Yingwen Chen,Bowen Hu,Hujie Yu,Zhimin Duan,Junxin Huang

DOI: https://doi.org/10.3390/electronics10192359

IF: 2.9

2021-09-27

Electronics

Abstract:The IoT devices deployed in various application scenarios will generate massive data with immeasurable value every day. These data often contain the user’s personal privacy information, so there is an imperative need to guarantee the reliability and security of IoT data sharing. We proposed a new encrypted data storing and sharing architecture by combining proxy re-encryption with blockchain technology. The consensus mechanism based on threshold proxy re-encryption eliminates dependence on the third-party central service providers. Multiple consensus nodes in the blockchain network act as proxy service nodes to re-encrypt data and combine converted ciphertext, and personal information will not be disclosed in the whole procedure. That eliminates the restrictions of using decentralized network to store and distribute private encrypted data safely. We implemented a lot of simulated experiments to evaluate the performance of the proposed framework. The results show that the proposed architecture can meet the extensive data access demands and increase a tolerable time latency. Our scheme is one of the essays to utilize the threshold proxy re-encryption and blockchain consensus algorithm to support IoT data sharing.

engineering, electrical & electronic,computer science, information systems,physics, applied

Yanping Wang,Xiaosong Zhang,Xiaofen Wang,Teng Hu,Peng Lu,Mingyong Yin

DOI: https://doi.org/10.1155/2022/1317626

IF: 1.968

2022-01-01

Security and Communication Networks

Abstract:With the increasingly prominent value of big data, data sharing within enterprises and organizations has become increasingly popular, and many institutions have established data centers to achieve effective data storage and sharing. Meanwhile, cyberspace data security and privacy have become the most critical issue that people are concerned about since shared data often involves commercial secrets and sensitive information. At present, data encryption techniques have been applied to protect the security of the sensitive data stored in and shared by the data centers. However, the challenges of efficient data sharing, secure management of decryption keys, deduplication of the plaintext, and transparency and auditability of the data access arise. These challenges may obstruct the development of data sharing in data-driven systems. To meet these challenges, we propose a secure and trustworthy data sharing scheme and introduce blockchain, proxy re-encryption (PRE), and trusted execution environments (TEEs) into the data-driven systems. Our scheme mainly enables (1) automatic distribution and management of the decryption keys, (2) reduction of the reduplicative data, and (3) trustworthy data sharing and recording. Finally, we implement the proposed scheme and compare it with other existing schemes. It is demonstrated that our scheme reduces the computation and communication overhead.

Kwame Opuni-Boachie Obour Agyekum,Qi Xia,Emmanuel Boateng Sifah,Jianbin Gao,Hu Xia,Xiaojiang Du,Moshen Guizani

DOI: https://doi.org/10.3390/s19051235

2019-03-11

Abstract:Access and utilization of data are central to the cloud computing paradigm. With the advent of the Internet of Things (IoT), the tendency of data sharing on the cloud has seen enormous growth. With data sharing comes numerous security and privacy issues. In the process of ensuring data confidentiality and fine-grained access control to data in the cloud, several studies have proposed Attribute-Based Encryption (ABE) schemes, with Key Policy-ABE (KP-ABE) being the prominent one. Recent works have however suggested that the confidentiality of data is violated through collusion attacks between a revoked user and the cloud server. We present a secured and efficient Proxy Re-Encryption (PRE) scheme that incorporates an Inner-Product Encryption (IPE) scheme in which decryption of data is possible if the inner product of the private key, associated with a set of attributes specified by the data owner, and the associated ciphertext is equal to zero 0 . We utilize a blockchain network whose processing node acts as the proxy server and performs re-encryption on the data. In ensuring data confidentiality and preventing collusion attacks, the data are divided into two, with one part stored on the blockchain network and the other part stored on the cloud. Our approach also achieves fine-grained access control.

