This document summarizes an audit-free cloud storage encryption scheme called deniable attribute-based encryption (ABE). It allows cloud storage providers to create fake user secrets to protect user privacy from outside coercion. The scheme is based on Waters ciphertext policy ABE, enhanced to use composite order bilinear groups. This enables users to provide fake secrets that seem legitimate, preventing auditors from determining the true secrets. The goal is to block coercion efforts by making them useless, as auditors cannot prove fake evidence is wrong. This protects user privacy even if cloud storage providers are compelled to hand over secrets.
Audit free cloud storage via deniable attribute based encryptionMano Sriram
1) Cloud storage services have become popular, but user privacy is a concern as data owners do not want unauthorized access. Existing encryption schemes assume cloud providers are trusted, but they could be forced to reveal secrets.
2) The document proposes a new encryption scheme called deniable Ciphertext Policy Attribute Based Encryption (CP-ABE) that allows cloud providers to create fake user secrets, protecting real secrets even if the provider is coerced.
3) By using deniable CP-ABE, cloud providers can convince coercers that obtained secrets are genuine while actually protecting user privacy, addressing a key limitation of prior encryption schemes.
Attribute Based Encryption with Privacy Preserving In Clouds Swathi Rampur
This is a ppt made by shrihari ,in this encryption with privacy preserving in clouds is described!
It will be helpfull for those who are doing projects on cloud!
Audit free cloud storage via deniable attribute based encryptionKamal Spring
Cloud storage services have become increasingly popular. Because of the importance of privacy, many cloud storage encryption schemes have been proposed to protect data from those who do not have access. All such schemes assumed that cloud storage providers are safe and cannot be hacked; however, in practice, some authorities (i.e., coercers) may force cloud storage providers to reveal user secrets or confidential data on the cloud, thus altogether circumventing storage encryption schemes. In this paper, we present our design for a new cloud storage encryption scheme that enables cloud storage providers to create convincing fake user secrets to protect user privacy. Since coercers cannot tell if obtained secrets are true or not, the cloud storage providers ensure that user privacy is still securely protected. Most of the proposed schemes assume cloud storage service providers or trusted third parties handling key management are trusted and cannot be hacked; however, in practice, some entities may intercept communications between users and cloud storage providers and then compel storage providers to release user secrets by using government power or other means. In this case, encrypted data are assumed to be known and storage providers are requested to release user secrets.
Key aggregate searchable encryption (kase) for group data sharing via cloud s...Pvrtechnologies Nellore
This document describes a proposed cryptosystem for secure and efficient data sharing in cloud storage. It allows a user to encrypt files with different public keys but send a receiver a single constant-size decryption key that gives decryption rights to any set of ciphertexts. This allows flexible sharing of encrypted data while keeping decryption keys compact. The proposed system aims to address disadvantages of existing approaches like unexpected privilege escalation exposing all data or inefficient key sizes. It provides security based on number-theoretic assumptions without relying on servers for access control.
Key aggregate searchable encryption (kase) for group data sharing via cloud s...LeMeniz Infotech
Key aggregate searchable encryption (kase) for group data sharing via cloud storage
Do Your Projects With Technology Experts
To Get this projects Call : 9566355386 / 99625 88976
Visit : www.lemenizinfotech.com / www.ieeemaster.com
Mail : projects@lemenizinfotech.com
Key aggregate searchable encryption (kase) for group data sharing via cloud s...CloudTechnologies
We are the company providing Complete Solution for all Academic Final Year/Semester Student Projects. Our projects are
suitable for B.E (CSE,IT,ECE,EEE), B.Tech (CSE,IT,ECE,EEE),M.Tech (CSE,IT,ECE,EEE) B.sc (IT & CSE), M.sc (IT & CSE),
MCA, and many more..... We are specialized on Java,Dot Net ,PHP & Andirod technologies. Each Project listed comes with
the following deliverable: 1. Project Abstract 2. Complete functional code 3. Complete Project report with diagrams 4.
Database 5. Screen-shots 6. Video File
SERVICE AT CLOUDTECHNOLOGIES
IEEE, WEB, WINDOWS PROJECTS ON DOT NET, JAVA& ANDROID TECHNOLOGIES,EMBEDDED SYSTEMS,MAT LAB,VLSI DESIGN.
ME, M-TECH PAPER PUBLISHING
COLLEGE TRAINING
Thanks&Regards
cloudtechnologies
# 304, Siri Towers,Behind Prime Hospitals
Maitrivanam, Ameerpet.
Contact:-8121953811,8522991105.040-65511811
cloudtechnologiesprojects@gmail.com
http://cloudstechnologies.in/
KEY-AGGREGATE SEARCHABLE ENCRYPTION (KASE) FOR GROUP DATA SHARING VIA CLOUD ...Nexgen Technology
bulk ieee projects in pondicherry,ieee projects in pondicherry,final year ieee projects in pondicherry
Nexgen Technology Address:
Nexgen Technology
No :66,4th cross,Venkata nagar,
Near SBI ATM,
Puducherry.
