Functional Encryption for Pattern Matching with a Hidden String

We propose a new functional encryption for pattern matching scheme with a hidden string. In functional encryption for pattern matching (FEPM), access to a message is controlled by its description and a private key that is used to evaluate the description for decryption. In particular, the description with which the ciphertext is associated is an arbitrary string w and the ciphertext can only be decrypted if its description matches the predicate of a private key which is also a string. Therefore, it provides fine-grained access control through pattern matching alone. Unlike related schemes in the literature, our scheme hides the description that the ciphertext is associated with. In many practical scenarios, the description of the ciphertext cannot be public information as an attacker may abuse the message description to identify the data owner or classify the target ciphertext before decrypting it. Moreover, some data owners may not agree to reveal any ciphertext information since it simply gives greater advantage to the adversary. In this paper, we introduce the first FEPM scheme with a hidden string, such that the adversary cannot get any information about the ciphertext from its description. The security of our scheme is formally analyzed. The proposed scheme provides both confidentiality and anonymity while maintaining its expressiveness. We prove these security properties under the interactive general Diffie–Hellman assumption (i-GDH) and a static assumption introduced in this paper.

Download Full-text

Controlled Functional Encryption Revisited: Multi-Authority Extensions and Efficient Schemes for Quadratic Functions

Proceedings on Privacy Enhancing Technologies ◽

10.2478/popets-2021-0003 ◽

2021 ◽

Vol 2021 (1) ◽

pp. 21-42

Author(s):

Miguel Ambrona ◽

Dario Fiore ◽

Claudio Soriente

Keyword(s):

Homomorphic Encryption ◽

Linear Functions ◽

Quadratic Functions ◽

Functional Encryption ◽

Fine Grained ◽

Multiple Data ◽

Garbled Circuits ◽

Private Data ◽

Data Owner ◽

Single Data

AbstractIn a Functional Encryption scheme (FE), a trusted authority enables designated parties to compute specific functions over encrypted data. As such, FE promises to break the tension between industrial interest in the potential of data mining and user concerns around the use of private data. FE allows the authority to decide who can compute and what can be computed, but it does not allow the authority to control which ciphertexts can be mined. This issue was recently addressed by Naveed et al., that introduced so-called Controlled Functional encryption (or C-FE), a cryptographic framework that extends FE and allows the authority to exert fine-grained control on the ciphertexts being mined. In this work we extend C-FE in several directions. First, we distribute the role of (and the trust in) the authority across several parties by defining multi-authority C-FE (or mCFE). Next, we provide an efficient instantiation that enables computation of quadratic functions on inputs provided by multiple data-owners, whereas previous work only provides an instantiation for linear functions over data supplied by a single data-owner and resorts to garbled circuits for more complex functions. Our scheme leverages CCA2 encryption and linearly-homomorphic encryption. We also implement a prototype and use it to showcase the potential of our instantiation.

Download Full-text

An Attribute-Based Searchable Encryption Scheme for Non-Monotonic Access Structure

Handbook of Research on Intrusion Detection Systems - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-7998-2242-4.ch013 ◽

2020 ◽

pp. 263-283 ◽

Cited By ~ 1

Author(s):

Mamta ◽

Brij B. Gupta

Keyword(s):

Access Control ◽

Searchable Encryption ◽

Access Structure ◽

Encryption Scheme ◽

Security Model ◽

Secret Key ◽

Fine Grained ◽

Diffie Hellman ◽

Attribute Based Encryption ◽

Encryption Schemes

Attribute based encryption (ABE) is a widely used technique with tremendous application in cloud computing because it provides fine-grained access control capability. Owing to this property, it is emerging as a popular technique in the area of searchable encryption where the fine-grained access control is used to determine the search capabilities of a user. But, in the searchable encryption schemes developed using ABE it is assumed that the access structure is monotonic which contains AND, OR and threshold gates. Many ABE schemes have been developed for non-monotonic access structure which supports NOT gate, but this is the first attempt to develop a searchable encryption scheme for the same. The proposed scheme results in fast search and generates secret key and search token of constant size and also the ciphertext components are quite fewer than the number of attributes involved. The proposed scheme is proven secure against chosen keyword attack (CKA) in selective security model under Decisional Bilinear Diffie-Hellman (DBDH) assumption.

