Jul 22 2021
cs.CR arXiv:2107.10133v1
Attribute-based encryption (ABE) is a promising cryptographic mechanism for providing confidentiality and fine-grained access control in the cloud-based area. However, due to high computational overhead, common ABE schemes are not suitable for resource-constrained devices. Moreover, data owners should be able to update their defined access policies efficiently, and in some cases, applying hidden access policies is required to preserve the privacy of clients and data. In this paper, we propose a ciphertext-policy attribute-based access control scheme which for the first time provides online/offline encryption, hidden access policy, and access policy update simultaneously. In our scheme, resource-constrained devices are equipped with online/offline encryption reducing the encryption overhead significantly. Furthermore, attributes of access policies are hidden such that the attribute sets satisfying an access policy cannot be guessed by other parties. Moreover, data owners can update their defined access policies while outsourcing a major part of the updating process to the cloud service provider. In particular, we introduce blind access policies that enable the cloud service provider to update the data owners' access policies without receiving a new re-encryption key. Besides, our scheme supports fast decryption such that the decryption algorithm consists of a constant number of bilinear pairing operations. The proposed scheme is proven to be secure in the random oracle model and under the hardness of Decisional Bilinear Diffie-Hellman (DBDH) and Decision Linear (D-Linear) assumptions. Also, performance analysis results demonstrate that the proposed scheme is efficient and practical.
Apr 09 2020
cs.CR arXiv:2004.03976v5
Private Set Intersection (PSI) is a vital cryptographic technique used for securely computing common data of different sets. In PSI protocols, often two parties hope to find their common set elements without needing to disclose their uncommon ones. In recent years, the cloud has been playing an influential role in PSI protocols which often need huge computational tasks. In 2017, Abadi et al. introduced a scheme named EO-PSI which uses a cloud to pass on the main computations to it and does not include any public-key operations. In EO-PSI, parties need to set up secure channels beforehand; otherwise, an attacker can easily eavesdrop on communications between honest parties and find private information. This paper presents an improved EO-PSI scheme which has the edge on the previous scheme in terms of privacy and complexity. By providing possible attacks on the prior scheme, we show the necessity of using secure channels between parties. Also, our proposed protocol is secure against passive attacks without having to have any secure channels. We measure the protocol's overhead and show that computational complexity is considerably reduced and also is fairer compared to the previous scheme.
Nowadays, Vehicular Ad hoc Networks (VANETs) are popularly known as they can reduce traffic and road accidents. These networks need several security requirements, such as anonymity, data authentication, confidentiality, traceability and cancellation of offending users, unlinkability, integrity, undeniability and access control. Authentication is one of the most important security requirements in these networks. So many authentication schemes have been proposed up to now. One of the well-known techniques to provide users authentication in these networks is the authentication based on the smartcard (ASC). In this paper, we propose an ASC scheme that not only provides necessary security requirements such as anonymity, traceability and unlinkability in the VANETs but also is more efficient than the other schemes in the literatures.
Oct 16 2018
cs.CR arXiv:1810.05864v1
Ciphertext-policy hierarchical attribute-based encryption (CP-HABE) is a promising cryptographic primitive for enforcing the fine-grained access control with scalable key delegation and user revocation mechanisms on the outsourced encrypted data in a cloud. Wang et al. (2011) proposed the first CP-HABE scheme and showed that the scheme is semantically secure in the random oracle model [4, 5]. Due to some weakness in its key delegation mechanism, by presenting two attacks, we demonstrate the scheme does not offer any confidentiality and fine-grained access control. In this way, anyone who has just one attribute can recover any outsourced encrypted data in the cloud.
Aug 26 2005
cs.CR arXiv:cs/0508110v1
In this paper we try to unify the frameworks of definitions of semantic security, indistinguishability and non-malleability by defining semantic security in comparison based framework. This facilitates the study of relations among these goals against different attack models and makes the proof of the equivalence of semantic security and indistinguishability easier and more understandable. Besides, our proof of the equivalence of semantic security and indistinguishability does not need any intermediate goals such as non devidability to change the definition framework.
In this paper, firstly we propose two new concepts concerning the notion of key escrow encryption schemes: provable partiality and independency. Roughly speaking we say that a scheme has provable partiality if existing polynomial time algorithm for recovering the secret knowing escrowed information implies a polynomial time algorithm that can solve a well-known intractable problem. In addition, we say that a scheme is independent if the secret key and the escrowed information are independent. Finally, we propose a new verifiable partial key escrow, which has both of above criteria. The new scheme use McCurley encryption scheme as underlying scheme.