Cloud-based services have powerful storage functions and can provide accurate computation.However,the question of how to guarantee cloud-based services access control and achieve data sharing security has always been ...Cloud-based services have powerful storage functions and can provide accurate computation.However,the question of how to guarantee cloud-based services access control and achieve data sharing security has always been a research highlight.Although the attribute-based proxy re-encryption(ABPRE)schemes based on number theory can solve this problem,it is still difficult to resist quantum attacks and have limited expression capabilities.To address these issues,we present a novel linear secret sharing schemes(LSSS)matrix-based ABPRE scheme with the fine-grained policy on the lattice in the research.Additionally,to detect the activities of illegal proxies,homomorphic signature(HS)technology is introduced to realize the verifiability of re-encryption.Moreover,the non-interactivity,unidirectionality,proxy transparency,multi-use,and anti-quantum attack characteristics of our system are all advantageous.Besides,it can efficiently prevent the loss of processing power brought on by repetitive authorisation and can enable precise and safe data sharing in the cloud.Furthermore,under the standard model,the proposed learning with errors(LWE)-based scheme was proven to be IND-sCPA secure.展开更多
On March 21st,Mr.Ai Ping,Vice-President of CAFIU,met in Bejing with a 6-member delegation from the US Word4Asia led by Dr.Gene Wood,Chief Executive Officer of Word4Asia.Mme.Xiao Ningning,Deputy Secretary-General of Ch...On March 21st,Mr.Ai Ping,Vice-President of CAFIU,met in Bejing with a 6-member delegation from the US Word4Asia led by Dr.Gene Wood,Chief Executive Officer of Word4Asia.Mme.Xiao Ningning,Deputy Secretary-General of China NGO Network for International Exchanges,Mr.Gu Chuanyong,Vice-Chair of Board of the Amity Foundation,and Mme.She Hongyu,Deputy Secretary-General of the Amity Foundation,attended the meeting.The two sides exchanged views on deepening people-to-people exchanges and cooperation between China and the United States and on the preparation of the 5th"Amity Cup"International Table Tennis Charity Competition.展开更多
On March 13th,CAFIU Vice-President Liu Hongcai met the delegation from(JCP)Japan-China Friendship Association.The two sides exchanged views on people-to-people and youth exchanges between the two countries.Vice-Presid...On March 13th,CAFIU Vice-President Liu Hongcai met the delegation from(JCP)Japan-China Friendship Association.The two sides exchanged views on people-to-people and youth exchanges between the two countries.Vice-President Liu Hongcai said that civil society organisations in China and Japan should persist in serving as bridges for official communication and contributing civil society efforts to promote China-Japan friendship.展开更多
At the invitation of CAFIU,a delegation of 7 members of the Friedrich Ebert Foundation(FES),headed by Mr.Martin Schulz,Chairman of the Foundation,Former President of SPD,and Former President of European Parliament,vis...At the invitation of CAFIU,a delegation of 7 members of the Friedrich Ebert Foundation(FES),headed by Mr.Martin Schulz,Chairman of the Foundation,Former President of SPD,and Former President of European Parliament,visited China from 2nd to 7th February.During the delegation's visit in Beijing,Mr.Li Hongzhong,Member of the Political Bureau of the CPC Central Committee and Vice-Chairperson of the Standing Committee of the National People's Congress of China,met with the delegation.展开更多
In Niger,a country at the southern end of the Sahara Desert,the announcement of the arrival of wushu teachers attracted a large number of people from near and far,despite a tiring journey.Curious and covetous glances ...In Niger,a country at the southern end of the Sahara Desert,the announcement of the arrival of wushu teachers attracted a large number of people from near and far,despite a tiring journey.Curious and covetous glances testify to the attraction of this oriental culture.展开更多
