No full-text available
To read the full-text of this research,
you can request a copy directly from the authors.
A blockchain and IPFS-Aided anonymous traitor tracing scheme based on puncturable encryption in Industrial Internet of Things
ResearchGate has not been able to resolve any citations for this publication.
The inherent challenges associated with the Internet of Things (IoT), such as vulnerability to cyber threats and privacy issues, need the development of novel solutions to ensure secure and efficient handling of data. Fog computing resolves these concerns by facilitating data processing in proximity to edge devices, minimising latency, and improving real-time decision-making. Blockchain boosts security in fog-based systems by providing a tamper-proof and transparent ledger. However, exclusively prioritising privacy in fog-based blockchains may impede the practical execution. This article presents the FogBlock Connect paradigm, which combines Fog computing and Blockchain through the implementation of a tailored Proxy Re-encryption (PRE) algorithm inspired by BBS98. This strategy guarantees enhanced data confidentiality while simultaneously upholding operational effectiveness in fog-based blockchains for Internet of Things applications. The efficiency and effectiveness of the suggested PRE algorithm over typical encryption methods are confirmed by comprehensive simulations utilising the Fobsim simulator. The FogBlock Connect paradigm entails the transmission of updates from nearby IoT devices to Fog servers for the purpose of creating and securely storing global updates, hence improving efficiency and performance. The paradigm ensures robust privacy measures, mitigates risks of single-point failures, and facilitates precise access control, establishing a basis for secure and resilient IoT applications. The CCA resistant formal security proof provides further validation for the strength and effectiveness of the suggested approach.
The accelerated development of information and communication technologies has generated a demand for data storage that is effective, transparent, immutable, and secure. Distributed ledger technology and encryption techniques such as hashing and blockchain technology revolutionised the landscape by meeting these requirements. However, blockchain must overcome obstacles such as low latency, throughput, and scalability for its full potential. Investigating blockchain's structure, types, challenges, promises, and variants is necessary to understand blockchain and its capabilities comprehensively. This paper overviews various aspects, such as emergent blockchain protocols, models, concepts, and trends. We classify blockchain variants into five essential categories, DAG, TDAG, Sharding, Consensus, and Combining methods, based on the structure each follows, and conduct a comparative analysis. In addition, we explore current research tendencies. As technology progresses, it is essential to comprehend the fundamental requirements for blockchain development.
With the rapid advancements of the mineral industry, the data generated by this industry chain have increased dramatically. To reduce the growing pressure of data storage and security risks, we design a credible on-chain and off-chain collaborative dual storage system that integrates blockchain technology and Interplanetary file system (IPFS), also construct a traceable and revocable multi-authority ciphertext-policy attributed-based encryption (CP-ABE) algorithm to meet the demand of privacy protection and dynamic fine-grained access control. Furthermore, the multi-authority layered authorization with a central authority model distributes system overhead while enabling the platform can be regulated. More importantly, our scheme achieves accurate trace of the malicious users by white-box traceability and capable of implementing indirect immediate user and attribute revocation without requiring key or ciphertext updates. Finally, the proposed scheme is indistinguishably secure under chosen-plaintext attack (IND-CPA) in the standard model. And the performance analysis demonstrates that our scheme is feature-rich, practical and efficient.
Internet of Things (IoT) systems have gained huge popularity in the past decade. This technology is developing as a back boon from the day-to-day utility in smart homes to intelligent power grids. It has become ubiquitous in the past decade while gaining popularity in academia and industry. As the devices used are usually sensors without a well-developed user interface, they are vulnerable to various threats. In this survey article, we have undergone some of the security challenges the technology faces and how the recently emerging technologies can provide an escape. Emerging technologies like blockchain, AI, and Deep learning techniques provide a platform where IoT operations are carried out successfully and securely. However, specific challenges need to be dealt with before implementing these in practice. We have briefly reviewed the role of particular technologies in securing IoT devices.