Download Full-text

Multiple Access Control Struction for Cloud with Ciphertext

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.556-562.5888 ◽

2014 ◽

Vol 556-562 ◽

pp. 5888-5892

Author(s):

An Ping Xiong ◽

Xin Xin He

Keyword(s):

Access Control ◽

General Scheme ◽

Computational Cost ◽

Cloud Service ◽

Fine Grained ◽

Access Control Policies ◽

Attribute Based Encryption ◽

Data Owner ◽

Multiple Threshold ◽

Heavy Work

The attribute-based encryption scheme of cloud storage application environment helps achieve a flexible access control and confidentiality of the data. However, at present efficient and fine-grained access control can not be achieved. This is caused by the heavy re-encryption workload of data owner while attribute revocation. Besides, there is no solution to revoke user directly. By introducing key segmentation and proxy re-encryption technology to encrypt the part of the heavy work to the cloud service provider to perform, the new scheme greatly reduces the computational cost of data owner. In addition, a special attribute which the data owner controls independently is added to construct different attribute domains of CP-ABE so that the data owner can completely control of the user permissions. The new scheme not only can support multiple threshold fine access control policies, but also can achieve cancellation directly to the user as well as to the user attribute. Experimental results show that the new scheme is superior to the general scheme, achieve highly efficient, fine, and flexible access control.

Download Full-text

A survey on functional encryption

Advances in Mathematics of Communications ◽

10.3934/amc.2021049 ◽

2021 ◽

Vol 0 (0) ◽

pp. 0

Author(s):

Carla Mascia ◽

Massimiliano Sala ◽

Irene Villa

Keyword(s):

Access Control ◽

Public Key ◽

Public Key Encryption ◽

Functional Encryption ◽

Encrypted Data ◽

Fine Grained

<p style='text-indent:20px;'>Functional Encryption (FE) expands traditional public-key encryption in two different ways: it supports fine-grained access control and allows learning a function of the encrypted data. In this paper, we review all FE classes, describing their functionalities and main characteristics. In particular, we mention several schemes for each class, providing their security assumptions and comparing their properties. To our knowledge, this is the first survey that encompasses the entire FE family.</p>

Download Full-text

Research on Access Control Based on CP-ABE Algorithm and Cloud Computing

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.513-517.2273 ◽

2014 ◽

Vol 513-517 ◽

pp. 2273-2276

Author(s):

Shao Min Zhang ◽

Jun Ran ◽

Bao Yi Wang

Keyword(s):

Cloud Computing ◽

Access Control ◽

Control Policy ◽

Massive Data ◽

Access Control Policy ◽

Fine Grained ◽

Network Bandwidth ◽

Private Key ◽

Attribute Based Encryption ◽

Ciphertext Policy

Ciphertext-Policy Attribute-based encryption (CP-ABE) mechanism is an extension of attribute-based encryption which associates the ciphertext and user's private key with the attribute by taking the attribute as a public key. It makes the representation of the access control policy more flexible, thus greatly reduces the network bandwidth and processing overhead of sending node brought by fine-grained access control of data sharing. According to the principle of CP-ABE encryption mechanism for this mechanism, an improved cloud computing-based encryption algorithm was proposed in this paper to overcome the deficiencies of permission changing process under the massive data. Experimental results show that compared with traditional methods, the new mechanism significantly reduces time-consuming.

