• Journal of information and communication convergence engineering
• /
• 제10권1호
• /
• pp.53-60
• /
• 2012

Attribute-based encryption (ABE) is an encryption scheme in which the user is able to decrypt a ciphertext with associated attributes. However, the scheme does not offer the capability of decryption to others when the user is offline. For this reason, the attribute-based proxy re-encryption (ABPRE) scheme was proposed, which combines traditional proxy re-encryption with ABE, so a user is able to empower designated users to decrypt the re-encrypted ciphertext with the associated attributes of designated users. However, previous ABPRE schemes demands a number of pairing operations that imply huge computational overhead. To reduce the number of pairing operations, we reduce the pairing operations with exponent operations. This paper provides a novel approach to an ABPRE scheme with constant pairing operation latency.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제11권6호
• /
• pp.3254-3272
• /
• 2017

With the development of wireless access technologies and the popularity of mobile intelligent terminals, cloud computing is expected to expand to mobile environments. Attribute-based encryption, widely applied in cloud computing, incurs massive computational cost during the encryption and decryption phases. The computational cost grows with the complexity of the access policy. This disadvantage becomes more serious for mobile devices because they have limited resources. To address this problem, we present an efficient verifiable outsourced scheme based on the bilinear group of prime order. The scheme is called the verifiable outsourced computation ciphertext-policy attribute-based encryption scheme (VOC-CP-ABE), and it provides a way to outsource intensive computing tasks during encryption and decryption phases to CSP without revealing the private information and leaves only marginal computation to the user. At the same time, the outsourced computation can be verified by two hash functions. Then, the formal security proofs of its (selective) CPA security and verifiability are provided. Finally, we discuss the performance of the proposed scheme with comparisons to several related works.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제17권7호
• /
• pp.1935-1950
• /
• 2023

The arrival of the Internet of Things and 5G technology enables users to rely on edge computing platforms to process massive data. Data sharing based on edge computing refines the efficiency of data collection and analysis, saves the communication cost of data transmission back and forth, but also causes the privacy leakage of a lot of user data. Based on attribute-based encryption and blockchain technology, we design a fine-grained access control scheme for data in edge computing, which has the characteristics of verifiability, support for outsourcing decryption and user attribute revocation. User attributes are authorized by multi-attribute authorization, and the calculation of outsourcing decryption in attribute encryption is completed by edge server, which reduces the computing cost of end users. Meanwhile, We implemented the user's attribute revocation process through the dual encryption process of attribute authority and blockchain. Compared with other schemes, our scheme can manage users' attributes more flexibly. Blockchain technology also ensures the verifiability in the process of outsourcing decryption, which reduces the space occupied by ciphertext compared with other schemes. Meanwhile, the user attribute revocation scheme realizes the dynamic management of user attribute and protects the privacy of user attribute.

• 한국산업정보학회논문지
• /
• 제19권1호
• /
• pp.1-12
• /
• 2014

An access control system is needed to ensure only authorized users can access a sensitive resource. We propose a secure access control based on a fully secure and fine grained ciphertext-policy attribute-based encryption scheme. The access control for a sensitive resource is ensured by encrypting it with encryption algorithm from the CP-ABE scheme parameterized by an access control policy. Furthermore, the proposed access control supports non-monotone type access control policy. The ciphertext only can be recovered by users whose attributes satisfy the access control policy. We also implement and measure the performance of our proposed access control. The results of experiments show that our proposed secure access control is feasible.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제17권1호
• /
• pp.145-164
• /
• 2023

Cloud computing offers a platform that is both adaptable and scalable, making it ideal for outsourcing data for sharing. Various organizations outsource their data on cloud storage servers for availing management and sharing services. When the organizations outsource the data, they lose direct control on the data. This raises the privacy and security concerns. Cryptographic encryption methods can secure the data from the intruders as well as cloud service providers. Data owners may also specify access control policies such that only the users, who satisfy the policies, can access the data. Attribute based access control techniques are more suitable for the cloud environment as they cover large number of users coming from various domains. Multi-authority attribute-based encryption (MA-ABE) technique is one of the propitious attribute based access control technique, which allows data owner to enforce access policies on encrypted data. The main aim of this paper is to comprehensively survey various state-of-the-art MA-ABE schemes to explore different features such as attribute and key management techniques, access policy structure and its expressiveness, revocation of access rights, policy updating techniques, privacy preservation techniques, fast decryption and computation outsourcing, proxy re-encryption etc. Moreover, the paper presents feature-wise comparison of all the pertinent schemes in the field. Finally, some research challenges and directions are summarized that need to be addressed in near future.

