Academic literature on the topic 'Proxy Re-Encryption'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the lists of relevant articles, books, theses, conference reports, and other scholarly sources on the topic 'Proxy Re-Encryption.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Journal articles on the topic "Proxy Re-Encryption"
1
Shao, Jun, Peng Liu, Guiyi Wei, and Yun Ling. "Anonymous proxy re-encryption." Security and Communication Networks 5, no. 5 (2011): 439–49. http://dx.doi.org/10.1002/sec.326.
Full text
2
Li, Juyan, Zhiqi Qiao, Kejia Zhang, and Chen Cui. "A Lattice-Based Homomorphic Proxy Re-Encryption Scheme with Strong Anti-Collusion for Cloud Computing." Sensors 21, no. 1 (2021): 288. http://dx.doi.org/10.3390/s21010288.
Full textAbstract:
The homomorphic proxy re-encryption scheme combines the characteristics of a homomorphic encryption scheme and proxy re-encryption scheme. The proxy can not only convert a ciphertext of the delegator into a ciphertext of the delegatee, but also can homomorphically calculate the original ciphertext and re-encryption ciphertext belonging to the same user, so it is especially suitable for cloud computing. Yin et al. put forward the concept of a strong collusion attack on a proxy re-encryption scheme, and carried out a strong collusion attack on the scheme through an example. The existing homomorphic proxy re-encryption schemes use key switching algorithms to generate re-encryption keys, so it can not resist strong collusion attack. In this paper, we construct the first lattice-based homomorphic proxy re-encryption scheme with strong anti-collusion (HPRE-SAC). Firstly, algorithm TrapGen is used to generate an encryption key and trapdoor, then trapdoor sampling is used to generate a decryption key and re-encryption key, respectively. Finally, in order to ensure the homomorphism of ciphertext, a key switching algorithm is only used to generate the evaluation key. Compared with the existing homomorphic proxy re-encryption schemes, our HPRE-SAC scheme not only can resist strong collusion attacks, but also has smaller parameters.
3
Fang, LiMing, JianDong Wang, ChunPeng Ge, and YongJun Ren. "Fuzzy conditional proxy re-encryption." Science China Information Sciences 56, no. 5 (2012): 1–13. http://dx.doi.org/10.1007/s11432-012-4623-6.
Full text
4
Fang, Liming, Willy Susilo, Chunpeng Ge, and Jiandong Wang. "Hierarchical conditional proxy re-encryption." Computer Standards & Interfaces 34, no. 4 (2012): 380–89. http://dx.doi.org/10.1016/j.csi.2012.01.002.
Full text
5
Guo, Hui, Zhenfeng Zhang, Jing Xu, and Ningyu An. "Non-transferable Proxy Re-encryption." Computer Journal 62, no. 4 (2018): 490–506. http://dx.doi.org/10.1093/comjnl/bxy096.
Full text
6
Wang, Chih-Hung, and Pei-Jyun Lu. "Certificateless Broadcast Proxy Re-encryption With Group-Oriented Model." International Journal of Computer and Communication Engineering 5, no. 5 (2016): 358–66. http://dx.doi.org/10.17706/ijcce.2016.5.5.358-366.
Full text
7
Son, Junggab, Heekuck Oh, and SangJin Kim. "A Single Re-encryption key based Conditional Proxy Re-Encryption Scheme." Journal of the Korea Institute of Information Security and Cryptology 23, no. 2 (2013): 147–55. http://dx.doi.org/10.13089/jkiisc.2013.23.2.147.
Full text
8
Luo, Fucai, and Saif Al-Kuwari. "Revocable attribute-based proxy re-encryption." Journal of Mathematical Cryptology 15, no. 1 (2021): 465–82. http://dx.doi.org/10.1515/jmc-2020-0039.
Full textAbstract:
Abstract Attribute-based proxy re-encryption (ABPRE), which combines the notions of proxy re-encryption (PRE) and attribute-based encryption (ABE), allows a semi-trusted proxy with re-encryption key to transform a ciphertext under a particular access policy into a ciphertext under another access policy, without revealing any information about the underlying plaintext. This primitive is very useful in applications where encrypted data need to be stored in untrusted environments, such as cloud storage. In many practical applications, and in order to address scenarios where users misbehave or the re-encryption keys are compromised, an efficient revocation mechanism is necessary for ABPRE. Previously, revocation mechanism was considered in the settings of identity-based encryption (IBE), ABE, predicate encryption (PE), and broadcast PRE, but not ABPRE, which is what we set to do in this paper. We first formalize the concept of revocable ABPRE and its security model. Then, we propose a lattice-based instantiation of revocable ABPRE. Our scheme not only supports an efficient revocation mechanism but also supports polynomial-depth policy circuits and has short private keys, where the size of the keys is dependent only on the depth of the supported policy circuits. In addition, we prove that our scheme is selectively chosen-plaintext attack (CPA) secure in the standard model, based on the learning with errors assumption.
9
Jiang, Zheng Tao, Yi Peng Zhang, Chen Li, Pian Niu, and Xiao Li Huang. "Survey and Analysis on Proxy Re-Encryption Schemes." Advanced Materials Research 912-914 (April 2014): 1538–43. http://dx.doi.org/10.4028/www.scientific.net/amr.912-914.1538.
Full textAbstract:
Proxy re-encryption is an efficient solution to ciphertext delegation and distribution, which also enables the sender to carry out fine-grained control on his ciphertext. This paper summarizes the progress on the proxy re-encryption schemes and their practical applications. Universal models for proxy re-encryption and its security are also induced for detailed investigation on different types of PRE schemes.
10
Meng, Xian Yong, Zhong Chen, Xiang Yu Meng, and Bing Sun. "An Identity-Based Conditional Proxy Re-Encryption in Cloud Computing Environments." Applied Mechanics and Materials 571-572 (June 2014): 74–78. http://dx.doi.org/10.4028/www.scientific.net/amm.571-572.74.
