In this paper,we show how to use the dual techniques in the subgroups to give a secure identity-based broadcast encryption(IBBE) scheme with constant-size ciphertexts. Our scheme achieves the full security(adaptive se...In this paper,we show how to use the dual techniques in the subgroups to give a secure identity-based broadcast encryption(IBBE) scheme with constant-size ciphertexts. Our scheme achieves the full security(adaptive security) under three static(i.e. non q-based) assumptions. It is worth noting that only recently Waters gives a short ciphertext broadcast encryption system that is even adaptively secure under the simple assumptions. One feature of our methodology is that it is relatively simple to leverage our techniques to get adaptive security.展开更多
This paper introduced a novel method for implementing broadcast encryption. Our scheme takes advantages of bilinear map and group characteristic, and shifts most of the storage overhead to the public device instead of...This paper introduced a novel method for implementing broadcast encryption. Our scheme takes advantages of bilinear map and group characteristic, and shifts most of the storage overhead to the public device instead of storing in the tamper-proof device which is a major problem on current implementation. Furthermore, the broadcast keys in our scheme could be reused periodically resulting in more operational efficiency.展开更多
VANET security is an evolving topic in mobile networks, as providing a secure layer of communications in such a dynamic and fast network is a challenge. The work presented in this article was conducted in order to ver...VANET security is an evolving topic in mobile networks, as providing a secure layer of communications in such a dynamic and fast network is a challenge. The work presented in this article was conducted in order to verify and evaluate the feasibility of applying group broadcast cryptography to the VANET environment, as an attempt to gain performance by decreasing the number of messages in the wireless network. Group broadcast is a symmetric/asymmetric hybrid cryptography method, aiming to merge the best of the two approaches without their major drawbacks. Simulations were set-up and run using the ONE simulator, comparing the usage of the three different cryptography approaches for VANETs. Results consider the number of connections, the number messages and the number of revocation messages per day. The resulting data promises that group broadcast encryption can be used to simplify the encrypting phase, reduce required storage and significantly decrease the number of messages in the network.展开更多
Three broadcast schemes for small receiver set using the property of RSA modulus are presented. They can solve the problem of data redundancy when the size of receiver set is small. In the proposed schemes, the center...Three broadcast schemes for small receiver set using the property of RSA modulus are presented. They can solve the problem of data redundancy when the size of receiver set is small. In the proposed schemes, the center uses one key to encrypt the message and can revoke authorization conveniently. Every authorized user only needs to store one decryption key of a constant size. Among these three schemes, the first one has indistinguishability against adaptive chosen ciphertext attack (IND-CCA2) secure, and any collusion of authorized users cannot produce a new decryption key but the sizes of encryption modulus and ciphertext are linear in the number of receivers. In the second scheme, the size of ciphertext is half of the first one and any two authorized users can produce a new decryption key, but the center can identify them using the traitor tracing algorithm. The third one is the most efficient but the center cannot identify the traitors exactly.展开更多
Currently, there still lacks an efficient methodology to revoke user's ability to decrypt ciphertext in broadcast encryption with the uncertain number of ciphertext recipients. To solve this problem, here, we present...Currently, there still lacks an efficient methodology to revoke user's ability to decrypt ciphertext in broadcast encryption with the uncertain number of ciphertext recipients. To solve this problem, here, we present a dynamic broadcast encryption scheme with the following properties: First, the length of the ciphertext has a linear relationship with the number of revocable users, but it has no association with the total number of ciphertext recipients. Sec- ond, the scheme also works when users dynamically join. Espe- cially, compared with methods published up to date, our scheme is more efficient with a large number of ciphertext recipients. Third, the broadcaster can revoke user's ability to decrypt ciphertext if necessary. Fourth, the private key of users is composed of three elements in Elliptic curve group of prime order. Last, if q-Deci- sional Multi-Exponent Bilinear Diffie-Hellman assumption holds, our scheme is secure in the standard model when a polynomial time adversary selectively attacks it.展开更多
