Attribute-based Signcryption Scheme Research Articles

SLIM: A Secure and Lightweight Multi-Authority Attribute-Based Signcryption Scheme for IoT

SLIM: A Secure and Lightweight Multi-Authority Attribute-Based Signcryption Scheme for IoT

A lightweight attribute-based signcryption scheme based on cloud-fog assisted in smart healthcare.

In the environment of big data of the Internet of Things, smart healthcare is developed in combination with cloud computing. However, with the generation of massive data in smart healthcare systems and the need for real-time data processing, traditional cloud computing is no longer suitable for resources-constrained devices in the Internet of Things. In order to address this issue, we combine the advantages of fog computing and propose a cloud-fog assisted attribute-based signcryption for smart healthcare. In the constructed "cloud-fog-terminal" three-layer model, before the patient (data owner)signcryption, it first offloads some heavy computation burden to fog nodes and the doctor (data user) also outsources some complicated operations to fog nodes before unsigncryption by providing a blinded private key, which greatly reduces the calculation overhead of resource-constrained devices of patient and doctor, improves the calculation efficiency. Thus it implements a lightweight signcryption algorithm. Security analysis confirms that the proposed scheme achieves indistinguishability under chosen ciphertext attack and existential unforgeability under chosen message attack if the computational bilinear Diffie-Hellman problem and the decisional bilinear Diffie-Hellman problem holds. Furthermore, performance analysis demonstrates that our new scheme has less computational overhead for both doctors and patients, so it offers higher computational efficiency and is well-suited for application scenarios of smart healthcare.

A Fully Outsourced Attribute-Based Signcryption Scheme Supporting Privacy-Preserving Policy Update in Mobile Cloud Computing

A Fully Outsourced Attribute-Based Signcryption Scheme Supporting Privacy-Preserving Policy Update in Mobile Cloud Computing

Comments on “A blockchain-based attribute-based signcryption scheme to secure data sharing in the cloud”

Secure data sharing deserves special attention in cloud computing since the operating environment is semi-trusted. Recently, Eltayieb et al. proposed a blockchain-based attribute-based signcryption scheme to secure data sharing in the cloud (Journal of Systems Architecture, doi: https://doi.org/10.1016/j.sysarc.2019.101653). However, after carefully revisiting this scheme, we found out that Eltayieb et al.’s scheme is not secure against confidentiality attack. Thus, the data confidentiality of this scheme is broken, and any data user can have unauthorized access control on outsourced data.

Personal health records sharing scheme based on attribute based signcryption with data integrity verifiable

The distribution of personal health records (PHRs) via a cloud server is a promising platform as it reduces the cost of data maintenance. Nevertheless, the cloud server is semi-trusted and can expose the patients’ PHRs to unauthorized third parties for financial gains or compromise the query result. Therefore, ensuring the integrity of the query results and privacy of PHRs as well as realizing fine-grained access control are critical key issues when PHRs are shared via cloud computing. Hence, we propose new personal health records sharing scheme with verifiable data integrity based on B+ tree data structure and attribute-based signcryption scheme to achieve data privacy, query result integrity, unforgeability, blind keyword search, and fine-grained access control.

Efficient single round attribute-based authenticated key exchange protocol

ABSTRACT Attribute-Based Authenticated Key Exchange (ABAKE) protocols allow two or more users to establish a shared key and achieve mutual authentication over an insecure network, while providing fine-grained access control over transmitted data. The existing ABAKE protocols are very inefficient, requiring a large number (polynomial in the size of the access policies) of pairing and exponentiation operations. This presents a major hindrance in the real-world deployment of these protocols. In this work, we present a construction of ABAKE protocol where the number of pairing operations is constant (to be precise only 7) and the number of exponentiation operations is linear to the number of clauses in the disjunctive normal form representing the general access policies. To this end, we construct an Attribute-Based Signcryption (ABSC) scheme with constant number of pairings, and use it as the main building block in our ABAKE construction. This also gives the first construction of ABSC schemes with constant number of pairings for general purpose access policies in the standard model. Another important and desirable feature of our ABAKE construction is that it is round-optimal, i.e. it is a single round protocol. We analyse the security of our ABAKE construction in the Attribute-Based extended Canetti-Krawzyck (ABeCK) model, and prove its security assuming the hardness of a variant of the Bilinear Diffie-Hellman Exponent problem in the random oracle model.