Download Full-text

A Novel File Hierarchy Access Control Scheme Using Attribute-Based Encryption

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.701-702.911 ◽

2014 ◽

Vol 701-702 ◽

pp. 911-918 ◽

Cited By ~ 1

Author(s):

Shu Lan Wang ◽

Jian Ping Yu ◽

Peng Zhang ◽

Ping Wang

Keyword(s):

Access Control ◽

Data Privacy ◽

Access Structure ◽

Secret Key ◽

Chosen Plaintext Attack ◽

Fine Grained ◽

Access Structures ◽

Diffie Hellman ◽

Attribute Based Encryption ◽

Control Scheme

Attribute-based encryption (ABE) can keep data privacy and realize fine-grained access control. However, the notion of file hierarchy hasn't been presented until now. The problem, the multiple hierarchical files to be shared only using once encryption scheme, cannot be effectively solved. Based on the access structure layered model, a novel access control scheme about file hierarchy is proposed by using ABE to solve the problem. The proposed scheme will not only decrease the number of access structures to one, but also only require a secret key to decrypt all the authorization files. It is proved to be secure against the chosen-plaintext attack (CPA) under the decision bilinear Diffie-Hellman (DBDH) assumption. In addition, the performance analysis results indicate that the proposed scheme is efficient and practical when a large number of hierarchical files are shared.

Download Full-text

A Novel Hierarchical Key Assignment Scheme for Data Access Control in IoT

Security and Communication Networks ◽

10.1155/2021/6174506 ◽

2021 ◽

Vol 2021 ◽

pp. 1-12

Author(s):

Xiaoyu Li ◽

Min Ye ◽

Jiahui Chen ◽

Jianhui Chen ◽

Yeh-Cheng Chen

Keyword(s):

Internet Of Things ◽

Access Control ◽

Single Point ◽

Data Access ◽

Key Distribution ◽

Data Access Control ◽

Diffie Hellman ◽

Data Owner ◽

Multilinear Map ◽

Assignment Scheme

Hierarchical key assignment scheme is an efficient cryptographic method for hierarchical access control, in which the encryption keys of lower classes can be derived by the higher classes. Such a property is an effective way to ensure the access control security of Internet of Things data markets. However, many researchers on this field cannot avoid potential single point of failure in key distribution, and some key assignment schemes are insecure against collusive attack or sibling attack or collaborative attack. In this paper, we propose a hierarchical key assignment scheme based on multilinear map to solve the multigroup access control in Internet of Things data markets. Compared with previous hierarchical key assignment schemes, our scheme can avoid potential single point of failure in key distribution. Also the central authority of our scheme (corresponding to the data owner in IoT data markets) does not need to assign the corresponding encryption keys to each user directly, and users in each class can obtain the encryption key via only a one-round key agreement protocol. We then show that our scheme satisfies the security of key indistinguishability under decisional multilinear Diffie-Hellman assumption. Finally, comparisons show the efficiency of our scheme and indicates that our proposed scheme can not only resist the potential attacks, but also guarantee the forward and backward security.

Download Full-text

BSSPD: A Blockchain-Based Security Sharing Scheme for Personal Data with Fine-Grained Access Control

Wireless Communications and Mobile Computing ◽

10.1155/2021/6658920 ◽

2021 ◽

Vol 2021 ◽

pp. 1-20

Author(s):

Hongmin Gao ◽

Zhaofeng Ma ◽

Shoushan Luo ◽

Yanping Xu ◽

Zheng Wu

Keyword(s):

