Skip to main content
SpringerLink
Log in

Sharing your privileges securely: a key-insulated attribute based proxy re-encryption scheme for IoT

  • Published:
World Wide Web Aims and scope Submit manuscript

Abstract

Attribute based proxy re-encryption (ABPRE) combines the merits of proxy re-encryption and attribute based encryption, which allows a delegator to re-encrypt the ciphertext according to the delegatees’ attributes. The theoretical foundations of ABPRE has been well studied, yet to date there are still issues in schemes of ABPRE, among which time-bounded security and key exposure protection for the re-encryption keys are the most concerning ones. Within the current ABPRE framework, the re-encryption keys are generated independently of the system time segments and the forward security protection is not guaranteed when the users’ access privileges are altered. In this paper, we present a key-insulated ABPRE scheme for IoT scenario. We realize secure and fine-grained data sharing by utilizing attribute based encryption over the encrypted data, as well as adopting key-insulation mechanism to provide forward security for re-encryption keys and private keys of users. In particular, the lifetime of the system is divided into several time slices, and when system enters into a new slice, the user’s private keys need are required to be refreshed. Therefore, the users’ access privileges in our system are time-bounded, and both re-encryption keys and private keys can be protected, which will enhance the security level during data re-encryption, especially in situations when key exposure or privilege alternation happens. Our scheme is proved to be secure under MDBDH hardness assumptions as well as against collusion attack. In addition, the public parameters do not have to be changed during the evolution of users’ private keys, which will require less computation resources brought by parameter synchronization in IoT.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Figure 1

Similar content being viewed by others

References

  1. Ateniese, G., Fu, K., Green, M., et al.: Improved proxy re-encryption schemes with applications to secure distributed storage. In: Proceedings of NDSS05. The Internet Society, pp. 1–30. San Diego: ACM (2006)

  2. Bin, G., Daqing, Z., Yu, Z., et al.: From the internet of things to embedded intelligence. World Wide Web. 16(4), 399–420 (2013)

    Article  Google Scholar 

  3. Blaze, M., Bleumer, G., Strauss, M.: Divertible protocols and atomic proxy cryptography. In: Proceedings of Eurocrypt ‘98, vol. 1403, pp. 127–144. (1998)

  4. Chu, C., Tzeng, W.: Identity-based proxy re-encryption without random oracles. In: Proceedings of ISC 2007. LNCS, vol. 4779, pp. 189–202. Springer, Heidelberg (2007)

  5. Goyal, V., Pandey, O., Sahai, A. et al.: Attribute Based Encryption for Fine-Grained Access Control of Encrypted Data. In: Proceedings of ACM 13th conference on Computer and Communications Security, pp. 89–98. Alexandria, USA (2006)

  6. Guo, S.Q., Zeng, Y.P., Wei, J., et al.: Attribute-based re-encryption scheme in the standard model. Wuhan University Journal of Natural Sciences. 5, 621–625 (2008)

    Article  MathSciNet  MATH  Google Scholar 

  7. Hong, H.S., Sun, Z.X.: High efficient key-insulated attribute based encryption scheme without bilinear pairing operations. Springerplus. 5, 1–12 (2016)

    Article  Google Scholar 

  8. Hong, H.S., Sun, Z.X., Xi, M.L.: A key-insulated CP-ABE with key exposure accountability for secure data sharing in the cloud. KSII T Internet Info. 5, 2394–2406 (2016)

    Google Scholar 

  9. Liang, X.H., Cao, Z.F., Lin, H., et al.: Attribute based proxy re-encryption with delegating capabilities. In: Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, pp. 276–286. New York (2009)

  10. Liang, K.T., Fang, L.M., Susilo, W. et al.: A Ciphertext-Policy Attribute-Based Proxy Re-Encryption with Chosen-Ciphertext Security. 5th International Conference on Intelligent Networking and Collaborative Systems, pp. 552–559. Xi’an (2013)

