skip to main content
10.1145/2714576.2714632acmconferencesArticle/Chapter ViewAbstractPublication Pagesasia-ccsConference Proceedingsconference-collections
research-article

Asymmetric Cross-cryptosystem Re-encryption Applicable to Efficient and Secure Mobile Access to Outsourced Data

Published: 14 April 2015 Publication History

Abstract

With the increasing development of pervasive computing and wireless bandwidth communication, more mobile devices are used to access sensitive data stored in remote servers. In such applications, a practical issue emerges such as how to exploit the sufficient resource of a server so that the file owners can enforce fine-grained access control over the remotely stored files, while enable resource-limited mobile devices to easily access the protected data, especially if the storage server maintained by a third party is untrusted. This challenge mainly arises from the asymmetric capacity among the participants, i.e., the capacity limited mobile devices and the resource abundant server (and file owners equipped with fixed computers). To meet the security requirements in mobile access to sensitive data, we propose a new encryption paradigm, referred to as asymmetric cross-cryptosystem re-encryption (ACCRE) by leveraging the asymmetric capacity of the participants. In ACCRE, relatively light-weight identity-based encryption (IBE) is deployed in mobile devices, while resource-consuming but versatile identity-based broadcast encryption (IBBE) is deployed in servers and fixed computers of the file owners. The core of ACCRE is a novel ciphertext conversion mechanism that allows an authorized proxy to convert a complicated IBBE ciphertext into a simple IBE ciphertext affordable to mobile devices, without leaking any sensitive information to the proxy. Following this paradigm, we propose an efficient ACCRE scheme with its security formally reduced to the security of the underlying IBE and IBBE schemes. Thorough theoretical analyses and extensive experiments confirm that the scheme takes very small cost for mobile devices to access encrypted data and is practical to secure mobile computing applications.

