Highly privacy-protecting data sharing in a tree structure

In this paper, we investigate the way to efficiently implement a highly privacy-protecting data sharing system in a cloud storage context. We suppose that several customers want to share some sensitive and personal data that are stored on a non-trusted cloud storage system, in such a way that the latter has no way to obtain the data in clear. For this purpose, we make use of an advanced cryptographic tool called a "proxy re-encryption" scheme. In this context, our contribution is twofold. We first modify existing proxy re-encryption schemes in such a way that customers can now manage dynamically a tree structure for their shared document, which was not possible with existing systems. We then present the first true implementation of such system where each client makes use of a smartphone to upload, download and share his/her documents. This way, we show that such system is really practical for a real-life use. We propose a way to store data in a non trusted cloud storage provider.We make use of the advanced cryptographic tool called "proxy re-encryption".We provide a way for customers to share files and folder by modifying the standard proxy re-encryption paradigm.We show that a true implementation of such system is very efficient and can easily be embedded into commercial products.

[1]  Bin Wang A unidirectional conditional proxy re-encryption scheme based on non-monotonic access structure , 2012, IACR Cryptol. ePrint Arch..

[2]  Ronald Cramer,et al.  Design and Analysis of Practical Public-Key Encryption Schemes Secure against Adaptive Chosen Ciphertext Attack , 2003, SIAM J. Comput..

[3]  Qiang Tang,et al.  Type-Based Proxy Re-encryption and Its Construction , 2008, INDOCRYPT.

[4]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[5]  Sébastien Canard,et al.  Improving the Security of an Efficient Unidirectional Proxy Re-Encryption Scheme , 2011, J. Internet Serv. Inf. Secur..

[6]  Robert H. Deng,et al.  CCA-secure unidirectional proxy re-encryption in the adaptive corruption model without random oracles , 2010, Science China Information Sciences.

[7]  Matthew Green,et al.  Improved proxy re-encryption schemes with applications to secure distributed storage , 2006, TSEC.

[8]  Piotr K. Tysowski,et al.  Re-Encryption-Based Key Management Towards Secure and Scalable Mobile Applications in Clouds , 2011, IACR Cryptol. ePrint Arch..

[9]  Robert H. Deng,et al.  Efficient Unidirectional Proxy Re-Encryption , 2010, AFRICACRYPT.

[10]  Ran Canetti,et al.  Chosen-ciphertext secure proxy re-encryption , 2007, CCS '07.

[11]  Robert H. Deng,et al.  Conditional Proxy Broadcast Re-Encryption , 2009, ACISP.

[12]  David Pointcheval,et al.  Encoding-Free ElGamal Encryption Without Random Oracles , 2006, Public Key Cryptography.

[13]  Sébastien Canard,et al.  Combined Proxy Re-encryption , 2013, ICISC.

[14]  Mihir Bellare,et al.  New Proofs for NMAC and HMAC: Security without Collision Resistance , 2006, Journal of Cryptology.

[15]  Zhenfu Cao,et al.  CCA-Secure Proxy Re-Encryption without Pairings , 2009, IACR Cryptol. ePrint Arch..

[16]  Hugo Krawczyk,et al.  Keying Hash Functions for Message Authentication , 1996, CRYPTO.

[17]  Willy Susilo,et al.  Anonymous Conditional Proxy Re-encryption without Random Oracle , 2009, ProvSec.

[18]  C. P. Schnorr,et al.  Efficient Identification and Signatures for Smart Cards (Abstract) , 1989, EUROCRYPT.

[19]  T. Elgamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, CRYPTO 1984.

[20]  Matt Blaze,et al.  Divertible Protocols and Atomic Proxy Cryptography , 1998, EUROCRYPT.

[21]  Benoît Libert,et al.  Unidirectional Chosen-Ciphertext Secure Proxy Re-encryption , 2008, Public Key Cryptography.

[22]  Brent Waters,et al.  Secure attribute-based systems , 2006, CCS '06.

[23]  Ryo Nishimaki,et al.  CCA Proxy Re-Encryption without Bilinear Maps in the Standard Model , 2010, Public Key Cryptography.

[24]  Susan Hohenberger,et al.  Key-Private Proxy Re-encryption , 2009, CT-RSA.