Identity-based controlled delegated outsourcing data integrity auditing scheme.

With the continuous development of cloud computing, the application of cloud storage has become more and more popular. To ensure the integrity and availability of cloud data, scholars have proposed several cloud data auditing schemes. Still, most need help with outsourced data integrity, controlled outsourcing, and source file auditing. Therefore, we propose a controlled delegation outsourcing data integrity auditing scheme based on the identity-based encryption model. Our proposed scheme allows users to specify a dedicated agent to assist in uploading data to the cloud. These authorized proxies use recognizable identities for authentication and authorization, thus avoiding the need for cumbersome certificate management in a secure distributed computing system. While solving the above problems, our scheme adopts a bucket-based red-black tree structure to efficiently realize the dynamic updating of data, which can complete the updating of data and rebalancing of structural updates constantly and realize the high efficiency of data operations. We define the security model of the scheme in detail and prove the scheme's security under the difficult problem assumption. In the performance analysis section, the proposed scheme is analyzed experimentally in comparison with other schemes, and the results show that the proposed scheme is efficient and secure.

IHIBE: A Hierarchical and Delegated Access Control Mechanism for IoT Environments.

Ensuring authorized access control in the IoT is vital for privacy and safety protection. Our study presents the novel IHIBE framework, which combines IOTA (a distributed ledger technology) with hierarchical identity-based encryption (HIBE), thereby enhancing both IoT security and scalability. This approach secures access tokens and policies while reducing the computational demand on data owners. Our empirical findings reveal a significant performance gap, with access rights delegation on the Raspberry Pi 4 exceeding those on AWS by over 250%. Moreover, our analysis uncovers optimal identity policy depths: up to 640 identities on AWS and 640 on the Raspberry Pi 4 for systems with higher tolerable delays, and 320 identities on AWS versus 160 on the Raspberry Pi 4 for systems with lower tolerable delays. The system shows practical viability, exhibiting insignificant operational time differences compared to Zhang et al.'s schemes, particularly in access rights verification processes, with a minimal difference of 33.35%. Our extensive security assessment, encompassing scenarios like encrypted token theft and compromise of authority, affirms the efficacy of our challenge-response and last-word challenge (LWC) mechanisms. This study underscores the importance of platform choice in IoT system architectures and provides insights for deploying efficient, secure, and scalable IoT environments.

Multi-replicas integrity checking scheme with supporting probability audit for cloud-based IoT.

Nowadays, more people are choosing to use cloud storage services to save space and reduce costs. To enhance the durability and persistence, users opt to store important data in the form of multiple copies on cloud servers. However, outsourcing data in the cloud means that it is not directly under the control of users, raising concerns about security and integrity. Recent research has found that most existing multicopy integrity verification schemes can correctly perform integrity verification even when multiple copies are stored on the same Cloud Service Provider (CSP), which clearly deviates from the initial intention of users wanting to store files on multiple CSPs. With these considerations in mind, this paper proposes a scheme for synchronizing the integrity verification of copies, specifically focusing on strongly privacy Internet of Things (IoT) electronic health record (EHR) data. First, the paper addresses the issues present in existing multicopy integrity verification schemes. The scheme incorporates the entity Cloud Service Manager (CSM) to assist in the model construction, and each replica file is accompanied with its corresponding homomorphic verification tag. To handle scenarios where replica files stored on multiple CSPs cannot provide audit proof on time due to objective reasons, the paper introduces a novel approach called probability audit. By incorporating a probability audit, the scheme ensures that replica files are indeed stored on different CSPs and guarantees the normal execution of the public auditing phase. The scheme utilizes identity-based encryption (IBE) for the detailed design, avoiding the additional overhead caused by dealing with complex certificate issues. The proposed scheme can withstand forgery attack, replace attack, and replay attack, demonstrating strong security. The performance analysis demonstrates the feasibility and effectiveness of the scheme.

Backward Compatible Identity-Based Encryption.