Cloud storage and edge computing are utilized to address the storage and computational challenges arising from the exponential data growth in IoT.However,data privacy is potentially risky when data is outsourced to cl...Cloud storage and edge computing are utilized to address the storage and computational challenges arising from the exponential data growth in IoT.However,data privacy is potentially risky when data is outsourced to cloud servers or edge services.While data encryption ensures data confidentiality,it can impede data sharing and retrieval.Attribute-based searchable encryption(ABSE)is proposed as an effective technique for enhancing data security and privacy.Nevertheless,ABSE has its limitations,such as single attribute authorization failure,privacy leakage during the search process,and high decryption overhead.This paper presents a novel approach called the blockchain-assisted efficientmulti-authority attribute-based searchable encryption scheme(BEM-ABSE)for cloudedge collaboration scenarios to address these issues.BEM-ABSE leverages a consortium blockchain to replace the central authentication center for global public parameter management.It incorporates smart contracts to facilitate reliable and fair ciphertext keyword search and decryption result verification.To minimize the computing burden on resource-constrained devices,BEM-ABSE adopts an online/offline hybrid mechanism during the encryption process and a verifiable edge-assisted decryption mechanism.This ensures both low computation cost and reliable ciphertext.Security analysis conducted under the random oracle model demonstrates that BEM-ABSE is resistant to indistinguishable chosen keyword attacks(IND-CKA)and indistinguishable chosen plaintext attacks(INDCPA).Theoretical analysis and simulation results confirm that BEM-ABSE significantly improves computational efficiency compared to existing solutions.展开更多
Attribute-based encryption with keyword search(ABEKS)is a novel cryptographic paradigm that can be used to implementfine-grained access control and retrieve ciphertexts without disclosing the sensitive information.It i...Attribute-based encryption with keyword search(ABEKS)is a novel cryptographic paradigm that can be used to implementfine-grained access control and retrieve ciphertexts without disclosing the sensitive information.It is a perfect combination of attribute-based encryption(ABE)and public key encryption with keyword search(PEKS).Nevertheless,most of the existing ABEKS schemes have limited search capabilities and only support single or simple conjunctive keyword search.Due to the weak search capability and inaccurate search results,it is difficult to apply these schemes to practical applications.In this paper,an effi-cient expressive ABEKS(EABEKS)scheme supporting unbounded keyword uni-verse over prime-order groups is designed,which supplies the expressive keyword search function supporting the logical connectives of“AND”and“OR”.The proposed scheme not only leads to low computation and communica-tion costs,but also supports unbounded keyword universe.In the standard model,the scheme is proven to be secure under the chosen keyword attack and the cho-sen plaintext attack.The comparison analysis and experimental results show that it has better performance than the existing EABEKS schemes in the storage,com-putation and communication costs.展开更多
On November 28,a delegation of Russian scholars led by Victor Larin,Academician of the Russian Academy of Sciences and Director at the Far Eastern Branch,visited the Xi Jinping Thought on Diplomacy Studies Centre.Yu J...On November 28,a delegation of Russian scholars led by Victor Larin,Academician of the Russian Academy of Sciences and Director at the Far Eastern Branch,visited the Xi Jinping Thought on Diplomacy Studies Centre.Yu Jiang,CIIS Vice President and Full-Time Deputy Secretary-General of Xi Jinping Thought on Diplomacy Studies Centre,had in-depth exchanges with Russian scholars on the significance and practice of Xi Jinping Thought on Diplomacy and China-Russia relations.展开更多
At the invitation of CAFIU,the delegation of 15 renowned sinologists from 15 countries including Iran,Spain,and Mexico visited China from September 4th to 15th.