This paper describes two identity-based broadcast encryption (IBBE) schemes for mobile ad hoc networks. The first scheme proposed achieves sub-linear size cipertexts and the second scheme achieves O(1)- size ciphe...This paper describes two identity-based broadcast encryption (IBBE) schemes for mobile ad hoc networks. The first scheme proposed achieves sub-linear size cipertexts and the second scheme achieves O(1)- size ciphertexts. Furthermore, when the public keys are transmitted, the two schemes have short transmissions and achieve O(1) user storage cost, which are important for a mobile ad hoc network. Finally, the proposed schemes are provable security under the decision generalized bilinear Diffi-Hellman (GBDH) assumption in the random oracles model.展开更多
In Crypto'05, Boneh et al. presented two broadcast encryption schemes. Their work has exciting achievements: the header (also called ciphertexts) and the private keys are of constant size. In their paper, they giv...In Crypto'05, Boneh et al. presented two broadcast encryption schemes. Their work has exciting achievements: the header (also called ciphertexts) and the private keys are of constant size. In their paper, they give an open question to construct a traitor tracing algorithm for their broadcast encryption schemes, and combine the two systems to obtain an efficient trace-and-revoke system. In this paper, we give a negative answer to their open question. More precisely, we show that three or more insider users are able to collude to forge a valid private key for pirate decoding against their schemes. Moreover, we prove that there exists no traitor tracing algorithm to identify the colluders. Our pirate decoding can also similarly be applied to Lee et al.'s broadcast encryption schemes in ISPEC'06.展开更多
To give concurrent consideration both the efficiency and the security(intensity of intractable problem) in the standard model,a chosen ciphertext secure identity-based broadcast encryption is proposed.Against the chos...To give concurrent consideration both the efficiency and the security(intensity of intractable problem) in the standard model,a chosen ciphertext secure identity-based broadcast encryption is proposed.Against the chosen ciphertext security model,by using identity(ID) sequence and adding additional information in ciphertext,the self-adaptive chosen identity security(the full security) and the chosen ciphertext security are gained simultaneously.The reduction of scheme's security is the decisional bilinear Diffie-Hellman(BDH) intractable assumption,and the proof of security shows that the proposed scheme is indistinguishable against adaptive chosen ciphertext attacks in the standard model under the decisional BDH intractable assumption.So the security level is improved,and it is suitable for higher security environment.展开更多
In this paper, a new broadcast encryption scheme is proposed by using the efficient and computationally inexpensive public key cryptosystem NTRU (number theory research unit). In our scheme, we use the idea of RSA a...In this paper, a new broadcast encryption scheme is proposed by using the efficient and computationally inexpensive public key cryptosystem NTRU (number theory research unit). In our scheme, we use the idea of RSA and develop this idea from two-party to multi-party, and combine this multi-party public key idea with the multiplication in ring R of NTRU. What we get from this design is extremely efficient encryption and decryption, fast and easy key creation, low memory requirements and revocation property, etc. Moreover, this novel work contains other desirable features, such as traitor tracing. With its complexity only O(log2n), the tracing algorithm of this system is more efficient than that of the previous ones.展开更多
Attribute-based broadcast encryption(ABBE) under continual auxiliary leakage-resilient(CALR) model can enhance the security of the shared data in broadcasting system since CALR model brings the possibility of new leak...Attribute-based broadcast encryption(ABBE) under continual auxiliary leakage-resilient(CALR) model can enhance the security of the shared data in broadcasting system since CALR model brings the possibility of new leakage-resilient(LR) guarantees. However, there are many shortcomings in the existing works, such as relying on the strong assumptions, low computational efficiency and large size of ciphertexts, etc. How to solve the trade-off between security and efficiency is a challenging problem at present. To solve these problems, this paper gives an ABBE scheme resisting continual auxiliary leakage(CAL) attack. ABBE scheme achieves constant size ciphertexts, and the computational complexity of decryption only depends on the number of receivers instead of the maximum number of receivers of the system. Additionally, it achieves adaptive security in the standard model where the security is reduced to the general subgroup decision(GSD) assumptions(or called static assumptions in the subgroup). Furthermore, it can tolerate leakage on the master secret key and private key with continual auxiliary inputs. Performance analysis shows that the proposed scheme is more efficient and practical than the available schemes.展开更多