Email Id: praveen@nexgenproject.com.
www.nexgenproject.com
Mobile: 9751442511,9791938249
Telephone: 0413-2211159.
NEXGEN TECHNOLOGY as an efficient Software Training Center located at Pondicherry with IT Training on IEEE Projects in Android,IEEE IT B.Tech Student Projects, Android Projects Training with Placements Pondicherry, IEEE projects in pondicherry, final IEEE Projects in Pondicherry , MCA, BTech, BCA Projects in Pondicherry, Bulk IEEE PROJECTS IN Pondicherry.So far we have reached almost all engineering colleges located in Pondicherry and around 90km
KEY AGGREGATE CRYPTOSYSTEM FOR SCALABLE DATA SHARING IN CLOUDNaseem nisar
1. EASiER proposes an encryption-based access control architecture for social networks that uses attribute-based encryption. It introduces a minimally trusted proxy to enable efficient revocation without reissuing keys.
2. Multi-authority attribute based encryption schemes allow multiple authorities to issue secret keys for attributes. This is useful in applications with attributes managed by different authorities.
3. Existing social network privacy architectures focus on encryption-based access control but do not address efficient revocation of users or attributes. EASiER addresses this issue.
Audit free cloud storage via deniable attribute based encryptionMano Sriram
1) Cloud storage services have become popular, but user privacy is a concern as data owners do not want unauthorized access. Existing encryption schemes assume cloud providers are trusted, but they could be forced to reveal secrets.
2) The document proposes a new encryption scheme called deniable Ciphertext Policy Attribute Based Encryption (CP-ABE) that allows cloud providers to create fake user secrets, protecting real secrets even if the provider is coerced.
3) By using deniable CP-ABE, cloud providers can convince coercers that obtained secrets are genuine while actually protecting user privacy, addressing a key limitation of prior encryption schemes.
Attribute Based Encryption with Privacy Preserving In Clouds Swathi Rampur
This is a ppt made by shrihari ,in this encryption with privacy preserving in clouds is described!
It will be helpfull for those who are doing projects on cloud!
Audit free cloud storage via deniable attribute based encryptionKamal Spring
Cloud storage services have become increasingly popular. Because of the importance of privacy, many cloud storage encryption schemes have been proposed to protect data from those who do not have access. All such schemes assumed that cloud storage providers are safe and cannot be hacked; however, in practice, some authorities (i.e., coercers) may force cloud storage providers to reveal user secrets or confidential data on the cloud, thus altogether circumventing storage encryption schemes. In this paper, we present our design for a new cloud storage encryption scheme that enables cloud storage providers to create convincing fake user secrets to protect user privacy. Since coercers cannot tell if obtained secrets are true or not, the cloud storage providers ensure that user privacy is still securely protected. Most of the proposed schemes assume cloud storage service providers or trusted third parties handling key management are trusted and cannot be hacked; however, in practice, some entities may intercept communications between users and cloud storage providers and then compel storage providers to release user secrets by using government power or other means. In this case, encrypted data are assumed to be known and storage providers are requested to release user secrets.
Key aggregate searchable encryption (kase) for group data sharing via cloud s...Pvrtechnologies Nellore
This document describes a proposed cryptosystem for secure and efficient data sharing in cloud storage. It allows a user to encrypt files with different public keys but send a receiver a single constant-size decryption key that gives decryption rights to any set of ciphertexts. This allows flexible sharing of encrypted data while keeping decryption keys compact. The proposed system aims to address disadvantages of existing approaches like unexpected privilege escalation exposing all data or inefficient key sizes. It provides security based on number-theoretic assumptions without relying on servers for access control.
Key aggregate searchable encryption (kase) for group data sharing via cloud s...LeMeniz Infotech
Key aggregate searchable encryption (kase) for group data sharing via cloud storage
Do Your Projects With Technology Experts
To Get this projects Call : 9566355386 / 99625 88976
Visit : www.lemenizinfotech.com / www.ieeemaster.com
Mail : projects@lemenizinfotech.com
Key aggregate searchable encryption (kase) for group data sharing via cloud s...CloudTechnologies
We are the company providing Complete Solution for all Academic Final Year/Semester Student Projects. Our projects are
suitable for B.E (CSE,IT,ECE,EEE), B.Tech (CSE,IT,ECE,EEE),M.Tech (CSE,IT,ECE,EEE) B.sc (IT & CSE), M.sc (IT & CSE),
MCA, and many more..... We are specialized on Java,Dot Net ,PHP & Andirod technologies. Each Project listed comes with
the following deliverable: 1. Project Abstract 2. Complete functional code 3. Complete Project report with diagrams 4.
Database 5. Screen-shots 6. Video File
SERVICE AT CLOUDTECHNOLOGIES
IEEE, WEB, WINDOWS PROJECTS ON DOT NET, JAVA& ANDROID TECHNOLOGIES,EMBEDDED SYSTEMS,MAT LAB,VLSI DESIGN.