LH-ABSC: A Lightweight Hybrid Attribute-Based Signcryption Scheme for Cloud-Fog-Assisted IoT

One of the best ways to deal with the massive data generated by the Internet of Things (IoT) is storing them in the cloud. However, outsourced storage raises some security and privacy issues, such as data leaking and illegal access. The attribute-based signcryption (ABSC) is one of the most promising approaches which can ensure the confidentiality and authenticity of data simultaneously. Nonetheless, it not only inherits the fine-grained access control but also the heavy computational cost which is intolerable for most resource-limited IoT devices. In this article, we propose lightweight hybrid-policy ABSC (LH-ABSC), a lightweight ABSC scheme which adopts ciphertext-policy encryption (CPABE) and key-policy attribute-based signature (KPABS). Ciphertext-policy attribute-based signature leads the decision making that who can decrypt to the data owners directly. Meanwhile, the signature is related with data owners' attribute set which can be used to testify the authenticity of data. In particular, LH-ABSC has constant signature size and satisfies public verification which is deeply important for IoT devices. Moreover, LH-ABSC outsources most computing overhead to fog nodes, including signature, verify, and decryption. Comprehensive theoretical analyses, such as confidentiality, unforgeability, and verifiability, are provided. Also, the selective chosen ciphertext security, the selective chosen message security, and signers anonymity are achieved.

An attribute-based lightweight cloud data access control using hypergraph structure

Cloud file storage systems are the current trend of enterprises and also of individual users. Due to the malicious or unauthorized users, file sharing among the cloud users has become the biggest challenge in the recent times. Attribute-based signcryption (ABSC) is known as the versatile cryptographic primitive which achieves the fine-grained access control over robust cloud storage. ABSC combines attribute-based encryption (ABE) and attribute-based signatures to achieve privacy-oriented confidentiality along with the authenticity. Unfortunately, most of the present ABE and ABSC schemes leverage heavy computational overheads against the key length, the ciphertext size or the expressive access structures used. In this paper, a new ABSC scheme is devised to reduce computational overheads, more particularly, at cloud by introducing the more expressive hypergraph access structure, Attribute HyperGraph. On a positive note, the proposed system outperforms and shows less cloud computational timing without exponentiations unlike Deng et al. (IEEE Access 6:39473–39486, 2018. https://doi.org/10.1109/ACCESS.2018.2843778 ), Liu et al. (Future Gener Comput Syst 52:67–76, 2015. https://doi.org/10.1016/j.future.2014.10.014 ) and Li et al. (IEEE Trans Parallel Distrib Syst 25(8):2201–2210, 2014. https://doi.org/10.1109/TPDS.2013.271 ) schemes. Subsequently, the system does not incur any cryptographic computations associated with designcryption at cloud unlike Deng et al. (2018).

A Blockchain-Assisted Verifiable Outsourced Attribute-Based Signcryption Scheme for EHRs Sharing in the Cloud

The sharing of electronic health records (EHRs) has shown great advantages in the accurate treatment of patients and the development of medical institutions. However, it is easy to cause some security problems in the process of medical data sharing. Generally, after a patient's EHRs are generated by different medical institutions, they are outsourced to the cloud server (CS) by the authorized medical institutions for storage, which causes the patient to lose control of EHRs. Moreover, malicious medical institutions and semi-trusted cloud servers may collude to tamper with EHRs to seek benefits, which threatens the integrity of EHRs. Therefore, we propose a blockchain-assisted verifiable outsourced attribute-based signcryption scheme (BVOABSC) which realizes the secure sharing of EHRs in a multi-authority cloud storge environment. Firstly, we use the attribute-based signcryption algorithm to realize the confidentiality and unforgeability of the EHRs and protect the privacy of the signer. Secondly, it greatly reduces the computational burden of users by using verifiable outsourcing computation mechanism. Most of the designcryption calculation is performed by the cloud server, and the correctness of the generated partial designcryption ciphertext is verified by users. Furthermore, we use blockchain technology to protect outsourced EHRs from tampering by illegal users. Specifically, each operation on outsourced EHRs is stored as a transaction on the public blockchain, which ensures that EHRs cannot be modified. At the same time, the auditor can verify the integrity of the outsourced EHRs by checking the corresponding transactions. In addition, the smart contract created by the patient can solve the problems in cloud storage, such as tampering EHRs and returning incorrect results. Finally, security analysis and performance evaluation show that the proposed BVOABSC scheme satisfies stronger security and higher efficiency than similar schemes.