Full textAbstract:
In this paper, an identity-based conditional proxy re-encryption (PRE) scheme is proposed, where a delegator provides a re-encryption key satisfying one condition to a semi-trusted proxy who can convert a ciphertext encrypted under the delegator’s public key into one that can be decrypted using the delegatee’s private key. We address the identity-based proxy re-encryption scheme, where the delegator and the delegatee request keys from a trusted party known as a key generator center (KGC), who generates private keys for delegator and delegatee based on their identities. Meanwhile, the identity-based conditional proxy re-encryption scheme satisfies the properties of PRE including unidirectionality, non-interactivity and multi-hop. Additionally, the identity-based conditional proxy re-encryption scheme is efficient in terms of both the communication cost and the computing cost, and can realize security secret sharing in cloud computing environments.
Dissertations / Theses on the topic "Proxy Re-Encryption"
1
Sbai, Anass. "Contributions au proxy de re-chiffrement et à la délégation d'authentification." Electronic Thesis or Diss., Amiens, 2021. http://www.theses.fr/2021AMIE0032.
Full textAbstract:
La cyber sécurité est un enjeu majeur pour le SmartGrid et les industries énergétiques. La manipulation des données issues des compteurs intelligents peut avoir des conséquences néfastes, particulièrement lorsque les systèmes de comptage sont connectés directement aux sources de production. Dans le cadre du projet VertPom, nous nous sommes intéressés à deux problématiques majeures : la confidentialité des données de consommation et les systèmes d'authentification. Pour répondre aux problématiques de confidentialité, nous avons utilisé le concept des proxy de re-chiffrement (PRE) qui permet le partage de données chiffrées. Nous avons étudié les systèmes existants et nous nous sommes intéressés aux constructions bénéficiant d'une sécurité CCA dans le modèle standard qui n'utilisent pas le couplage. Nous montrons l'existence d'une vulnérabilité dans un PRE existant puis nous proposons une nouvelle construction basée sur le système de chiffrement de Cramer-Shoup. Nous définissons aussi la notion de PREaaS (Proxy Re-Encryption as a Service) qui permet une utilisation dans un contexte orienté services. S'agissant des problématiques d'authentification, nous présentons un nouveau protocole de délégation d'authentification. Notre solution permet aux utilisateurs de, s'authentifier anonymement sur des réseaux non sécurisés, de manière asynchrone sans communication directe entre les différents acteurs, tout en minimisant le nombre d'interactions<br>Cybersecurity is a major issue for the SmartGrid and energy industries. Manipulating data collected from smart meters can have harmful consequences, especially when the metering systems are connected directly to the production sources. Within the scope of the VertPom project, we have addressed two major issues: the confidentiality of consumption data and authentication systems. To address the confidentiality issues, we used the concept of proxy re-encryption (PRE) which allows the sharing of encrypted data. We have studied existing systems and we are interested in constructions with CCA security in the standard model without pairing. We show the existence of a vulnerability in an existing PRE and we propose a new construction based on the Cramer-Shoup encryption system. We also define the notion of PREaaS (Proxy Re-Encryption as a Service) which allows use in a service-oriented context. Regarding authentication issues, we present a new authentication delegation protocol. Our solution allows users to anonymously authenticate themselves on unsecured networks, asynchronously without direct communication between the different actors, while minimizing the number of interactions
2
Dou, Yanzhi. "Toward Privacy-Preserving and Secure Dynamic Spectrum Access." Diss., Virginia Tech, 2018. http://hdl.handle.net/10919/81882.
Full textAbstract:
Dynamic spectrum access (DSA) technique has been widely accepted as a crucial solution to
mitigate the potential spectrum scarcity problem. Spectrum sharing between the government
incumbents and commercial wireless broadband operators/users is one of the key forms of
DSA. Two categories of spectrum management methods for shared use between incumbent
users (IUs) and secondary users (SUs) have been proposed, i.e., the server-driven method and
the sensing-based method. The server-driven method employs a central server to allocate
spectrum resources while considering incumbent protection. The central server has access to
the detailed IU operating information, and based on some accurate radio propagation model,
it is able to allocate spectrum following a particular access enforcement method. Two types
of access enforcement methods -- exclusion zone and protection zone -- have been adopted for
server-driven DSA systems in the current literature. The sensing-based method is based on
recent advances in cognitive radio (CR) technology. A CR can dynamically identify white
spaces through various incumbent detection techniques and reconfigure its radio parameters
in response to changes of spectrum availability. The focus of this dissertation is to address
critical privacy and security issues in the existing DSA systems that may severely hinder the
progress of DSA's deployment in the real world.
Firstly, we identify serious threats to users' privacy in existing server-driven DSA designs and
propose a privacy-preserving design named P2-SAS to address the issue. P2-SAS realizes the
complex spectrum allocation process of protection-zone-based DSA in a privacy-preserving
way through Homomorphic Encryption (HE), so that none of the IU or SU operation data
would be exposed to any snooping party, including the central server itself.
Secondly, we develop a privacy-preserving design named IP-SAS for the exclusion-zone-
based server-driven DSA system. We extend the basic design that only considers semi-
honest adversaries to include malicious adversaries in order to defend the more practical and
complex attack scenarios that can happen in the real world.
Thirdly, we redesign our privacy-preserving SAS systems entirely to remove the somewhat-
trusted third party (TTP) named Key Distributor, which in essence provides a weak proxy
re-encryption online service in P2-SAS and IP-SAS. Instead, in this new system, RE-SAS,
we leverage a new crypto system that supports both a strong proxy re-encryption notion
and MPC to realize privacy-preserving spectrum allocation. The advantages of RE-SAS are
that it can prevent single point of vulnerability due to TTP and also increase SAS's service
performance dramatically.