With the development of big data and cloud computing technology,more and more users choose to store data on cloud servers,which brings much convenience to their management and use of data,and also the risk of data lea...With the development of big data and cloud computing technology,more and more users choose to store data on cloud servers,which brings much convenience to their management and use of data,and also the risk of data leakage.A common method to prevent data leakage is to encrypt the data before uploading it,but the traditional encryption method is often not conducive to data sharing and querying.In this paper,a new kind of Attribute-Based Encryption(ABE)scheme,which is called the Sub-String Searchable ABE(SSS-ABE)scheme,is proposed for the sharing and querying of the encrypted data.In the SSS-ABE scheme,the data owner encrypts the data under an access structure,and only the data user who satisfies the access structure can query and decrypt it.The data user can make a substring query on the whole ciphertext without setting keywords in advance.In addition,the outsourcing method is also introduced to reduce the local computation of the decryption process so that the outsourcing SSS-ABE scheme can be applied to IoT devices.展开更多
Cloud manufacturing is one of the three key technologies that enable intelligent manufacturing.This paper presents a novel attribute-based encryption(ABE)approach for computer-aided design(CAD)assembly models to effec...Cloud manufacturing is one of the three key technologies that enable intelligent manufacturing.This paper presents a novel attribute-based encryption(ABE)approach for computer-aided design(CAD)assembly models to effectively support hierarchical access control,integrity verification,and deformation protection for co-design scenarios in cloud manufacturing.An assembly hierarchy access tree(AHAT)is designed as the hierarchical access structure.Attribute-related ciphertext elements,which are contained in an assembly ciphertext(ACT)file,are adapted for content keys decryption instead of CAD component files.We modify the original Merkle tree(MT)and reconstruct an assembly MT.The proposed ABE framework has the ability to combine the deformation protection method with a content privacy of CAD models.The proposed encryption scheme is demonstrated to be secure under the standard assumption.Experimental simulation on typical CAD assembly models demonstrates that the proposed approach is feasible in applications.展开更多
In this paper, we propose a new attribute-based proxy re-encryption scheme, where a semi-trusted proxy, with some additional information, can transform a ciphertext under a set of attributes into a new ciphertext unde...In this paper, we propose a new attribute-based proxy re-encryption scheme, where a semi-trusted proxy, with some additional information, can transform a ciphertext under a set of attributes into a new ciphertext under another set of attributes on the same message, but not vice versa, furthermore, its security was proved in the standard model based on decisional bilinear Diffie-Hellman assumption. This scheme can be used to realize fine-grained selectively sharing of encrypted data, but the general proxy rencryption scheme severely can not do it, so the proposed schemecan be thought as an improvement of general traditional proxy re-encryption scheme.展开更多
To address privacy concerns, data in the blockchain should be encrypted in advance to avoid data access fromall users in the blockchain. However, encrypted data cannot be directly retrieved, which hinders data sharing...To address privacy concerns, data in the blockchain should be encrypted in advance to avoid data access fromall users in the blockchain. However, encrypted data cannot be directly retrieved, which hinders data sharing inthe blockchain. Several works have been proposed to deal with this problem. However, the data retrieval in theseschemes requires the participation of data owners and lacks finer-grained access control. In this paper, we proposean attribute-based keyword search scheme over the encrypted blockchain, which allows users to search encryptedfiles over the blockchain based on their attributes. In addition, we build a file chain structure to improve theefficiency of searching files with the same keyword. Security analysis proves the security of the proposed scheme.Theoretical analysis and experimental results in performance evaluation show that our scheme is feasible andefficient.展开更多
Ciphertext-policy attribute-based encryption(CP-ABE)is a promising cryptographic solution to the problem for enforcing fine-grained access control over encrypted data in the cloud.However,when applying CP-ABE to data ...Ciphertext-policy attribute-based encryption(CP-ABE)is a promising cryptographic solution to the problem for enforcing fine-grained access control over encrypted data in the cloud.However,when applying CP-ABE to data outsourcing scenarios,we have to address the challenging issue of policy updates because access control elements,such as users,attributes,and access rules may change frequently.In this paper,we propose a notion of access policy updatable ciphertext-policy attribute-based encryption(APU-CP-ABE)by combining the idea of ciphertext-policy attribute-based key encapsulation and symmetric proxy re-encryption.When an access policy update occurs,data owner is no longer required to download any data for re-encryption from the cloud,all he needs to do is generate a re-encryption key and produce a new encapsulated symmetric key,and then upload them to the cloud.The cloud server executes re-encryption without decryption.Because the re-encrypted ciphertext is encrypted under a completely new key,users cannot decrypt data even if they keep the old symmetric keys or parts of the previous ciphertext.We present an APU-CP-ABE construction based on Syalim et al.’s[Syalim,Nishide and Sakurai(2017)]improved symmetric proxy re-encryption scheme and Agrawal et al.’s[Agrawal and Chase(2017)]attribute-based message encryption scheme.It requires only 6 bilinear pairing operations for decryption,regardless of the number of attributes involved.This makes our construction particularly attractive when decryption is time-critical.展开更多
