Novel dynamic anti-collusion ciphertext policy attribute-based encryption scheme in 5G D2D environment

To share data securely with secure attribute revocation,anti-collusion,and dynamic user management in the 5G device-to-device(D2D)environment,a novel dynamic anti-collusion ciphertext policy attribute-based encryption(NDA-CP-ABE)scheme in the 5G D2D environment is proposed.On the basis of the ciphertext policy attribute-based encryption algorithm,fine-grained access control and secure attribute revocation are realized,and the confidentiality of data is guaranteed.A polynomial function is adopted in the ciphertext generation phase to realize dynamic user management.A random number is used to prevent a collusion attack among the legitimate user equipment(UE),revoked UE,and external network attackers.Finally,on the basis of the Diffie-Hellman problem,the NDA-CP-ABE scheme is formally proved,and the simulation performances are compared with those of similar schemes.The results show that data can be securely shared through a D2D channel with secure attribute revocation,anti-collusion,and dynamic user management.Moreover,compared with similar schemes,the NDA-CP-ABE scheme has higher efficiency in encryption,decryption,and storage.

Dynamic Broadcast Encryption Scheme with Revoking User

Currently, there still lacks an efficient methodology to revoke user＇s ability to decrypt ciphertext in broadcast encryption with the uncertain number of ciphertext recipients. To solve this problem, here, we present a dynamic broadcast encryption scheme with the following properties： First, the length of the ciphertext has a linear relationship with the number of revocable users, but it has no association with the total number of ciphertext recipients. Sec- ond, the scheme also works when users dynamically join. Espe- cially, compared with methods published up to date, our scheme is more efficient with a large number of ciphertext recipients. Third, the broadcaster can revoke user＇s ability to decrypt ciphertext if necessary. Fourth, the private key of users is composed of three elements in Elliptic curve group of prime order. Last, if q-Deci- sional Multi-Exponent Bilinear Diffie-Hellman assumption holds, our scheme is secure in the standard model when a polynomial time adversary selectively attacks it.

Towards privacy-preserving dynamic deep packet inspection over outsourced

The prosperity of network function virtualization(NFV)pushes forward the paradigm of migrating in-house middleboxes to third-party providers,i.e.,software(virtualized)middlebox services.A lot of enterprises have outsourced traffic processing such as deep packet inspection(DPI),traffic classification,and load balancing to middleboxes provided by cloud providers.However,if the traffic is forwarded to the cloud provider without careful processing,it will cause privacy leakage,as the cloud provider has all the rights to access the data.To solve the security issue,recent efforts are made to design secure middleboxes that can directly conduct network functions over encrypted traffic and middlebox rules.However,security concerns from dynamic operations like dynamic DPI and rule updates are still not yet fully addressed.In this paper,we propose a privacy-preserving dynamic DPI scheme with forward privacy for outsourced middleboxes.Our design can enable cloud side middlebox to conduct secure packet inspection over encrypted traffic data.Besides,the middlebox providers cannot analyze the relationship between the newly added rules and the previous data.Several recent papers have proven that it is a strong property that resist adaptive attacks.Furthermore,we design a general method to inspect stateful packets while still ensuring the state privacy protection.We formally define and prove the security of our design.Finally,we implement a system prototype and analyze the performance from experimental aspects.The evaluation results demonstrate our scheme is effective and efficient.