In this paper, we present a new identity-based encryption (IBE) system that is named Backward Compatible Identity-based Encryption (BC-IBE). Our BC-IBE is proposed to solve the problem caused by the out-of-synchronization between users' private keys and ciphertexts. Encryption systems such as revocable IBE or revocable Attribute-based Encryption (ABE) often require updating private keys to revoke users after a certain time period. However, in those schemes, an updated key can be used to decrypt the ciphertexts created only during the current time period. Once the key is updated and the previous keys are removed, the user, the owner of the updated key, will lose access to the past ciphertexts. In our paper, we propose BC-IBE that supports backward compatibility, to solve this problem. In our proposed system, user's private keys and ciphertexts can be updated periodically with time tags, and these processes can be used to revoke users who do not receive an updated key as the other revocable encryption does. However, in our proposed system, a private key newly issued to a user is backward compatible. This means that it decrypts not only the ciphertexts at the present time period but also all past ciphertexts. This implies that our proposed scheme guarantees the decryption of all encrypted data even if they are not synchronized. Compared to the existing revocable identity-based encryption system, our proposed BC-IBE has the advantage of simplifying key management and securely delegating ciphertext updates. Our proposed scheme only requires a single backward-compatible private key to decrypt all past ciphertexts created. Moreover, the ciphertext update process in our proposed scheme does not require any special privileges and does not require decryption. This means that this process can be securely delegated to a third-party server, such as a cloud server, and it prevents the potential leakage of secrets. For those reasons, BC-IBE is suitable for a system where users are more dynamic, such as the Internet-of-Things (IoT) network, or a system that regularly updates the data, like cloud data storage. In this paper, we provide the construction of BC-IBE and prove its formal security.

Efficient Equality Test on Identity-Based Ciphertexts Supporting Flexible Authorization.

In the cloud, uploading encrypted data is the most effective way to ensure that the data are not leaked. However, data access control is still an open problem in cloud storage systems. To provide an authorization mechanism to limit the comparison of a user's ciphertexts with those of another, public key encryption supporting the equality test with four flexible authorizations (PKEET-FA) is presented. Subsequently, more functional identity-based encryption supporting the equality test (IBEET-FA) further combines identity-based encryption with flexible authorization. The bilinear pairing has always been intended to be replaced due to the high computational cost. Hence, in this paper, we use general trapdoor discrete log groups to construct a new and secure IBEET-FA scheme, which is more efficient. The computational cost for the encryption algorithm in our scheme was reduced to 43% of that of the scheme of Li et al. In Type 2 and 3 authorization algorithms, the computational cost of both was reduced to 40% of that of the scheme of Li et al. Furthermore, we give proof that our scheme is secure against one-wayness under the chosen identity and chosen ciphertext attacks (OW-ID-CCA), and indistinguishable against chosen identity and chosen ciphertext attacks (IND-ID-CCA).

A Provably Secure IBE Transformation Model for PKC Using Conformable Chebyshev Chaotic Maps under Human-Centered IoT Environments.

The place of public key cryptography (PKC) in guaranteeing the security of wireless networks under human-centered IoT environments cannot be overemphasized. PKC uses the idea of paired keys that are mathematically dependent but independent in practice. In PKC, each communicating party needs the public key and the authorized digital certificate of the other party to achieve encryption and decryption. In this circumstance, a directory is required to store the public keys of the participating parties. However, the design of such a directory can be cost-prohibitive and time-consuming. Recently, identity-based encryption (IBE) schemes have been introduced to address the vast limitations of PKC schemes. In a typical IBE system, a third-party server can distribute the public credentials to all parties involved in the system. Thus, the private key can be harvested from the arbitrary public key. As a result, the sender could use the public key of the receiver to encrypt the message, and the receiver could use the extracted private key to decrypt the message. In order to improve systems security, new IBE schemes are solely desired. However, the complexity and cost of designing an entirely new IBE technique remain. In order to address this problem, this paper presents a provably secure IBE transformation model for PKC using conformable Chebyshev chaotic maps under the human-centered IoT environment. In particular, we offer a robust and secure IBE transformation model and provide extensive performance analysis and security proofs of the model. Finally, we demonstrate the superiority of the proposed IBE transformation model over the existing IBE schemes. Overall, results indicate that the proposed scheme posed excellent security capabilities compared to the preliminary IBE-based schemes.