Hierarchical Identity-Based Broadcast Encryption (HIBBE) organizes users into a tree-like structure, and it allows users to delegate their decryption ability to subordinates and enable encryption to any subset of us...Hierarchical Identity-Based Broadcast Encryption (HIBBE) organizes users into a tree-like structure, and it allows users to delegate their decryption ability to subordinates and enable encryption to any subset of users while only intended users can decrypt. However, current HIBBE schemes do not support efficient revocation of private keys. Here, a new primitive called Revocable Hierarchical Identity-Based Broadcast Encryption (RHIBBE) is formalized that allows revocation of the HIBBE. Ciphertext indistinguishability is defined against the selectively Bounded Revocable Identity-Vector-Set and Chosen-Plaintext Attack (IND-sBRIVS-CPA). An IND-sBRIVS-CPA secure RHIBBE scheme is constructed with efficient revocation on prime-order bilinear groups. The unbounded version of the scheme is also shown to be secure but a little weaker than the former under the decisional n-Weak Bilinear Diffie-Hellman inversion assumption.展开更多
Traceability precept is a broadcast encryption technique that content suppliers can trace malicious authorized users who leak the decryption key to an unauthorized user. To protect the data from eavesdropping, the con...Traceability precept is a broadcast encryption technique that content suppliers can trace malicious authorized users who leak the decryption key to an unauthorized user. To protect the data from eavesdropping, the content supplier encrypts the data and broadcast the cryptograph that only its subscribers can decrypt. However, a traitor may clone his decoder and sell the pirate decoders for profits. The traitor can modify the private key and the decryption program inside the pirate decoder to avoid divulging his identity. Furthermore, some traitors may fabricate a new legal private key together that cannot be traced to the creators. So in this paper, a renewed precept is proposed to achieve both revocation at a different level of capacity in each distribution and black-box tracing against self-protective pirate decoders. The rigorous mathematical deduction shows that our algorithm possess security property.展开更多
In order to tolerate possible leakage of secret keys, leakage-resilient cryptosystem models a class of attractive leakage output by allowing an adversary to provide any computable leakage function and learning the par...In order to tolerate possible leakage of secret keys, leakage-resilient cryptosystem models a class of attractive leakage output by allowing an adversary to provide any computable leakage function and learning the partial keys or other possible intemal states from the output of function. In this work, we present an adaptively secure broadcast encryption resilient to key continual leakage in the standard model. Our scheme provides the tolerance of continual leakage, in which any user can generate multiple private keys per user by periodically updating the key. We use the dual system encryption mechanism to implement the leakage resilience and adaptive security, and intrinsically set an algorithm to refresh a key and produce a same distributed new key. We also give the evaluation of the leakage bound and leakage fraction, and the simulations show that our scheme can tolerate about 71% leakage fraction with 3.34× 10^-52 failure probability in standard 80-bit security level when we adjust the leakage factor to allow the private key to be 100 Kb.展开更多
Many previous broadcast encryption schemes can only guarantee confidentiality but cannot verify integrity and authenticity for broadcast messages. In this paper, a broadcast signcryption protocol for ad hoc networks i...Many previous broadcast encryption schemes can only guarantee confidentiality but cannot verify integrity and authenticity for broadcast messages. In this paper, a broadcast signcryption protocol for ad hoc networks is proposed based on cluster-based structure. The proposed protocol not only guarantees confidentiality but also verifies integrity and authenticity for broadcast messages. More importantly, the proposed scheme enables the cluster head to robustly add or remove any cluster member without changing secret key of other cluster members. Moreover, the proposed protocol avoids massive message exchange for key setup among cluster members. The analysis of security and performance shows that the proposed protocol is secure, efficient, and more practical protocol for ad hoc networks.展开更多
