Hierarchical Conditional Proxy Re-Encryption: A New Insight of Fine-Grained Secure Data Sharing

Outsource local data to remote cloud has become prevalence for Internet users to date. While being unable to “handle” (outsourced) data at hand, Internet users may concern about the confidentiality of data but also further operations over remote data. This paper deals with the case where a secure data sharing mechanism is needed when data is encrypted and stored in remote cloud. Proxy re-encryption (PRE) is a promising cryptographic tool for secure data sharing. It allows a “honest-but-curious” third party (e.g., cloud server), which we call “proxy”, to convert all ciphertexts encrypted for a delegator into those intended for a delegatee. The delegatee can further gain access to the plaintexts with private key, while the proxy learns nothing about the underlying plaintexts. Being regarded as a general extension of PRE, conditional PRE supports a fine-grained level of data sharing. In particular, condition is embedded into ciphertext that offers a chance for the delegator to generate conditional re-encryption key to control with which ciphertexts he wants to share. In this paper, for the first time, we introduce a new notion, called “hierarchical conditional” PRE. The new notion allows re-encryption rights to be “re-delegated” for “low-level” encrypted data. We propose the seminal scheme satisfying the notion in the context of identity-based encryption and further, prove it secure against chosen-ciphertext security.

[1]  Robert H. Deng,et al.  On the security of two identity-based conditional proxy re-encryption schemes , 2016, Theor. Comput. Sci..

[2]  Wen-Guey Tzeng,et al.  Identity-Based Proxy Re-encryption Without Random Oracles , 2007, ISC.

[3]  Joseph K. Liu,et al.  A secure and efficient Ciphertext-Policy Attribute-Based Proxy Re-Encryption for cloud data sharing , 2015, Future Gener. Comput. Syst..

[4]  Chunhua Su,et al.  Efficient Multi-Function Data Sharing and Searching Mechanism for Cloud-Based Encrypted Data , 2016, AsiaCCS.

[5]  Ryo Nishimaki,et al.  CCA Proxy Re-Encryption without Bilinear Maps in the Standard Model , 2010, Public Key Cryptography.

[6]  Matthew Green,et al.  Improved proxy re-encryption schemes with applications to secure distributed storage , 2006, TSEC.

[7]  Xiaohui Liang,et al.  Attribute based proxy re-encryption with delegating capabilities , 2009, ASIACCS '09.

[8]  Qiang Tang,et al.  Type-Based Proxy Re-encryption and Its Construction , 2008, INDOCRYPT.

[9]  Xinyi Huang,et al.  Cryptographic Hierarchical Access Control for Dynamic Structures , 2016, IEEE Transactions on Information Forensics and Security.

[10]  Joseph K. Liu,et al.  Privacy-Preserving Ciphertext Multi-Sharing Control for Big Data Storage , 2015, IEEE Transactions on Information Forensics and Security.

[11]  Hiroshi Doi,et al.  Secure and Efficient IBE-PKE Proxy Re-Encryption , 2011, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[12]  Eiji Okamoto,et al.  Identity-Based Proxy Cryptosystems with Revocability and Hierarchical Confidentialities , 2012 .

[13]  Zhen Liu,et al.  A CCA-Secure Identity-Based Conditional Proxy Re-Encryption without Random Oracles , 2012, ICISC.

[14]  Matt Blaze,et al.  Divertible Protocols and Atomic Proxy Cryptography , 1998, EUROCRYPT.

[15]  Zhenfu Cao,et al.  Multi-use unidirectional identity-based proxy re-encryption from hierarchical identity-based encryption , 2012, Inf. Sci..

[16]  Robert H. Deng,et al.  Efficient Conditional Proxy Re-encryption with Chosen-Ciphertext Security , 2009, ISC.

[17]  Robert H. Deng,et al.  Conditional proxy re-encryption secure against chosen-ciphertext attack , 2009, ASIACCS '09.

[18]  Rongxing Lu,et al.  Secure bidirectional proxy re-encryption for cryptographic cloud storage , 2016, Pervasive Mob. Comput..

[19]  Keisuke Tanaka,et al.  Proxy Re-Encryption in a Stronger Security Model Extended from CT-RSA2012 , 2013, CT-RSA.

[20]  Toshihiko Matsuo,et al.  Proxy Re-encryption Systems for Identity-Based Encryption , 2007, Pairing.

[21]  Xiao Tan,et al.  Chosen-ciphertext secure multi-hop identity-based conditional proxy re-encryption with constant-size ciphertexts , 2014, Theor. Comput. Sci..

[22]  Duncan S. Wong,et al.  A ciphertext‐policy attribute‐based proxy re‐encryption scheme for data sharing in public clouds , 2015, Concurr. Comput. Pract. Exp..

[23]  Joseph K. Liu,et al.  An Efficient Cloud-Based Revocable Identity-Based Proxy Re-encryption Scheme for Public Clouds Data Sharing , 2014, ESORICS.

[24]  Cheng-Chi Lee,et al.  A Searchable Hierarchical Conditional Proxy Re-encryption Scheme for Cloud Storage Services , 2016, Inf. Technol. Control..

[25]  Jin Li,et al.  Hierarchical and Shared Access Control , 2016, IEEE Transactions on Information Forensics and Security.

[26]  Eiji Okamoto,et al.  New Identity-Based Proxy Re-encryption Schemes to Prevent Collusion Attacks , 2010, Pairing.

[27]  Ran Canetti,et al.  Chosen-ciphertext secure proxy re-encryption , 2007, CCS '07.

[28]  Willy Susilo,et al.  Interactive conditional proxy re-encryption with fine grain policy , 2011, J. Syst. Softw..

[29]  Elisa Bertino,et al.  Privacy Preserving Delegated Access Control in Public Clouds , 2014, IEEE Transactions on Knowledge and Data Engineering.

[30]  Benoît Libert,et al.  Unidirectional Chosen-Ciphertext Secure Proxy Re-Encryption , 2008, IEEE Transactions on Information Theory.

[31]  Yunlei Zhao,et al.  Generic Construction of Chosen Ciphertext Secure Proxy Re-Encryption , 2012, CT-RSA.

[32]  Rui Zhang,et al.  Verifiable attribute-based proxy re-encryption for secure public cloud data sharing , 2016, Secur. Commun. Networks.

[33]  Matthew Green,et al.  Identity-Based Proxy Re-encryption , 2007, ACNS.

[34]  Robert H. Deng,et al.  CCA-secure unidirectional proxy re-encryption in the adaptive corruption model without random oracles , 2010, Science China Information Sciences.

[35]  Brent Waters,et al.  Efficient Identity-Based Encryption Without Random Oracles , 2005, EUROCRYPT.

[36]  Kefei Chen,et al.  Chosen-Ciphertext Secure Proxy Re-encryption without Pairings , 2008, CANS.

[37]  Zhong Chen,et al.  Fully Secure Unidirectional Identity-Based Proxy Re-encryption , 2011, ICISC.

[38]  Willy Susilo,et al.  Searchable Attribute-Based Mechanism With Efficient Data Sharing for Secure Cloud Storage , 2015, IEEE Transactions on Information Forensics and Security.

[39]  Wanlei Zhou,et al.  Efficient Fine-Grained Access Control for Secure Personal Health Records in Cloud Computing , 2016, NSS.