A blockchain-based attribute-based signcryption scheme to secure data sharing in the cloud

Abstract Traditional cloud data sharing schemes have relied on the architecture of the network and large storage providers. However, these storage providers work as trusted third parties to transfer and store data. This kind of cloud storage model has some weak points, such as data availability, centralized data storage, high operational cost, and security concern. In this paper, we combine the concept of blockchain with attribute-based signcryption to provide a secure data sharing in the cloud environment. The proposed scheme satisfies the security requirements of the cloud computing such as confidentiality and unforgeability. Further, the smart contract solves the problem of cloud storage such as returning wrong results as in the traditional cloud server. Finally, the performance comparisons and simulation results show that our proposed scheme is more efficient than others, and it is practical.

Attribute-Based Signcryption From Lattices in the Standard Model

For realizing the fine-grained access control with non-interactive approach, and effectively guaranteeing the comprehensive security for information under the post-quantum environment, this paper proposes an attribute-based signcryption (ABSC) scheme based on the intractability of lattices. The proposed ABSC scheme is proved indistinguishable against the inner adaptive-chosen ciphertext attacks (IND-CCA2) and existentially unforgeable against inner chosen-message attacks (EUF-CMA), in the standard model. The theoretical analysis presents that the public key size and the computational cost of the signcryption operation are both reduced obviously, compared with the signature and then encryption mechanism. An efficient variant is also presented that significantly decreases the computational complexity of unsigncryption operation at the expense of an increase in the ciphertext size.

Functional Signcryption

Functional encryption (FE) allows to restrict decryption in a highly sophisticated fashion, whereas, functional signature (FS) enables to enforce arbitrarily complex control on signing capabilities. This paper introduces a new cryptographic primitive, termed as functional signcryption (FSC), which unifies the functionalities of FE and FS into a cost-effective formulation. FSC is a crucial step towards efficient implementation of modern digital communication and storage systems that demand advanced forms of confidentiality and authenticity simultaneously. Precisely, we make the following contributions:−First, we present a formal definition of FSC and carefully formulate its security requirements.−Next, we provide a generic construction of FSC supporting signing and decryption functionalities realizable by general polynomial size circuits, based on fundamental cryptographic tools, namely, indistinguishability obfuscation (IO) for circuits and statistically simulation-sound non-interactive zero-knowledge proof of knowledge (SSS-NIZKPoK).−Finally, we exhibit a number of representative applications of this interesting cryptographic primitive:(i)We develop the first ever attribute-based signcryption (ABSC) scheme for arbitrary polynomial size circuits from FSC.(ii)We show how FSC can be utilized to build SSS-NIZKPoK systems and IO for general circuits. This result in conjunction with our FSC construction can be interpreted as establishing an equivalence between FSC and the other two important cryptographic primitives.

Secure Data Access Control for Fog Computing Based on Multi-Authority Attribute-Based Signcryption with Computation Outsourcing and Attribute Revocation.