The m ajor advantages of EBS-based key rrkanagerrent scheme are its enhanced network survivability, high dynamic performance, and better support for network expansion. But it suffers from the collusion problem, which ...The m ajor advantages of EBS-based key rrkanagerrent scheme are its enhanced network survivability, high dynamic performance, and better support for network expansion. But it suffers from the collusion problem, which means it is prone to the cooperative attack of evicted members. A novel EBS-based collusion resistant group management scheme utilizing the construction of Ciphertext-Policy Attribute-Based Encryption (CP-ABE) is proposed. The new scheme satisfies the desired security properties, such as forward secrecy, backward secrecy and collusion secrecy. Compared with existing EBS-based key rmnagement scheme, the new scheme can resolve EBS collusion problem completely. Even all evicted members work together, and share their individual piece of information, they could not access to the new group key. In addition, our scheme is more efficient in terms of conmnication and computation overhead when the group size is large. It can be well controlled even in the case of large-scale application scenarios.展开更多
An accountable authority attribute-based encryption (A-ABE) scheme is presented in this paper. The notion of accountable authority identity-based encryption (A-IBE) was first introduced by Goyal at Crypto'07. It ...An accountable authority attribute-based encryption (A-ABE) scheme is presented in this paper. The notion of accountable authority identity-based encryption (A-IBE) was first introduced by Goyal at Crypto'07. It is a novel approach to mitigate the (inherent) key escrow problem in identity-based cryptosystems. In this work, the concept of accountable authority to attribute-based encryption (ABE) setting is generalized for the first time, and then a construction is given. The scheme non-trivially integrates an A-IBE scheme proposed by Libert et al. with an ABE scheme. In our construction, a user will be identified by a pair ( id, o~), where id denotes the user' s identity and ω denotes the set of attributes associated to the user. In addition, our construction is shown to be secure under some reasonable assumptions.展开更多
Portable communication systems can provide mobile users with global roaming services. Recently, Youn and Lim proposed a delegation-based authentication protocol which achieves unlinkability for secure roaming services...Portable communication systems can provide mobile users with global roaming services. Recently, Youn and Lim proposed a delegation-based authentication protocol which achieves unlinkability for secure roaming services. This paper indicates that there are two drawbacks in Youn and Lim's protocol: 1) the synchronization problem will lead to a fail in on-line authentication; and 2) the exhaustive search puts a heavy burden on the off-line authentication process. Moreover, based on Youn and Lim's protocol, a remedy is proposed to address these problems. It is worthwhile to note that the proposed remedy not only keeps the original advantages but also enhances the security and performance.展开更多
Grid security infrastructure (GSI) provides the security in grids by using proxy certificates to delegate the work of authentication. At present, revocation proxy certificate has two kinds of methods, one is using c...Grid security infrastructure (GSI) provides the security in grids by using proxy certificates to delegate the work of authentication. At present, revocation proxy certificate has two kinds of methods, one is using certificate revocation list (CRL) and the other is giving the certificate a short period of validity. However, when a lot of certifications are revoked, CRL will be the burden in the system. If the certificate has a short period of validity, entities should be often updating the certificate. In this paper, we propose a scheme for proxy certificate revocation using hash tree. Our scheme only needs hash value comparisons to achieve the purpose of certificate revocation. Previous two methods have to wait the expiration of the certificate. Therefore, our scheme is more flexible than previous methods.展开更多
Mobile agent technology is promising for e-commerce and distributed computing applications due to its properties of mobility and autonomy. One of the most security-sensitive tasks a mobile agent is expected to perform...Mobile agent technology is promising for e-commerce and distributed computing applications due to its properties of mobility and autonomy. One of the most security-sensitive tasks a mobile agent is expected to perform is signing digital signatures on a remote untrustworthy service host that is beyond the control of the agent host. This service host may treat the mobile agents unfairly, i.e. according to its’ own benefit rather than to their time of arrival. In this research, we present a novel protocol, called Collusion-Resistant Distributed Agent-based Signature Delegation (CDASD) protocol, to allow an agent host to delegate its signing power to an anonymous mobile agent in such a way that the mobile agent does not reveal any information about its host’s identity and, at the same time, can be authenticated by the service host, hence, ensuring fairness of service provision. The protocol introduces a verification server to verify the signature generated by the mobile agent in such a way that even if colluding with the service host, both parties will not get more information than what they already have. The protocol incorporates three methods: Agent Signature Key Generation method, Agent Signature Generation method, Agent Signature Verification method. The most notable feature of the protocol is that, in addition to allowing secure and anonymous signature delegation, it enables tracking of malicious mobile agents when a service host is attacked. The security properties of the proposed protocol are analyzed, and the protocol is compared with the most related work.展开更多
基金The project is provided funding by the Natural Science Foundation of China(Nos.62272124,2022YFB2701400)the Science and Technology Program of Guizhou Province(No.[2020]5017)+3 种基金the Research Project of Guizhou University for Talent Introduction(No.[2020]61)the Cultivation Project of Guizhou University(No.[2019]56)the Open Fund of Key Laboratory of Advanced Manufacturing Technology,Ministry of Education,GZUAMT2021KF[01]the Postgraduate Innovation Program in Guizhou Province(No.YJSKYJJ[2021]028).
