Circuit Ciphertext-policy Attribute-based Hybrid Encryption with Verifiable Delegation in Cloud Computing
Download as DOCX, PDF1 like476 views
The document discusses various aspects of cloud storage, security models, and hybrid encryption methods, particularly focusing on ciphertext-policy attribute-based encryption (CP-ABE) and email authentication. It describes the security definitions and mechanisms employed in a hybrid vd-CPABE scheme to ensure confidentiality, access control, and verifiable delegation. Additionally, it covers the importance of email authentication techniques for verifying identities and preventing phishing scams.
![Cloud Storage
Cloud storage is a model of data storage where the digital data is stored in
logical pools, the physical storage spans multiple servers (and often locations),
and the physical environment is typically owned and managed by a hosting
company. These cloud storage providers are responsible for keeping the data
available and accessible, and the physical environment protected and running.
People and organizations buy or lease storage capacity from the providers to
store end user, organization, or application data.
Security Model
Since we use key encapsulation mechanism (KEM) and authenticated
encryption (AE) to build our hybrid VD-CPABE scheme, we describe the
security definition separately at first. The confidentiality property
(indistinguishability of encryptions under selective chosen plaintext attacks
(IND-CPA)) required for KEM is captured by the following games against
adversary A. Game.KEM • Init. The adversary gives a challenge access structure
f∗ , where it wishes to be challenged. • Setup. The simulator runs the Setup
algorithm and gives the public parameters PK to the adversary. • KeyGen
Queries I. The adversary makes repeated private key queries corresponding to
the sets of attributes x1, ..., xq1 . We require that ∀i ∈ q1 we have f∗ (xi) = 0.
Encrypt. The simulator encrypts K0 under the structure f∗, random chooses K1
from key space and flips a random coin b. Then the simulator sends Kb and the
ciphertext CK∗ to the adversary. • KeyGen Queries II. The adversary makes
repeated private key queries corresponding to the sets of attributes xq1 , ..., xq
where f∗(x) = 0. • Guess. The adversary outputs a guess b′ of b. We define the
advantage of an adversary A in this game is Pr[b′ = b] − 1 2 . Then a KEM](https://image.slidesharecdn.com/moduledescription-160508175259/85/Circuit-Ciphertext-policy-Attribute-based-Hybrid-Encryption-with-Verifiable-Delegation-in-Cloud-Computing-2-320.jpg)
Circuit Ciphertext-policy Attribute-based Hybrid Encryption with Verifiable Delegation in Cloud Computing
- 1. MODULES Architecture: MODULES Cloud Storage Security Model Ciphertext-policy attribute-based encryption Hybrid encryption Email Authentication:
- 2. Cloud Storage Cloud storage is a model of data storage where the digital data is stored in logical pools, the physical storage spans multiple servers (and often locations), and the physical environment is typically owned and managed by a hosting company. These cloud storage providers are responsible for keeping the data available and accessible, and the physical environment protected and running. People and organizations buy or lease storage capacity from the providers to store end user, organization, or application data. Security Model Since we use key encapsulation mechanism (KEM) and authenticated encryption (AE) to build our hybrid VD-CPABE scheme, we describe the security definition separately at first. The confidentiality property (indistinguishability of encryptions under selective chosen plaintext attacks (IND-CPA)) required for KEM is captured by the following games against adversary A. Game.KEM • Init. The adversary gives a challenge access structure f∗ , where it wishes to be challenged. • Setup. The simulator runs the Setup algorithm and gives the public parameters PK to the adversary. • KeyGen Queries I. The adversary makes repeated private key queries corresponding to the sets of attributes x1, ..., xq1 . We require that ∀i ∈ q1 we have f∗ (xi) = 0. Encrypt. The simulator encrypts K0 under the structure f∗, random chooses K1 from key space and flips a random coin b. Then the simulator sends Kb and the ciphertext CK∗ to the adversary. • KeyGen Queries II. The adversary makes repeated private key queries corresponding to the sets of attributes xq1 , ..., xq where f∗(x) = 0. • Guess. The adversary outputs a guess b′ of b. We define the advantage of an adversary A in this game is Pr[b′ = b] − 1 2 . Then a KEM
