Zhenfu Cao

CCA-Secure Proxy Re-encryption without Pairings

In a proxy re-encryption scheme, a semi-trusted proxy can transform a ciphertext under Alices public key into another ciphertext that Bob can decrypt. However, the proxy cannot access the plaintext. Due to its transformation property, proxy re-encryption can be used in many applications, such as encrypted email forwarding. In this paper, by using signature of knowledge and Fijisaki-Okamoto conversion, we propose a proxy re-encryption scheme without pairings, in which the proxy can only transform the ciphertext in one direction. The proposal is secure against chosen ciphertext attack (CCA) and collusion attack in the random oracle model based on Decisional Diffie-Hellman (DDH) assumption over

Simple three-party key exchange protocol

\mathbb{Z}_{N^2}^*

Attribute based proxy re-encryption with delegating capabilities

and integer factorization assumption, respectively. To the best of our knowledge, it is the first unidirectional PRE scheme with CCA security and collusion-resistance.

A Probabilistic Misbehavior Detection Scheme toward Efficient Trust Establishment in Delay-Tolerant Networks

Three-party authenticated key exchange protocol is an important cryptographic technique in the secure communication areas, by which two clients, each shares a human-memorable password with a trusted server, can agree a secure session key. Over the past years, many three-party authenticated key exchange protocols have been proposed. However, to our best knowledge, not all of them can meet the requirements of security and efficiency simultaneously. Therefore, in this paper, we would like to propose a new simple three-party password based authenticated key exchange protocol. Compared with other existing protocols, our proposed protocol does not require any servers public key, but can resist against various known attacks. Therefore, we believe it is suitable for some practical scenarios.

SecCloud: Bridging Secure Storage and Computation in Cloud

Attribute based proxy re-encryption scheme (ABPRE) is a new cryptographic primitive which extends the traditional proxy re-encryption (public key or identity based cryptosystem) to the attribute based counterpart, and thus empower users with delegating capability in the access control environment. Users, identified by attributes, could freely designate a proxy who can re-encrypt a ciphertext related with a certain access policy to another one with a different access policy. The proposed scheme is proved selective-structure chosen plaintext secure and master key secure without random oracles. Besides, we develop another kind of key delegating capability in our scheme and also discuss some related issues including a stronger security model and applications.

SDSM: A secure data service mechanism in mobile cloud computing

Malicious and selfish behaviors represent a serious threat against routing in delay/disruption tolerant networks (DTNs). Due to the unique network characteristics, designing a misbehavior detection scheme in DTN is regarded as a great challenge. In this paper, we propose iTrust, a probabilistic misbehavior detection scheme, for secure DTN routing toward efficient trust establishment. The basic idea of iTrust is introducing a periodically available Trusted Authority (TA) to judge the nodes behavior based on the collected routing evidences and probabilistically checking. We model iTrust as the inspection game and use game theoretical analysis to demonstrate that, by setting an appropriate investigation probability, TA could ensure the security of DTN routing at a reduced cost. To further improve the efficiency of the proposed scheme, we correlate detection probability with a nodes reputation, which allows a dynamic detection probability determined by the trust of the users. The extensive analysis and simulation results demonstrate the effectiveness and efficiency of the proposed scheme.

A secure identity-based proxy multi-signature scheme

Cloud computing becomes a hot research topic in the recent years. In the cloud computing, software applications and databases are moved to the centralized large data centers, which is called cloud. In the cloud, due to lack of physical possession of the data and the machine, the data and computation may not be well managed and fully trusted by cloud users. Existing work on cloud security mainly focuses on cloud storage without taking computation security into consideration. In this paper, we propose SecCloud, a novel auditing scheme to secure cloud computing based on probabilistic sampling technique as well as designated verifier technique, which aims to consider secure data storage, computation and privacy preserving together. We also discuss how to optimize sampling size to minimize the auditing cost. Detailed analysis and simulations have demonstrated the effectiveness and efficiency of the proposed scheme.

Secure Threshold Multi Authority Attribute Based Encryption without a Central Authority

To enhance the security of mobile cloud users, a few proposals have been presented recently. However we argue that most of them are not suitable for mobile cloud where mobile users might join or leave the mobile networks arbitrarily. In this paper, we design a secure mobile user-based data service mechanism (SDSM) to provide confidentiality and fine-grained access control for data stored in the cloud. This mechanism enables the mobile users to enjoy a secure outsourced data services at a minimized security management overhead. The core idea of SDSM is that SDSM outsources not only the data but also the security management to the mobile cloud in a trust way. Our analysis shows that the proposed mechanism has many advantages over the existing traditional methods such as lower overhead and convenient update, which could better cater the requirements in mobile cloud computing scenarios.

ASRPAKE: An Anonymous Secure Routing Protocol with Authenticated Key Exchange for Wireless Ad Hoc Networks

In a proxy multi-signature scheme, a designated proxy signer can generate the signature on behalf of a group of original signers. To our best knowledge, most of existing proxy multi-signature schemes are proposed in public key infrastructure setting, which may be the bottleneck due to its complexity. To deduce the complexity, several proxy multi-signature schemes are proposed in the ID-based setting. However, no formal definitions on ID-based proxy are proposed until now. To fill the gap, this paper proposes the formal definition. Furthermore, we present a proven secure ID-based proxy multi-signature scheme, which is more efficient than existing schemes in term of computational cost.

Fully secure multi-authority ciphertext-policy attribute-based encryption without random oracles

An attribute based encryption scheme (ABE) is a cryptographic primitive in which every user is identified by a set of attributes, and some function of these attributes is used to determine the ability to decrypt each ciphertext. Chase proposed the first multi authority ABE scheme in TCC 2007 as an answer to an open problem presented by Sahai and Waters in EUROCRYPT 2005. However, her scheme needs a fully trusted central authority which can decrypt every ciphertext in the system. This central authority would endanger the whole system if its corrupted. This paper presents a threshold multi authority fuzzy identity based encryption(MA-FIBE) scheme without a central authority for the first time. An encrypter can encrypt a message such that a user could only decrypt if he has at least d k of the given attributes about the message for at least t + 1, t ≤ n /2 honest authorities of all the n attribute authorities in the proposed scheme. The security proof is based on the secrecy of the underlying joint random secret sharing protocol and joint zero secret sharing protocol and the standard decisional bilinear Diffie-Hellman assumption. The proposed MA-FIBE could be extended to the threshold multi authority attribute based encryption (MA-ABE) scheme and be further extended to a proactive MA-ABE scheme.