Finally, we identify the potentially crucial threat of compromised CR devices to the ambient
wireless infrastructures and propose a scalable and accurate zero-day malware detection
system called GuardCR to enhance CR network security at the device level. GuardCR
leverages a host-based anomaly detection technique driven by machine learning, which makes
it autonomous in malicious behavior recognition. We boost the performance of GuardCR in
terms of accuracy and efficiency by integrating proper domain knowledge of CR software.<br>Ph. D.
3
Xiong, Huijun. "Secure Data Service Outsourcing with Untrusted Cloud." Diss., Virginia Tech, 2013. http://hdl.handle.net/10919/23191.
Full textAbstract:
Outsourcing data services to the cloud is a nature fit for cloud usage. However, increasing security and privacy concerns from both enterprises and individuals on their outsourced data inhibit this trend. In this dissertation, we introduce service-centric solutions to address two types of security threats existing in the current cloud environments: semi-honest cloud providers and malicious cloud customers. Our solution aims not only to provide confidentiality and access controllability of outsourced data with strong cryptographic guarantee, but, more importantly, to fulfill specific security requirements from different cloud services with effective systematic ways.<br /><br />To provide strong cryptographic guarantee to outsourced data, we study the generic security<br />problem caused by semi-honest cloud providers and introduce a novel proxy-based secure data outsourcing scheme. Specifically, our scheme improves the efficiency of traditional proxy re-encryption algorithm by integrating symmetric encryption and proxy re-encryption algorithms. With less computation cost on applying re-encryption operation directly on the encrypted data, our scheme allows flexible and efficient user revocation without revealing underlying data and heavy computation in the untrusted cloud.<br /><br />To address specific requirement from different cloud services, we investigate two specific cloud services: cloud-based content delivery service and cloud-based data processing service. For the former one, we focus on preserving cache property in the content delivery network and propose CloudSeal, a scheme for securely and flexibly sharing and distributing content via the public cloud. With the ability of caching the major part of a stored cipher content object in the delivery network for content distribution and keeping the minor part with the data owner for content authorization, CloudSeal achieves security and efficiency both theoretically and experimentally. For the later service, we design and realize CloudSafe, a framework that supports secure and efficient data processing with minimum key leakage in the vulnerable cloud virtualization environment. Through the adoption of one-time cryptographic key strategy and a centralized key management framework, CloudSafe efficiently avoids cross-VM side channel attack from malicious cloud customers in the cloud. Our experimental results confirm the practicality and scalability of CloudSafe.<br /><br>Ph. D.
4
Nguyen, Kim Thuat. "Lightweight security protocols for IP-based Wireless Sensor Networks and the Internet of Things." Thesis, Evry, Institut national des télécommunications, 2016. http://www.theses.fr/2016TELE0025/document.
Full textAbstract:
L'Internet des Objets (IdO) permet à des milliards de dispositifs informatiques embarqués de se connecter les uns aux autres. Les objets concernés couvrent la plupart de nos appareils de la vie quotidienne, tels que les thermostats, les réfrigérateurs, les fours, les machines à laver et les téléviseurs. Il est facile d'imaginer l'ampleur du danger, si ces dispositifs venaient à nous espionner et révélaient nos données personnelles. La situation serait encore pire si les applications critiques IdO, par exemple, le système de contrôle des réacteurs nucléaires, le système de sécurité du véhicule ou les dispositifs médicaux, étaient compromis. Afin de garantir la sécurité et lutter contre des menaces de sécurité dans l'IdO, des solutions de sécurité robustes doivent être considérées. Cependant, les appareils pour l’IdO sont limités en mémoire, capacités de calcul et énergie, et disposent de moyens de communication peu fiables, ce qui les rend vulnérables à des attaques variées. Dans ce contexte, nous nous concentrons sur deux défis majeurs, à savoir des protocoles de sécurité légers en termes de calculs et d’infrastructure, et des mécanismes d'établissement de clés légers, les solutions existantes actuellement étant beaucoup trop coûteuses pour les dispositifs IdO. En réponse au premier défi, nous avons, d'une part, proposé ECKSS - un nouveau schéma de signcryption léger qui évite l'utilisation de PKI. Cette proposition permet de chiffrer et signer simultanément des messages en garantissant la confidentialité et la non-falsification du canal de communication. De plus, les échanges de message sont authentifiés sans recourir à des certificats. Par ailleurs, nous avons aussi proposé OEABE qui est un mécanisme de délégation pour le chiffrement à base d’attributs CP-ABE (Ciphertext-Policy Attribute-Based Encryption). CP-ABE est un schéma de chiffrement par attributs qui permet aux utilisateurs de préciser au moment du chiffrement qui pourra déchiffrer leurs données. Notre solution, OEABE, permet à un dispositif contraint en ressources de générer rapidement un chiffré CP-ABE tout en précisant les droits d’accès à ses données. Cette solution est d’autant plus utile que le volume de données générées par les dispositifs IdO est en augmentation exponentielle chaque année. Quant au deuxième défi, nous avons proposé tout d'abord deux modes de distribution de clés pour le protocole standard de gestion de clés MIKEY. Ils s’appuient sur notre schéma de signcryption ECKSS et héritent ainsi de la légèreté d'ECKSS à la fois en termes de calculs et de dispensent d'utilisation de PKI. Les résultats expérimentaux, obtenus à partir d’une plateforme de capteurs Openmote, ont prouvé l'efficacité de nos solutions comparativement aux autres méthodes de MIKEY. Nous avons aussi proposé un schéma d'échange de clés, appelé AKAPR qui est très adapté dans le cas où les deux parties qui participent à la négociation de clés sont très contraintes en ressources<br>The Internet of Things (IoT) enables billions of embedded computing devices to connect to each other. The smart things cover our everyday friendly devices, such as, thermostats, fridges, ovens, washing machines, and TV sets. It is easy to imagine how bad it would be, if these devices were spying on us and revealing our personal information. It would be even worse if critical IoT applications, for instance, the control system in nuclear reactors, the