Fengqun Wang,Jie Cui,Qingyang Zhang,Debiao He,Chengjie Gu,Hong Zhong

DOI: https://doi.org/10.1109/jiot.2023.3340567

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:In the Industrial Internet of Things (IIoT), data sharing is crucial for promoting the intelligent development of industrial production. To achieve effective data supervision, introducing blockchain into traditional cloud-based data-sharing frameworks has attracted widespread attention. However, existing blockchain-based data-sharing schemes still have issues with security and efficiency. Therefore, we propose a blockchain-enabled data-sharing scheme based on proxy re-encryption. First, the scheme considers both storage and access authentication, guaranteeing data sources’ trustworthiness and preventing data misuse. Second, the scheme uses an on-chain and off-chain cooperative storage mechanism, saving the storage resources of the blockchain. Third, the scheme supports data packing, which effectively improves data storage efficiency. The security analysis shows that our scheme satisfies the security requirements. Finally, we build a blockchain platform using the hyperledger fabric. The performance evaluation shows that our scheme is more advantageous regarding computational overhead than other related schemes.

Lu Yan,Haozhe Qin,Kexin Yang,Heye Xie,Xu An Wang,Shuanggen Liu

DOI: https://doi.org/10.3390/electronics13030534

IF: 2.9

2024-01-29

Electronics

Abstract:The popularity of secure cloud data sharing is on the rise, but it also comes with significant concerns about privacy violations and data tampering. While existing Proxy Re-Encryption (PRE) schemes effectively protect data in the cloud, challenges persist with certificate administration and key escrow. Moreover, the increasing number of users and prevalence of lightweight devices demand functional and cost-effective solutions. To address these issues, this paper presents a novel Pairing-free Certificate-Based Proxy Re-Encryption Plus scheme that leverages elliptic curve groups for improved effectiveness and performance. This scheme successfully resolves challenges related to certificate management and key escrow in traditional PRE schemes, while also introducing non-transferable and message-level fine-grained control characteristics. These enhancements bolster data security during sharing and minimize the risk of malicious information leakage. Our proposed scheme's correctness, security, and effectiveness are rigorously verified and analyzed. The results demonstrate that the scheme achieves the chosen ciphertext security in the random oracle model. Compared to current PRE schemes, our approach offers greater advantages, lower computational overhead, and enhanced suitability for practical cloud computing applications.

engineering, electrical & electronic,computer science, information systems,physics, applied

Zhiguang Qin,Shikun Wu,Hu Xiong

DOI: https://doi.org/10.1007/978-3-319-22047-5_17

2015-01-01

Abstract:Proxy re-encryption (PRE) has been considered as a promising candidate to secure data sharing in public cloud by enabling the cloud to transform the ciphertext to legitimate recipients on behalf of the data owner, and preserving data privacy from semi-trusted cloud. Certificateless proxy re-encryption (CL-PRE) not only eliminates the heavy public key certificate management in traditional public key infrastructure, but also solves the key escrow problem in the ID-based public key cryptography. By considering that the existing CL-PRE schemes either rely on expensive bilinear pairings or are proven secure under weak security models, we propose a strongly secure CL-PRE scheme without resorting to the bilinear pairing. The security of our scheme is proven to be secure against adaptive chosen ciphertext attack (IND-CCA) under a stronger security model in which the Type I adversary is allowed to replace the public key associated with the challenge identity. Furthermore, the simulation results demonstrate that our scheme is practical for cloud based data sharing in terms of communication overhead and computation cost for data owner, the cloud and data recipient.

Yilei Wang,Dongjie Yan,Fagen Li,Hu Xiong

2017-01-01

Abstract:Proxy re-encryption (PRE) enables a semi-trusted proxy to delegate the decryption right by re-encrypting the ciphertext under the delegator’s public key to an encryption under the public key of delegatee. Fueled by the translation ability, PRE is regarded as a promising candidate to secure data sharing in a cloud environment. However, the security of the PRE will be totally destroyed in case the secret key of the delegator or the delegatee has been exposed. Despite the key exposure seems inevitable, the PRE scheme with resistance against secret key leakage has never been presented before. To deal with this intractable problem, we propose a key-insulated proxy reencryption (KIPRE) scheme by incorporating the mechanisms of PRE and key-insulated cryptosystem. In the proposed scheme, the lifetime of the secret key associated with the user, i.e., the delegator or the delegatee, has been divided into several periods. In each time period, the user can interact with his/her physically-secure but computation-limited helper to update his/her temporary secret key. On the contrary, the public keys of the users remained unchanged during the whole lifetime of the system. We then apply our KIPRE scheme to construct a practical solution to the problem of sharing sensitive information in public clouds with resilience to the key exposure. The performance evaluation and the security analysis demonstrate that our scheme is efficient and practical.

