Combined Proxy Re-Encryption

Similar documents

Lecture 17: Re-encryption

Electronic Voting Protocol Analysis with the Inductive Method

Sharing Of Multi Owner Data in Dynamic Groups Securely In Cloud Environment

An Efficient and Secure Data Sharing Framework using Homomorphic Encryption in the Cloud

Tackling The Challenges of Big Data. Tackling The Challenges of Big Data Big Data Systems. Security is a Negative Goal. Nickolai Zeldovich

CLOUD COMPUTING SECURITY IN UNRELIABLE CLOUDS USING RELIABLE RE-ENCRYPTION

DATA SECURITY IN CLOUD USING ADVANCED SECURE DE-DUPLICATION

Secure Cloud Identity Wallet

Advanced Topics in Cryptography and Network Security

Categorical Heuristic for Attribute Based Encryption in the Cloud Server

IT Security Automation Conference Endpoint Data Protection (EDP) In The Cloud

Secure File Sharing in the Cloud by Row Complete Matrix Re-encryption Method

Data Security Using Reliable Re-Encryption in Unreliable Cloud

Content Teaching Academy at James Madison University

Secure Group Oriented Data Access Model with Keyword Search Property in Cloud Computing Environment

Cryptography & Network Security. Introduction. Chester Rebeiro IIT Madras

International Electronic Journal of Pure and Applied Mathematics IEJPAM, Volume 8, No. 2 (2014)

Chapter 10. Network Security

Survey on Securing Data using Homomorphic Encryption in Cloud Computing

Schnorr Signcryption. Combining public key encryption with Schnorr digital signature. Laura Savu, University of Bucharest, Romania

Review Of Secure And Privacy Preserving DRM Scheme

Associate Prof. Dr. Victor Onomza Waziri

A Secure Real Media Contents Management Model Based on Archetypes using Cloud Computing

Crypho Security Whitepaper

RUN BETTER SAP AG. All rights reserved. 1

Introduction to Cryptography

Network Security. Computer Networking Lecture 08. March 19, HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

A Simulation Game for Teaching Secure Data Communications Protocols

SFWR ENG 4C03 - Computer Networks & Computer Security

A Proposal for Authenticated Key Recovery System 1

VoteID 2011 Internet Voting System with Cast as Intended Verification

Data defense in unpredictable Cloud Using Access Control and Access Time

SECURELY CONNECTING INSTANT MESSAGING SYSTEMS FOR AD HOC NETWORKS TO SERVER BASED SYSTEMS

Time-Based Proxy Re-encryption Scheme for Secure Data Sharing in a Cloud Environment

SELS: A Secure List Service *

EXAM questions for the course TTM Information Security May Part 1

Cryptography and Key Management Basics

3-6 Toward Realizing Privacy-Preserving IP-Traceback

Development of enhanced Third party Auditing Scheme for Secure Cloud Storage

Discrete logarithms within computer and network security Prof Bill Buchanan, Edinburgh Napier

Delegated Access for Hadoop Clusters in the Cloud

A Comprehensive Data Forwarding Technique under Cloud with Dynamic Notification

Secure Computation Martin Beck

Chapter 37. Secure Networks

YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE

16 April Cloud Security. Dr. Andreas Wespi IBM Corporation

Cryptography and Network Security Department of Computer Science and Engineering Indian Institute of Technology Kharagpur

Secure and privacy-preserving DRM scheme using homomorphic encryption in cloud computing

Efficient and Robust Secure Aggregation of Encrypted Data in Wireless Sensor Networks

Dr. Arjan Durresi. Baton Rouge, LA These slides are available at:

Cryptography and Network Security Chapter 10

Reusable Anonymous Return Channels

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide

Computer Forensics. Securing and Analysing Digital Information

A Study on Secure Electronic Medical DB System in Hospital Environment

SMART FRAME- AN EFFICIENT SECURITY FRAMEWORK FOR BIG DATA MANAGEMENT SCHEME ON CLOUD

Sheltered Multi-Owner Data distribution For vibrant Groups in the Cloud

Cryptography & Network Security

CRYPTOGRAPHY IN NETWORK SECURITY

Software Tool for Implementing RSA Algorithm

Cipher Techniques on Networks. Amit Konar Math and CS, UMSL

Homomorphic encryption and emerging technologies COSC412

Security. Friends and Enemies. Overview Plaintext Cryptography functions. Secret Key (DES) Symmetric Key

A SIGNIFICANT REDUCTION OF CLOUD STORAGE BY ELIMINATION OF REPETITIVE DATA

Exinda How to Guide: SSL Acceleration

Encryption for Cloud Services Security: Problem or / CTO /

Understanding Digital Certificates and Wireless Transport Layer Security (WTLS)

Chapter 23. Database Security. Security Issues. Database Security

Outstanding Cloud Security Service For Modify Data Distribute In Cloud Method

End-to-End Security in Wireless Sensor Networks (WSNs) Talk by Claudio Anliker Supervised by Dr. Corinna Schmitt University of Zurich

Network Security Protocols

Overview. SSL Cryptography Overview CHAPTER 1

Role Based Encryption with Efficient Access Control in Cloud Storage

Secure Role-Based Access Control on Encrypted Data in Cloud Storage using Raspberry PI

Sometimes it's better to be STUCK! SAML Transportation Unit for Cryptographic Keys

Overview of Public-Key Cryptography

How to Optimize MS Outlook Exchange Traffic Over SSL

Regulatory Compliance

Secure Attribute Based Mechanism through Access cipher policy in Outsourced Cloud Data

Cryptography & Digital Signatures

CS558. Network Security. Boston University, Computer Science. Midterm Spring 2014.

Computing on Encrypted Data

Security of smart grid communication protocols

CHARM: A COST-EFFICIENT MULTI-CLOUD DATA HOSTING SCHEME WITH HIGH AVAILABILITY

Cryptanalysis of Cloud based computing

Soran University Faculty of Science and Engineering Computer Science Department Information Security Module Specification

CS 3251: Computer Networking 1 Security Protocols I

Partisia Contract Exchange. A Secure, Simple and Efficient Way to Trade Contracts

Kleptography: The unbearable lightness of being mistrustful

Network Security CS 5490/6490 Fall 2015 Lecture Notes 8/26/2015

Security Aspects of. Database Outsourcing. Vahid Khodabakhshi Hadi Halvachi. Dec, 2012

Information Security

Forward Secrecy: How to Secure SSL from Attacks by Government Agencies

A Federated Cloud Identity Broker-Model for Enhanced Privacy via Proxy Re-Encryption

Common security requirements Basic security tools. Example. Secret-key cryptography Public-key cryptography. Online shopping with Amazon

Secure Traffic Inspection

CIS 5371 Cryptography. 8. Encryption --

Outline. CSc 466/566. Computer Security. 8 : Cryptography Digital Signatures. Digital Signatures. Digital Signatures... Christian Collberg

Secure Data Management Scheme using One-Time Trapdoor on Cloud Storage Environment

Comodo Mobile Security for Android Software Version 2.5

Transcription:

Combined Proxy Re-Encryption Orange Labs, Applied Crypto Group, Université de Caen Basse-Normandie, GREYC, Sébastien Canard et Julien Devigne Journées C2 2012, Dinard

Proxy Re-Encryption ( PRE ) Second level ciphertext First level ciphertext 2 Combined Proxy Re-Encryption

Simple Example (based on ElGamal) ElGamal encryption: Introduced by ElGamal in 1984 3 Combined Proxy Re-Encryption

Simple Example (based on ElGamal) Re-Encryption key Re-Encryption 4 Combined Proxy Re-Encryption

Usual Example (Libert-Vergnaud s PRE) Introduced in 2008 Encryption / Decryption 5 Combined Proxy Re-Encryption

