One of the primary research challenges in Attribute-Based Encryption
(ABE) is constructing and proving cryptosystems that are adaptively
secure. To date the main paradigm for achieving adaptive security in
ABE is dual system encryption. However, almost all such solutions in
bilinear groups rely on (variants of) either the subgroup decision
problem over composite order groups or the decision linear assumption.
Both of these assumptions are decisional rather than search
assumptions and the target of the assumption is a source or bilinear
group element. This is in contrast to earlier selectively secure ABE
systems which can be proven secure from either the decisional or
search Bilinear Diffie-Hellman assumption. In this work we make
progress on closing this gap by giving a new ABE construction for the
subset functionality and prove security under the Search Bilinear
Diffie-Hellman assumption.
We first provide a framework for
proving adaptive security in Attribute-Based Encryption systems. We
introduce a concept of ABE with deletable attributes where any party
can take a ciphertext encrypted under the attribute string and modify it into a ciphertext encrypted under any string where is derived by replacing any bits of
with symbols (i.e. ``deleting" attributes of ). The
semantics of the system are that any private key for a circuit can
be used to decrypt a ciphertext associated with if none of the
input bits read by circuit are symbols and .
We show a pathway for combining ABE
with deletable attributes with constrained psuedorandom functions to
obtain adaptively secure ABE building upon the recent work of
Tsabary. Our new ABE system will be adaptively
secure and be a ciphertext-policy ABE that supports the same
functionality as the underlying constrained PRF as long as the PRF is
``deletion conforming". Here we also provide a simple constrained PRF
construction that gives subset functionality.
Our approach enables us to access a
broader array of Attribute-Based Encryption schemes support deletion
of attributes. For example, we show that both the Goyal~et
al.~(GPSW) and Boyen ABE schemes can
trivially handle a deletion operation. And, by using a hardcore bit
variant of GPSW scheme we obtain an adaptively secure ABE scheme under
the Search Bilinear Diffie-Hellman assumption in addition to
pseudo random functions in NC1. This gives the first adaptively
secure ABE from a search assumption as all prior work relied on
decision assumptions over source group elements.
more »
« less
Secrecy Coding in the Integrated Network Enhanced Telemetry (iNET)
Data security plays a crucial role in all areas of data transmission, processing, and storage. This paper considers security in eavesdropping attacks over wireless communication links in aeronautical telemetry systems. Data streams in these systems are often encrypted by traditional encryption algorithms such as the Advanced Encryption Standard (AES). Here, we propose a secure coding technique for the integrated Network Enhanced Telemetry (iNET) communications system that can be coupled with modern encryption schemes. We consider a wiretap scenario where there are two telemetry links between a test article (TA) and a legitimate receiver, or ground station (GS). We show how these two links can be used to transmit both encrypted and unencrypted data streams while keeping both streams secure. A single eavesdropper is assumed who can tap into both links through its noisy channel. Since our scheme does not require encryption of the unencrypted data stream, the proposed scheme offers the ability to reduce the size of the required secret key while keeping the transmitted data secure.