vehicle safety system or the connected medical devices in health-care, were compromised. To counteract these security threats in the IoT, robust security solutions must be considered. However, IoT devices are limited in terms of memory, computation and energy capacities, in addition to the lack of communication reliability. All these inconvenients make them vulnerable to various attacks, as they become the weakest links of our information system. In this context, we seek for effective security mechanisms in order to establish secure communications between unknown IoT devices, while taking into account the security requirements and the resource constraints of these devices. To do so, we focus on two major challenges, namely, lightweight security protocols in terms of processing and infrastructure and lightweight key establishment mechanisms, as existing solutions are too much resource consuming. To address this first challenge, we first propose ECKSS - a new lightweight signcryption scheme which does not rely on a PKI. This proposal enables to encrypt and sign messages simultaneously while ensuring the confidentiality and unforgeability of the communication channels. In addition, the message exchanges are authenticated without relying on certificates. Moreover, we also propose OEABE which is a delegation-based mechanism for the encryption of the Ciphertext-Policy Attribute-Based Encryption (CP-ABE). CP-ABE is anattribute-based public key encryption scheme that gives users the flexibility to determine who can decrypt their data at runtime. Our solution enables a resource-constrained device to generate rapidly a CP-ABE ciphertext with authorization access rights to its data. This solution is particularly useful as the volume of data issued from IoT devices grows exponentially every year. To solve the second challenge, we first propose two new key distribution modes for the standard key management protocol MIKEY, based on our signcryption scheme ECKSS. These modes inherit the lightness of ECKSS and avoid the use of PKI. The experimental results, conducted in the Openmote sensor platform, have proven the efficiency of our solutions compared with other existing methods of MIKEY. Then, we propose a new key agreement scheme, named AKAPR. In case the two communicating parties are involved in the key negotiation procedure, AKAPR is very suitable in the context of IoT. As such, it can operate even if the two communicating parties are highly resource-constrained
5
Nguyen, Kim Thuat. "Lightweight security protocols for IP-based Wireless Sensor Networks and the Internet of Things." Electronic Thesis or Diss., Evry, Institut national des télécommunications, 2016. http://www.theses.fr/2016TELE0025.
Full textAbstract:
L'Internet des Objets (IdO) permet à des milliards de dispositifs informatiques embarqués de se connecter les uns aux autres. Les objets concernés couvrent la plupart de nos appareils de la vie quotidienne, tels que les thermostats, les réfrigérateurs, les fours, les machines à laver et les téléviseurs. Il est facile d'imaginer l'ampleur du danger, si ces dispositifs venaient à nous espionner et révélaient nos données personnelles. La situation serait encore pire si les applications critiques IdO, par exemple, le système de contrôle des réacteurs nucléaires, le système de sécurité du véhicule ou les dispositifs médicaux, étaient compromis. Afin de garantir la sécurité et lutter contre des menaces de sécurité dans l'IdO, des solutions de sécurité robustes doivent être considérées. Cependant, les appareils pour l’IdO sont limités en mémoire, capacités de calcul et énergie, et disposent de moyens de communication peu fiables, ce qui les rend vulnérables à des attaques variées. Dans ce contexte, nous nous concentrons sur deux défis majeurs, à savoir des protocoles de sécurité légers en termes de calculs et d’infrastructure, et des mécanismes d'établissement de clés légers, les solutions existantes actuellement étant beaucoup trop coûteuses pour les dispositifs IdO. En réponse au premier défi, nous avons, d'une part, proposé ECKSS - un nouveau schéma de signcryption léger qui évite l'utilisation de PKI. Cette proposition permet de chiffrer et signer simultanément des messages en garantissant la confidentialité et la non-falsification du canal de communication. De plus, les échanges de message sont authentifiés sans recourir à des certificats. Par ailleurs, nous avons aussi proposé OEABE qui est un mécanisme de délégation pour le chiffrement à base d’attributs CP-ABE (Ciphertext-Policy Attribute-Based Encryption). CP-ABE est un schéma de chiffrement par attributs qui permet aux utilisateurs de préciser au moment du chiffrement qui pourra déchiffrer leurs données. Notre solution, OEABE, permet à un dispositif contraint en ressources de générer rapidement un chiffré CP-ABE tout en précisant les droits d’accès à ses données. Cette solution est d’autant plus utile que le volume de données générées par les dispositifs IdO est en augmentation exponentielle chaque année. Quant au deuxième défi, nous avons proposé tout d'abord deux modes de distribution de clés pour le protocole standard de gestion de clés MIKEY. Ils s’appuient sur notre schéma de signcryption ECKSS et héritent ainsi de la légèreté d'ECKSS à la fois en termes de calculs et de dispensent d'utilisation de PKI. Les résultats expérimentaux, obtenus à partir d’une plateforme de capteurs Openmote, ont prouvé l'efficacité de nos solutions comparativement aux autres méthodes de MIKEY. Nous avons aussi proposé un schéma d'échange de clés, appelé AKAPR qui est très adapté dans le cas où les deux parties qui participent à la négociation de clés sont très contraintes en ressources<br>The Internet of Things (IoT) enables billions of embedded computing devices to connect to each other. The smart things cover our everyday friendly devices, such as, thermostats, fridges, ovens, washing machines, and TV sets. It is easy to imagine how bad it would be, if these devices were spying on us and revealing our personal information. It would be even worse if critical IoT applications, for instance, the control system in nuclear reactors, the vehicle safety system or the connected medical devices in health-care, were compromised. To counteract these security threats in the IoT, robust security solutions must be considered. However, IoT devices are limited in terms of memory, computation and energy capacities, in addition to the lack of communication reliability. All these inconvenients make them vulnerable to various attacks, as they become the weakest links of our information system. In this context, we seek for effective security mechanisms in order to establish secure communications between unknown IoT devices, while taking into account the security requirements and the resource