing on the cloud has seen enormous growth. With data sharing comes numerous security and privacy issues. In the process of ensuring data confidentiality and fine-grained access control to data in the cloud, several studies have proposed Attribute-Based Encryption (ABE) schemes, with Key Policy-ABE (KP-ABE) being the prominent one. Recent works have however suggested that the confidentiality of data is violated through collusion attacks between a revoked user and the cloud server. We present a secured and efficient Proxy Re-Encryption (PRE) scheme that incorporates an Inner-Product Encryption (IPE) scheme in which decryption of data is possible if the inner product of the private key, associated with a set of attributes specified by the data owner, and the associated ciphertext is equal to zero 0 . We utilize a blockchain network whose processing node acts as the proxy server and performs re-encryption on the data. In ensuring data confidentiality and preventing collusion attacks, the data are divided into two, with one part stored on the blockchain network and the other part stored on the cloud. Our approach also achieves fine-grained access control.

Jingyuan Fan,Chaowen Guan,Kui Ren,Chunming Qiao

DOI: https://doi.org/10.1109/tnet.2018.2846791

2018-01-01

IEEE/ACM Transactions on Networking

Abstract:To eliminate redundant transfers over WAN links and improve network efficiency, middleboxes have been deployed at ingress/egress. These middleboxes can operate on individual packets and are application layer protocol transparent. They can identify and remove duplicated byte strings on the fly. However, with the increasing use of HTTPS, current redundancy elimination (RE) solution can no longer work without violating end-to-end privacy. In this paper, we present RE over encrypted traffic (REET), the first middlebox-based system that supports both intra-user and inter-user packet-level RE directly over encrypted traffic. REET realizes this by using a novel protocol with limited overhead and protects end users from honestbut-curious middleboxes. We implement REET and show its performance for both end users and middleboxes using several hundred gigabytes of network traffic traces collected from a large U.S. university.

Yuan Zhang,Yongfeng Huang,Jian Yuan

2011-01-01

Abstract:This work concentrates on the design of an efficient and scalable group rekey method for P2P IPTV DRM system where the minimal division of right is a program. Our group rekey scheme is efficient in two aspects, less number of encryption and less individual transmission. We divide the members into three categories, namely, the fresh members, the rejoined members, and the remaining members, according to their knowledge to the current content encryption key (CEK) and watching behavior. Different rekey schemes are adopted for each of these categories. For the rejoined members, the number of encryption is reduced from Θ (Nrejoined) to Θ (k3 log Nrejoined), by using broadcast encryption algorithm where k is the collusion size. For the remaining members, a distributed key tree scheme is proposed to allow the remaining members to coordinate a common key. The number of keys encrypted in one rekey process is reduced to Θ (k log Nremaining). To achieve the second goal, we propose a multicast mechanism of P2P network to transmit the new content encryption key for the remaining members once the distributed key tree has been constructed. Individual transmission for the remaining members can be eliminated for the remaining members. This scheme is implemented in our Coolvideo P2P IPTV system. Real implementation suggests that our DRM solution adapts well in P2P IPTV system even when member size grows large.

Liquan Jiang,Mamoun Alazab,Zhiguang Qin

DOI: https://doi.org/10.1109/jiot.2023.3272070

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:Extreme events (such as earthquakes, hurricanes, etc.) pose a dual challenge to the reliability and serviceability of IoT systems. With regard to this challenge, by publishing some tasks and then encouraging the public to assist in real-time data collection through their mobile terminals (namely, the mobile crowdsourcing-assisted IoT systems), is expected to play an important role in secondary disaster prevention and personnel rescue in extreme events. However, it has weaknesses in terms of security, flexibility, and efficiency. As an elegant solution, identity-based broadcast proxy re-encryption (PR-IBBE) enables flexible access authorization sharing and efficient broadcast distribution of encrypted tasks via the cloud. However, their security relies on fully-trusted or semi-trusted cloud assumptions, which are hard to be implemented in real-world scenarios. And the cloud is more vulnerable in an emergency event since there is a lack of effective management. Motivated by that, we propose the verifiable PR-IBBE (VPR-IBBE) scheme, which realizes a cross-domain identity-based broadcast task file secure authorization access, and empowers the verifiability and reputability of re-encrypted ciphertext under the untrusted cloud setting. This mechanism ensures that the relevance between the re-encrypted ciphertext and the original ciphertext can be publically verified, so the cloud can defend itself if there is a malicious accusation of forging the re-encrypted ciphertext. Through rigorous formal security proofs, we demonstrate that VPR-IBBE attains the indistinguishability of ciphertext against selective identity chosen ciphertext attack (IND-sID-CPA), and is also resistant to the collusion attack between the untrusted cloud and the cooperative performer. Theoretical comparison and experimental results demonstrate the practicability of our VPR-IBBE scheme, as well as the superiority over representative related works.

Yi Wu,Wei Zhang,Hu Xiong,Zhiguang Qin,Kuo-Hui Yeh

DOI: https://doi.org/10.1007/s11042-021-11286-0

IF: 2.577

2021-01-01

Multimedia Tools and Applications

Abstract:With the universality and availability of Internet of Things (IoT), data privacy protection in IoT has become a hot issue. As a branch of attribute-based encryption (ABE), ciphertext policy attribute-based encryption (CP-ABE) is widely used in IoT to offer flexible one-to-many encryption. However, in IoT, different mobile devices share messages collected, transmission of large amounts of data brings huge burdens to mobile devices. Efficiency is a bottleneck which restricts the wide application and adoption of CP-ABE in Internet of things. Besides, the decryption key in CP-ABE is shared by multiple users with the same attribute, once the key disclosure occurs, it is non-trivial for the system to tell who maliciously leaked the key. Moreover, if the malicious mobile device is not revoked in time, more security threats will be brought to the system. These problems hinder the application of CP-ABE in IoT. Motivated by the actual need, a scheme called traceable and revocable ciphertext policy attribute-based encryption scheme with constant-size ciphertext and key is proposed in this paper. Compared with the existing schemes, our proposed scheme has the following advantages: (1) Malicious users can be traced; (2) Users exiting the system and misbehaving users are revoked in time, so that they no longer have access to the encrypted data stored in the cloud server; (3) Constant-size ciphertext and key not only improve the efficiency of transmission, but also greatly reduce the time spent on decryption operation; (4) The storage overhead for traceability is constant. Finally, the formal security proof and experiment has been conducted to demonstrate the feasibility of our scheme.

Won-Bin Kim,Daehee Seo,Donghyun Kim,Im-Yeong Lee

DOI: https://doi.org/10.1155/2021/7641389

2021-06-15

Wireless Communications and Mobile Computing

Abstract:In general, ID-based proxy reencryption (IBPRE) includes data transfer in a 1 : 1 manner between a sender and receiver. Therefore, only the data owner has the authority to decrypt or reencrypt the data that is encrypted with his/her public key. However, in an environment with data self-sovereignty, such as an enterprise IoT-cloud environment, the data are directly managed by cloud once data is uploaded from user-controlled IoT devices. In such a situation, there is no way of sharing data if the data owner has no access over the data due to being outside the workplace and other issues. In this study, to solve this problem, data can be shared even when the data cannot be accessed by delegating the authority of the data owner to generate the reencryption key to other users. In addition, by solving the security threats that may appear in this process, data sharing can be performed securely and efficiently in the corporate environment.

computer science, information systems,telecommunications,engineering, electrical & electronic