Access Control ◽

Data Sharing ◽

Personal Data ◽

Security And Privacy ◽

Access Policy ◽

Fine Grained ◽

Sharing Scheme ◽

Data Owner ◽

Data User ◽

Cloud Server

Privacy protection and open sharing are the core of data governance in the AI-driven era. A common data-sharing management platform is indispensable in the existing data-sharing solutions, and users upload their data to the cloud server for storage and dissemination. However, from the moment users upload the data to the server, they will lose absolute ownership of their data, and security and privacy will become a critical issue. Although data encryption and access control are considered up-and-coming technologies in protecting personal data security on the cloud server, they alleviate this problem to a certain extent. However, it still depends too much on a third-party organization’s credibility, the Cloud Service Provider (CSP). In this paper, we combined blockchain, ciphertext-policy attribute-based encryption (CP-ABE), and InterPlanetary File System (IPFS) to address this problem to propose a blockchain-based security sharing scheme for personal data named BSSPD. In this user-centric scheme, the data owner encrypts the sharing data and stores it on IPFS, which maximizes the scheme’s decentralization. The address and the decryption key of the shared data will be encrypted with CP-ABE according to the specific access policy, and the data owner uses blockchain to publish his data-related information and distribute keys for data users. Only the data user whose attributes meet the access policy can download and decrypt the data. The data owner has fine-grained access control over his data, and BSSPD supports an attribute-level revocation of a specific data user without affecting others. To further protect the data user’s privacy, the ciphertext keyword search is used when retrieving data. We analyzed the security of the BBSPD and simulated our scheme on the EOS blockchain, which proved that our scheme is feasible. Meanwhile, we provided a thorough analysis of the storage and computing overhead, which proved that BSSPD has a good performance.

Download Full-text

An IBE-Based Authenticated Key Transfer Protocol on Elliptic Curves

Encyclopedia of Criminal Activities and the Deep Web ◽

10.4018/978-1-5225-9715-5.ch076 ◽

2020 ◽

pp. 1112-1122

Author(s):

Daya Sagar Gupta

Keyword(s):

Elliptic Curve ◽

Computational Cost ◽

Session Key ◽

Private Key ◽

Diffie Hellman ◽

Security Properties ◽

Hard Problems ◽

Identity Based ◽

Symmetric Key ◽

Transfer Protocol

The key exchanged using key transfer protocols is generally used for symmetric key encryption where this key is known as private key and used for both encryption as well as decryption. As we all know, many key transfer protocols including basic Diffie-Hellman protocol are proposed in the literature. However, many of these key transfer protocols either are proven insecure or had a burden of communication and computational cost. Therefore, a more secure and efficient key transfer protocol is needed. In this article, the author proposes an authenticated key transfer protocol that securely and efficiently negotiates a common session key between two end users. He calls this protocol as IBE-TP-AKE. This proposal is based on the elliptic-curve cryptography (ECC) and uses the idea of identity-based encryption (IBE) with pairing. The security of the proposed work is based on the hard problems of elliptic curve and their pairing. Further, the author has shown the security of his proposed protocol and proved it using the security properties discussed later.

Download Full-text

A Secured Proxy-Based Data Sharing Module in IoT Environments Using Blockchain

Sensors ◽

10.3390/s19051235 ◽

2019 ◽

Vol 19 (5) ◽

pp. 1235 ◽

Cited By ~ 9

Author(s):

Kwame Obour Agyekum ◽

Qi Xia ◽

Emmanuel Sifah ◽

Jianbin Gao ◽

Hu Xia ◽

...

Keyword(s):

Access Control ◽

Data Sharing ◽

Security And Privacy ◽

Inner Product ◽

Data Confidentiality ◽

Collusion Attacks ◽

Fine Grained ◽

Computing Paradigm ◽

Attribute Based Encryption ◽

Data Owner

Access and utilization of data are central to the cloud computing paradigm. With the advent of the Internet of Things (IoT), the tendency of data sharing on the cloud has seen enormous growth. With data sharing comes numerous security and privacy issues. In the process of ensuring data confidentiality and fine-grained access control to data in the cloud, several studies have proposed Attribute-Based Encryption (ABE) schemes, with Key Policy-ABE (KP-ABE) being the prominent one. Recent works have however suggested that the confidentiality of data is violated through collusion attacks between a revoked user and the cloud server. We present a secured and efficient Proxy Re-Encryption (PRE) scheme that incorporates an Inner-Product Encryption (IPE) scheme in which decryption of data is possible if the inner product of the private key, associated with a set of attributes specified by the data owner, and the associated ciphertext is equal to zero 0 . We utilize a blockchain network whose processing node acts as the proxy server and performs re-encryption on the data. In ensuring data confidentiality and preventing collusion attacks, the data are divided into two, with one part stored on the blockchain network and the other part stored on the cloud. Our approach also achieves fine-grained access control.

Download Full-text