文摘Cloud-based services have powerful storage functions and can provide accurate computation.However,the question of how to guarantee cloud-based services access control and achieve data sharing security has always been a research highlight.Although the attribute-based proxy re-encryption(ABPRE)schemes based on number theory can solve this problem,it is still difficult to resist quantum attacks and have limited expression capabilities.To address these issues,we present a novel linear secret sharing schemes(LSSS)matrix-based ABPRE scheme with the fine-grained policy on the lattice in the research.Additionally,to detect the activities of illegal proxies,homomorphic signature(HS)technology is introduced to realize the verifiability of re-encryption.Moreover,the non-interactivity,unidirectionality,proxy transparency,multi-use,and anti-quantum attack characteristics of our system are all advantageous.Besides,it can efficiently prevent the loss of processing power brought on by repetitive authorisation and can enable precise and safe data sharing in the cloud.Furthermore,under the standard model,the proposed learning with errors(LWE)-based scheme was proven to be IND-sCPA secure.
文摘On March 21st,Mr.Ai Ping,Vice-President of CAFIU,met in Bejing with a 6-member delegation from the US Word4Asia led by Dr.Gene Wood,Chief Executive Officer of Word4Asia.Mme.Xiao Ningning,Deputy Secretary-General of China NGO Network for International Exchanges,Mr.Gu Chuanyong,Vice-Chair of Board of the Amity Foundation,and Mme.She Hongyu,Deputy Secretary-General of the Amity Foundation,attended the meeting.The two sides exchanged views on deepening people-to-people exchanges and cooperation between China and the United States and on the preparation of the 5th"Amity Cup"International Table Tennis Charity Competition.
文摘On March 13th,CAFIU Vice-President Liu Hongcai met the delegation from(JCP)Japan-China Friendship Association.The two sides exchanged views on people-to-people and youth exchanges between the two countries.Vice-President Liu Hongcai said that civil society organisations in China and Japan should persist in serving as bridges for official communication and contributing civil society efforts to promote China-Japan friendship.
文摘At the invitation of CAFIU,a delegation of 7 members of the Friedrich Ebert Foundation(FES),headed by Mr.Martin Schulz,Chairman of the Foundation,Former President of SPD,and Former President of European Parliament,visited China from 2nd to 7th February.During the delegation's visit in Beijing,Mr.Li Hongzhong,Member of the Political Bureau of the CPC Central Committee and Vice-Chairperson of the Standing Committee of the National People's Congress of China,met with the delegation.
文摘In Niger,a country at the southern end of the Sahara Desert,the announcement of the arrival of wushu teachers attracted a large number of people from near and far,despite a tiring journey.Curious and covetous glances testify to the attraction of this oriental culture.
基金supported by the National Natural Science Foundation of China(Nos.62162018,61972412)the Natural Science Foundation of Guangxi(No.2019GXNSFGA245004)+1 种基金the Guilin Science and Technology Project(20210226-1)the Innovation Project of Guangxi Graduate Education(No.YCSW2022296).