Nowadays, fog computing provides computation, storage, and application services to end users in the Internet of Things. One of the major concerns in fog computing systems is how fine-grained access control can be imposed. As a logical combination of attribute-based encryption and attribute-based signature, Attribute-based Signcryption (ABSC) can provide confidentiality and anonymous authentication for sensitive data and is more efficient than traditional “encrypt-then-sign” or “sign-then-encrypt” strategy. Thus, ABSC is suitable for fine-grained access control in a semi-trusted cloud environment and is gaining more and more attention recently. However, in many existing ABSC systems, the computation cost required for the end users in signcryption and designcryption is linear with the complexity of signing and encryption access policy. Moreover, only a single authority that is responsible for attribute management and key generation exists in the previous proposed ABSC schemes, whereas in reality, mostly, different authorities monitor different attributes of the user. In this paper, we propose OMDAC-ABSC, a novel data access control scheme based on Ciphertext-Policy ABSC, to provide data confidentiality, fine-grained control, and anonymous authentication in a multi-authority fog computing system. The signcryption and designcryption overhead for the user is significantly reduced by outsourcing the undesirable computation operations to fog nodes. The proposed scheme is proven to be secure in the standard model and can provide attribute revocation and public verifiability. The security analysis, asymptotic complexity comparison, and implementation results indicate that our construction can balance the security goals with practical efficiency in computation.

Searchable Attribute-Based Signcryption Scheme for Electronic Personal Health Record

Considering the scenario of an electronic personal health record system, we put forward a new cryptographic concept called searchable attribute-based signcryption, which can support fine-grained access control, data privacy, data authenticity, and data searchability. Then, we establish the security models and construct a searchable attribute-based signcryption scheme with hybrid access policy. According to the proposed security model frameworks, our scheme is proven to achieve: 1) ciphertext indistinguishability under the decisional bilinear Diffie–Hellman exponent hardness assumption; 2) existential unforgeability based on the hardness assumption of computational Diffie–Hellman exponent problem; 3) selective security against chosen-keyword attack under the static assumption in the generic group model; and 4) keyword secrecy based on the one-way hardness of hash function. Furthermore, the experimental results show that the proposed scheme is efficient.

CP_ABSC: An attribute-based signcryption scheme to secure multicast communications in smart grids

In this paper, we present a signcryption scheme called CP_ABSC based on Ciphertext-Policy Attribute Based Encryption (CP_ABE)[7] to secure the multicast communications in smart grids that require access control, data encryption, and authentication to ensure message integrity and confidentiality. CP_ABSC provides algorithms for key management, signcryption, and designcryption. It can be used to signcrypt a message based on the access rights specified by the message itself. A user can designcrypt a ciphertext if and only if it possesses the attributes required by the access structure of the data. Thus CP_ABSC effectively defines a multicast group based on the access rights of the data specified by the data itself, which differs significantly from the traditional Internet based multicast where the destination group is predetermined and must be known by the data source. CP_ABSC provides collusion attack resistance, message authentication, forgery prevention, and confidentiality. It can be easily applied in smart grids to secure the instructions/commands broadcast from a utility company to multiple smart meters (push-based multicast) and the data retrieved from a smart meter to multiple destinations (pull-based multicast). Compared to CP_ABE, CP_ABSC combines encryption with signature at a lower computational cost for signcryption and a slightly higher cost in designcryption for signature verification. We also consider the adoption of attribute-based signature (ABS), and conclude that CP_ABSC has a much lower computational cost than ABS.

Secure Multi-Authority Data Access Control Scheme in Cloud Storage System Based on Attribute-Based Signcryption

Nowadays, secure data access control has become one of the major concerns in a cloud storage system. As a logical combination of attribute-based encryption and attribute-based signature, attribute-based signcryption (ABSC) can provide confidentiality and an anonymous authentication for sensitive data and is more efficient than traditional “encrypt-then-sign” or “sign-then-encrypt” strategies. Thus, ABSC is suitable for fine-grained access control in a semi-trusted cloud environment and is gaining more and more attention in recent years. However, in many previous ABSC schemes, user’s sensitive attributes can be disclosed to the authority, and only a single authority that is responsible for attribute management and key generation exists in the system. In this paper, we propose PMDAC-ABSC, a novel privacy-preserving data access control scheme based on Ciphertext-Policy ABSC, to provide a fine-grained control measure and attribute privacy protection simultaneously in a multi-authority cloud storage system. The attributes of both the signcryptor and the designcryptor can be protected to be known by the authorities and cloud server. Furthermore, the decryption overhead for user is significantly reduced by outsourcing the undesirable bilinear pairing operations to the cloud server without degrading the attribute privacy. The proposed scheme is proven to be secure in the standard model and has the ability to provide confidentiality, unforgeability, anonymous authentication, and public verifiability. The security analysis, asymptotic complexity comparison, and implementation results indicate that our construction can balance the security goals with practical efficiency in computation.

