KAPRE: Key-aggregate proxy re-encryption for secure and flexible data sharing in cloud storage. (December 2021)
- Record Type:
- Journal Article
- Title:
- KAPRE: Key-aggregate proxy re-encryption for secure and flexible data sharing in cloud storage. (December 2021)
- Main Title:
- KAPRE: Key-aggregate proxy re-encryption for secure and flexible data sharing in cloud storage
- Authors:
- Pareek, Gaurav
B.R., Purushothama - Abstract:
- Abstract: Key-aggregate cryptosystems (KAC) have attracted significant attention from the research community because of their elegance and efficiency in enforcing predefined access control policies for outsourced data. The data owner computes a constant-size aggregate key that is capable of decrypting a subset of outsourced data items. Based on the access control policy, the data owner securely transmits the aggregate key to a user authorized for the corresponding subset of data items. For practical access control scenarios, a KAC needs to satisfy additional flexibility requirements. We propose a practically motivated, novel cryptographic primitive called key-aggregate proxy re-encryption that allows temporary delegation of decryption capabilities of an aggregate key to one or more other aggregate keys without carrying out any secure transmissions. The existing key-aggregate cryptosystems face two important issues in highly dynamic environments, namely the non-revocability of aggregate keys and the need to securely transmit the aggregate key(s) to enhance the access capabilities of the user(s). The proposed key-aggregate proxy re-encryption is a significant enhancement to the existing KACs in that it features temporary delegation of decryption capabilities without needing any secure transmissions for carrying out or revoking the temporary delegation(s). We propose two variants of key-aggregate proxy re-encryption. The first variant delegates decryption capabilities of anAbstract: Key-aggregate cryptosystems (KAC) have attracted significant attention from the research community because of their elegance and efficiency in enforcing predefined access control policies for outsourced data. The data owner computes a constant-size aggregate key that is capable of decrypting a subset of outsourced data items. Based on the access control policy, the data owner securely transmits the aggregate key to a user authorized for the corresponding subset of data items. For practical access control scenarios, a KAC needs to satisfy additional flexibility requirements. We propose a practically motivated, novel cryptographic primitive called key-aggregate proxy re-encryption that allows temporary delegation of decryption capabilities of an aggregate key to one or more other aggregate keys without carrying out any secure transmissions. The existing key-aggregate cryptosystems face two important issues in highly dynamic environments, namely the non-revocability of aggregate keys and the need to securely transmit the aggregate key(s) to enhance the access capabilities of the user(s). The proposed key-aggregate proxy re-encryption is a significant enhancement to the existing KACs in that it features temporary delegation of decryption capabilities without needing any secure transmissions for carrying out or revoking the temporary delegation(s). We propose two variants of key-aggregate proxy re-encryption. The first variant delegates decryption capabilities of an aggregate key to a set of aggregate keys and the second variant delegates decryption capabilities of one aggregate key to another unique aggregate key. We present formal security definitions of both the proposed variants of key-aggregate proxy re-encryption under chosen-plaintext and chosen-ciphertext attacks. We present concrete constructions for both the variants of key-aggregate proxy re-encryption and formally prove the chosen-ciphertext security in the random oracle model. Also, we show that both of our constructions satisfy the temporary delegation property. Finally, we analyze the performance of our key-aggregate proxy re-encryption schemes to confirm their practical applicability. … (more)
- Is Part Of:
- Journal of information security and applications. Volume 63(2022)
- Journal:
- Journal of information security and applications
- Issue:
- Volume 63(2022)
- Issue Display:
- Volume 63, Issue 2022 (2022)
- Year:
- 2022
- Volume:
- 63
- Issue:
- 2022
- Issue Sort Value:
- 2022-0063-2022-0000
- Page Start:
- Page End:
- Publication Date:
- 2021-12
- Subjects:
- Data sharing -- Dynamic access control -- Key-aggregate encryption -- Proxy re-encryption -- Chosen-ciphertext security
Computer security -- Periodicals
Information technology -- Security measures -- Periodicals
005.805 - Journal URLs:
- http://www.sciencedirect.com/ ↗
- DOI:
- 10.1016/j.jisa.2021.103009 ↗
- Languages:
- English
- ISSNs:
- 2214-2126
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - BLDSS-3PM
British Library STI - ELD Digital store - Ingest File:
- 20587.xml