  11. Luo, S., Hu, J.B., Chen, Z.: Ciphertext policy attribute-based proxy re-encryption. Information and Communications Security. 401–415 (2010)

  12. Mambo, M., Okamoto, E.: Proxy cryptosystems: delegation of the power to Decrypt Ciphertexts. IEICE Trans. Fundam. Electron. Commun. Comput. Sci. 80, 54–63 (1997)

    Google Scholar 

  13. Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Proceedings of 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, pp. 457–473. Aarhus (2005)

  14. Seo, H.J., Kim, H.: Attribute-based proxy re-encryption with a constant number of pairing operations. Journal of Information and Communication Convergence Engineering. 3, 53–60 (2012)

    Article  Google Scholar 

  15. Sun, W.H., Yu, S.C., Lou, W.J., et al.: Protecting your right: verifiable attribute-based keyword Search with fine-grained owner-enforced Search authorization in the cloud. IEEE Trans. Parallel Distrib. Sytst. 4, 1187–1198 (2016)

    Article  Google Scholar 

  16. Wang, Y.T., Chen, K.F., Chen, J.H.: Attribute-based traitor tracing. J. Inf. Sci. Eng. 27, 181–195 (2011)

    MathSciNet  Google Scholar 

  17. Wang, H., Sun, L.L., Bertino, E.: Building access control policy model for privacy preserving and testing policy conflicting problems. J. Comput. Syst. Sci. 80(8), 1493–1503 (2014)

    Article  MathSciNet  MATH  Google Scholar 

  18. Wang, H., Cao, J.L., Zhang, Y.C.: A flexible payment scheme and its role-based access control. IEEE Trans. Knowl. Data Eng. 17(3), 425–436 (2015)

    Article  Google Scholar 

  19. Weng, J., Li, X.X., Chen, K.F., et al.: Identity-based parallel key-insulated signature without random oracles. J. Inf. Sci. Eng. 4, 1143–1157 (2008)

    MATH  Google Scholar 

  20. Weng, J., Yang, Y., Tang, Q., et al.: Efficient conditional proxy re-encryption with chosen-ciphertext security. In: Proceedings of the 12th International Conference on Information Security (ISC 2009), pp. 151–166. Springer Verlag, Heidelberg (2009)

  21. Weng, J., Chen, M., Yang, Y., et al.: CCA-secure unidirectional proxy re-encryption in the adaptive corruption model without random oracles. Sci. China Inform. Sci. 53, 593–606 (2010)

    Article  MathSciNet  Google Scholar 

  22. Weng, J., Zhao, Y.L., Hanaoka, G.: On the security of a bidirectional proxy re-encryption scheme from PKC 2010. In: Proceedings of PKC 2011, pp. 284–295. Springer Verlag, Berlin (2011)

  23. Ying, Z.B., Li, H., Ma, J.F., et al.: Adaptively secure ciphertext-policy attribute-based encryption with dynamic policy updating. Sci. China Inform. Sci. 4, 1–16 (2016)

    Article  Google Scholar 

Download references

Acknowledgements

This research is supported by the National Natural Science Foundation of China (61373135, 61672299).

Author information

Authors and Affiliations

  1. Key Laboratory of Broadband Wireless Communication and Sensor Network Technology, Ministry Education, Nanjing University of Posts and Telecommunications, Nanjing, 210003, China

    Hanshu Hong & Zhixin Sun

Authors
  1. Hanshu Hong
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Zhixin Sun
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Hanshu Hong.

Ethics declarations

Competing interest

The authors declare that they have no competing financial interests.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Hong, H., Sun, Z. Sharing your privileges securely: a key-insulated attribute based proxy re-encryption scheme for IoT. World Wide Web 21, 595–607 (2018). https://doi.org/10.1007/s11280-017-0475-8

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11280-017-0475-8

Keywords

Search

Navigation