Re-encryption Scheme Research Articles

A blockchain-based fine-grained data sharing scheme for e-healthcare system

The cloud-aided sharing of e-healthcare data has great positive significance for research. However, due to the privacy consideration, these data are usually encrypted before uploading to the cloud server which impedes data sharing between different medical institutions. Conditional proxy re-encryption (CPRE) allows the proxy to converse ciphertext, especially by specifying a condition embed in the re-encryption key to achieve fine-grained access control over the ciphertext. Unfortunately, existing CPRE schemes cannot ensure the privacy of the condition, which may contain some sensitive private information. Furthermore, a malicious proxy server may return part of the results and even false data to save its computation or bandwidth. To solve these problems, we propose a blockchain-based condition invisible proxy re-encryption scheme for the e-healthcare system. The proposed scheme guarantees the confidentiality of the data by hiding the condition in the re-encryption key so that the proxy cannot learn anything about the condition. Moreover, the ciphertext-searching algorithm is leveraged by executing the smart contract in the blockchain which ensures the results are correct and complete. Finally, experiment results demonstrate the practicability of the proposed scheme in applications.

A Verifiable and Fair Attribute-Based Proxy Re-Encryption Scheme for Data Sharing in Clouds

To manage outsourced encrypted data sharing in clouds, attribute-based proxy re-encryption (ABPRE) has become an elegant primitive. In ABPRE, a cloud server can transform an original recipient’s ciphertext to a new one of a shared user’s. As the transformation is computation consuming, a malicious cloud server may return an incorrect re-encrypted ciphertext to save its computation resources. Moreover, a shared user may accuse the cloud server of returning an incorrect re-encrypted ciphertext to refuse to pay the cost of using the cloud service. However, existing ABPRE schemes do not support a mechanism to achieve verifiability and fairness. In this article, a novel verifiable and fair attribute-based proxy re-encryption (VF-ABPRE) scheme is introduced to support verifiability and fairness. The verifiability enables a shared user to verify whether the re-encrypted ciphertext returned by the server is correct and the fairness ensures a cloud server escape from malicious accusation if it has indeed conducted the re-encryption operation honestly. Additionally, we conduct a performance experiment to show the efficiency and practicality of the new VF-ABPRE scheme.

Policy-Based Broadcast Access Authorization for Flexible Data Sharing in Clouds

Cloud storage services allow data owners to outsource their potentially sensitive data (e.g., private genome data) to remote cloud servers in a ciphertext form. To enable data owners to further share the data encrypted in ciphertexts, many proxy re-encryption (PRE) schemes are proposed. However, most schemes only support single-recipient or coarse-grained re-encryption, which may limit the flexibility for data sharing. To address this issue, we propose a Policy-based Broadcast Access Authorization (PBAA) scheme by introducing the well-established identity-based broadcast encryption (IBBE) and key-policy attribute-based encryption into PRE. In our PBAA scheme, a data owner can apply IBBE to encrypt his data to a group of recipients. More importantly, the data owner can generate a delegation key with an access policy, and send this key to the cloud such that it can convert any initial ciphertext satisfying the access policy into a new ciphertext for a new group of recipients. With these features, cloud users can share their remote data in a secure and flexible way. Security analysis and performance evaluation show that the PBAA scheme is secure and efficient, respectively.

Blockchain-Based Privacy-Preserving and Sustainable Data Query Service Over 5G-VANETs

Intelligent Transport Systems (ITSs) play an important role in future smart city design to improve traffic safety and traffic congestion by sharing data collected by vehicles. For sharing the traffic data with other vehicles, the vehicular sensory data are usually uploaded to the cloud server. However, existing data sharing systems for VANETs cannot provide selective data with sufficient privacy protection. Moreover, some schemes also cannot ensure stable data accessibility and the integrity of retrieved data. On the other hand, with the improvements such as lower latency, higher capacity, and increased bandwidth, 5G technology brings more possibilities to future applications. The join of the software-defined networks (SDNs) also offers efficient and effective network management. This paper proposes a primitive vehicular communication system named blockchain-based privacy-preserving and sustainable data query service. The proposed scheme is designed to realize stable data accessibility by leveraging smart contracts and blockchain oracle. With the help of 5G technology and P2P file-sharing system, InterPlanetary File System (IPFS), the proposed scheme aims to support video downloading files with searchable capability and fairness. An incentive token mechanism is also equipped. The merit of auditability is ensured by Ethereum blockchain platform to support the accountability. Besides, we also evaluate its networking performance via SUMO and NS-3 simulators. Our simulation results show that the request-response delay of BPSDQS is less than existing blockchain-based proxy re-encryption (PRE) scheme. Our simulation results also showed that the average request-response delay in our scheme can saving up to 98%.