Nowadays, cloud servers are gathering an increasing amount of data. Data is commonly stored on cloud servers in the form of ciphertext to protect security and concealment of data. When a consumer requests to access of encrypted data, a third party must provide an access key. The system's security, however, will be compromised if the third party or internal personnel are dishonest. To address this issue, a novel blockchain-based secure decentralized system using IPFS is proposed in this research for secure data transfer. Because all participant of system model are recorded the every action on the chain, and the continuously extending chain makes it conditionally difficult to modify any block without being detected, a blockchain based system is often regarded as a safe platform. In the proposed approach, the data owner uploads an encrypted file to IPFS, which is subsequently separated into n secret sections called hash codes for data security. The data owner must additionally write the access permissions in order to achieve access to this secure data. For security, the system uses two-level key management: first, the data owner encrypts the file, and then the IPFS server makes a hash code of that encrypted file. The proposed solution, which employs blockchain technology, enables consumers to be handled across several domains, erase the single-point failure in traditional centralized systems, and overhead related to communication and computation are decreased at the consumer level. According to the security analysis, the proposed system might effectively resist single and collaboratively malicious persons, as well as untrustworthy cloud servers.
Privacy protection and open sharing are the core of data governance in the AI-driven era. A common data-sharing management platform is indispensable in the existing data-sharing solutions, and users upload their data to the cloud server for storage and dissemination. However, from the moment users upload the data to the server, they will lose absolute ownership of their data, and security and privacy will become a critical issue. Although data encryption and access control are considered up-and-coming technologies in protecting personal data security on the cloud server, they alleviate this problem to a certain extent. However, it still depends too much on a third-party organization’s credibility, the Cloud Service Provider (CSP). In this paper, we combined blockchain, ciphertext-policy attribute-based encryption (CP-ABE), and InterPlanetary File System (IPFS) to address this problem to propose a blockchain-based security sharing scheme for personal data named BSSPD. In this user-centric scheme, the data owner encrypts the sharing data and stores it on IPFS, which maximizes the scheme’s decentralization. The address and the decryption key of the shared data will be encrypted with CP-ABE according to the specific access policy, and the data owner uses blockchain to publish his data-related information and distribute keys for data users. Only the data user whose attributes meet the access policy can download and decrypt the data. The data owner has fine-grained access control over his data, and BSSPD supports an attribute-level revocation of a specific data user without affecting others. To further protect the data user’s privacy, the ciphertext keyword search is used when retrieving data. We analyzed the security of the BBSPD and simulated our scheme on the EOS blockchain, which proved that our scheme is feasible. Meanwhile, we provided a thorough analysis of the storage and computing overhead, which proved that BSSPD has a good performance.
Electronic medical records can help people prevent diseases, improve cure rates, provide a significant basis for medical institutions and pharmaceutical companies, and provide legal evidence for medical negligence and medical disputes. However, the integrity and security problems of electronic medical data still intractable. In this paper, based on the ciphertext policy attribute-based encryption system and IPFS storage environment, combined with blockchain technology, we constructed an attribute-based encryption scheme for secure storage and efficient sharing of electronic medical records in IPFS storage environment. Our scheme is based on ciphertext policy attribute encryption, which effectively controls the access of electronic medical data without affecting efficient retrieval. Meanwhile, we store the encrypted electronic medical data in the decentralized InterPlanetary File System (IPFS), which not only ensures the security of the storage platform but also solves the problem of the single point of failure. Besides, we leverage the non-tamperable and traceable nature of blockchain technology to achieve secure storage and search for medical data. The security proof shows that our scheme achieves selective security for the choose keyword attacks. Performance analysis and real data set simulation experiments shows that our scheme is efficient and feasible.