The online social networks(OSNs) offer attractive means for social interactions and data sharing, as well as raise a number of security and privacy issues. Although current solutions propose to encrypt data before s...The online social networks(OSNs) offer attractive means for social interactions and data sharing, as well as raise a number of security and privacy issues. Although current solutions propose to encrypt data before sharing, the access control of encrypted data has become a challenging task. Moreover, multiple owners may enforce different access policy to the same data because of their different privacy concerns. A digital rights management(DRM) scheme is proposed for encrypted data in OSNs. In order to protect users' sensitive data, the scheme allows users outsource encrypted data to the OSNs service provider for sharing and customize the access policy of their data based on ciphertext-policy attribute-based encryption. Furthermore, the scheme presents a multiparty access control model based on identity-based broadcast encryption and ciphertext-policy attribute-based proxy re-encryption, which enables multiple owners, such as tagged users who appear in a single data, customize the access policy collaboratively, and also allows the disseminators update the access policy if their attributes satisfy the existing access policy. Security analysis and comparison indicate that the proposed scheme is secure and efficient.展开更多
In this paper we introduce an architecture for a multi-key pirate decoder which employs decryption keys from multiple traitors. The decoder has built-in monitoring and self protection functionalities and is capable of...In this paper we introduce an architecture for a multi-key pirate decoder which employs decryption keys from multiple traitors. The decoder has built-in monitoring and self protection functionalities and is capable of defeating most multiple-round based traitor tracing schemes such as the schemes based on the black-box confirmation method. In particular, the proposed pirate decoder is customized to defeat the private key and the public key fully collusion resistant traitor tracing (FTT) schemes, respectively. We show how the decoder prolongs a trace process so that the tracer has to give up his effort. FTT schemes are designed to identify all the traitors. We show that decoder enables the FTT schemes to identify at most 1 traitors. Finally, assuming the decoder is embedded with several bytes of memory, we demonstrate how the decoder is able to frame innocent users at will.展开更多
基金supported by the Nature Science Foundation of China under grant 60970119, 60803149the National Basic Research Program of China(973) under grant 2007CB311201
文摘In this paper,we show how to use the dual techniques in the subgroups to give a secure identity-based broadcast encryption(IBBE) scheme with constant-size ciphertexts. Our scheme achieves the full security(adaptive security) under three static(i.e. non q-based) assumptions. It is worth noting that only recently Waters gives a short ciphertext broadcast encryption system that is even adaptively secure under the simple assumptions. One feature of our methodology is that it is relatively simple to leverage our techniques to get adaptive security.
基金Supported by the National Natural Science Foun-dation of China (60432030) Asian Media Research Center Foun-dation (AM0551)
文摘This paper introduced a novel method for implementing broadcast encryption. Our scheme takes advantages of bilinear map and group characteristic, and shifts most of the storage overhead to the public device instead of storing in the tamper-proof device which is a major problem on current implementation. Furthermore, the broadcast keys in our scheme could be reused periodically resulting in more operational efficiency.
文摘VANET security is an evolving topic in mobile networks, as providing a secure layer of communications in such a dynamic and fast network is a challenge. The work presented in this article was conducted in order to verify and evaluate the feasibility of applying group broadcast cryptography to the VANET environment, as an attempt to gain performance by decreasing the number of messages in the wireless network. Group broadcast is a symmetric/asymmetric hybrid cryptography method, aiming to merge the best of the two approaches without their major drawbacks. Simulations were set-up and run using the ONE simulator, comparing the usage of the three different cryptography approaches for VANETs. Results consider the number of connections, the number messages and the number of revocation messages per day. The resulting data promises that group broadcast encryption can be used to simplify the encrypting phase, reduce required storage and significantly decrease the number of messages in the network.