PPDDS: A Privacy-Preserving Disease Diagnosis Scheme Based on the Secure Mahalanobis Distance Evaluation Model

The development of Big Data and cloud computing has brought great progress to medical diagnosis and clinical services. However, as disease diagnosis technologies usually use lots of clinical medical data, patients’ privacy becomes increasingly important since the clinical results of medical data are much sensitive. In this article, to deal with the privacy preservation issue of patient’s medical data, we propose a privacy-preserving disease diagnosis scheme that is based on the Mahalanobis distance test, in which the role of the system consisting of query user (QU), aided cloud server (ACS), and classification cloud server (CCS) is to jointly calculate and protect the diagnosis data over the sensitive and outsourced medical data. In the diagnosis model, we outsource the clinical diagnosis process to be dealt with by the CCS, and then, the ACS can reduce the computational cost of the user side. We utilize the homomorphic re-encryption scheme to realize a secure computation over the outsourced medical data, and then, employ a secure multiplication (SM) protocol to implement the privacy-preserving Mahalanobis distance to output the disease diagnosis. Concretely, we provide an extended SM algorithm to solve the problem of multiplication of two encrypted data, and a minimum value comparison algorithm over ciphertext for comparing the encrypted Mahalanobis distance. Finally, we give the experimental performance in real data sheets, and the experimental results indicate that our scheme provides a lower computational cost in practical diagnosis services.

Inspecting Cloud Storage System for Secure Data Forwarding Using Advanced Encryption Standard

Abstract: Data storage and sharing services within the cloud, users can easily modify and share data as a bunch. to make sure share data integrity are often verified publicly, users within the group must compute signatures on all the blocks in shared data. Different blocks in shared data are generally signed by different users thanks to data modifications performed by different users. Encryption schemes available for data privacy but it limits the number of functions exhausted storage system. Building a secure storage system that supports multiple functions is hard when the storage system is distributed and has no central authority. a brand-new idea is proposed proxy re-encryption scheme for decentralizes erasure code for defending the distributed system. The easy method, which allows an existing user to download the corresponding a part of shared data, is inefficient because of the big size of shared data within the cloud. We propose a unique public auditing mechanism. Moreover, our mechanism is in a position to support batch auditing by verifying multiple auditing tasks simultaneously. Key Words: Cloud computing, Cloud storage, AES, Cryptography Upload, Auditing

PDLHR: Privacy-Preserving Deep Learning Model With Homomorphic Re-Encryption in Robot System

The robot system is a significant application that has attracted great attention, and deep learning is a powerful feature extraction technology that has achieved significant breakthroughs in many fields, especially in robot systems. However, the required massive dataset for a deep learning model in a robot system easily leads to privacy leakage. There have been few reports on privacy-preserving deep learning models, and none on multikeys, in robot systems. Existing privacy-preserving deep learning schemes in multiple keys have low efficiency and high interactions in non-robotic environments. To address these issues, this article proposes a privacy-preserving deep learning model with homomorphic re-encryption (PDLHR) and secure calculation tools in a robot system. The proposed re-encryption scheme is based on the Bresson-Catalano-Pointcheval (BCP) cryptosystem, which solves the multiple keys question, keeps the homomorphic nature, and is more simplified than the existing re-encryption scheme based on the BCP cryptosystem. The secure calculation tools are designed to realize efficient ciphertext computations. Compared to the previous work, PDLHR decreases the interactions in the decryption process, improves the ciphertext training efficiency, and preserves the privacy of input data, training model, and inference results. Security analysis and performance evaluations demonstrate that the proposed scheme realizes security, efficiency, and effectiveness with low communication and computation costs.