Attribute-based signcryption scheme based on linear codes

Compared with traditional schemes in which encryption follows a signature, the attribute-based signcryption (ABSC) scheme not only costs less both in terms of both computation and communication but also provides message confidentiality, ensures the authenticity of a message, and attests to the attributes of the sender. In this paper, we first formalize a selective-attribute security model of the attribute-based signcryption based on linear codes. Then, we construct a flexible and efficient ABSC scheme based on a secret sharing method called Linear Codes Secret Sharing Scheme. This ABSC scheme breaks the threshold limit and employs diverse attribute sets by constructing the access structures on linear codes. In addition, our scheme achieves confidentiality against chosen-ciphertext attacks and unforgeability against chosen-message attacks in the selective-attribute model. Finally, we compare the proposed scheme with existing schemes in terms of their properties and efficiency.

Threshold attribute‐based signcryption and its application to authenticated key agreement

AbstractSigncryption is a public key cryptosystem that achieves the functions of digital signature and public key encryption simultaneously. It significantly reduces the cost of traditional signature‐then‐encryption approach. Although a large body of signcryption schemes have been proposed, few works have been done on attribute‐based signcryption (ABSC), which simultaneously achieves the functionalities of attribute‐based encryption and attribute‐based signature, two important cryptographic primitives proposed to enforce fine‐grained access control and user authentication in cloud computing applications. In this paper, we present a threshold ABSC scheme. The scheme is proven secure under the well‐established Decisional Bilinear Diffie–Hellman and the standard Computational Diffie–Hellman assumptions in the standard model. Compared with the state of the ABSC art, our scheme has comparable efficiency without relying on any random oracle. Furthermore, we construct an authenticated key agreement protocol based on this threshold attribute‐based signcryption from the point of improving the security of cloud computing. Copyright © 2016 John Wiley & Sons, Ltd.

A secure and efficient Ciphertext-Policy Attribute-Based Signcryption for Personal Health Records sharing in cloud computing

In recent years, Personal Health Record (PHR) system has attracted intensive attention due to its universal accessibility and low cost. The practical deployment of PHR system in cloud computing environments raises privacy and information security issues that should be addressed positively. Recently [Future Generation Computer Systems 52 (2015)], a Ciphertext-Policy Attribute-Based Signcryption (CP-ABSC) scheme (Liu et al. 2015) is proposed with the aim to securing PHR data stored at cloud servers, and it is claimed to provide confidentiality against chosen ciphertext attacks in selective-predicate model. Unfortunately, we show in this paper that the claim is incorrect. Besides, the CP-ABSC scheme Liu et al. (2015) cannot realize the property of public ciphertext verifiability which is an essential requirement of signcryption schemes to reduce unnecessary burden on the decryptor for decrypting invalid ciphertexts. In this paper, we propose a provable secure CP-ABSC scheme for cloud-based PHR sharing system that has ability to provide fine-grained access control, confidentiality, authenticity, signcryptor privacy and public verifiability, simultaneously. Our framework exploits expressive monotone boolean functions as signing and encryption predicates, and realizes security in the standard model. On the positive note, our construction exhibits short ciphertext size and requires less number of pairing computations compared to the existing schemes in the area.

An Attribute‐Based Signcryption Scheme and Its Application in Information Hiding

In order to provide a secure, reliable and flexible way to hide information, a new attribute-based signcryption scheme based on ciphertext-policy and its security proof are presented. This scheme not only can simultaneously fulfil both authentication and confidentiality in an efficient way, but also implements a hierarchical decryption in one group and also between different groups according to user's authority (different users satisfying the same access structure can be considered as a group). We provide a solution to information hiding using our proposed scheme which can embed ciphertext into a carrier. Because the hierarchical decryption property, different users will obtain different message from the same carrier. Illegal user can not get any information without private key because message existed in the carrier is ciphertext. Such solution can be applied in sharing important message under the public network.