文摘Cloud storage and edge computing are utilized to address the storage and computational challenges arising from the exponential data growth in IoT.However,data privacy is potentially risky when data is outsourced to cloud servers or edge services.While data encryption ensures data confidentiality,it can impede data sharing and retrieval.Attribute-based searchable encryption(ABSE)is proposed as an effective technique for enhancing data security and privacy.Nevertheless,ABSE has its limitations,such as single attribute authorization failure,privacy leakage during the search process,and high decryption overhead.This paper presents a novel approach called the blockchain-assisted efficientmulti-authority attribute-based searchable encryption scheme(BEM-ABSE)for cloudedge collaboration scenarios to address these issues.BEM-ABSE leverages a consortium blockchain to replace the central authentication center for global public parameter management.It incorporates smart contracts to facilitate reliable and fair ciphertext keyword search and decryption result verification.To minimize the computing burden on resource-constrained devices,BEM-ABSE adopts an online/offline hybrid mechanism during the encryption process and a verifiable edge-assisted decryption mechanism.This ensures both low computation cost and reliable ciphertext.Security analysis conducted under the random oracle model demonstrates that BEM-ABSE is resistant to indistinguishable chosen keyword attacks(IND-CKA)and indistinguishable chosen plaintext attacks(INDCPA).Theoretical analysis and simulation results confirm that BEM-ABSE significantly improves computational efficiency compared to existing solutions.
基金supported in part by the National Natural Science Foundation of China under Grant No.61772009the Natural Science Foundation of Jiangsu Province under Grant No.BK20181304.
文摘Attribute-based encryption with keyword search(ABEKS)is a novel cryptographic paradigm that can be used to implementfine-grained access control and retrieve ciphertexts without disclosing the sensitive information.It is a perfect combination of attribute-based encryption(ABE)and public key encryption with keyword search(PEKS).Nevertheless,most of the existing ABEKS schemes have limited search capabilities and only support single or simple conjunctive keyword search.Due to the weak search capability and inaccurate search results,it is difficult to apply these schemes to practical applications.In this paper,an effi-cient expressive ABEKS(EABEKS)scheme supporting unbounded keyword uni-verse over prime-order groups is designed,which supplies the expressive keyword search function supporting the logical connectives of“AND”and“OR”.The proposed scheme not only leads to low computation and communica-tion costs,but also supports unbounded keyword universe.In the standard model,the scheme is proven to be secure under the chosen keyword attack and the cho-sen plaintext attack.The comparison analysis and experimental results show that it has better performance than the existing EABEKS schemes in the storage,com-putation and communication costs.
文摘On November 28,a delegation of Russian scholars led by Victor Larin,Academician of the Russian Academy of Sciences and Director at the Far Eastern Branch,visited the Xi Jinping Thought on Diplomacy Studies Centre.Yu Jiang,CIIS Vice President and Full-Time Deputy Secretary-General of Xi Jinping Thought on Diplomacy Studies Centre,had in-depth exchanges with Russian scholars on the significance and practice of Xi Jinping Thought on Diplomacy and China-Russia relations.
文摘At the invitation of CAFIU,the delegation of 15 renowned sinologists from 15 countries including Iran,Spain,and Mexico visited China from September 4th to 15th.
基金This work is supported by the National Natural Science Foundation of China(No.62071280,No.61602287)the Major Scientific and Technological Innovation Project of Shandong Province(No.2020CXGC010115)the Guangxi Key Laboratory of Cryptography and Information Security(GCIS201901).
文摘With the development of big data and cloud computing technology,more and more users choose to store data on cloud servers,which brings much convenience to their management and use of data,and also the risk of data leakage.A common method to prevent data leakage is to encrypt the data before uploading it,but the traditional encryption method is often not conducive to data sharing and querying.In this paper,a new kind of Attribute-Based Encryption(ABE)scheme,which is called the Sub-String Searchable ABE(SSS-ABE)scheme,is proposed for the sharing and querying of the encrypted data.In the SSS-ABE scheme,the data owner encrypts the data under an access structure,and only the data user who satisfies the access structure can query and decrypt it.The data user can make a substring query on the whole ciphertext without setting keywords in advance.In addition,the outsourcing method is also introduced to reduce the local computation of the decryption process so that the outsourcing SSS-ABE scheme can be applied to IoT devices.
基金supported by the National Natural Science Foundation of China(62072348)the Science and Technology Major Project of Hubei Province(Next-Generation AI Technologies,2019AEA170).