Multi-authority based CP-ABE proxy re-encryption scheme for cloud computing

Multi-authority based CP-ABE proxy re-encryption scheme for cloud computing

Backdoor-resistant identity-based proxy re-encryption for cloud-assisted wireless body area networks

The wireless body area network (WBAN) provides users with real-time medical services. Meanwhile, the cloud technology provides greater storage space and computing power for medical data. Both of them have contribute to the development of telemedicine. In a cloud-assisted WBAN, the open network environment and the semi-trust cloud service providers expose the user’s private medical data to backdoor adversaries who can make exfiltration attacks, such as the algorithm substitution attack (ASA) through the process of data sharing. Therefore, it is necessary to find a secure and efficient medical data sharing scheme for the huge amount of medical data. In this paper, we first design an identity-based proxy re-encryption scheme with cryptographic reverse firewall (IBPRE-CRF), then show the application in a multiple-access telemedicine data sharing scenario. Security analysis shows that the IBPRE-CRF scheme provides chosen plaintext attack security and resists exfiltration attacks. Performance analysis shows that the IBPRE-CRF scheme has a significant communication and computational cost advantage while being resistant to exfiltration attacks in clouds. Therefore, our IBPRE-CRF scheme is suitable for telemedicine data sharing in a cloud-assisted WBAN.

CLAP-PRE: Certificateless Autonomous Path Proxy Re-Encryption for Data Sharing in the Cloud

In e-health systems, patients encrypt their personal health data for privacy purposes and upload them to the cloud. There exists a need for sharing patient health data with doctors for healing purposes in one’s own preferred order. To achieve this fine-gained access control to delegation paths, some researchers have designed a new proxy re-encryption (PRE) scheme called autonomous path proxy re-encryption (AP-PRE), where the delegator can control the whole delegation path in a multi-hop delegation process. In this paper, we introduce a certificateless autonomous path proxy re-encryption (CLAP-PRE) using multilinear maps, which holds both the properties (i.e., certificateless, autonomous path) of certificateless encryption and autonomous path proxy re-encryption. In the proposed scheme, (a) each user has two public keys (user’s identity and traditional public key) with corresponding private keys, and (b) each ciphertext is first re-encrypted from a public key encryption (PKE) scheme to an identity-based encryption (IBE) scheme and then transformed in the IBE scheme. Our scheme is an IND-CPA secure CLAP-PRE scheme under the k-multilinear decisional Diffie–Hellman (k-MDDH) assumption in the random oracle model.

A Ring Learning with Errors-Based Ciphertext-Policy Attribute-Based Proxy Re-Encryption Scheme for Secure Big Data Sharing in Cloud Environment.

Owing to the huge volume of big data, users generally use the cloud to store big data. However, because the data are out of the control of users, sensitive data need to be protected. The ciphertext-policy attribute-based encryption scheme can not only effectively control the access of big data, but also decrypt the ciphertext as long as the user's attributes satisfy the access structure of ciphertext, so as to realize one to many big data sharing. When the user's attributes do not satisfy the access structure of ciphertext, the attribute-based proxy re-encryption scheme can be used for big data sharing. The ciphertext-policy attribute-based proxy re-encryption (CP-ABPRE) scheme combines the characteristics of the ciphertext-policy attribute-based encryption scheme and proxy re-encryption scheme. In a CP-ABPRE scheme, on the one hand, the data owner can use the ciphertext-policy attribute-based encryption scheme to encrypt the big data for cloud storage, to realize the access control of the big data. On the other hand, the proxy (cloud service provider) can convert ciphertext under one access structure into ciphertext under another access structure, thus realizing big data sharing between users of different attribute sets. In this article, we modify the existing attribute-based encryption scheme based on Ring Learning With Errors (RLWE), add re-encryption key generation algorithm, re-encryption ciphertext generation algorithm, and re-encryption ciphertext decryption algorithm, and construct CP-ABPRE scheme. In the construction of the re-encryption key, we introduce a random vector and hide the vector in the key by threshold technology. Finally, a CP-ABPRE scheme supporting threshold access structure is constructed based on RLWE. Compared with the existing attribute-based proxy re-encryption schemes, our scheme has smaller public parameters, can encrypt multiple plaintext bits at a time, and can resist selective access structure and chosen plaintext attack, so it is more suitable for big data sharing in cloud environment.