Usual Example (Libert-Vergnaud s PRE) Re-Encryption key Re-Encryption 6 Combined Proxy Re-Encryption

Usual Example (Libert-Vergnaud s PRE) Decryption of a re-encrypted ciphertext 7 Combined Proxy Re-Encryption

Characteristics Bidirectional Unidirectional Multi-hop Single-hop In practice: Bidirectional multi-hop / Unidirectional single-hop 8 Combined Proxy Re-Encryption

Cloud Storage Alice BOB Cloud Storage 9 Combined Proxy Re-Encryption

Secure Cloud Storage with Security of the Cloud Alice BOB Cloud Storage 10 Combined Proxy Re-Encryption

Secure Cloud Storage with Duplication Alice BOB Cloud Storage 11 Combined Proxy Re-Encryption

Secure Cloud Storage with Shared Key Alice BOB Cloud Storage 12 Combined Proxy Re-Encryption

Advantages / Drawbacks of the Cloud Storage Advantages Saving device memory space Accessibility from anywhere at anytime Drawbacks depending on the solution Security and no user s privacy, efficiency or confidentiality Solution Use a functional cryptographic primitive Proxy re-encryption primitive 13 Combined Proxy Re-Encryption

Cloud Storage based on PRE / Store a data Cloud Storage 14 Combined Proxy Re-Encryption

Cloud Storage based on PRE / Recover a data Cloud Storage 15 Combined Proxy Re-Encryption

Advantages / Drawbacks of such a Cloud Storage Advantages Privacy of the users Security independent of the cloud Drawbacks No control on the use of re-encryption keys Bob has access to all Alice s data via a re-encryption done by the Cloud Solutions Use PRE with more functionalities (Conditional-PRE) (Not this talk) 16 Combined Proxy Re-Encryption

Add a new device (e.g. the green one) Cloud Storage Cloud Storage 17 Combined Proxy Re-Encryption

Delete the blue device (or the green one) Cloud Storage 18 Combined Proxy Re-Encryption

Delete the red device? Cloud Storage Cloud Storage 19 Combined Proxy Re-Encryption

Advantages / Drawbacks of different PRE for this usecase Bidirectional multi-hop PRE Multi-hop: possibility to add new devices even after deletion of the red device Bidirectional: mutual trust between users Unidirectional single-hop PRE Unidirectional: no mutual trust Single-hop: no possibility to add new devices after deletion of the red device Ideally: unidirectional multi-hop PRE No such secure scheme in practice Solution: combination of different PRE 20 Combined Proxy Re-Encryption

Idea of the Solution Combined PRE (C-PRE) Use two kinds of re-encryption in the same scheme Bidirectional multi-hop: for devices belonging to the same user Unidirectional (and also single-hop): for devices belonging to different users Ideal for our problem! 21 Combined Proxy Re-Encryption

Practical C-PRE based on Libert-Vergnaud s PRE Unidirectional Re-Encryption key Unidirectional Re-Encryption 22 Combined Proxy Re-Encryption

Practical C-PRE based on Libert-Vergnaud s PRE Bidirectional Re-Encryption key Bidirectional Re-Encryption 23 Combined Proxy Re-Encryption

Practical C-PRE based on Libert-Vergnaud s PRE Bidirectional Re-Encryption key Bidirectional Re-Encryption 24 Combined Proxy Re-Encryption

Practical C-PRE based on Libert-Vergnaud s PRE Less re-encryption keys to compute per users 25 Combined Proxy Re-Encryption

Conclusion PRE useful to realize a cloud storage with confidentiality of data C-PRE add functionality to PRE useful for the management of devices in a cloud storage without modifying the efficiency of PRE less re-encryption keys to compute Future work Mix C-PRE and others PRE (e.g. Conditional-PRE) 26 Combined Proxy Re-Encryption

Thanks Comments/Questions?