Considered as a promising fine-grained access control mechanism for data sharing without a centralized trusted third-party, the access policy in a plaintext form may reveal sensitive information in the traditional CP-ABE method. To address this issue, a hidden policy needs to be applied to the CP-ABE scheme, as the identity of a user cannot be accurately confirmed when the decryption key is leaked, so the malicious user is traced and revoked as demanded. In this paper, a CP-ABE scheme that realizes revocation, white-box traceability, and the application of hidden policy is proposed, and such ciphertext is composed of two parts. One is related to the access policy encrypted by the attribute value, and only the attribute name is evident in the access policy. Another is related to the revocation information and updated when revoking, where the revocation information is generated by the binary tree related to users. The leaf node value of a binary tree in the decryption key is used to trace the malicious user. From experimental results, it is shown that the proposed scheme is proven to be IND-CPA secure under the chosen plaintext attacks and selective access policy based on the decisional q-BDHE assumption in the standard model, efficient, and promising.
In this paper, we propose a blockchain-based solution and framework for document sharing and version control to facilitate multiuser collaboration and track changes in a trusted, secure, and decentralized manner, with no involvement of a centralized trusted entity or third party. This solution is based on utilizing Ethereum smart contracts to govern and regulate the document version control functions among the creators and developers of the document and its validators. Moreover, our solution leverages the benefits of IPFS (InterPlanetary File System) to store documents on a decentralized file system. The proposed solution automates necessary interactions among multiple actors comprising developers and approvers. Smart contracts have been developed using Solidity language, and their functionalities were tested using the Remix IDE (Integrated Development Environment). The paper demonstrates that our smart contract code is free of commonly known security vulnerabilities and attacks. The code has been made publically available at Github.
Due to the current structure of digital factory, it is necessary to build the smart factory to upgrade the manufacturing industry. Smart factory adopts the combination of physical technology and cyber technology and deeply integrates previously independent discrete systems making the involved technologies more complex and precise than they are now. In this paper, a hierarchical architecture of the smart factory was proposed firstly, and then the key technologies were analyzed from the aspects of the physical resource layer, the network layer, and the data application layer. In addition, we discussed the major issues and potential solutions to key emerging technologies such as Internet of Things (IoT), big data, and cloud computing, which are embedded in the manufacturing process. Finally, a candy packing line was used to verify the key technologies of smart factory, which showed that the Overall Equipment Effectiveness (OEE) of the equipment is significantly improved.
Ciphertext-policy attribute-based encryption (CP-ABE) enables fine-grained access control to the encrypted data for commercial applications. There has been significant progress in CP-ABE over the recent years because of two properties called traceability and large universe, greatly enriching the commercial applications of CP-ABE. Traceability is the ability of ABE to trace the malicious users or traitors who intentionally leak the partial or modified decryption keys for profits. Nevertheless, due to the nature of CP-ABE, it is difficult to identify the original key owner from an exposed key since the decryption privilege is shared by multiple users who have the same attributes. On the other hand, the property of large universe in ABE enlarges the practical applications by supporting flexible number of attributes. Several systems have been proposed to obtain either of the above properties. However, none of them achieve the two properties simultaneously in practice, which limits the commercial applications of CP-ABE to a certain extent. In this paper, we propose two practical large universe CP-ABE systems supporting white-box traceability. Compared with existing systems, both the two proposed systems have two advantages: 1) the number of attributes is not polynomially bounded and 2) malicious users who leak their decryption keys could be traced. Moreover, another remarkable advantage of the second proposed system is that the storage overhead for traitor tracing is constant, which are suitable for commercial applications.