more »
« less
- Award ID(s):
- 1910812
- NSF-PAR ID:
- 10490050
- Publisher / Repository:
- International Foundation for Telemetering
- Date Published:
- Journal Name:
- Proceedings International Telemetering Conference US
- ISSN:
- 0884-5123
- Format(s):
- Medium: X
- Location:
- Las Vegas, NV
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
Searchable Encryption (SE) has been extensively examined by both academic and industry researchers. While many academic SE schemes show provable security, they usually expose some query information (e.g., search patterns) to achieve high efficiency. However, several inference attacks have exploited such leakage, e.g., a query recovery attack can convert opaque query trapdoors to their corresponding keywords based on some prior knowledge. On the other hand, many proposed SE schemes require significant modification of existing applications, which makes them less practical, weak in usability, and difficult to deploy. In this paper, we introduce a secure and practical SE scheme with provable security strength for cloud applications, called IDCrypt, which improves the search efficiency and enhanced the security strength of SE using symmetric cryptography. We further point out the main challenges in securely searching on multiple indexes and sharing encrypted data between multiple users. To address the above issues, we propose a token-adjustment scheme to preserve the search functionality among multi-indexes, and a key sharing scheme which combines Identity-Based Encryption (IBE) and Public-Key Encryption (PKE). Our experimental results show that the overhead of IDCrypt is fairly low.more » « less
-
more » « less
Abstract In recent years, cyber‐security of networked control systems has become crucial, as these systems are vulnerable to targeted cyberattacks that compromise the stability, integrity, and safety of these systems. In this work, secure and private communication links are established between sensor–controller and controller–actuator elements using semi‐homomorphic encryption to ensure cyber‐security in model predictive control (MPC) of nonlinear systems. Specifically, Paillier cryptosystem is implemented for encryption‐decryption operations in the communication links. Cryptosystems, in general, work on a subset of integers. As a direct consequence of this nature of encryption algorithms, quantization errors arise in the closed‐loop MPC of nonlinear systems. Thus, the closed‐loop encrypted MPC is designed with a certain degree of robustness to the quantization errors. Furthermore, the trade‐off between the accuracy of the encrypted MPC and the computational cost is discussed. Finally, two chemical process examples are employed to demonstrate the implementation of the proposed encrypted MPC design.
-
null (Ed.)The resource-constrained nature of the Internet of Things (IoT) edges, poses a challenge in designing a secure and high-performance communication for this family of devices. Although side-channel resistant ciphers (either block or stream) could guarantee the security of the communication, the energy intensive nature of these ciphers makes them undesirable for lightweight IoT solutions. In this paper, we introduce ExTru, an encrypted communication protocol based on stream ciphers that adds a configurable switching & toggling network (CSTN) to not only boost the performance of the communication in these devices, it also consumes far less energy than the conventional side-channel resistant ciphers. Although the overall structure of the proposed scheme is leaky against physical attacks, we introduce a dynamic encryption mechanism that removes this vulnerability. We demonstrate how each communicated message in the proposed scheme reduces the level of trust. Accordingly, since a specific number of messages, N, could break the communication and extract the key, by using the dynamic encryption mechanism, ExTru can re-initiate the level of trust periodically after T messages where T <; N, to protect the communication against side-channel and scan-based attacks (e.g. SAT attack). Furthermore, we demonstrate that by properly configuring the value of T, ExTru not only increases the strength of security from per “device” to per “message”, it also significantly improves energy saving as well as throughput vs. an architecture that only uses a conventional side-channel resistant block/stream cipher.more » « less
-
null (Ed.)Oblivious Random Access Machine (ORAM) allows a client to hide the access pattern and thus, offers a strong level of privacy for data outsourcing. An ideal ORAM scheme is expected to offer desirable properties such as low client bandwidth, low server computation overhead, and the ability to compute over encrypted data. S3ORAM (CCS’17) is an efficient active ORAM scheme, which takes advantage of secret sharing to provide ideal properties for data outsourcing such as low client bandwidth, low server computation and low delay. Despite its merits, S3ORAM only offers security in the semi-honest setting. In practice, an ORAM protocol is likely to operate in the presence of malicious adversaries who might deviate from the protocol to compromise the client privacy. In this paper, we propose MACAO, a new multi-server ORAM framework, which offers integrity, access pattern obliviousness against active adversaries, and the ability to perform secure computation over the accessed data. MACAO harnesses authenticated secret sharing techniques and tree-ORAM paradigm to achieve low client communication, efficient server computation, and low storage overhead at the same time. We fully implemented MACAO and conducted extensive experiments in real cloud platforms (Amazon EC2) to validate the performance of MACAO compared with the state-of-the-art. Our results indicate that MACAO can achieve comparable performance to S3ORAM while offering security against malicious adversaries. MACAO is a suitable candidate for integration into distributed file systems with encrypted computation capabilities towards enabling an oblivious functional data outsourcing infrastructure.more » « less
- Free Publicly Accessible Full Text
-
Accepted Manuscript1.0
- Conference Paper:
- The DOI is not currently available.