ME, M-TECH PAPER PUBLISHING
COLLEGE TRAINING
Thanks&Regards
cloudtechnologies
# 304, Siri Towers,Behind Prime Hospitals
Maitrivanam, Ameerpet.
Contact:-8121953811,8522991105.040-65511811
cloudtechnologiesprojects@gmail.com
http://cloudstechnologies.in/
KEY-AGGREGATE SEARCHABLE ENCRYPTION (KASE) FOR GROUP DATA SHARING VIA CLOUD ...Nexgen Technology
bulk ieee projects in pondicherry,ieee projects in pondicherry,final year ieee projects in pondicherry
Nexgen Technology Address:
Nexgen Technology
No :66,4th cross,Venkata nagar,
Near SBI ATM,
Puducherry.
Email Id: praveen@nexgenproject.com.
www.nexgenproject.com
Mobile: 9751442511,9791938249
Telephone: 0413-2211159.
NEXGEN TECHNOLOGY as an efficient Software Training Center located at Pondicherry with IT Training on IEEE Projects in Android,IEEE IT B.Tech Student Projects, Android Projects Training with Placements Pondicherry, IEEE projects in pondicherry, final IEEE Projects in Pondicherry , MCA, BTech, BCA Projects in Pondicherry, Bulk IEEE PROJECTS IN Pondicherry.So far we have reached almost all engineering colleges located in Pondicherry and around 90km
KEY AGGREGATE CRYPTOSYSTEM FOR SCALABLE DATA SHARING IN CLOUDNaseem nisar
1. EASiER proposes an encryption-based access control architecture for social networks that uses attribute-based encryption. It introduces a minimally trusted proxy to enable efficient revocation without reissuing keys.
2. Multi-authority attribute based encryption schemes allow multiple authorities to issue secret keys for attributes. This is useful in applications with attributes managed by different authorities.
3. Existing social network privacy architectures focus on encryption-based access control but do not address efficient revocation of users or attributes. EASiER addresses this issue.
International Journal of Engineering and Science Invention (IJESI)inventionjournals
International Journal of Engineering and Science Invention (IJESI) is an international journal intended for professionals and researchers in all fields of computer science and electronics. IJESI publishes research articles and reviews within the whole field Engineering Science and Technology, new teaching methods, assessment, validation and the impact of new technologies and it will continue to provide information on the latest trends and developments in this ever-expanding subject. The publications of papers are selected through double peer reviewed to ensure originality, relevance, and readability. The articles published in our journal can be accessed online
Key aggregate cryptosystem for scalable data sharing in cloud storage using pairng based cryptography. We used JPBC tool to implement Key Aggregate cryptosystem.
The document discusses secure data sharing in cloud storage using a key-aggregate cryptosystem (KAC) which allows efficient delegation of decryption rights for any set of ciphertexts. KAC produces constant size ciphertexts and allows any set of secret keys to be aggregated into a single key encompassing the power of the keys being aggregated. This aggregate key can then be sent to others for decryption of the ciphertext set while keeping files outside the set confidential.
This document discusses securely sharing data in multi-owner cloud environments for dynamic groups. It proposes a method for securely sharing data files with other users in a group on an untrusted cloud. The method supports dynamic groups where new users can access files uploaded before joining without contacting owners. User revocation is achieved through a revocation list without updating other users' secret keys. Encryption overhead is constant, independent of revoked users. The scheme provides secure access control and preserves user privacy by hiding identities from the cloud.
Authentication on Cloud using Attribute Based EncryptionAnkit Raj
Improving Cloud Security for Authentication using Attribute Based Encryption.
Attribute-based encryption is a type of public key encryption in which the secret key of a user and the cipher text are dependent upon attributes. The decryption of a cipher text is possible only if the set of attributes of the user key matches the attributes of the cipher text. A crucial security aspect of Attribute-Based Encryption is collusion-resistance: An adversary that holds multiple keys should only be able to access data if at least one individual key grants access. Cloud computing is a type of Internet-based computing that provides shared computer processing resources and data to computers and other devices on demand. Cloud computing and storage solutions provide users and enterprises with various capabilities to store and process their data in third-party data centers that may be located far from the user–ranging in distance from across a city to across the world. There were several cases of security breach on the cloud in the past few year and data security was compromised like Adobe’s Security Breach, Amazon website failure and many security attacks like this motivated us to work on strict security measures on cloud. In such a system, a user provides an untrusted server, say a cloud service provider, with a transformation key that allows the cloud to translate any ABE cipher text satisfied by that user’s attributes into a simple cipher text, and it only incurs a small computational overhead for the user to recover the plaintext from the transformed cipher text. Security of an ABE system with outsourced decryption ensures that an adversary including a malicious cloud will not be able to learn anything about the encrypted message. The formal model of ABE with outsourced decryption forms a concrete scheme. Data owner decides the access using combinations of or policies and encrypt the file and corresponding authentic user can decrypt it using their policies.