We give cryptographic schemes that help trace the source of leaks
when sensitive or proprietary data is made available to a large set of
parties. A very relevant application is in the context of pay
television, where only paying customers should be able to view certain
programs. In this application, the programs are normally encrypted, and
then the sensitive data is the decryption keys that are given to paying
customers. If a pirate decoder is found, it is desirable to reveal the
source of its decryption keys. We describe fully resilient schemes which
can be used against any decoder which decrypts with nonnegligible
probability. Since there is typically little demand for decoders which
decrypt only a small fraction of the transmissions (even if it is
nonnegligible), we further introduce threshold tracing schemes which can
only be used against decoders which succeed in decryption with
probability greater than some threshold. Threshold schemes are
considerably more efficient than fully resilient schemes
The fine grain of ciphertext-policy attribute-based encryption (CP-ABE) offers advantages through the amalgamation of key and user attributes; however, it also brings the issue of key misuse. To circumvent the tracking mechanisms of the white-box algorithm, malicious users manipulate the decryption key and encryption algorithm, encapsulating them to create a black-box decryption device. This necessitates black-box traceability for supervision purposes. In this article, we employ
n
-bit encrypted binary vectors to depict the user’s identity and subsequently convert it into partial decryption privileges. When encrypting plaintext, data owners can utilize a “vague specification” to define the identity vector of qualified decryptors. Furthermore, based on the vague specification mechanism, we have devised a pioneering active black-box tracing algorithm. Integrating this algorithm with CP-ABE, we propose the black-box traceable CP-ABE (EIV-BT-ABE) scheme. Our EIV-BT-ABE scheme attains strong traceability with low time complexity, effectively reducing decryption and encryption time costs. The experiment substantiated the efficiency of our scheme while demonstrating its adherence to IND-CPA security.
In Industrial Internet, mutual authentication between enterprises is a prerequisite for establishing reliable upstream and downstream relationships. Existing authentication methods suffer from complicated certificate management and key escrow problems. Moreover, many authentication mechanisms cannot resist common security attacks and have high computational overhead and communication costs. Therefore, this paper proposes a blockchain-based certificate-free cross-domain authentication mechanism for Industrial Internet. By establishing an Ethereum consortium blockchain as the trusted cornerstone among different regions, industrial enterprises in each region generate the user’s private key with the key generation center in the region, thus avoiding the key escrow problem. This consortium blockchain adopts the proof of authority consensus mechanism for scalability and throughput. Industrial enterprises in different regions invoke smart contracts and query other industrial enterprises for mutual authentication and key negotiation. SVO logic proves the proposed scheme achieves the intended authentication goal, and the automated formal verification tool Scyther proves the scheme’s security. In addition, compared with seven related schemes in the last three years, the experimental results show that the proposed scheme has low communication overhead and computational cost in the authentication key negotiation phase. The experiments on the Ethereum consortium blockchain built by Raspberry Pi prove the effectiveness of the proposed scheme. Finally, the comparative analysis of common security properties proves the reliability of the scheme.
The Internet of Things has been applied in various fields of industry, which has promoted the intelligent development of the industry and improved efficiency in industrial production. The devices involved in the IoT have generated useful and sensitive data over time and upload the data to the cloud to realize real-time data sharing. To ensure the confidentiality of data, many systems use attribute-based encryption primitive to encrypt data. However, there are still some security and privacy problems in this mode, such as the lack of identification of malicious users who leaked private keys, performance bottleneck caused by excessive reliance on a single central authority, and vulnerability because a single central authority holds the private keys of all users in the system. In this paper, white-box tracking is used to identify malicious users. The alliance chain is introduced to support multi-authority environments, where the consensus nodes are managed by different authorities and assist central authority in generating partial private keys. To protect users’ privacy, users remain anonymous at all times during their interactions with blockchain consensus. The security analysis and simulation results show that the proposed scheme outperformed other comparable schemes, indicating that it is a preferable scheme.