基金supported by the National Natural Science Foundation of China (60473029)the National Basic Research Program of China (2007CB311201)the Open Foundation of Beijing Institute of Electronic Science and Technology.
文摘Three broadcast schemes for small receiver set using the property of RSA modulus are presented. They can solve the problem of data redundancy when the size of receiver set is small. In the proposed schemes, the center uses one key to encrypt the message and can revoke authorization conveniently. Every authorized user only needs to store one decryption key of a constant size. Among these three schemes, the first one has indistinguishability against adaptive chosen ciphertext attack (IND-CCA2) secure, and any collusion of authorized users cannot produce a new decryption key but the sizes of encryption modulus and ciphertext are linear in the number of receivers. In the second scheme, the size of ciphertext is half of the first one and any two authorized users can produce a new decryption key, but the center can identify them using the traitor tracing algorithm. The third one is the most efficient but the center cannot identify the traitors exactly.
基金Supported by the National Natural Science Foundation of China(6090317560703048)+1 种基金the Natural Science Foundation of Hubei Province(2009CBD3072008CDB352)
文摘Currently, there still lacks an efficient methodology to revoke user's ability to decrypt ciphertext in broadcast encryption with the uncertain number of ciphertext recipients. To solve this problem, here, we present a dynamic broadcast encryption scheme with the following properties: First, the length of the ciphertext has a linear relationship with the number of revocable users, but it has no association with the total number of ciphertext recipients. Sec- ond, the scheme also works when users dynamically join. Espe- cially, compared with methods published up to date, our scheme is more efficient with a large number of ciphertext recipients. Third, the broadcaster can revoke user's ability to decrypt ciphertext if necessary. Fourth, the private key of users is composed of three elements in Elliptic curve group of prime order. Last, if q-Deci- sional Multi-Exponent Bilinear Diffie-Hellman assumption holds, our scheme is secure in the standard model when a polynomial time adversary selectively attacks it.
基金the National Natural Science Foundation of China (Nos. 60673072, 60803149)the National Basic Research Program (973) of China(No. 2007CB311201)
文摘This paper describes two identity-based broadcast encryption (IBBE) schemes for mobile ad hoc networks. The first scheme proposed achieves sub-linear size cipertexts and the second scheme achieves O(1)- size ciphertexts. Furthermore, when the public keys are transmitted, the two schemes have short transmissions and achieve O(1) user storage cost, which are important for a mobile ad hoc network. Finally, the proposed schemes are provable security under the decision generalized bilinear Diffi-Hellman (GBDH) assumption in the random oracles model.
基金the National Natural Science Foundation of China (Grant Nos. 60303026, 60573030, and 60673077)
文摘In Crypto'05, Boneh et al. presented two broadcast encryption schemes. Their work has exciting achievements: the header (also called ciphertexts) and the private keys are of constant size. In their paper, they give an open question to construct a traitor tracing algorithm for their broadcast encryption schemes, and combine the two systems to obtain an efficient trace-and-revoke system. In this paper, we give a negative answer to their open question. More precisely, we show that three or more insider users are able to collude to forge a valid private key for pirate decoding against their schemes. Moreover, we prove that there exists no traitor tracing algorithm to identify the colluders. Our pirate decoding can also similarly be applied to Lee et al.'s broadcast encryption schemes in ISPEC'06.
基金the National Natural Science Foundation of China (No.60970119)the National Basic Research Program (973) of China (No.2007CB311201)
文摘To give concurrent consideration both the efficiency and the security(intensity of intractable problem) in the standard model,a chosen ciphertext secure identity-based broadcast encryption is proposed.Against the chosen ciphertext security model,by using identity(ID) sequence and adding additional information in ciphertext,the self-adaptive chosen identity security(the full security) and the chosen ciphertext security are gained simultaneously.The reduction of scheme's security is the decisional bilinear Diffie-Hellman(BDH) intractable assumption,and the proof of security shows that the proposed scheme is indistinguishable against adaptive chosen ciphertext attacks in the standard model under the decisional BDH intractable assumption.So the security level is improved,and it is suitable for higher security environment.