• 전자공학회논문지
• /
• 제51권1호
• /
• pp.57-70
• /
• 2014

내적 암호화 방식은 비밀키와 암호문 사이에 파인 그레인 관계를 제공하는 암호학적 프리미티브이다. 본 논문은 완전한 속성 은닉 보호를 수행하는 새로운 IPE 방식을 제안한다. 제안한 IPE 방식은 합성 위수의 bilinear groups에 기반한다. 본 논문에서는 이중 암호화 시스템 체계를 사용하여 제안한 IPE의 완전한 속성 은닉 보호를 증명한다. 성능 분석에서 기존의 IPE 방식들과 제안한 IPE 방식의 연산량과 메모리 할당량을 비교한다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제11권4호
• /
• pp.2292-2309
• /
• 2017

Ciphertext policy attribute-based encryption (CP-ABE) is a useful cryptographic technology for guaranteeing data confidentiality but also fine-grained access control. Typically, CP-ABE can be divided into two classes: small universe with polynomial attribute space and large universe with unbounded attribute space. Since the learning with errors over rings (R-LWE) assumption has characteristics of simple algebraic structure and simple calculations, based on R-LWE, we propose a small universe CP-ABE scheme to improve the efficiency of the scheme proposed by Zhang et al. (AsiaCCS 2012). On this basis, to achieve unbounded attribute space and improve the expression of attribute, we propose a large universe CP-ABE scheme with the help of a full-rank differences function. In this scheme, all polynomials in the R-LWE can be used as values of an attribute, and these values do not need to be enumerated at the setup phase. Different trapdoors are used to generate secret keys in the key generation and the security proof. Both proposed schemes are selectively secure in the standard model under R-LWE. Comparison with other schemes demonstrates that our schemes are simpler and more efficient. R-LWE can obtain greater efficiency, and unbounded attribute space means more flexibility, so our research is suitable in practices.

• 한국통신학회논문지
• /
• 제37권4B호
• /
• pp.288-299
• /
• 2012

최근 모바일 클라우드 환경에서 공유되는 데이터의 기밀성과 유연성있는 접근제어를 보장하기 위해서 KP-ABE(Key Policy-Attribute Based Encryption)와 PRE(Proxy Re-Encryption)를 활용한 시스템 모델이 제안되었다. 그러나 기존 방식은 철회된 사용자와 클라우드 서버간의 공모 공격으로 데이터 기밀성을 침해하게 된다. 이러한 문제를 해결하기 위해서 제안 방식은 클라우드 서버에 저장되는 데이터 파일(data file)을 분산 저장하여 데이터 기밀성을 보장하고 비밀분산(Secret Sharing)를 통해서 프록시 재암호화키에 대한 변조 공격을 방지한다. 그리고 제안방식을 의료 환경에 적용한 프로토콜 모델을 구성한다.

• 한국군사과학기술학회지
• /
• 제17권3호
• /
• pp.358-363
• /
• 2014

In this paper, we present two constructions of the attribute-based broadcast encryption(ABBE) algorithm. Attribute-based encryption(ABE) algorithm enables an access control mechanism over encrypted data by specifying access policies among private keys and ciphertexts. ABBE algorithm can be used to construct ABE algorithm with revocation mechanism. Revocation has a useful property that revocation can be done without affecting any non-revoked uers. The main difference between our algorithm and the classical ones derived from the complete subtree paradigm which is apt for military hierarchy. Our algorithm improve the efficiency from the previously best ABBE algorithm, in particular, our algorithm allows one to select or revoke users by sending ciphertext of constant size with respect to the number of attributes and by storing logarithm secret key size of the number of users. Therefore, our algorithm can be an option to applications where computation cost is a top priority and can be applied to military technologies in the near future.

• 정보처리학회논문지C
• /
• 제19C권1호
• /
• pp.63-70
• /
• 2012

원격 헬스케어(e-Healthcare) 서비스에서 취급되는 의료정보는 개인의 프라이버시를 침해할 수 있으므로 암호화 등의 보안기술 도입이 필수적이다. 민감한 의료정보를 보호하기 위해서 접근 권한을 위임받은 사용자만 데이터에 접근 가능하며 또한, 위임된 접근 권한을 철회하는 기능이 필요하다. 이러한 요구사항에 근거하여 속성기반 암호화가 제안되었다. 본 논문에서는 안전한 원격 헬스케어 서비스를 위해서 의료데이터의 접근 권한에 대한 위임 및 철회기능을 수행할 수 있는 속성기반 암호화를 원격 헬스케어 모니터링 시스템에 적용한다. 그리고 속성기반 암호화를 이용하여 원격 헬스케어 모니터링 시스템을 구성한다. 마지막으로 시스템 이용에 장애가 될 수 있는 사용자간의 공모 공격에 대해서 분석한다.