Due to intrinsic properties such as transparency, immutability, decentralization, and cryptographic security, blockchain has emerged as a revolutionary technology. Despite its widespread application, blockchain is not used to store huge data due to the restricted storage capacity offered by each block. Furthermore, because the data contained in a block must be duplicated on many other nodes on the network, storage space is wasted. Off-chain storage is therefore required to store significant volumes of data while preserving the efficiency and performance of the network. Additionally, off-chain solutions such as Inter-Planetary File System (IPFS) would reduce the cost requirements of blockchain nodes as data stored and processed by these nodes would be reduced. Hence, strong decentralized storage is provided by IPFS that is a P2P-based content-addressed file sharing system that uses cryptographic hashes to store data. As a result, by combining blockchain with IPFS, an efficient file sharing system would be created. This paper presents a comprehensive IPFS architecture, a simplified version of this integrated approach, and potential applications that might assist to maximize the worth of both systems.KeywordsBlockchainIPFSOff-chain storage
As an important component of the industrial Internet of Things (IIoT), the smart factory uses IIoT and equipment-monitoring technology to collect data to reasonably arrange production. A large number of data is collected and uploaded to the IIoT cloud platform. However, the IIoT cloud platform is semi-trusted and has structural limitations and vulnerability, which makes it necessary to realize data dynamic security sharing and malicious users tracking. In this paper, we show that most recent work on this issue is still vulnerable to security threats at first. Then a blockchain-enabled dynamic and traceable data-sharing scheme for a smart factory is proposed. Blockchain performs the user authentication and stores the ciphertext index and public keys to avoid tampering with shared data. The tracking algorithm tracks malicious users and adds them to a revocation list embedded in the ciphertext. And the authority can flexibly select domain or user revocation as required. The LSSS access policy is hidden to protect user privacy, and the cloud server uses match test algorithm to detect whether users meet hidden access policy. Additionally, online-offline encryption and outsourced decryption improve the efficiency of the scheme where the ciphertext and the pairing operations required for decryption achieve constant size. A performance analysis shows that the scheme can resist a variety of collusion attacks, and simulations show that it outperforms current schemes.
With the rapid development of cloud computing, it is popular for data owners to outsource massive data to the cloud server for data sharing. To protect the privacy of sensitive data, many searchable encryption schemes are proposed. However, most of the existing studies focus on the single-owner model. In practice, users need to query data from distributed owners one by one, which inevitably brings great communication and computation overheads. Moreover, it lacks a secure scheme that realizes the access control requirements of individual owners. In this paper, we propose AESM
, a new attribute-based encrypted search with ownership enhancement scheme for multi-owner and multi-user distributed systems. Our design enables users to search data from authorized owners with only one trapdoor. Owners can enforce owner level permission on users and encrypt their data individually with fine-grained attribute level permission. For practical consideration, we further devise an efficient revocation method of the owner level permission for users, where ciphertexts do not need to be updated. We formally define and prove the security of our design. Moreover, we implement a system prototype and analyze the performance from theoretical and experimental aspects. The evaluation results demonstrate that our scheme is effective and efficient.
Mobile healthcare (mHealth) enables people to collect and share their personal health records (PHRs) and gain rapid medical treatment via mobile 5G-enabled Industrial Internet of Things (IIoT) devices, which also brings the challenge of keeping the PHRs confidentiality and preventing unauthorized access. By the emerging ciphertext-policy attribute-based encryption (CP-ABE), the PHR owner can encrypt his/her PHR data under self-defined access policies. However, existing CP-ABE schemes are suffering from either heavy computation cost and storage overhead or traitor tracing and direct revocation. In this article, we propose an efficient, traceable, and revocable access control scheme named TRAC for mHealth in 5G-enabled IIoT. In TRAC, the ciphertext is composed of the attribute-relevant ciphertext encrypted under an
and
-gate access structure and the identity-relevant ciphertext associated with some potential receivers. The malicious user who leaks his/her privilege to unauthorized entities will be precisely tracked and added in the revocation list, by which the cloud server can update the identity-relevant ciphertext by itself. The length of final ciphertext and the time of bilinear pairing operations used in decryption are constant. The security analysis and performance evaluation indicate the security, efficiency, and practicality of TRAC.