Yifeng Yin,Wanyi Zhou,Zhaobo Wang,Yong Gan,Yanhua Zhang

DOI: https://doi.org/10.14569/ijacsa.2023.0140339

IF: 0.9

2023-01-01

International Journal of Advanced Computer Science and Applications

Abstract:With the growth of Industrial Internet, various types of data show explosive growth. Data is being moved from the cloud to the edge for computing more frequently and edge computing becomes an important factor affecting the deep application of Industrial Internet platforms. However, the security issue of data transmission sharing is not addressed. Therefore, this paper proposes a security scheme based on timed-release, multi-dimensional virtual permutation, and proxy re-encryption(PRE), to protect the confidentiality of the data during the transmitter; symmetric cryptography is employed to encrypt the transmission data. At the same time, a time server is used, making it impossible for data receivers to get the information about the data before the specified time arrives, it solves the application scenario of data transmission and sharing with timed-release requirements and the efficiency of a large number of data is solved, and the security of data is improved. Finally, the security of the scheme was proved theoretically. Compared to existing PRE schemes, this scheme adds timed-release controlled access, has resistance to ciphertext attacks and end-to-end security features, and uses fewer bilinear pair operations in the algorithm. The performance was tested experimentally and the results show that the scheme improves efficiency while ensuring security and has significant advantages in terms of data security and private data protection.

Nabeil Eltayieb,Rashad Elhabob,Abdeldime M. S. Abdelgader,Yongjian Liao,Fagen Li,Shijie Zhou

DOI: https://doi.org/10.1016/j.future.2024.08.002

IF: 7.307

2024-01-01

Future Generation Computer Systems

Abstract:Cloud computing has enabled data-sharing to be more convenient than ever before. However, data security is a major concern that prevents cloud computing from being widely adopted. A potential solution to secure data-sharing in cloud computing is proxy re-encryption (PRE), which allows a proxy to transform encrypted data from one key to another without accessing the plaintext. When using PRE, various challenges arise, including the leak of information by a trusted third party, collusion attacks, and issues associated with revocation. To overcome these challenges, this paper proposes a novel Certificateless Proxy Reencryption with Cryptographic Reverse Firewall for Secure Cloud Data Sharing (CLPRE-CRF). The new scheme enables secure distribution of encrypted data from a data owner to users through public clouds. Meanwhile, the CLPRE-CRF scheme can resist exfiltration of secret information and forgery of ciphertext in case the scheme is compromised. In addition, the scheme provides a flexible revocation mechanism to prevent unauthorized access to private data. The security analysis demonstrates that the CLPRE-CRF resists chosen-plaintext attacks and collusion attacks. Moreover, performance evaluation indicates that our scheme achieves a 14% and 22% reduction in computation costs during the encryption and decryption algorithms, respectively. Therefore, the proposed CLPRE-CRF scheme is well-suited for cloud computing environments.

Haipeng Sun,Yu‐an Tan,Liang Zhu,Qikun Zhang,Yuanzhang Li,Shangbo Wu

DOI: https://doi.org/10.1002/int.22784

IF: 8.993

2021-12-20

International Journal of Intelligent Systems

Abstract:Secure data‐sharing technology is a bridge for various collaborative operations among intelligent terminals in the edge‐cloud collaborative application scenario. For the shared data involves different levels of confidentiality, intelligent terminals for collaborative operations may be distributed in multiple management domains, and the private information of intelligent terminals is easy to be leaked in edge‐cloud collaboration scenarios, the security of data sharing is severely threatened. To solve these problems, this paper proposed a fine‐grained and traceable multidomain secure data‐sharing model for intelligent terminals. In this model, a key self‐certification algorithm is proposed, which avoids potential security threats of key leakage during the key distribution process. The model combines attribute encryption and threshold function to achieve more fine‐grained and more flexible secure data sharing; it uses blockchain technology to achieve integrity verification of stored data and traceability of shared data, and it combines on‐chain and off‐chain databases to achieve rapid retrieval and positioning of shared data distributed among multiple domains, which improves the efficiency of data sharing among domains. The security of the model proposed by us is proved, and compared with the cited literature, it is shown that the proposed model has certain advantages in terms of computational complexity and time consumption.