constraints of these devices. To do so, we focus on two major challenges, namely, lightweight security protocols in terms of processing and infrastructure and lightweight key establishment mechanisms, as existing solutions are too much resource consuming. To address this first challenge, we first propose ECKSS - a new lightweight signcryption scheme which does not rely on a PKI. This proposal enables to encrypt and sign messages simultaneously while ensuring the confidentiality and unforgeability of the communication channels. In addition, the message exchanges are authenticated without relying on certificates. Moreover, we also propose OEABE which is a delegation-based mechanism for the encryption of the Ciphertext-Policy Attribute-Based Encryption (CP-ABE). CP-ABE is anattribute-based public key encryption scheme that gives users the flexibility to determine who can decrypt their data at runtime. Our solution enables a resource-constrained device to generate rapidly a CP-ABE ciphertext with authorization access rights to its data. This solution is particularly useful as the volume of data issued from IoT devices grows exponentially every year. To solve the second challenge, we first propose two new key distribution modes for the standard key management protocol MIKEY, based on our signcryption scheme ECKSS. These modes inherit the lightness of ECKSS and avoid the use of PKI. The experimental results, conducted in the Openmote sensor platform, have proven the efficiency of our solutions compared with other existing methods of MIKEY. Then, we propose a new key agreement scheme, named AKAPR. In case the two communicating parties are involved in the key negotiation procedure, AKAPR is very suitable in the context of IoT. As such, it can operate even if the two communicating parties are highly resource-constrained
6
Suriadi, Suriadi. "Strengthening and formally verifying privacy in identity management systems." Thesis, Queensland University of Technology, 2010. https://eprints.qut.edu.au/39345/1/Suriadi_Suriadi_Thesis.pdf.
Full textAbstract:
In a digital world, users’ Personally Identifiable Information (PII) is normally managed with a system called an Identity Management System (IMS). There are many types of IMSs. There are situations when two or more IMSs need to communicate with each other (such as when a service provider needs to obtain some identity information about a user from a trusted identity provider). There could be interoperability issues when communicating parties use different types of IMS. To facilitate interoperability between different IMSs, an Identity Meta System (IMetS) is normally used. An IMetS can, at least theoretically, join various types of IMSs to make them interoperable and give users the illusion that they are interacting with just one IMS. However, due to the complexity of an IMS, attempting to join various types of IMSs is a technically challenging task, let alone assessing how well an IMetS manages to integrate these IMSs. The first contribution of this thesis is the development of a generic IMS model called the Layered Identity Infrastructure Model (LIIM). Using this model, we develop a set of properties that an ideal IMetS should provide. This idealized form is then used as a benchmark to evaluate existing IMetSs. Different types of IMS provide varying levels of privacy protection support. Unfortunately, as observed by Jøsang et al (2007), there is insufficient privacy protection in many of the existing IMSs. In this thesis, we study and extend a type of privacy enhancing technology known as an Anonymous Credential System (ACS). In particular, we extend the ACS which is built on the cryptographic primitives proposed by Camenisch, Lysyanskaya, and Shoup. We call this system the Camenisch, Lysyanskaya, Shoup - Anonymous Credential System (CLS-ACS). The goal of CLS-ACS is to let users be as anonymous as possible. Unfortunately, CLS-ACS has problems, including (1) the concentration of power to a single entity - known as the Anonymity Revocation Manager (ARM) - who, if malicious, can trivially reveal a user’s PII (resulting in an illegal revocation of the user’s anonymity), and (2) poor performance due to the resource-intensive cryptographic operations required. The second and third contributions of this thesis are the proposal of two protocols that reduce the trust dependencies on the ARM during users’ anonymity revocation. Both protocols distribute trust from the ARM to a set of n referees (n > 1), resulting in a significant reduction of the probability of an anonymity revocation being performed illegally. The first protocol, called the User Centric Anonymity Revocation Protocol (UCARP), allows a user’s anonymity to be revoked in a user-centric manner (that is, the user is aware that his/her anonymity is about to be revoked). The second protocol, called the Anonymity Revocation Protocol with Re-encryption (ARPR), allows a user’s anonymity to be revoked by a service provider in an accountable manner (that is, there is a clear mechanism to determine which entity who can eventually learn - and possibly misuse - the identity of the user). The fourth contribution of this thesis is the proposal of a protocol called the Private Information Escrow bound to Multiple Conditions Protocol (PIEMCP). This protocol is designed to address the performance issue of CLS-ACS by applying the CLS-ACS in a federated single sign-on (FSSO) environment. Our analysis shows that PIEMCP can both reduce the amount of expensive modular exponentiation operations required and lower the risk of illegal revocation of users’ anonymity. Finally, the protocols proposed in this thesis are complex and need to be formally evaluated to ensure that their required security properties are satisfied. In this thesis, we use Coloured Petri nets (CPNs) and its corresponding state space analysis techniques. All of the protocols proposed in this thesis have been formally modeled and verified using these formal techniques. Therefore, the fifth contribution of this thesis is a demonstration of the applicability of CPN and its corresponding analysis techniques in modeling and verifying privacy enhancing protocols. To our knowledge, this is the first time that CPN has been comprehensively applied to model and verify privacy enhancing protocols. From our experience, we also propose several CPN modeling approaches, including complex cryptographic primitives (such as zero-knowledge proof protocol) modeling, attack parameterization, and others. The proposed approaches can be applied to other security protocols, not just privacy enhancing protocols.
7
Arfaoui, Ghada. "Conception de protocoles cryptographiques préservant la vie privée pour les services mobiles sans contact." Thesis, Orléans, 2015. http://www.theses.fr/2015ORLE2013/document.