Blockchain technology has enabled the keeping of
a decentralized, tamper-proof, immutable, and ordered ledger
of transactional events. Efforts to leverage such a ledger may
be challenging when data storage requirements exceed most
blockchain protocols’ current capacities. Storing large amounts
of decentralized data while maintaining system efficiency is the
challenge that we target. This paper proposes using the IPFS
distributed hash table (DHT) technology to store information
immutably and in a decentralized manner to mitigate the high
cost of storage. A storage system involving blockchain and
other storage systems in concert should be based on immutable
data and allow removal of data from malicious users in the
DHT. Efficiency is improved by decreasing the overall processing
time in the blockchain with the help of DHT technology and
introducing an agreement service that communicate with the
blockchain via a RESTful API. We demonstrate the applicability
of the proposed method and conclude that the combination of
IPFS and blockchain provides efficient cryptographic storage,
immutable history and overall better efficiency in a decentralized
manner.
The Industrial Internet of things (IIoT) supports recent developments in data management and information services, as well as services for smart factories. Nowadays, many mature IIoT cloud platforms are available to serve smart factories. However, due to the semi-credibility nature of the IIoT cloud platforms, how to achieve secure storage, access control, information update and deletion for smart factory data, as well as the tracking and revocation of malicious users, has become an urgent problem. To solve these problems, a blockchain-enhanced security access control scheme that supports traceability and revocability has been proposed in IIoT for smart factories. The blockchain first performs unified identity authentication, and stores all public keys, user attribute sets, and revocation list. The system administrator then generates system parameters and issues private keys to users. The domain administrator is responsible for formulating domain security and privacy protection policies and performing encryption operations. If the attributes meet the access policies and the user's ID is not in the revocation list, they can obtain the intermediate decryption parameters from the edge/cloud servers. Malicious users can be tracked and revoked during all stages if needed, which ensures the system security under the Decisional Bilinear Diffie-Hellman (DBDH) assumption and can resist multiple attacks. The evaluation has shown that the size of the public/private keys is smaller compared to other schemes, and the overhead time is less for public key generation, data encryption, and data decryption stages.
Monero provides a high level of anonymity for both users and their transactions. However, many criminal activities might be committed with the protection of anonymity in cryptocurrency transactions. Thus, user accountability (or traceability) is also important in Monero transactions, which is unfortunately lacking in the current literature. In this paper, we fill this gap by introducing a new cryptocurrency named \textit{Traceable Monero} to balance the user anonymity and accountability. Our framework relies on a tracing authority, but is optimistic, in that it is only involved when investigations in certain transactions are required. We formalize the system model and security model of Traceable Monero. We present a detailed construction of Traceable Monero by overlaying Monero with two types of tracing mechanisms, tracing the one-time addresses with money flows and tracing the long-term addresses. We prove the security of Traceable Monero and implement a prototype of the system, which demonstrates that Traceable Monero incurs merely a very small overhead in generating and verifying a transaction compared to Monero transactions.
This work envisions a new encryption primitive for many-to-many paradigms such as group messaging systems. Previously, puncturable encryption (PE) was introduced to provide forward security for asynchronous messaging services. However, existing PE schemes were proposed only for one-to-one communication, and causes a significant overhead for a group messaging system. In fact, the group communication over PE can only be achieved by encrypting a message multiple times for each receiver by the sender’s device, which is usually suitable to restricted resources such as mobile phones or sensor devices. Our new suggested scheme enables to re-encrypt ciphertexts of puncturable encryption by a message server (i.e., a proxy) so that computationally heavy operations are delegated to the server who has more powerful processors and a constant power source. We then proposed a new Puncturable Proxy Re-Encryption (PPRE) scheme. The scheme is inspired by unidirectional proxy re-encryption (UPRE), which achieves forward secrecy through fine-grained revocation of decryption capability by integrating the PE scheme. This paper first presents a forward secure PPRE in the group messaging service. Our scheme is IND-CCA secure under 3-weak Decision Bilinear Diffie-Hellman Inversion assumption.