computer science, artificial intelligence

Nabeil Eltayieb,Liang Sun,Ke Wang,Fagen Li

DOI: https://doi.org/10.1007/978-981-15-0818-9_19

2019-01-01

Abstract:Cloud computing is a powerful technology because it provides users with attractive online files sharing services. However, security and privacy are significant challenges since the cloud cannot be fully trusted due the traditional centralized management system. This paper proposes a certificateless proxy re-encryption as an efficient mechanism to secure access over outsourced data. The proposed scheme relies on blockchain technology for decentralized security administration and data protection. Besides, the scheme achieves data confidentiality and efficient revocation mechanism. Moreover, the security analysis proves the confidentiality and integrity of the data stored in the cloud server. Finally, we evaluate the performance of the proposed scheme.

Keping Yu,Liang Tan,Caixia Yang,Kim-Kwang Raymond Choo,Ali Kashif Bashir,Joel J. P. C. Rodrigues,Takuro Sato

DOI: https://doi.org/10.1109/jiot.2021.3125190

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:The Industrial Internet of Things (IIoT), a typical Internet of Things (IoT) application, integrates the global industrial system with other advanced computing, analysis, and sensing technologies through Internet connectivity. Due to the limited storage and computing capacity of edge and IIoT devices, data sensed and collected by these devices are usually stored in the cloud. Encryption is commonly used to ensure privacy and confidentiality of IIoT data. However, the key used for data encryption and decryption is usually directly stored and managed by users or third-party organizations, which has security and privacy implications. To address this potential security and privacy risk, we propose a Shamir threshold cryptography scheme for IIoT data protection using blockchain: STCChain. Specifically, in our solution, the edge gateway uses a symmetric key to encrypt the data uploaded by the IoT device and stores it in the cloud. The symmetric key is protected by a private key generated by the edge gateway. To prevent the loss of the private key and privacy leakage, we use a Shamir secret sharing algorithm to divide the private key, encrypt it, and publish it on the blockchain. We implement a prototype of STCChain using Xuperchain, and the results show that STCChain can effectively prevent attackers from stealing data as well as ensuring the security of the encryption key.

computer science, information systems,telecommunications,engineering, electrical & electronic

Hu Xiong,Yi Wang,Wenchao Li,Chien-Ming Chen

DOI: https://doi.org/10.1145/3318212

2019-01-01

ACM Transactions on Management Information Systems

Abstract:The convenience of the cloud-assisted Internet of Things has led to the need for improved protections for the large volumes of data collected from devices around the world and stored on cloud-based servers. Proxy re-encryption (PRE) has been presented as a suitable mechanism for secure transmission and sharing of files within the cloud. However, existing PRE schemes do not support unidirectional data transformation, fine-grained controls, multiple hops, and identity-based encryption simultaneously. To solve these problems, we propose a unidirectional multi-hop identity based-conditional PRE scheme that meets all of the above requirements. Our proposal has the additional benefits of a constant ciphertext size, non-interactivity, and collusion resistance. We also prove that our scheme is secure against adaptive identity chosen-ciphertext attacks in the standard model.