Full textAbstract:
Avec l'émergence de nouvelles technologies telles que le NFC (Communication à champ proche) et l'accroissement du nombre de plates-formes mobiles, les téléphones mobiles vont devenir de plus en plus indispensables dans notre vie quotidienne. Ce contexte introduit de nouveaux défis en termes de sécurité et de respect de la vie privée. Dans cette thèse, nous nous focalisons sur les problématiques liées au respect de la vie privée dans les services NFC ainsi qu’à la protection des données privées et secrets des applications mobiles dans les environnements d'exécution de confiance (TEE). Nous fournissons deux solutions pour le transport public: une solution utilisant des cartes d'abonnement (m-pass) et une autre à base de tickets électroniques (m-ticketing). Nos solutions préservent la vie privée des utilisateurs tout en respectant les exigences fonctionnelles établies par les opérateurs de transport. À cette fin, nous proposons de nouvelles variantes de signatures de groupe ainsi que la première preuve pratique d’appartenance à un ensemble, à apport nul de connaissance, et qui ne nécessite pas de calculs de couplages du côté du prouveur. Ces améliorations permettent de réduire considérablement le temps d'exécution de ces schémas lorsqu’ils sont implémentés dans des environnements contraints par exemple sur carte à puce. Nous avons développé les protocoles de m-passe et de m-ticketing dans une carte SIM standard : la validation d'un ticket ou d'un m-pass s'effectue en moins de 300ms et ce tout en utilisant des tailles de clés adéquates. Nos solutions fonctionnent également lorsque le mobile est éteint ou lorsque sa batterie est déchargée. Si les applications s'exécutent dans un TEE, nous introduisons un nouveau protocole de migration de données privées, d'un TEE à un autre, qui assure la confidentialité et l'intégrité de ces données. Notre protocole est fondé sur l’utilisation d’un schéma de proxy de rechiffrement ainsi que sur un nouveau modèle d’architecture du TEE. Enfin, nous prouvons formellement la sécurité de nos protocoles soit dans le modèle calculatoire pour les protocoles de m-pass et de ticketing soit dans le modèle symbolique pour le protocole de migration de données entre TEE<br>The increasing number of worldwide mobile platforms and the emergence of new technologies such as the NFC (Near Field Communication) lead to a growing tendency to build a user's life depending on mobile phones. This context brings also new security and privacy challenges. In this thesis, we pay further attention to privacy issues in NFC services as well as the security of the mobile applications private data and credentials namely in Trusted Execution Environments (TEE). We first provide two solutions for public transport use case: an m-pass (transport subscription card) and a m-ticketing validation protocols. Our solutions ensure users' privacy while respecting functional requirements of transport operators. To this end, we propose new variants of group signatures and the first practical set-membership proof that do not require pairing computations at the prover's side. These novelties significantly reduce the execution time of such schemes when implemented in resource constrained environments. We implemented the m-pass and m-ticketing protocols in a standard SIM card: the validation phase occurs in less than 300ms whilst using strong security parameters. Our solutions also work even when the mobile is switched off or the battery is flat. When these applications are implemented in TEE, we introduce a new TEE migration protocol that ensures the privacy and integrity of the TEE credentials and user's private data. We construct our protocol based on a proxy re-encryption scheme and a new TEE model. Finally, we formally prove the security of our protocols using either game-based experiments in the random oracle model or automated model checker of security protocols
8
Bellafqira, Reda. "Chiffrement homomorphe et recherche par le contenu sécurisé de données externalisées et mutualisées : Application à l'imagerie médicale et l'aide au diagnostic." Thesis, Ecole nationale supérieure Mines-Télécom Atlantique Bretagne Pays de la Loire, 2017. http://www.theses.fr/2017IMTA0063.
Full textAbstract:
La mutualisation et l'externalisation de données concernent de nombreux domaines y compris celui de la santé. Au-delà de la réduction des coûts de maintenance, l'intérêt est d'améliorer la prise en charge des patients par le déploiement d'outils d'aide au diagnostic fondés sur la réutilisation des données. Dans un tel environnement, la sécurité des données (confidentialité, intégrité et traçabilité) est un enjeu majeur. C'est dans ce contexte que s'inscrivent ces travaux de thèse. Ils concernent en particulier la sécurisation des techniques de recherche d'images par le contenu (CBIR) et de « machine learning » qui sont au c'ur des systèmes d'aide au diagnostic. Ces techniques permettent de trouver des images semblables à une image requête non encore interprétée. L'objectif est de définir des approches capables d'exploiter des données externalisées et sécurisées, et de permettre à un « cloud » de fournir une aide au diagnostic. Plusieurs mécanismes permettent le traitement de données chiffrées, mais la plupart sont dépendants d'interactions entre différentes entités (l'utilisateur, le cloud voire un tiers de confiance) et doivent être combinés judicieusement de manière à ne pas laisser fuir d'information lors d'un traitement.Au cours de ces trois années de thèse, nous nous sommes dans un premier temps intéressés à la sécurisation à l'aide du chiffrement homomorphe, d'un système de CBIR externalisé sous la contrainte d'aucune interaction entre le fournisseur de service et l'utilisateur. Dans un second temps, nous avons développé une approche de « Machine Learning » sécurisée fondée sur le perceptron multicouches, dont la phase d'apprentissage peut être externalisée de manière sûre, l'enjeu étant d'assurer la convergence de cette dernière. L'ensemble des données et des paramètres du modèle sont chiffrés. Du fait que ces systèmes d'aides doivent exploiter des informations issues de plusieurs sources, chacune externalisant ses données chiffrées sous sa propre clef, nous nous sommes intéressés au problème du partage de données chiffrées. Un problème traité par les schémas de « Proxy Re-Encryption » (PRE). Dans ce contexte, nous avons proposé le premier schéma PRE qui permet à la fois le partage et le traitement des données chiffrées. Nous avons également travaillé sur un schéma de tatouage de données chiffrées pour tracer et vérifier l'intégrité des données dans cet environnement partagé. Le message tatoué dans le chiffré est accessible que l'image soit ou non