- 3. scheme is secure against selective chosen plaintext attacks if the advantage is negligible. The confidentiality property (indistinguishability of encryptions under selective chosen ciphertext attacks (IND-CCA)) required for AE is captured by the following games against adversary A. Game.AE • Init. The adversary submits two equal length messages M0 and M1. • Setup. The simulator runs the Setup algorithm and generators the symmetric key KAE. • Encrypt. The simulator flips a random coin b, encrypts Mb under the symmetric key KAE, generates the ciphertext C∗ and gives it to the adversary. • Decrypt Queries. The adversary makes repeated decryption queries. When the given ciphertext C ̸= C∗, the simulator will return DKAE(C) and σKAE(C) to the adversary. Ciphertext-policy attribute-based encryption In this section, we present the definition and security model of our hybrid VD- CPABE. In such a system, a circuit ciphertext-policy attribute-based encryption scheme, a symmetric encryption scheme and an encrypt-then-mac mechanism are applied to ensure the confidentiality, the fine-grained access control and the verifiable delegation A hybrid VD-CPABE scheme is defined by a tuple of algorithms (Setup, Hybrid- Encrypt, Key- Gen, Transform, Verify-Decrypt). The description of each algorithm is as follows. • Setup(λ, n, l). Executed by the authority, this algorithm takes as input a security parameter λ, the number of attributes n and the maximum depth l of a circuit. It outputs the public parameters PK and a master key MK which is kept secret. more information. This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/TPDS.2015.2392752, IEEE Transactions on Parallel and Distributed Systems XU et al.: circuit ciphertext-policy attribute-based hybrid encryption with verifiable delegation in cloud computing 5 • Hybrid-Encrypt(PK,M, f). This algorithm is executed by the data owner. It could be conveniently divided into two
- 4. parts: key encapsulation mechanism (KEM) and authenticated symmetric encryption (AE). – The KEM algorithm takes as input the public parameters PK and an access structure f for circuit. It computes the complement circuit f and chooses a random string R. Then it generates KM = {dkm, vkm}, KR = {dkr, vkr} and the CP-ABE ciphertext (CKM,CKR). – The AE algorithm takes as input a message M, the random string R, the symmetric key Hybrid encryption Hybrid encryption. Cramer and Shoup proposed the generic KEM/DEM construction for hybrid encryption which can encrypt messages of arbitrary length. Based on their ingenious work, a one-time MAC were combined with symmetric encryption to develop the KEM/DEM model for hybrid encryption Such improved model has the advantage of achieving higher security requirements. ABE with Verifiable Delegation. Since the introduction of ABE, there have been advances in multiple directions. The application of outsourcing computation is one of an important direction. Green et aldesigned the first ABE with outsourced decryption scheme to reduce the computation cost during decryption. After that, Lai et al. proposed the definition of ABE with verifiable outsourced decryption. They seek to guarantee the correctness of the original ciphertext by using a commitment. However, since the data owner generates a commitment without any secret value about his identity, the untrusted server can then forge a commitment for a message he chooses. Thus the ciphertext relating to the message is at risk of being tampered. Further more, just modify the commitments for the ciphertext relating to the message is not enough. The cloud server can deceive the user with proper permissions by responding the terminator ⊥ to cheat that he/she is not allowed to access to the data.
- 5. Email Authentication: Email authentication is a collection of techniques aimed at equipping messages of the email transport system with verifiable information. It is a coarse-grained authentication, usually at Administrative Management Domain (ADMD) level, and implies no sort of authorization. That is, the purpose of email authentication is to validate the identities of the parties who participated in transferring a message, as they can modify the message. The results of such validation can then be used in delivery decisions, which are beyond the scope of email authentication proper, and are quite different in nature from If you're receiving mail Recipients can use authentication to verify the source of an incoming message and avoid phishing scams. For example, if you see messages claiming to be from google.com, but are not properly authenticated as coming from google.com, these are
- 6. phishing messages. You should not enter or send any personal information. Remember, Google will never ask you to send personal information