KeywordsPuncturable encryptionProxy Re-EncryptionGroup messaging serviceCCA security
As one of the most important manners of personal and business communications, cloud emails have been widely employed due to its advantages of low-cost and convenience. However, with the occurrence of large-scale email leakage events and the revelation of long-term monitoring of personal communications, customers are increasingly worried about the security and privacy of their sensitive emails. In this paper, we first formalize a new cryptographic primitive named forward-secure puncturable identity-based encryption (fs-PIBE) for enhancing the security and privacy of cloud email systems. This primitive enables an email receiver to individually revoke the decryption capacity of a received email that was encrypted, while retaining the decryption capacity of those unreceived ones. Consequently, those received emails remain secure even if the secret key is comprised. Thus, it provides more practical forward secrecy than traditional forward-secure public key encryption, in which the decryption capacity of those received and unreceived emails is revoked simultaneously. Besides, we propose a concrete construction of fs-PIBE with constant size of ciphertext, and prove its security in the standard model. We present the performance analysis to demonstrate its merits.
The adoption of agricultural products traceability management based on Internet of Things (IoT) technology provides excellent benefits for the current food safety issues. The provenance data can demonstrate agricultural products movement process from the countryside to the dining table. However, the massive provenance data incurs an inefficient query. Meanwhile, the provenance data can be tampered deliberately which affect food safety. There are seldom reported approaches that can solve the above problem effectively. In this paper, we propose a data storage model based on Inter-Planetary File System (IPFS) and blockchain. First, IPFS is used to store video, images, and real-time monitoring data reported from the sensors. Then, in order to avoid a malicious user in case of data faking attack, we exploit the blockchain to store the IPFS hash address of the provenance data. Based on that, we design an authentication mechanism based on blockchain. It can verify the data and ensures effective data security. The experimental results show that the proposed approach can outperforms the existing methods. © Computer Society of the Republic of China. All rights reserved.
In the past, the improvement of digital copyright protection system based on digital watermarking mainly focused on algorithms, while generation and storage of the watermark information was ignored. In this paper, a new design scheme of copyright management system based on digital watermarking and its information, such as blockchain, is proposed, which combines digital watermarking, blockchain, perceptual hash function, Quick Response(QR) code, and InterPlanetary File System(IPFS). Among them, blockchain is used to securely store watermark information and provide timestamp authentication for multiple watermarks (multiple copyrights) to confirm the creation order. Perceptual hash function is used to generate hash value based on the structure information of images, that watermark information can be confirmed without the original image. QR code is used to generate QR code images containing image hash and copyright information as watermark images to improve robustness and capacity of digital watermarking; IPFS is used to store and distribute watermarked images without a centralized server. This scheme can enhance the effectiveness of digital watermarking technology in the field of copyright protection. In this way, use P2P network to integrate and complete copyright management and distribution of copyrighted works without requiring a trusted third party. Nodes rely on cryptography to confirm the identity of each other and ensure the security of information. It can reduce information leakage, data destruction and other risks caused by collapse of the centralized system in the past. This improves the security and transparency of information, and speeds up the distribution of copyrighted works to facilitate circulation in the network. This scheme can also improve copyright protection of multiple creations. Combine blockchain and multiple digital watermarks to record copyright information of every copyright owner in the authoring process and fully prove this information. In order to protect the legitimate rights and interests of each copyright owner.
A Ciphertext-Policy Attribute-Based Encryption (CP-ABE) allows users to specify the access policies without
having to know the identities of users. In this paper, we contribute by proposing an ABE scheme which
enables revoking corrupted users. Given a key-like blackbox, our system can identify at least one of the users
whose key must have been used to construct the blackbox and can revoke the key from the system. This paper
extends the work of Liu and Wong to achieve traitor revocability. We construct an Augmented Revocable CPABE
(AugR-CP-ABE) scheme, and describe its security by message-hiding and index-hiding games. Then we
prove that an AugR-CP-ABE scheme with message-hiding and index-hiding properties can be transferred to a
secure Revocable CP-ABE with fully collusion-resistant blackbox traceability. In the proof for index-hiding,
we divide the adversary’s behaviors in two ways and build direct reductions that use adversary to solve the
D3DH problem. Our scheme achieves the sub-linear overhead of O(√N), where N is the number of users
in the system. This scheme is highly expressive and can take any monotonic access structures as ciphertext
policies.