Key aggregate cryptosystem for scalable data sharing in cloud storageMugesh Mukkandan
This document proposes a key-aggregate cryptosystem (KAC) to securely and efficiently share data in cloud storage. KAC allows data owners to generate constant-sized decryption keys that delegate access to any subset of encrypted files, without increasing key size. It describes the existing approaches that encrypt data before uploading but have increasing costs as more decryption keys are shared. The proposed KAC system uses a special public-key encryption technique that produces constant-sized aggregate decryption keys that can decrypt any ciphertext associated with attribute classes contained in the key. It outlines the authentication, encryption, sharing, and decryption modules and concludes that KAC provides a more flexible delegation method compared to hierarchical key assignment.
key aggregate cryptosystem for scalable data sharing in cloud storage abstractSanjana Yemajala
This document proposes a key-aggregate cryptosystem (KAC) for securely and flexibly sharing encrypted data in cloud storage. KAC allows a data owner to encrypt files under different class identifiers and generate a single aggregate key encompassing decryption power for any chosen ciphertext class set. This aggregate key can be sent through limited secure channels like email, addressing disadvantages of traditional approaches that require sending many distinct secret keys. The proposed solution could help Alice securely share specific encrypted files on Dropbox with Bob by sending him a single aggregate key.
This document discusses searchable encryption systems and the current state of data security. It covers common uses of encryption like SSL and describes limitations of early encryption methods like Yao's Garbled Circuits. The document then focuses on fully homomorphic encryption, which allows computations on encrypted data without decrypting it first. While promising, homomorphic encryption has limitations in speed and potential security issues that require more research to address.
IRJET- Secure File Storage on Cloud using CryptographyIRJET Journal
This document summarizes a research paper that proposes a secure file storage system on the cloud using cryptography. It discusses how the proposed system would split files into multiple chunks and store them across different cloud servers in an encrypted format to preserve confidentiality, integrity, and availability of data. The document provides background on cloud computing benefits and security challenges. It then describes the proposed system's use of symmetric and asymmetric encryption algorithms like AES, DES, and RC2 to encrypt chunks before storage.
A Review on Key-Aggregate Cryptosystem for Climbable Knowledge Sharing in Clo...Editor IJCATR
The Data sharing is an important functionality in cloud storage. In this article, we show how to securely, efficiently, and
flexibly share data with others in cloud storage. We describe new public-key cryptosystems which produce constant-size ciphertexts
such that efficient delegation of decryption rights for any set of ciphertexts are possible. The novelty is that one can aggregate any set
of secret keys and make them as compact as a single key, but encompassing the power of all the keys being aggregated. In other
words, the secret key holder can release a constant-size aggregate key for flexible choices of ciphertext set in cloud storage, but the
other encrypted files outside the set remain confidential. This compact aggregate key can be conveniently sent to others or be stored in
a smart card with very limited secure storage. We provide formal security analysis of our schemes in the standard model. We also
describe other application of our schemes. In particular, our schemes give the first public-key patient controlled encryption for flexible
hierarchy, which was yet to be known.
Key aggregate cryptosystem for scalable data sharing in cloudMeka Subramanyam
This document presents a proposed system for secure and flexible data sharing in cloud storage. It describes using new public-key cryptosystems that can aggregate any set of secret keys into a constant-size ciphertext. This allows flexible sharing of encrypted data through an aggregate key that decrypts multiple ciphertexts without increasing in size. The system architecture includes setup, encryption, key generation, and decryption phases. The proposed system aims to address limitations in existing approaches regarding key sizes and flexibility of data access delegation.
Control cloud-data-access-privilege-and-anonymity-with-fully-anonymous-attrib...Pvrtechnologies Nellore
This document proposes a scheme called AnonyControl to address privacy concerns with cloud data access. It aims to control access privileges while preserving user identity privacy. AnonyControl decentralizes the central authority across multiple attribute authorities to limit identity leakage and achieve semi-anonymity. It also generalizes file access control to privilege control to manage cloud data operations in a fine-grained way. The document describes existing access control schemes, disadvantages related to identity privacy, and how AnonyControl improves on previous work by protecting user identities through attribute distribution across authorities.
Access control in decentralized online social networks applying a policy hidi...IGEEKS TECHNOLOGIES
The document proposes a policy-hiding cryptographic scheme for access control in decentralized online social networks that aims to achieve both privacy and performance. Existing DOSNs reveal access policies but some cryptographic variants hide policies at the cost of performance. The proposed scheme uses predicate encryption with a univariate polynomial construction for access policies that drastically improves performance while leaking some policy information. Bloom filters are also used to decrease decryption time and indicate decryptable objects. The goal is to enable privacy-preserving access control without compromising usability in resource-constrained DOSN environments.