文摘Cloud manufacturing is one of the three key technologies that enable intelligent manufacturing.This paper presents a novel attribute-based encryption(ABE)approach for computer-aided design(CAD)assembly models to effectively support hierarchical access control,integrity verification,and deformation protection for co-design scenarios in cloud manufacturing.An assembly hierarchy access tree(AHAT)is designed as the hierarchical access structure.Attribute-related ciphertext elements,which are contained in an assembly ciphertext(ACT)file,are adapted for content keys decryption instead of CAD component files.We modify the original Merkle tree(MT)and reconstruct an assembly MT.The proposed ABE framework has the ability to combine the deformation protection method with a content privacy of CAD models.The proposed encryption scheme is demonstrated to be secure under the standard assumption.Experimental simulation on typical CAD assembly models demonstrates that the proposed approach is feasible in applications.
基金the Natural Science Foundation of Shandong Province (Y2007G37)the Science and Technology Development Program of Shandong Province (2007GG10001012)
文摘In this paper, we propose a new attribute-based proxy re-encryption scheme, where a semi-trusted proxy, with some additional information, can transform a ciphertext under a set of attributes into a new ciphertext under another set of attributes on the same message, but not vice versa, furthermore, its security was proved in the standard model based on decisional bilinear Diffie-Hellman assumption. This scheme can be used to realize fine-grained selectively sharing of encrypted data, but the general proxy rencryption scheme severely can not do it, so the proposed schemecan be thought as an improvement of general traditional proxy re-encryption scheme.
基金This work was supported by the National Natural Science Foundation of China(61671030)Industrial Internet Innovation Development Project,China Postdoctoral Science Foundation(2019M660377)+1 种基金National Key Research and Development Program of China(2020YFB2009501)It was also supported by Engineering Research Center of Intelligent Perception and Autonomous Control,Ministry of Education.
文摘To address privacy concerns, data in the blockchain should be encrypted in advance to avoid data access fromall users in the blockchain. However, encrypted data cannot be directly retrieved, which hinders data sharing inthe blockchain. Several works have been proposed to deal with this problem. However, the data retrieval in theseschemes requires the participation of data owners and lacks finer-grained access control. In this paper, we proposean attribute-based keyword search scheme over the encrypted blockchain, which allows users to search encryptedfiles over the blockchain based on their attributes. In addition, we build a file chain structure to improve theefficiency of searching files with the same keyword. Security analysis proves the security of the proposed scheme.Theoretical analysis and experimental results in performance evaluation show that our scheme is feasible andefficient.
基金This research is funded by Science and Technology Program of Guangzhou(Grant No.201707010358).
文摘Ciphertext-policy attribute-based encryption(CP-ABE)is a promising cryptographic solution to the problem for enforcing fine-grained access control over encrypted data in the cloud.However,when applying CP-ABE to data outsourcing scenarios,we have to address the challenging issue of policy updates because access control elements,such as users,attributes,and access rules may change frequently.In this paper,we propose a notion of access policy updatable ciphertext-policy attribute-based encryption(APU-CP-ABE)by combining the idea of ciphertext-policy attribute-based key encapsulation and symmetric proxy re-encryption.When an access policy update occurs,data owner is no longer required to download any data for re-encryption from the cloud,all he needs to do is generate a re-encryption key and produce a new encapsulated symmetric key,and then upload them to the cloud.The cloud server executes re-encryption without decryption.Because the re-encrypted ciphertext is encrypted under a completely new key,users cannot decrypt data even if they keep the old symmetric keys or parts of the previous ciphertext.We present an APU-CP-ABE construction based on Syalim et al.’s[Syalim,Nishide and Sakurai(2017)]improved symmetric proxy re-encryption scheme and Agrawal et al.’s[Agrawal and Chase(2017)]attribute-based message encryption scheme.It requires only 6 bilinear pairing operations for decryption,regardless of the number of attributes involved.This makes our construction particularly attractive when decryption is time-critical.
基金Acknowledgements The authors would like to thank the reviewers for their detailed reviews and constructive comments, which have helped improve the quality of this paper. This work was supported by the National Natural Science Foundation of China under Crant No. 60873231, the Natural Science Foundation of Jiangsu Province under Grant No. BK2009426, Major State Basic Research Development Program of China under Cwant No.2011CB302903 and Key University Science Research Project of Jiangsu Province under Crant No. 11KJA520002.