基金Supported by the National High Technology Research and Development Program of China (863 Program) (2007AA01Z435)National Natural Science Foundation of China (60772136)the National Science and Technology Pillar Program (2008BAH22B03, 2007BAH08B01)
文摘In this paper, a new broadcast encryption scheme is proposed by using the efficient and computationally inexpensive public key cryptosystem NTRU (number theory research unit). In our scheme, we use the idea of RSA and develop this idea from two-party to multi-party, and combine this multi-party public key idea with the multiplication in ring R of NTRU. What we get from this design is extremely efficient encryption and decryption, fast and easy key creation, low memory requirements and revocation property, etc. Moreover, this novel work contains other desirable features, such as traitor tracing. With its complexity only O(log2n), the tracing algorithm of this system is more efficient than that of the previous ones.
基金supported by the National Cryptography Development Fund ( MMJJ20180209)。
文摘Attribute-based broadcast encryption(ABBE) under continual auxiliary leakage-resilient(CALR) model can enhance the security of the shared data in broadcasting system since CALR model brings the possibility of new leakage-resilient(LR) guarantees. However, there are many shortcomings in the existing works, such as relying on the strong assumptions, low computational efficiency and large size of ciphertexts, etc. How to solve the trade-off between security and efficiency is a challenging problem at present. To solve these problems, this paper gives an ABBE scheme resisting continual auxiliary leakage(CAL) attack. ABBE scheme achieves constant size ciphertexts, and the computational complexity of decryption only depends on the number of receivers instead of the maximum number of receivers of the system. Additionally, it achieves adaptive security in the standard model where the security is reduced to the general subgroup decision(GSD) assumptions(or called static assumptions in the subgroup). Furthermore, it can tolerate leakage on the master secret key and private key with continual auxiliary inputs. Performance analysis shows that the proposed scheme is more efficient and practical than the available schemes.
基金supported by the National Key Research and Development Program of China (No. 2017YFB0802502)the National Natural Science Foundation of China (Nos. 61672083, 61370190, 61532021, 61472429, 61402029, 61702028, and 61571024)+3 种基金the National Cryptography Development Fund (No. MMJJ20170106)the Planning Fund Project of Ministry of Education (No. 12YJAZH136)the Beijing Natural Science Foundation (No. 4132056)the Fund of the State Key Laboratory of Information Security, the Institute of Information Engineering, and the Chinese Academy of Sciences (No. 2017-MS-02)
文摘Hierarchical Identity-Based Broadcast Encryption (HIBBE) organizes users into a tree-like structure, and it allows users to delegate their decryption ability to subordinates and enable encryption to any subset of users while only intended users can decrypt. However, current HIBBE schemes do not support efficient revocation of private keys. Here, a new primitive called Revocable Hierarchical Identity-Based Broadcast Encryption (RHIBBE) is formalized that allows revocation of the HIBBE. Ciphertext indistinguishability is defined against the selectively Bounded Revocable Identity-Vector-Set and Chosen-Plaintext Attack (IND-sBRIVS-CPA). An IND-sBRIVS-CPA secure RHIBBE scheme is constructed with efficient revocation on prime-order bilinear groups. The unbounded version of the scheme is also shown to be secure but a little weaker than the former under the decisional n-Weak Bilinear Diffie-Hellman inversion assumption.
基金This work was supported by the Large-Scale Security SoC Project of Wuhan Science and Technology Bureau of China under Grand No. 20061005119.
文摘Traceability precept is a broadcast encryption technique that content suppliers can trace malicious authorized users who leak the decryption key to an unauthorized user. To protect the data from eavesdropping, the content supplier encrypts the data and broadcast the cryptograph that only its subscribers can decrypt. However, a traitor may clone his decoder and sell the pirate decoders for profits. The traitor can modify the private key and the decryption program inside the pirate decoder to avoid divulging his identity. Furthermore, some traitors may fabricate a new legal private key together that cannot be traced to the creators. So in this paper, a renewed precept is proposed to achieve both revocation at a different level of capacity in each distribution and black-box tracing against self-protective pirate decoders. The rigorous mathematical deduction shows that our algorithm possess security property.