We propose a mediated certificateless encryption scheme without pairing operations for securely sharing sensitive information in public clouds. Mediated certificateless public key encryption (mCL-PKE) solves the key escrow problem in identity based encryption and certificate revocation problem in public key cryptography.
key aggregate cryptosystem for scalable data sharing in cloudSravan Narra
The document proposes a new key-aggregate cryptosystem (KAC) for secure and efficient data sharing in cloud storage. KAC allows encrypting data under a public key and identifier, and extracting an aggregate secret key from a master secret key. The aggregate key is compact yet provides decryption power for any subset of ciphertexts. This allows flexible delegation of decryption rights by sending a constant-sized aggregate key for sharing encrypted data on cloud storage. Formal security analysis is provided for the cryptosystem in the standard model.
Iaetsd a survey on cloud storage security withIaetsd Iaetsd
This document discusses signcryption as a method for secure cloud storage. It begins with an abstract that introduces signcryption as a public key cryptographic method that achieves confidentiality and unforgeability with less overhead than digital signatures followed by encryption. The introduction provides more details on signcryption and its advantages over separate signing and encryption. It then discusses related work on address-based cryptography, key aggregate cryptography, and time-bound hierarchical key assignment schemes. The document focuses on how signcryption can provide high security for sharing data through cloud storage.
766 a secure-data-sharing-in-cloud-storage-with-independent-key-generation-ce...revathirram
This document summarizes a research paper that proposes a mediated certificateless public key encryption (mCL-PKE) scheme for secure data sharing in cloud storage. The key points are:
1) The mCL-PKE scheme solves problems of key escrow and certificate revocation without using computationally expensive bilinear pairing operations.
2) It uses a security mediator to instantly revoke compromised users and enforce access policies. The mediator also supports partial decryption to preserve data confidentiality.
3) The scheme extends mCL-PKE with an access control list to allow the data owner to encrypt data only once for multiple authorized users, improving efficiency over previous pairing-based schemes.
A PRACTICAL CLIENT APPLICATION BASED ON ATTRIBUTE-BASED ACCESS CONTROL FOR UN...cscpconf
One of widely used cryptographic primitives for the cloud application is Attribute Based Encryption (ABE) where users can have their own attributes and a ciphertext encrypted by an access policy. Though ABE provides many benefits, the novelty often only exists in an academic world and it is often difficult to find a practical use of ABE for a real application. In this paper, we discuss the design and implementation of a cloud storage client application which supports the concept of ABE. Our proposed client provides an effective access control mechanism where it allows different types of access policy to be defined thus allowing large datasets to be shared by multiple users. Using different access policy, each user only needs to access only a small part of the big data. The goal of our experiment is to explore the right set of strategies for developing a practical ABE-based system. Through the implementation and evaluation, we have determined the various characteristics and issues associated with developing a practical ABEbased
application.
SECURE CLOUD STORAGE USING DENIABLE ATTRIBUTE BASED ENCRYPTIONadeij1
Cloud storage services are a lot of well-liked today . To secure information from those that don't have access, several encoding schemes are projected. Most of the projected schemes assume cloud storage service suppliers or trustworthy third parties handling key management are trustworthy and can't be hacked; but, in follow, some entities could intercept communications between users and cloud storage suppliers and so compel storage suppliers to unleash user secrets by victimisation government power or alternative means that. During this case, encrypted information are assumed to be identified and storage suppliers are requested to unleash user secrets. Since it's tough to fight against outside coercion, we tend to aimed to create Associate in Nursing encoding theme that might facilitate cloud storage suppliers avoid this plight. We provide cloud storage suppliers means that to make pretend user secrets. Given such pretend user secrets, outside coercers will solely obtained solid information from a user’s keep cipher text. Once coercers suppose the received secrets are real, they'll be happy and a lot of significantly cloud storage suppliers won't have discovered any real secrets. Therefore, user privacy continues to be protected.
International Journal of Engineering and Science Invention (IJESI)inventionjournals
International Journal of Engineering and Science Invention (IJESI) is an international journal intended for professionals and researchers in all fields of computer science and electronics. IJESI publishes research articles and reviews within the whole field Engineering Science and Technology, new teaching methods, assessment, validation and the impact of new technologies and it will continue to provide information on the latest trends and developments in this ever-expanding subject. The publications of papers are selected through double peer reviewed to ensure originality, relevance, and readability. The articles published in our journal can be accessed online
Key aggregate cryptosystem for scalable data sharing in cloud storage using pairng based cryptography. We used JPBC tool to implement Key Aggregate cryptosystem.
The document discusses secure data sharing in cloud storage using a key-aggregate cryptosystem (KAC) which allows efficient delegation of decryption rights for any set of ciphertexts. KAC produces constant size ciphertexts and allows any set of secret keys to be aggregated into a single key encompassing the power of the keys being aggregated. This aggregate key can then be sent to others for decryption of the ciphertext set while keeping files outside the set confidential.
This document discusses securely sharing data in multi-owner cloud environments for dynamic groups. It proposes a method for securely sharing data files with other users in a group on an untrusted cloud. The method supports dynamic groups where new users can access files uploaded before joining without contacting owners. User revocation is achieved through a revocation list without updating other users' secret keys. Encryption overhead is constant, independent of revoked users. The scheme provides secure access control and preserves user privacy by hiding identities from the cloud.