Novel efficient lattice-based IBE schemes with CPK for fog computing.

The data security of fog computing is a key problem for the Internet of things. Identity-based encryption (IBE) from lattices is extremely suitable for fog computing. It is able to not only simplify certificate management, but also resist quantum attacks. In this paper, firstly, we construct a novel efficient lattice-based IBE scheme with Combined Public Key (CPK) technique by keeping from consumptive trapdoor generation algorithm and preimage sampling algorithm, which is required by the existing lattice-based IBE schemes based on learning with errors (LWE). In addition, its key storage cost is lower and it is IND-ID-CPA secure in the random oracle model. Furthermore, based on this, an enhanced lattice-based IBE scheme with IND-ID-CCA security is developed by employing strong one-time signature. Our schemes only need O(n3/log n) additions of vectors, while the existing schemes need at least O(n3) of additions and multiplications in Setup and Extract phase.

Identity-Based Encryption with Filtered Equality Test for Smart City Applications.

With the growth of the urban population, the rapid development of smart cities has become the focus of urban regional development. Smart medical care is an indispensable part of smart city construction, which promotes the development of the medical industry. However, the security of data and timely service are the current problems faced by intelligent medical systems. Based on the public key encryption with filtered equality test and identity-based cryptography, an identity-based encryption with the filtered equality test (IBE-FET) is proposed for smart healthcare, in which a data receiver can use the private key and the message set to generate a warrant and send it to the cloud server. A cloud server can verify the equality between ciphertexts without decryption and check whether the encrypted message belongs to the same message set. Furthermore, the security analysis shows that the proposed scheme satisfies one-way security against the chosen identity and ciphertext attack in the random oracle model under the computational bilinear Diffie-Hellman assumption. The performance comparison shows that the scheme is feasible and practical in real life.

Privacy-Preserving and Secure Sharing of PHR in the Cloud.

As a new summarized record of an individual's medical data and information, Personal Health Record (PHR) can be accessible online. The owner can control fully his/her PHR files to be shared with different users such as doctors, clinic agents, and friends. However, in an open network environment like in the Cloud, these sensitive privacy information may be gotten by those unauthorized parties and users. In this paper, we consider how to achieve PHR data confidentiality and provide fine-grained access control of PHR files in the public Cloud based on Attribute Based Encryption(ABE). Differing from previous works, we also consider the privacy preserving of the receivers since the attributes of the receivers relate to their identity or medical information, which would make some sensitive data exposed to third services. Anonymous ABE(AABE) not only enforces the security of PHR of the owners but also preserves the privacy of the receivers. But a normal AABE with a single private key generation(PKG) center may not match a PHR system in the hierarchical architecture. Therefore, we discuss not only the construction of the PHR sharing system base on AABE but also how to construct the PHR sharing system based on the hierarchical AABE. The proposed schemes(especially based on hierarchical AABE) have many advantages over the available such as short public keys, constant-size private keys, which overcome the weaknesses in the existing works. In the standard model, the introduced schemes achieve compact security in the prime order groups.

Report on Pairing-based Cryptography.

This report summarizes study results on pairing-based cryptography. The main purpose of the study is to form NIST's position on standardizing and recommending pairing-based cryptography schemes currently published in research literature and standardized in other standard bodies. The report reviews the mathematical background of pairings. This includes topics such as pairing-friendly elliptic curves and how to compute various pairings. It includes a brief introduction to existing identity-based encryption (IBE) schemes and other cryptographic schemes using pairing technology. The report provides a complete study of the current status of standard activities on pairing-based cryptographic schemes. It explores different application scenarios for pairing-based cryptography schemes. As an important aspect of adopting pairing-based schemes, the report also considers the challenges inherent in validation testing of cryptographic algorithms and modules. Based on the study, the report suggests an approach for including pairing-based cryptography schemes in the NIST cryptographic toolkit. The report also outlines several questions that will require further study if this approach is followed.