Wenchao Li,Chunhe Xia,Chen Wang,Tianbo Wang

DOI: https://doi.org/10.1109/tits.2022.3174716

IF: 8.5

2022-01-01

IEEE Transactions on Intelligent Transportation Systems

Abstract:With the continuous development of the Internet of Vehicles (IoV), the cloud-assisted IoV is becoming an emerging and attractive paradigm, in which a growing number of IoV users use the cloud server to store the data collected from their smart devices, thereby relieving local costs to a great extent. In this case, considering that the third-party cloud as a commercial mechanism cannot guarantee data security, users choose to encrypt their own data before uploading it to the cloud server. Although the privacy and confidentiality of the uploaded data can be protected, the encryption method hinders data search due to its inherent “decrypt all-or-nothing” feature. To achieve encryption and data search on privacy-preserving data, many existing works of literature design various public key encryption with keyword search schemes that, however, suffers the disadvantage that they can work only between ciphertext encrypted under the same public key, which means that it is not suitable for some computations on cloud. Furthermore, most schemes also have failed to find out how to delegate the searched data securely and efficiently when the data owner is not convenient to address the data. Therefore, this study tends to test the equivalence between messages encrypted under different public keys for basic secure computation and delegating the right of decrypting searched data to the specified user. Then, a lightweight proxy re-encryption scheme with the equality test and temporary delegation (PRE-ET-TD) was put forward for the cloud-assisted IoV. Besides, the proposed scheme is collusion-resistant and proven secure against chosen ciphertext attack (CCA) in the random oracle model. Meanwhile, the experimental simulation indicates that the presented PRE-ET-TD is feasible and efficient.

Yuling Huang,Chuang Ma,Guangxia Xu

DOI: https://doi.org/10.1109/CloudNet59005.2023.10490083

2023-11-01

Abstract:With the rapid development of the internet economy, blockchain has emerged as one of the leading methods for data sharing. However, due to the high value and sensitivity of data assets, electronic data sharing faces challenges such as access control and privacy leakage. Traditional encryption schemes based on attributes have been ineffective in addressing these problems and still suffer from security vulnerabilities. In this paper, we propose a decentralized data sharing framework that combines keyword-searchable attributes encryption with proxy re-encryption using blockchain technology and Interplanetary File Systems. This framework offers high flexibility and efficiency by addressing the issues of a single point of failure and privacy leaks. We provide comprehensive and rigorous proofs of security and efficiency for our scheme, considering security proof and storage overhead. The simulation results demonstrate that our scheme satisfies the requirements for ciphertext and keyword security and is capable of resisting collusive attacks. Furthermore, our proposed scheme exhibits higher computational efficiency and better feasibility compared to existing schemes.

Computer Science

Weiming Tong,Luyao Yang,Zhongwei Li,Xianji Jin,Liguo Tan

DOI: https://doi.org/10.3390/s24031035

IF: 3.9

2024-02-06

Sensors

Abstract:To address the complexities, inflexibility, and security concerns in traditional data sharing models of the Industrial Internet of Things (IIoT), we propose a blockchain-based data sharing and privacy protection (BBDSPP) scheme for IIoT. Initially, we characterize and assign values to attributes, and employ a weighted threshold secret sharing scheme to refine the data sharing approach. This enables flexible combinations of permissions, ensuring the adaptability of data sharing. Subsequently, based on non-interactive zero-knowledge proof technology, we design a lightweight identity proof protocol using attribute values. This protocol pre-verifies the identity of data accessors, ensuring that only legitimate terminal members can access data within the system, while also protecting the privacy of the members. Finally, we utilize the InterPlanetary File System (IPFS) to store encrypted shared resources, effectively addressing the issue of low storage efficiency in traditional blockchain systems. Theoretical analysis and testing of the computational overhead of our scheme demonstrate that, while ensuring performance, our scheme has the smallest total computational load compared to the other five schemes. Experimental results indicate that our scheme effectively addresses the shortcomings of existing solutions in areas such as identity authentication, privacy protection, and flexible combination of permissions, demonstrating a good performance and strong feasibility.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Qingyang Zhang,Yujie Fu,Jie Cui,Debiao He,Hong Zhong

DOI: https://doi.org/10.1109/TDSC.2024.3386690

2024-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:With the development of the industrial Internet of Things (IIoT), the amount of data generated by industrial manufacturing equipment will increase. To reduce the cost of data management while achieving secure data sharing, data owners generally upload the resulting ciphertexts to a cloud server after encrypting their data. Attribute-based encryption (ABE) is a valuable technology that implements fine-grained access control over shared information; however, its computational complexity is not suitable for resource-constrained IIoT devices, making it difficult to apply directly to an IIoT environment. To address this problem, we design a fine-grained data sharing scheme based on proxy re-encryption in IIoT. In the proposed scheme, data files are encrypted through an identity-based encryption and a data owner can authorize a semi-trusted proxy server to transform the ciphertext into an ABE ciphertext. This realizes fine-grained access control and decreases a data owner's computational cost in data sharing. In addition, the computational burden is outsourced to a cloud server, and users only need to perform simple computing operations. A formal security proof indicates the proposed scheme's selective chosen-plaintext attack security. Theoretical and experimental analyses illustrate that our construction is more efficient than previous schemes.