Authentication on Cloud using Attribute Based EncryptionAnkit Raj
Improving Cloud Security for Authentication using Attribute Based Encryption.
Attribute-based encryption is a type of public key encryption in which the secret key of a user and the cipher text are dependent upon attributes. The decryption of a cipher text is possible only if the set of attributes of the user key matches the attributes of the cipher text. A crucial security aspect of Attribute-Based Encryption is collusion-resistance: An adversary that holds multiple keys should only be able to access data if at least one individual key grants access. Cloud computing is a type of Internet-based computing that provides shared computer processing resources and data to computers and other devices on demand. Cloud computing and storage solutions provide users and enterprises with various capabilities to store and process their data in third-party data centers that may be located far from the user–ranging in distance from across a city to across the world. There were several cases of security breach on the cloud in the past few year and data security was compromised like Adobe’s Security Breach, Amazon website failure and many security attacks like this motivated us to work on strict security measures on cloud. In such a system, a user provides an untrusted server, say a cloud service provider, with a transformation key that allows the cloud to translate any ABE cipher text satisfied by that user’s attributes into a simple cipher text, and it only incurs a small computational overhead for the user to recover the plaintext from the transformed cipher text. Security of an ABE system with outsourced decryption ensures that an adversary including a malicious cloud will not be able to learn anything about the encrypted message. The formal model of ABE with outsourced decryption forms a concrete scheme. Data owner decides the access using combinations of or policies and encrypt the file and corresponding authentic user can decrypt it using their policies.
Key aggregate cryptosystem for scalable data sharing in cloud storageMugesh Mukkandan
This document proposes a key-aggregate cryptosystem (KAC) to securely and efficiently share data in cloud storage. KAC allows data owners to generate constant-sized decryption keys that delegate access to any subset of encrypted files, without increasing key size. It describes the existing approaches that encrypt data before uploading but have increasing costs as more decryption keys are shared. The proposed KAC system uses a special public-key encryption technique that produces constant-sized aggregate decryption keys that can decrypt any ciphertext associated with attribute classes contained in the key. It outlines the authentication, encryption, sharing, and decryption modules and concludes that KAC provides a more flexible delegation method compared to hierarchical key assignment.
key aggregate cryptosystem for scalable data sharing in cloud storage abstractSanjana Yemajala
This document proposes a key-aggregate cryptosystem (KAC) for securely and flexibly sharing encrypted data in cloud storage. KAC allows a data owner to encrypt files under different class identifiers and generate a single aggregate key encompassing decryption power for any chosen ciphertext class set. This aggregate key can be sent through limited secure channels like email, addressing disadvantages of traditional approaches that require sending many distinct secret keys. The proposed solution could help Alice securely share specific encrypted files on Dropbox with Bob by sending him a single aggregate key.
This document discusses searchable encryption systems and the current state of data security. It covers common uses of encryption like SSL and describes limitations of early encryption methods like Yao's Garbled Circuits. The document then focuses on fully homomorphic encryption, which allows computations on encrypted data without decrypting it first. While promising, homomorphic encryption has limitations in speed and potential security issues that require more research to address.
IRJET- Secure File Storage on Cloud using CryptographyIRJET Journal
This document summarizes a research paper that proposes a secure file storage system on the cloud using cryptography. It discusses how the proposed system would split files into multiple chunks and store them across different cloud servers in an encrypted format to preserve confidentiality, integrity, and availability of data. The document provides background on cloud computing benefits and security challenges. It then describes the proposed system's use of symmetric and asymmetric encryption algorithms like AES, DES, and RC2 to encrypt chunks before storage.
A Review on Key-Aggregate Cryptosystem for Climbable Knowledge Sharing in Clo...Editor IJCATR
The Data sharing is an important functionality in cloud storage. In this article, we show how to securely, efficiently, and
flexibly share data with others in cloud storage. We describe new public-key cryptosystems which produce constant-size ciphertexts
such that efficient delegation of decryption rights for any set of ciphertexts are possible. The novelty is that one can aggregate any set
of secret keys and make them as compact as a single key, but encompassing the power of all the keys being aggregated. In other
words, the secret key holder can release a constant-size aggregate key for flexible choices of ciphertext set in cloud storage, but the
other encrypted files outside the set remain confidential. This compact aggregate key can be conveniently sent to others or be stored in
a smart card with very limited secure storage. We provide formal security analysis of our schemes in the standard model. We also
describe other application of our schemes. In particular, our schemes give the first public-key patient controlled encryption for flexible
hierarchy, which was yet to be known.
Key aggregate cryptosystem for scalable data sharing in cloudMeka Subramanyam
This document presents a proposed system for secure and flexible data sharing in cloud storage. It describes using new public-key cryptosystems that can aggregate any set of secret keys into a constant-size ciphertext. This allows flexible sharing of encrypted data through an aggregate key that decrypts multiple ciphertexts without increasing in size. The system architecture includes setup, encryption, key generation, and decryption phases. The proposed system aims to address limitations in existing approaches regarding key sizes and flexibility of data access delegation.