Identity-based threshold proxy re-encryption scheme from lattices and its applications

Identity-based threshold proxy re-encryption scheme from lattices and its applications

BCST-APTS: Blockchain and CP-ABE Empowered Data Supervision, Sharing, and Privacy Protection Scheme for Secure and Trusted Agricultural Product Traceability System

Blockchain provides new technologies and ideas for the construction of agricultural product traceability system (APTS). However, if data is stored, supervised, and distributed on a multiparty equal blockchain, it will face major security risks, such as data privacy leakage, unauthorized access, and trust issues. How to protect the privacy of shared data has become a key factor restricting the implementation of this technology. We propose a secure and trusted agricultural product traceability system (BCST-APTS), which is supported by blockchain and CP-ABE encryption technology. It can set access control policies through data attributes and encrypt data on the blockchain. This can not only ensure the confidentiality of the data stored in the blockchain, but also set flexible access control policies for the data. In addition, a whole-chain attribute management infrastructure has been constructed, which can provide personalized attribute encryption services. Furthermore, a reencryption scheme based on ciphertext-policy attribute encryption (RE-CP-ABE) is proposed, which can meet the needs of efficient supervision and sharing of ciphertext data. Finally, the system architecture of the BCST-APTS is designed to successfully solve the problems of mutual trust, privacy protection, fine-grained, and personalized access control between all parties.

Autonomous Path Identity-Based Broadcast Proxy Re-Encryption for Data Sharing in Clouds

Cloud computing with massive storage and computing capabilities has become widespread in actual applications. It is critical to ensure secure data sharing in cloud-based applications. Currently, numerous identity-based broadcast proxy re-encryption (IB-BPRE) schemes have been proposed to resolve the privacy issue. However, the existing IB-BPRE schemes cannot reach the transformation of the decryption right for outsourced encrypted data between the broadcast receiver sets (data user sets) delegated by the data owner (Alice) because it is difficult for the IB-BPRE to hold the character of multi-hop. Consequently, a new cryptographic primitive called autonomous path identity-based broadcast proxy re-encryption (APIB-BPRE) is presented to address the above issue. In an APIB-BPRE scheme, the delegator establishes an autonomous path involving preferred multiple broadcast receiver sets and the proxy can convert the decryption right for the broadcast receiver set into the decryption right for the next broadcast receiver set by the re-encryption key from the delegator. This solution is convenient and flexible for cloud users and utilizes the benefits of cloud computing. The evaluation and comparison indicate that our APIB-BPRE system is effective and practical.

DSAS: A Secure Data Sharing and Authorized Searchable Framework for e-Healthcare System

In e-healthcare system, an increasing number of patients enjoy high-quality medical services by sharing encrypted personal healthcare records (PHRs) with doctors or medical research institutions. However, one of the important issues is that the encrypted PHRs prevent effective search of information, resulting in the decrease of data usage. Another issue is that medical treatment process requires the doctor to be online all the time, which may be unaffordable for all doctors (e.g., to be absent under certain circumstances). In this paper, we design a new secure and practical proxy searchable re-encryption scheme, allowing medical service providers to achieve remote PHRs monitoring and research safely and efficiently. Through our scheme DSAS, (1) patients’ healthcare records collected by the devices are encrypted before uploading to the cloud server ensuring privacy and confidentiality of PHRs; (2) only authorized doctors or research institutions have access to the PHRs; (3) Alice (doctor-in-charge) is able to delegate medical research and utilization to Bob (doctor-in-agent) or certain research institution through the cloud server, supporting minimizing information exposure to the cloud server. We formalize the security definition and prove the security of our scheme. Finally, performance evaluation shows the efficiency of our scheme.