Libo Feng,Junyu Lin,Fei Qiu,Bei Yu,Zhihua Jin,Jinli Wang,Jing Cheng,Shaowen Yao

DOI: https://doi.org/10.1109/tnsm.2024.3371521

2024-01-01

IEEE Transactions on Network and Service Management

Abstract:Industrial big data has experienced from data silos due to its high potential value and strong security requirements, making it difficult to share securely across domains. Blockchain-based solutions allow nodes to establish access control to trusted data on unreliable or trustless networks, but still face issues such as inefficient data sharing and leakage of sensitive information. In this paper, we propose a blockchain-based access control scheme for privacy security and dynamic regulation. First, ciphertext policy attribute-based encryption (CP-ABE) is developed to gain fine-grained access to node resources, with verifiable outsourcing decryption method to significantly reduce computational pressure on end users. Second, a policy hiding method based on multi-chain architecture is proposed, which performs double hiding of attribute information and access policy information on the blockchain. Finally, a supervisory policy that incorporates dynamic trust assessment and smart contracts is proposed to achieve effective detection and hierarchical classification punishment of malicious behavior. Security analysis and experimental results show that our scheme can limit the complexity of terminal decryption at a constant level and effectively achieve secure and efficient access control in the industrial Internet environment.

computer science, information systems

Jia Kan,Jie Zhang,Dawei Liu,Xin Huang

DOI: https://doi.org/10.3390/app12094260

2022-01-01

Applied Sciences

Abstract:Storage is a promising application for permission-less blockchains. Before blockchain, cloud storage was hosted by a trusted service provider. The centralized system controls the permission of the data access. In web3, users own their data. Data must be encrypted in a permission-less decentralized storage network, and the permission control should be pure cryptographic. Proxy re-encryption (PRE) is ideal for cryptographic access control, which allows a proxy to transfer Alice’s ciphertext to Bob with Alice’s authorization. The encrypted data are stored in several copies for redundancy in a permission-less decentralized storage network. The redundancy suffers from the outsourcing attack. The malicious resource provider may fetch the content from others and respond to the verifiers. This harms data integrity security. Thus, proof-of-replication (PoRep) must be applied to convince the user that the storage provider is using dedicated storage. PoRep is an expensive operation that encodes the original content into a replication. Existing PRE schemes cannot satisfy PoRep, as the cryptographic permission granting generates an extra ciphertext. A new ciphertext would result in several expensive replication operations. We searched most of the PRE schemes for the combination of the cryptographic methods to avoid transforming the ciphertext. Therefore, we propose a new PRE scheme. The proposed scheme does not require the proxy to transfer the ciphertext into a new one. It reduces the computation and operation time when allowing a new user to access a file. Furthermore, the PRE scheme is CCA (chosen-ciphertext attack) security and only needs one key pair.

Xi Chen,Yun Liu,Yong Li,Changlu Lin

DOI: https://doi.org/10.1007/978-3-030-00015-8_2

2018-01-01

Abstract:Since the proxy re-encryption has the limitation of distributed applications and the security risk of collusion attacks in semi-trusted distributed environments (e.g. cloud computing), the novel definition of threshold proxy re-encryption is proposed based on secret sharing and proxy re-encryption. According to the definition, the threshold proxy re-encryption scheme can be flexibly created with the standard cryptographic prototype. An efficient, secure, and implementable unidirectional threshold proxy re-encryption scheme is constructed by the combination of Shamir's secret sharing, and is proved secure by using the intractability of discrete logarithms. This paper presents a consortium blockchain access permission scheme, which is built on the threshold proxy re-encryption scheme. When a new node joins a consortium blockchain, an access permission is achieved by the agreement on other existing nodes, instead of a centralized CA.