Control cloud-data-access-privilege-and-anonymity-with-fully-anonymous-attrib...Pvrtechnologies Nellore
This document proposes a scheme called AnonyControl to address privacy concerns with cloud data access. It aims to control access privileges while preserving user identity privacy. AnonyControl decentralizes the central authority across multiple attribute authorities to limit identity leakage and achieve semi-anonymity. It also generalizes file access control to privilege control to manage cloud data operations in a fine-grained way. The document describes existing access control schemes, disadvantages related to identity privacy, and how AnonyControl improves on previous work by protecting user identities through attribute distribution across authorities.
Access control in decentralized online social networks applying a policy hidi...IGEEKS TECHNOLOGIES
The document proposes a policy-hiding cryptographic scheme for access control in decentralized online social networks that aims to achieve both privacy and performance. Existing DOSNs reveal access policies but some cryptographic variants hide policies at the cost of performance. The proposed scheme uses predicate encryption with a univariate polynomial construction for access policies that drastically improves performance while leaking some policy information. Bloom filters are also used to decrease decryption time and indicate decryptable objects. The goal is to enable privacy-preserving access control without compromising usability in resource-constrained DOSN environments.
We propose a mediated certificateless encryption scheme without pairing operations for securely sharing sensitive information in public clouds. Mediated certificateless public key encryption (mCL-PKE) solves the key escrow problem in identity based encryption and certificate revocation problem in public key cryptography.
key aggregate cryptosystem for scalable data sharing in cloudSravan Narra
The document proposes a new key-aggregate cryptosystem (KAC) for secure and efficient data sharing in cloud storage. KAC allows encrypting data under a public key and identifier, and extracting an aggregate secret key from a master secret key. The aggregate key is compact yet provides decryption power for any subset of ciphertexts. This allows flexible delegation of decryption rights by sending a constant-sized aggregate key for sharing encrypted data on cloud storage. Formal security analysis is provided for the cryptosystem in the standard model.
Iaetsd a survey on cloud storage security withIaetsd Iaetsd
This document discusses signcryption as a method for secure cloud storage. It begins with an abstract that introduces signcryption as a public key cryptographic method that achieves confidentiality and unforgeability with less overhead than digital signatures followed by encryption. The introduction provides more details on signcryption and its advantages over separate signing and encryption. It then discusses related work on address-based cryptography, key aggregate cryptography, and time-bound hierarchical key assignment schemes. The document focuses on how signcryption can provide high security for sharing data through cloud storage.
766 a secure-data-sharing-in-cloud-storage-with-independent-key-generation-ce...revathirram
This document summarizes a research paper that proposes a mediated certificateless public key encryption (mCL-PKE) scheme for secure data sharing in cloud storage. The key points are:
1) The mCL-PKE scheme solves problems of key escrow and certificate revocation without using computationally expensive bilinear pairing operations.
2) It uses a security mediator to instantly revoke compromised users and enforce access policies. The mediator also supports partial decryption to preserve data confidentiality.
3) The scheme extends mCL-PKE with an access control list to allow the data owner to encrypt data only once for multiple authorized users, improving efficiency over previous pairing-based schemes.
A PRACTICAL CLIENT APPLICATION BASED ON ATTRIBUTE-BASED ACCESS CONTROL FOR UN...cscpconf
One of widely used cryptographic primitives for the cloud application is Attribute Based Encryption (ABE) where users can have their own attributes and a ciphertext encrypted by an access policy. Though ABE provides many benefits, the novelty often only exists in an academic world and it is often difficult to find a practical use of ABE for a real application. In this paper, we discuss the design and implementation of a cloud storage client application which supports the concept of ABE. Our proposed client provides an effective access control mechanism where it allows different types of access policy to be defined thus allowing large datasets to be shared by multiple users. Using different access policy, each user only needs to access only a small part of the big data. The goal of our experiment is to explore the right set of strategies for developing a practical ABE-based system. Through the implementation and evaluation, we have determined the various characteristics and issues associated with developing a practical ABEbased
application.
SECURE CLOUD STORAGE USING DENIABLE ATTRIBUTE BASED ENCRYPTIONadeij1
Cloud storage services are a lot of well-liked today . To secure information from those that don't have access, several encoding schemes are projected. Most of the projected schemes assume cloud storage service suppliers or trustworthy third parties handling key management are trustworthy and can't be hacked; but, in follow, some entities could intercept communications between users and cloud storage suppliers and so compel storage suppliers to unleash user secrets by victimisation government power or alternative means that. During this case, encrypted information are assumed to be identified and storage suppliers are requested to unleash user secrets. Since it's tough to fight against outside coercion, we tend to aimed to create Associate in Nursing encoding theme that might facilitate cloud storage suppliers avoid this plight. We provide cloud storage suppliers means that to make pretend user secrets. Given such pretend user secrets, outside coercers will solely obtained solid information from a user’s keep cipher text. Once coercers suppose the received secrets are real, they'll be happy and a lot of significantly cloud storage suppliers won't have discovered any real secrets. Therefore, user privacy continues to be protected.