文摘The m ajor advantages of EBS-based key rrkanagerrent scheme are its enhanced network survivability, high dynamic performance, and better support for network expansion. But it suffers from the collusion problem, which means it is prone to the cooperative attack of evicted members. A novel EBS-based collusion resistant group management scheme utilizing the construction of Ciphertext-Policy Attribute-Based Encryption (CP-ABE) is proposed. The new scheme satisfies the desired security properties, such as forward secrecy, backward secrecy and collusion secrecy. Compared with existing EBS-based key rmnagement scheme, the new scheme can resolve EBS collusion problem completely. Even all evicted members work together, and share their individual piece of information, they could not access to the new group key. In addition, our scheme is more efficient in terms of conmnication and computation overhead when the group size is large. It can be well controlled even in the case of large-scale application scenarios.
基金Supported by the National Natural Science Foundation of China(No.60970111,60903189,60903020)the National High Technology Research and Development Programme of China(No.2009AA012418)+1 种基金the National Basic Research Program of China(No.2007CB311201)the Foundation of NLMC(No.9140C1103020803)
文摘An accountable authority attribute-based encryption (A-ABE) scheme is presented in this paper. The notion of accountable authority identity-based encryption (A-IBE) was first introduced by Goyal at Crypto'07. It is a novel approach to mitigate the (inherent) key escrow problem in identity-based cryptosystems. In this work, the concept of accountable authority to attribute-based encryption (ABE) setting is generalized for the first time, and then a construction is given. The scheme non-trivially integrates an A-IBE scheme proposed by Libert et al. with an ABE scheme. In our construction, a user will be identified by a pair ( id, o~), where id denotes the user' s identity and ω denotes the set of attributes associated to the user. In addition, our construction is shown to be secure under some reasonable assumptions.
文摘Portable communication systems can provide mobile users with global roaming services. Recently, Youn and Lim proposed a delegation-based authentication protocol which achieves unlinkability for secure roaming services. This paper indicates that there are two drawbacks in Youn and Lim's protocol: 1) the synchronization problem will lead to a fail in on-line authentication; and 2) the exhaustive search puts a heavy burden on the off-line authentication process. Moreover, based on Youn and Lim's protocol, a remedy is proposed to address these problems. It is worthwhile to note that the proposed remedy not only keeps the original advantages but also enhances the security and performance.
基金supported by the National Science Council under Grant No. NSC100-2410-H-005-046
文摘Grid security infrastructure (GSI) provides the security in grids by using proxy certificates to delegate the work of authentication. At present, revocation proxy certificate has two kinds of methods, one is using certificate revocation list (CRL) and the other is giving the certificate a short period of validity. However, when a lot of certifications are revoked, CRL will be the burden in the system. If the certificate has a short period of validity, entities should be often updating the certificate. In this paper, we propose a scheme for proxy certificate revocation using hash tree. Our scheme only needs hash value comparisons to achieve the purpose of certificate revocation. Previous two methods have to wait the expiration of the certificate. Therefore, our scheme is more flexible than previous methods.
文摘Mobile agent technology is promising for e-commerce and distributed computing applications due to its properties of mobility and autonomy. One of the most security-sensitive tasks a mobile agent is expected to perform is signing digital signatures on a remote untrustworthy service host that is beyond the control of the agent host. This service host may treat the mobile agents unfairly, i.e. according to its’ own benefit rather than to their time of arrival. In this research, we present a novel protocol, called Collusion-Resistant Distributed Agent-based Signature Delegation (CDASD) protocol, to allow an agent host to delegate its signing power to an anonymous mobile agent in such a way that the mobile agent does not reveal any information about its host’s identity and, at the same time, can be authenticated by the service host, hence, ensuring fairness of service provision. The protocol introduces a verification server to verify the signature generated by the mobile agent in such a way that even if colluding with the service host, both parties will not get more information than what they already have. The protocol incorporates three methods: Agent Signature Key Generation method, Agent Signature Generation method, Agent Signature Verification method. The most notable feature of the protocol is that, in addition to allowing secure and anonymous signature delegation, it enables tracking of malicious mobile agents when a service host is attacked. The security properties of the proposed protocol are analyzed, and the protocol is compared with the most related work.