A blackbox traceable Attribute-Based Encryption (ABE) can identify a malicious user called traitor, which created a decryption
box with respect to an attribute set (respectively, access policy), out of all the users who share the same attribute set
(respectively, access policy). However, none of the existing traceable ABE schemes can also support revocation and large attribute
universe, that is, being able to revoke compromised keys, and can take an exponentially large number of attributes. In this
paper, we formalize the definitions and security models, and propose constructions of both Ciphertext-Policy ABE and Key-Policy
ABE that support (i) public and fully collusion-resistant blackbox traceability, (ii) revocation, (iii) large universe and
(iv) any monotonic access structures as policies (i.e. high expressivity). We also show that the schemes are secure and blackbox
traceable in the standard model against selective adversaries.
In this paper we investigate new mechanisms for achieving forward secure encryption in store and forward messaging systems such as email and SMS. In a forward secure encryption scheme, a user periodically updates her secret key so that past messages remain confidential in the event that her key is compromised. A primary contribution of our work is to introduce a new form of encryption that we name puncturable encryption. Using a puncturable encryption scheme, recipients may repeatedly update their decryption keys to revoke decryption capability for selected messages, recipients or time periods. Most importantly, this update process does not require the recipients to communicate with or distribute new key material to senders. We show how to combine puncturable encryption with the forward-secure public key encryption proposal of Canetti et al. To achieve practical forward-secure messaging with low overhead. We implement our schemes and provide experimental evidence that the new constructions are practical.
We construct a fully collusion resistant tracing traitors system with sublinear size ciphertexts and constant size private
keys. More precisely, let N be the total number of users. Our system generates ciphertexts of size O(ÖN)O(\sqrt{N}) and private keys of size O(1). We first introduce a simpler primitive we call private linear broadcast encryption (PLBE) and show that any PLBE gives a tracing traitors system with the same parameters. We then show how to build a PLBE
system with O(ÖN)O(\sqrt{N}) size ciphertexts. Our system uses bilinear maps in groups of composite order.
In [8,9] Boneh et al. presented the first fully collusion-resistant traitor tracing and trace & revoke schemes. These schemes are based on composite order bilinear groups and their security depends on the hardness of the subgroup decision assumption. In this paper we present new, efficient trace & revoke schemes which are based on prime order bilinear groups, and whose security depend on the hardness of the Decisional Linear Assumption or the External Diffie-Hellman (XDH) assumption. This allows our schemes to be flexible and thus much more efficient than existing schemes in terms a variety of parameters including ciphertext size, encryption time, and decryption time. For example, if encryption time was the major parameter of concern, then for the same level of practical security as [8] our scheme encrypts 6 times faster. Decryption is 10 times faster. The ciphertext size in our scheme is 50% less when compared to [8]. We provide the first implementations of efficient fully collusion-resilient traitor tracing and trace & revoke schemes. The ideas used in this paper can be used to make other cryptographic schemes based on composite order bilinear groups efficient as well
A traitor tracing system enables a publisher to trace a pirate decryption box to one of the secret keys used to create the box. We present a traitor tracing system where ciphertext size is "constant," namely independent of the number of users in the system and the collusion bound. A ciphertext in our system consists of only two elements where the length of each element depends only on the security parameter. The down side is that private-key size is quadratic in the collusion bound. Our construction is based on recent constructions for fingerprinting codes.
Certificate-free cross-domain fine-grained access control mechanism for industrial internet
- Dong
The pairing-based cryptography library
- Lynn Ben