References

[1]
G. Ateniese, K. Fu, M. Green, and S. Hohenberger. Improved proxy re-encryption schemes with applications to secure distributed storage. Information and System Security (TISSEC), ACM Transactions on, 9(1):1--30, 2006.
[2]
M. Blaze, G. Bleumer, and M. Strauss. Divertible protocols and atomic proxy cryptography. In EUROCRYPT 1998, pages 127--144. Springer, 1998.
[3]
D. Boneh and X. Boyen. Efficient selective-id secure identity-based encryption without random oracles. In EUROCRYPT 2004, pages 223--238. Springer, 2004.
[4]
D. Boneh and M. Franklin. Identity-based encryption from the weil pairing. In CRYPTO 2001, pages 213--229. Springer, 2001.
[5]
R. Canetti and S. Hohenberger. Chosen-ciphertext secure proxy re-encryption. In ACM CCS 2007, pages 185--194. ACM, 2007.
[6]
S. S. M. Chow, J. K. Liu, and J. Zhou. Identity-based online/offline key encapsulation and encryption. In ASIACCS 2011, pages 52--60. ACM, 2011.
[7]
C. Chu, J. K. Liu, J. Zhou, F. Bao, and R. H. Deng. Practical id-based encryption for wireless sensor network. In ASIACCS 2010, pages 337--340. ACM, 2010.
[8]
C. K. Chu, S. S. M. Chow, W. G. Tzeng, J. Zhou, and R. H. Deng. Key-aggregate cryptosystem for scalable data sharing in cloud storage. Parallel and Distributed Systems, IEEE Transactions on, 25(2):468--477, 2014.
[9]
C. K. Chu and W. G. Tzeng. Identity-based proxy re-encryption without random oracles. In ISC 2007, pages 189--202. Springer, 2007.
[10]
C. Delerablée. Identity-based broadcast encryption with constant size ciphertexts and private keys. In ASIACRYPT 2007, pages 200--215. Springer, 2007.
[11]
H. Deng, Q. Wu, B. Qin, S. S. M. Chow, J. Domingo-Ferrer, and W. Shi. Tracing and revoking leaked credentials: accountability in leaking sensitive outsourced data. In ASIACCS, pages 425--434. ACM, 2014.
[12]
H. Deng, Q. Wu, B. Qin, J. Domingo-Ferrer, L. Zhang, J. Liu, and W. Shi. Ciphertext-policy hierarchical attribute-based encryption with short ciphertexts. Information Sciences, 275:370--384, 2014.
[13]
H. Deng, Q. Wu, B. Qin, J. Mao, X. Liu, L. Zhang, and W. Shi. Who is touching my cloud. In ESORICS 2014, volume 8712 of Lecture Notes in Computer Science, pages 362--379. Springer, 2014.
[14]
M. Green and G. Ateniese. Identity-based proxy re-encryption. In ACNS 2007, pages 288--306. Springer, 2007.
[15]
M. Green, S. Hohenberger, and B. Waters. Outsourcing the decryption of abe ciphertexts. In USENIX Security Symposium 2011. 2011, 3.
[16]
J. S. Hwu, R. J. Chen, and Y. B. Lin. An efficient identity-based cryptosystem for end-to-end mobile security. Wireless Communications, IEEE Transactions on, 5(9):2586--2593, 2006.
[17]
A. Ivan and Y. Dodis. Proxy cryptography revisited. In NDSS 2003. 2003.
[18]
Y. Kawai and K. Takashima. Fully-anonymous functional proxy-re-encryption. Cryptology ePrint Archive, Report 2013/318, 2013.
[19]
B. Lee. Unified public key infrastructure supporting both certificate-based and id-based cryptography. In ARES 2010, pages 54--61. IEEE, 2010.
[20]
M. Li, S. Yu, Y. Zheng, K. Ren, and W. Lou. Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption. Parallel and Distributed Systems, IEEE Transactions on, 24(1):131--143, 2013.
[21]
K. Liang, M. H. Au, J. K. Liu, W. Susilo, D. S. Wong, G. Yang, T. V. X. Phuong, and Q. Xie. A DFA-Based Functional Proxy Re-Encryption Scheme for Secure Public Cloud Data Sharing. IEEE Transactions on Information Forensics and Security, 9 10):1667--1680, 2014.
[22]
K. Liang, M. H. Au, J. K. Liu, W. Susilo, D. S. Wong, G. Yang, Y. Yu, and A. Yang. A secure and efficient ciphertext-policy attribute-based proxy re-encryption for cloud data sharing. Future Generation Computer Systems, 2015. To Appear.
[23]
K. Liang, J. K. Liu, D. S. Wong, and W. Susilo. An efficient cloud-based revocable identity-based proxy re-encryption scheme for public clouds data sharing. In ESORICS 2014, volume 8712 of Lecture Notes in Computer Science, pages 257--272. Springer, 2014.
[24]
X. Liang, Z. Cao, H. Lin, and J. Shao. Attribute based proxy re-encryption with delegating capabilities. In ASIACCS 2009, pages 276--286. ACM, 2009.
[25]
B. Libert and D. Vergnaud. Unidirectional chosen-ciphertext secure proxy re-encryption. In PKC 2008, pages 360--379. Springer, 2008.
[26]
J. K. Liu and J. Zhou. An efficient identity-based online/offline encryption scheme. In ACNS 2009, volume 5536 of Lecture Notes in Computer Science, pages 156--167, 2009.
[27]
W. Liu, J. Liu, Q. Wu, and B. Qin. Hierarchical identity-based broadcast encryption. In ACISP 2014, volume 8544 of Lecture Notes in Computer Science, pages 242--257. Springer, 2014.
[28]
W. Liu, J. Liu, Q. Wu, B. Qin, and Y. Zhou. Practical direct chosen ciphertext secure key-policy attribute-based encryption with public ciphertext test. In ESORICS 2014, volume 8713 of Lecture Notes in Computer Science, pages 91--108. Springer, 2014.
[29]
S. Luo, J. Hu, and Z. Chen. Ciphertext policy attribute-based proxy re-encryption. In ICICS 2010, pages 401--415. Springer, 2010.
[30]
T. Matsuda, R. Nishimaki, and K. Tanaka. Cca proxy re-encryption without bilinear maps in the standard model. In PKC 2010, pages 261--278. Springer, 2010.
[31]
T. Matsuo. Proxy re-encryption systems for identity-based encryption. In Pairing 2007, pages 247--267. Springer, 2007.
[32]
Pavlović and Miklavčič. Web-based electronic data collection system to support electrochemotherapy clinical trial. Information Technology in Biomedicine, IEEE Transactions on, 11(2):222--230, 2007.
[33]
A. Sahai, H. Seyalioglu, and B. Waters. Dynamic credentials and ciphertext delegation for attribute-based encryption. In CRYPTO 2012, pages 199--217. Springer, 2012.
[34]
J. Shao. Anonymous id-based proxy re-encryption. In ACISP 2012, pages 364--375. Springer, 2012.
[35]
C. C. Tan, H. Wang, S. Zhong, and Q. Li. Ibe-lite: a lightweight identity-based cryptography for body sensor networks. Information Technology in Biomedicine, IEEE Transactions on, 13(6):926--932, 2009.
[36]
Y. Wang, Q. Wu, D. S. Wong, B. Qin, S. S. M. Chow, Z. Liu, and X. Tan. Securely outsourcing exponentiations with single untrusted program for cloud storage. In ESORICS 2014, pages 326--343. Springer, 2014.
[37]
J. Weng, Y. Zhao, and G. Hanaoka. On the security of a bidirectional proxy re-encryption scheme from pkc 2010. In PKC 2011, pages 284--295. Springer, 2011.
[38]
P. Zhang, C. Lin, Y. Jiang, Y. Fan, and X. Shen. A lightweight encryption scheme for network-coded mobile ad hoc networks. Parallel and Distributed Systems, IEEE Transactions on, 25(9):2211--2221, 2014.