chiffrée et offre plusieurs services de sécurité fondés sur le tatouage<br>Cloud computing has emerged as a successful paradigm allowing individuals and companies to store and process large amounts of data without a need to purchase and maintain their own networks and computer systems. In healthcare for example, different initiatives aim at sharing medical images and Personal Health Records (PHR) in between health professionals or hospitals with the help of the cloud. In such an environment, data security (confidentiality, integrity and traceability) is a major issue. In this context that these thesis works, it concerns in particular the securing of Content Based Image Retrieval (CBIR) techniques and machine learning (ML) which are at the heart of diagnostic decision support systems. These techniques make it possible to find similar images to an image not yet interpreted. The goal is to define approaches that can exploit secure externalized data and enable a cloud to provide a diagnostic support. Several mechanisms allow the processing of encrypted data, but most are dependent on interactions between different entities (the user, the cloud or a trusted third party) and must be combined judiciously so as to not leak information. During these three years of thesis, we initially focused on securing an outsourced CBIR system under the constraint of no interaction between the users and the service provider (cloud). In a second step, we have developed a secure machine learning approach based on multilayer perceptron (MLP), whose learning phase can be outsourced in a secure way, the challenge being to ensure the convergence of the MLP. All the data and parameters of the model are encrypted using homomorphic encryption. Because these systems need to use information from multiple sources, each of which outsources its encrypted data under its own key, we are interested in the problem of sharing encrypted data. A problem known by the "Proxy Re-Encryption" (PRE) schemes. In this context, we have proposed the first PRE scheme that allows both the sharing and the processing of encrypted data. We also worked on watermarking scheme over encrypted data in order to trace and verify the integrity of data in this shared environment. The embedded message is accessible whether or not the image is encrypted and provides several services
9
Chen, Chun-Hung, and 陳俊宏. "Attribute-Based Proxy Re-Encryption." Thesis, 2012. http://ndltd.ncl.edu.tw/handle/54484495945273108005.
Full textAbstract:
碩士<br>國立中山大學<br>資訊工程學系研究所<br>100<br>Cloud computing has been developed rapidly in recent years, and offers novel concepts
and innovations in computer use. One application of cloud computing is that
people can designate a proxy to help them to execute a number of tasks in certain
situations instead of undertaking all tasks themselves. With this application,
people can benefit from the proxy; however, some information is revealed to the
proxy, such as their activities, and private data. That is, the proxy is aware of the
actions of people through delegation processes, and proxy re-encryption which is
a cryptographic primitive has been proposed to solve this problem. In the proxy
re-encryption system, when a user (e.g., Alice) wants to send a ciphertext that is
encrypted by her secret key and stored in the cloud to another user (e.g., Bob), she
can designate a proxy to transform the ciphertext into a different ciphertext that can
be decrypted by Bob’s private key. Based on attribute-based encryption and proxy
re-encryption, we propose attribute-based proxy re-encryption with bilinear pairing.
Furthermore, in the proposed scheme, third paries cannot decrypt the ciphertext if
they do no have matching attributes, regardless of being helped by proxy. Finally,
we offer security proofs to demonstrate that the proposed scheme satisfies the essential
requirements of attribute-based encryption schemes and proxy re-encryption
schemes.
10
Chiu, Yun-Peng, and 邱允鵬. "Efficient Secure Multicast Schemes Using Proxy Re-Encryption." Thesis, 2011. http://ndltd.ncl.edu.tw/handle/26207264674691747325.
Full textAbstract:
博士<br>國立臺灣大學<br>電機工程學研究所<br>99<br>The goal of a secure multicast communication environment is to ensure that only valid members belonging to the multicast group can decrypt data. To build a practical and secure multicast architecture, we focus on scalability and containment issues. Scalability means that the processing overhead of each security operation should be minimized in terms of the number of group members. Containment means that a security breach that occurs in one subgroup does not affect other subgroups.
In this dissertation, we propose novel secure multicast schemes by exploiting a cryptographic primitive, "proxy re-encryption." Proxy re-encryption allows intermediate routers to convert the ciphertext encrypted with one key to ciphertext encrypted with another key, without revealing the private key or the plaintext. Two schemes are proposed in this dissertation to solve the multicast security problem. The first one focuses on eliminating the key management center. Without the key management center, which is usually a single entity, this scheme also eliminates the
single point of failure. It exploits the Elgamal encryption algorithm and proposes a distributed protocol for key composition. The key composition is a process that the sender and routers agree on encryption keys collaboratively. The second scheme focuses on providing containment, and tries to minimize the impact of rekeying
events. Successful containment provides better security, and also improves scalability. The second scheme is not limited to one specific cryptographic scheme. Hence,
operators have the freedom to choose proper schemes. This property enhances the survivability of the whole system.
We also compare several related schemes, and discuss some security problems that we identified in them. Existing schemes that use similar techniques only use asymmetric-key algorithms, but the computational costs of the algorithms mean that the schemes are infeasible in practice. However, symmetric-key schemes can not afford several properties that can be achieved by asymmetric-key schemes. Our
schemes combine asymmetric-key and symmetric-key algorithms, so they are practical for real-world applications.
Books on the topic "Proxy Re-Encryption"
1
Conditional Identity Broadcast based Proxy Re-Encryption Technique for Data Encryption in Cloud. ASDF International, 2017.
Find full textBook chapters on the topic "Proxy Re-Encryption"
1
Weng, Jian, and Junzuo Lai. "Proxy Re-encryption." In Encyclopedia of Cryptography, Security and Privacy. Springer Berlin Heidelberg, 2021. http://dx.doi.org/10.1007/978-3-642-27739-9_1453-1.