基金Acknowledgements The work was supported by the National Natural Science Foundation of China (Grant No. 61370224), the Key Program of Natural Science Foundation of Hubei Province (2013CFA046), and the Open Fund Program for State Key Laboratory of Information Security of China.
文摘In order to tolerate possible leakage of secret keys, leakage-resilient cryptosystem models a class of attractive leakage output by allowing an adversary to provide any computable leakage function and learning the partial keys or other possible intemal states from the output of function. In this work, we present an adaptively secure broadcast encryption resilient to key continual leakage in the standard model. Our scheme provides the tolerance of continual leakage, in which any user can generate multiple private keys per user by periodically updating the key. We use the dual system encryption mechanism to implement the leakage resilience and adaptive security, and intrinsically set an algorithm to refresh a key and produce a same distributed new key. We also give the evaluation of the leakage bound and leakage fraction, and the simulations show that our scheme can tolerate about 71% leakage fraction with 3.34× 10^-52 failure probability in standard 80-bit security level when we adjust the leakage factor to allow the private key to be 100 Kb.
基金Supported by the National Natural Science Foundation of China (61070164)the Natural Science Foundation of Guangdong Province (81510632010000022)the Science and Technology Planning Project of Guangdong Province (2010B010600025)
文摘Many previous broadcast encryption schemes can only guarantee confidentiality but cannot verify integrity and authenticity for broadcast messages. In this paper, a broadcast signcryption protocol for ad hoc networks is proposed based on cluster-based structure. The proposed protocol not only guarantees confidentiality but also verifies integrity and authenticity for broadcast messages. More importantly, the proposed scheme enables the cluster head to robustly add or remove any cluster member without changing secret key of other cluster members. Moreover, the proposed protocol avoids massive message exchange for key setup among cluster members. The analysis of security and performance shows that the proposed protocol is secure, efficient, and more practical protocol for ad hoc networks.
基金supported by the National Natural Science Foundation of China(60803157,90812001,61272519)
文摘The online social networks(OSNs) offer attractive means for social interactions and data sharing, as well as raise a number of security and privacy issues. Although current solutions propose to encrypt data before sharing, the access control of encrypted data has become a challenging task. Moreover, multiple owners may enforce different access policy to the same data because of their different privacy concerns. A digital rights management(DRM) scheme is proposed for encrypted data in OSNs. In order to protect users' sensitive data, the scheme allows users outsource encrypted data to the OSNs service provider for sharing and customize the access policy of their data based on ciphertext-policy attribute-based encryption. Furthermore, the scheme presents a multiparty access control model based on identity-based broadcast encryption and ciphertext-policy attribute-based proxy re-encryption, which enables multiple owners, such as tagged users who appear in a single data, customize the access policy collaboratively, and also allows the disseminators update the access policy if their attributes satisfy the existing access policy. Security analysis and comparison indicate that the proposed scheme is secure and efficient.
文摘In this paper we introduce an architecture for a multi-key pirate decoder which employs decryption keys from multiple traitors. The decoder has built-in monitoring and self protection functionalities and is capable of defeating most multiple-round based traitor tracing schemes such as the schemes based on the black-box confirmation method. In particular, the proposed pirate decoder is customized to defeat the private key and the public key fully collusion resistant traitor tracing (FTT) schemes, respectively. We show how the decoder prolongs a trace process so that the tracer has to give up his effort. FTT schemes are designed to identify all the traitors. We show that decoder enables the FTT schemes to identify at most 1 traitors. Finally, assuming the decoder is embedded with several bytes of memory, we demonstrate how the decoder is able to frame innocent users at will.