Cited By

View all
  • (2022)Broadcast Encryption Scheme for V2I Communication in VANETsIEEE Transactions on Vehicular Technology10.1109/TVT.2021.311366071:3(2749-2760)Online publication date: Mar-2022
  • (2022)Cryptographic Solutions for Cloud Storage: Challenges and Research OpportunitiesIEEE Transactions on Services Computing10.1109/TSC.2019.293776415:1(567-587)Online publication date: 1-Jan-2022
  • (2022)A new secure and searchable data outsourcing leveraging a Bucket-Chain index treeJournal of Information Security and Applications10.1016/j.jisa.2022.10320667(103206)Online publication date: Jun-2022
  • Show More Cited By

Index Terms

  1. Asymmetric Cross-cryptosystem Re-encryption Applicable to Efficient and Secure Mobile Access to Outsourced Data

        Recommendations

        Comments

        Information & Contributors

        Information

        Published In

        cover image ACM Conferences
        ASIA CCS '15: Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security
        April 2015
        698 pages
        ISBN:9781450332453
        DOI:10.1145/2714576
        Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

        Sponsors

        Publisher

        Association for Computing Machinery

        New York, NY, United States

        Publication History

        Published: 14 April 2015

        Permissions

        Request permissions for this article.

        Check for updates

        Author Tags

        1. data security
        2. identity-based broadcast encryption
        3. identity-based encryption
        4. proxy re-encryption

        Qualifiers

        • Research-article

        Funding Sources

        • Beijing Natural Science Foundation
        • Natural Science Foundation of China
        • National Key Basic Re- search Program

        Conference

        ASIA CCS '15
        Sponsor:
        ASIA CCS '15: 10th ACM Symposium on Information, Computer and Communications Security
        April 14 - March 17, 2015
        Singapore, Republic of Singapore

        Acceptance Rates

        Overall Acceptance Rate 160 of 921 submissions, 17%

        Contributors

        Other Metrics

        Bibliometrics & Citations

        Bibliometrics

        Article Metrics

        • Downloads (Last 12 months)7
        • Downloads (Last 6 weeks)1
        Reflects downloads up to 15 Feb 2025

        Other Metrics

        Citations

        Cited By

        View all
        • (2022)Broadcast Encryption Scheme for V2I Communication in VANETsIEEE Transactions on Vehicular Technology10.1109/TVT.2021.311366071:3(2749-2760)Online publication date: Mar-2022
        • (2022)Cryptographic Solutions for Cloud Storage: Challenges and Research OpportunitiesIEEE Transactions on Services Computing10.1109/TSC.2019.293776415:1(567-587)Online publication date: 1-Jan-2022
        • (2022)A new secure and searchable data outsourcing leveraging a Bucket-Chain index treeJournal of Information Security and Applications10.1016/j.jisa.2022.10320667(103206)Online publication date: Jun-2022
        • (2020)Identity-Based Encryption Transformation for Flexible Sharing of Encrypted Data in Public CloudIEEE Transactions on Information Forensics and Security10.1109/TIFS.2020.298553215(3168-3180)Online publication date: 2020
        • (2018)Data Service Outsourcing and Privacy Protection in Mobile InternetData Service Outsourcing and Privacy Protection in Mobile Internet10.5772/intechopen.79903Online publication date: 7-Nov-2018
        • (2018)Achieving Flexibility for ABE with Outsourcing via Proxy Re-EncryptionProceedings of the 2018 on Asia Conference on Computer and Communications Security10.1145/3196494.3196557(659-672)Online publication date: 29-May-2018
        • (2017)A Taxonomy and Qualitative Comparison of Program Analysis Techniques for Security Assessment of Android SoftwareIEEE Transactions on Software Engineering10.1109/TSE.2016.261530743:6(492-530)Online publication date: 1-Jun-2017
        • (2016)Biometrie data emulation and encryption for sport wearable devices (A case study)2016 Annual IEEE Systems Conference (SysCon)10.1109/SYSCON.2016.7490577(1-6)Online publication date: Apr-2016
        • (2016)Reporting personal and corporate data for secure storage in cloud2016 IEEE International Conference on Cybercrime and Computer Forensic (ICCCF)10.1109/ICCCF.2016.7740436(1-7)Online publication date: Jun-2016
        • (2016)Sport wearable biometric data encrypted emulation and storage in cloud2016 IEEE Canadian Conference on Electrical and Computer Engineering (CCECE)10.1109/CCECE.2016.7726819(1-4)Online publication date: May-2016
        • Show More Cited By

        View Options

        Login options

        View options

        PDF

        View or Download as a PDF file.

        PDF

        eReader

        View online with eReader.

        eReader

        Figures

        Tables

        Media

        Share

        Share

        Share this Publication link

        Share on social media