Full text
2
Canard, Sébastien, and Julien Devigne. "Combined Proxy Re-encryption." In Information Security and Cryptology -- ICISC 2013. Springer International Publishing, 2014. http://dx.doi.org/10.1007/978-3-319-12160-4_4.
Full text
3
Döttling, Nico, and Ryo Nishimaki. "Universal Proxy Re-Encryption." In Public-Key Cryptography – PKC 2021. Springer International Publishing, 2021. http://dx.doi.org/10.1007/978-3-030-75245-3_19.
Full text
4
Guo, Hui, Zhenfeng Zhang, and Jiang Zhang. "Proxy Re-encryption with Unforgeable Re-encryption Keys." In Cryptology and Network Security. Springer International Publishing, 2014. http://dx.doi.org/10.1007/978-3-319-12280-9_2.
Full text
5
Fuchsbauer, Georg, Chethan Kamath, Karen Klein, and Krzysztof Pietrzak. "Adaptively Secure Proxy Re-encryption." In Public-Key Cryptography – PKC 2019. Springer International Publishing, 2019. http://dx.doi.org/10.1007/978-3-030-17259-6_11.
Full text
6
Chu, Cheng-Kang, Jian Weng, Sherman S. M. Chow, Jianying Zhou, and Robert H. Deng. "Conditional Proxy Broadcast Re-Encryption." In Information Security and Privacy. Springer Berlin Heidelberg, 2009. http://dx.doi.org/10.1007/978-3-642-02620-1_23.
Full text
7
Green, Matthew, and Giuseppe Ateniese. "Identity-Based Proxy Re-encryption." In Applied Cryptography and Network Security. Springer Berlin Heidelberg, 2007. http://dx.doi.org/10.1007/978-3-540-72738-5_19.
Full text
8
Kirshanova, Elena. "Proxy Re-encryption from Lattices." In Public-Key Cryptography – PKC 2014. Springer Berlin Heidelberg, 2014. http://dx.doi.org/10.1007/978-3-642-54631-0_5.
Full text
9
Ateniese, Giuseppe, Karyn Benson, and Susan Hohenberger. "Key-Private Proxy Re-encryption." In Topics in Cryptology – CT-RSA 2009. Springer Berlin Heidelberg, 2009. http://dx.doi.org/10.1007/978-3-642-00862-7_19.
Full text
10
Chow, Sherman S. M., Jian Weng, Yanjiang Yang, and Robert H. Deng. "Efficient Unidirectional Proxy Re-Encryption." In Progress in Cryptology – AFRICACRYPT 2010. Springer Berlin Heidelberg, 2010. http://dx.doi.org/10.1007/978-3-642-12678-9_19.
Full textConference papers on the topic "Proxy Re-Encryption"
1
Zhong, WeiDong, Xu An Wang, Ziqing Wang, and Yi Ding. "Proxy Re-encryption with Keyword Search from Anonymous Conditional Proxy Re-encryption." In 2011 Seventh International Conference on Computational Intelligence and Security (CIS). IEEE, 2011. http://dx.doi.org/10.1109/cis.2011.217.
Full text
2
Bellafqira, Reda, Gouenou Coatrieux, Dalel Bouslimi, Gwénolé Quellec, and Michel Cozic. "Proxy Re-Encryption Based on Homomorphic Encryption." In ACSAC 2017: 2017 Annual Computer Security Applications Conference. ACM, 2017. http://dx.doi.org/10.1145/3134600.3134616.
Full text
3
Xu, Peng, Jun Xu, Wei Wang, Hai Jin, Willy Susilo, and Deqing Zou. "Generally Hybrid Proxy Re-Encryption." In ASIA CCS '16: ACM Asia Conference on Computer and Communications Security. ACM, 2016. http://dx.doi.org/10.1145/2897845.2897923.
Full text
4
Wang, Xu An, Ziqing Wang, Yi Ding, and Shujun Bai. "K-times Proxy Re-encryption." In 2011 Seventh International Conference on Computational Intelligence and Security (CIS). IEEE, 2011. http://dx.doi.org/10.1109/cis.2011.213.
Full text
5
Wang, Xu an, and Xiaoyuan Yang. "On DDos Attack against Proxy in Proxy Re-encryption and Proxy Re-signature." In 2009 Ninth IEEE International Conference on Computer and Information Technology. IEEE, 2009. http://dx.doi.org/10.1109/cit.2009.31.
Full text
6
He, Yi-Jun, Tat Wing Chim, Lucas Chi Kwong Hui, and Siu-Ming Yiu. "Non-Transferable Proxy Re-Encryption Scheme." In 2012 5th International Conference on New Technologies, Mobility and Security (NTMS). IEEE, 2012. http://dx.doi.org/10.1109/ntms.2012.6208714.
Full text
7
Mo, Lequn, and Guoxiang Yao. "Multi-Use Conditional Proxy Re-encryption." In 2013 International Conference on Information Science and Cloud Computing Companion (ISCC-C). IEEE, 2013. http://dx.doi.org/10.1109/iscc-c.2013.90.
Full text
8
Thangam, V., and K. Chandrasekaran. "Elliptic Curve Based Proxy Re-Encryption." In the Second International Conference. ACM Press, 2016. http://dx.doi.org/10.1145/2905055.2905337.
Full text
9
Srinivasan, Akshayaram, and C. Pandu Rangan. "Certificateless Proxy Re-Encryption Without Pairing." In ASIA CCS '15: 10th ACM Symposium on Information, Computer and Communications Security. ACM, 2015. http://dx.doi.org/10.1145/2732516.2732519.
Full text
10
Shao, Jun, Guiyi Wei, Yun Ling, and Mande Xie. "Identity-Based Conditional Proxy Re-Encryption." In ICC 2011 - 2011 IEEE International Conference on Communications. IEEE, 2011. http://dx.doi.org/10.1109/icc.2011.5962419.
Full text