QC-PRE: quorum controlled proxy re-encryption scheme for access control enforcement delegation of outsourced data

QC-PRE: quorum controlled proxy re-encryption scheme for access control enforcement delegation of outsourced data

Blockchain-based Scalable and Secure EHR Data Sharing using Proxy Re-Encryption

Electronic Health Record (EHR) includes highly sensitive data like medical images, prescriptions, medical test result, medical history of patients, etc., These sensitive data cannot be transmitted in its original form in the network due to security issues. Hence, encryption is done prior to transmission. To increase the speed of data transfer and to overcome the storage issues, data is usually transferred through the cloud. Hence, to ensure the security and scalability of the data, a third-party encryption called re-encryption is performed at the proxy cloud. This re-encryption ensures that the data can be reliably transmitted through the network. In this research, a novel scheme called block-chain based EHR data sharing using chaotic re-encryption (BC-EDS-CR) is proposed. In the proposed scheme, re-encryption is performed using chaos theory. The proposed re-encryption scheme ensures that the cloud administrator cannot access the medical data. Metrics such as Peak Signal to Noise Ratio (PSNR), Mean Square Error (MSE), Structural Similarity Index (SSIM), entropy and correlation coefficient are used in evaluating this scheme. It was found that the proposed scheme outperforms the existing methods by achieving a PSNR of 57.66, SSIM of 0.985 and MSE of 0.058.

QC-PRE: quorum controlled proxy re-encryption scheme for access control enforcement delegation of outsourced data

QC-PRE: quorum controlled proxy re-encryption scheme for access control enforcement delegation of outsourced data

A Lightweight Proxy Re-Encryption Approach with Certificate-Based and Incremental Cryptography for Fog-Enabled E-Healthcare

Cloud computing aims to provide reliable, customized, and quality of service (QoS) guaranteed dynamic computing environments for end-users. However, there are applications such as e-health and emergency response monitoring that require quick response and low latency. Delays caused by transferring data over the cloud can seriously affect the performance and reliability of real-time applications. Before outsourcing e-health care data to the cloud, the user needs to perform encryption on these sensitive data to ensure its confidentiality. Conventionally, any modification to the user data requires encrypting the entire data and calculating the hash of the data from scratch. This data modification mechanism increases communication and computation costs over the cloud. The distributed environment of fog computing is used to overcome the limitations of cloud computing. This paper proposed a certificate-based incremental proxy re-encryption scheme (CB-PReS) for e-health data sharing in fog computing. The proposed scheme improves the file modification operations, i.e., updation, deletion, and insertion. The proposed scheme is tested on the iFogSim simulator. The iFogSim simulator facilitates the development of models for fog and IoT environments, and it also measures the impact of resource management techniques regarding network congestion and latency. Experiments depict that the proposed scheme is better than the existing schemes based on expensive bilinear pairing and elliptic curve techniques. The proposed scheme shows significant improvement in key generation and file modification time.

KAPRE: Key-aggregate proxy re-encryption for secure and flexible data sharing in cloud storage

Key-aggregate cryptosystems (KAC) have attracted significant attention from the research community because of their elegance and efficiency in enforcing predefined access control policies for outsourced data. The data owner computes a constant-size aggregate key that is capable of decrypting a subset of outsourced data items. Based on the access control policy, the data owner securely transmits the aggregate key to a user authorized for the corresponding subset of data items. For practical access control scenarios, a KAC needs to satisfy additional flexibility requirements. We propose a practically motivated, novel cryptographic primitive called key-aggregate proxy re-encryption that allows temporary delegation of decryption capabilities of an aggregate key to one or more other aggregate keys without carrying out any secure transmissions. The existing key-aggregate cryptosystems face two important issues in highly dynamic environments, namely the non-revocability of aggregate keys and the need to securely transmit the aggregate key(s) to enhance the access capabilities of the user(s). The proposed key-aggregate proxy re-encryption is a significant enhancement to the existing KACs in that it features temporary delegation of decryption capabilities without needing any secure transmissions for carrying out or revoking the temporary delegation(s). We propose two variants of key-aggregate proxy re-encryption. The first variant delegates decryption capabilities of an aggregate key to a set of aggregate keys and the second variant delegates decryption capabilities of one aggregate key to another unique aggregate key. We present formal security definitions of both the proposed variants of key-aggregate proxy re-encryption under chosen-plaintext and chosen-ciphertext attacks. We present concrete constructions for both the variants of key-aggregate proxy re-encryption and formally prove the chosen-ciphertext security in the random oracle model. Also, we show that both of our constructions satisfy the temporary delegation property. Finally, we analyze the performance of our key-aggregate proxy re-encryption schemes to confirm their practical applicability.