Secure Data Sharing In an Untrusted CloudIJERA Editor
Cloud computing is a huge area which basically provides many services on the basis of pay as you go. One of the fundamental services provided by cloud is data storage. Cloud provides cost efficiency and an efficient solution for sharing resource among cloud users. A secure and efficient data sharing scheme for groups in cloud is not an easy task. On one hand customers are not ready to share their identity but on other hand want to enjoy the cost efficiency provided by the cloud. It needs to provide identity privacy, multiple owner and dynamic data sharing without getting effected by the number of cloud users revoked. In this paper, any member of a group can completely enjoy the data storing and sharing services by the cloud. A secure data sharing scheme for dynamic cloud users is proposed in this paper. For which it uses group signature and dynamic broadcast encryption techniques such that any user in a group can share the information in a secured manner. Additionally the permission option is proposed for the security reasons. This means the file access permissions are generated by the admin and given to the user using Role Based Access Control (RBA) algorithm. The file access permissions are read, write and delete. In this, owner can provide files with options and accepts the users using that option. The revocation of cloud user is a function generated by the Admin for security purpose. The encryption computational cost and storage overhead is not dependent on the number of users revoked. We analyze the security by proofs and produce the cloud efficiency report using cloudsim.
The document proposes a Session Based Ciphertext Policy Attribute Based Encryption (SB-CP-ABE) method for access control in cloud storage. SB-CP-ABE aims to enable efficient key refreshing and revocation in ciphertext policy attribute based encryption (CP-ABE) schemes. It introduces the concept of associating private keys with sessions, so that key updates and revocations only need to be done at session boundaries, avoiding the need for frequent re-encryption of ciphertexts. The method can be generically applied to existing CP-ABE schemes to improve their practicality for cloud storage environments.
Messages addressed to specific users can be decrypted by Key Generation Centre (KGC) by generating their private keys. Data owner wants the data to be delivered only to specified user and not to unauthorized person that is the data owner makes their private data accessible only to authorized person. We propose attribute based encryption and escrow problem which means written agreement delivered to a third party to overcome this problem. Attribute based Encryption (ABE) is a type of public-key encryption in which the private key of a user and the cipher text are dependent upon attributes. It is a promising cryptographic approach.
IRJET- A Review on Lightweight Secure Data Sharing Scheme for Mobile Cloud Co...IRJET Journal
This document reviews a proposed lightweight secure data sharing scheme (LDSS) for mobile cloud computing. It aims to address the problems of high computational overhead for mobile devices and lack of security when data is stored and shared in the cloud. The proposed LDSS framework uses attribute-based encryption and proxy servers to perform intensive encryption and decryption tasks, reducing the computational load on mobile clients. It also introduces lazy re-encryption and attribute fields to help efficiently revoke user access privileges. The goal is to provide secure yet lightweight data sharing capabilities for mobile cloud applications and services.
Security and Protection of Enterprise Data in Cloud: Implementation of Deniab...IJERA Editor
This document proposes a rank-based deniable attribute-based encryption scheme for cloud storage to enhance data privacy and access control. A ranking algorithm assigns each user a rank based on attributes like joining date and designation. Files uploaded to the cloud are encrypted and associated with a rank. A user can only decrypt a file if their rank matches the file's rank. Otherwise, a fake file is downloaded to convince unauthorized users not to attempt further access. The scheme aims to protect user privacy even if authorities force cloud providers to disclose user data, as the authorities cannot determine if disclosed data is real or fake. Evaluation results show the scheme effectively controls access and prioritizes processing for higher-ranked users.
Towards Secure Data Distribution Systems in Mobile Cloud Computing: A SurveyIRJET Journal
This document summarizes 6 research papers related to security in mobile cloud computing. It discusses issues like data integrity, authentication, and access control when mobile devices' data and computations are integrated with cloud computing. Several cryptographic techniques are described that can help ensure privacy and security, such as proxy provable data possession, attribute-based encryption, and proxy re-encryption. The document concludes that while mobile cloud computing provides benefits, security of user data shared in the cloud is the main challenge, and various frameworks have been proposed but no single system addresses all security aspects.
Key-Aggregate Searchable Encryption (KASE) for Group Data Sharing via Cloud S...1crore projects
IEEE PROJECTS 2015
1 crore projects is a leading Guide for ieee Projects and real time projects Works Provider.
It has been provided Lot of Guidance for Thousands of Students & made them more beneficial in all Technology Training.
Dot Net
DOTNET Project Domain list 2015
1. IEEE based on datamining and knowledge engineering
2. IEEE based on mobile computing
3. IEEE based on networking
4. IEEE based on Image processing
5. IEEE based on Multimedia
6. IEEE based on Network security
7. IEEE based on parallel and distributed systems
Java Project Domain list 2015
1. IEEE based on datamining and knowledge engineering
2. IEEE based on mobile computing
3. IEEE based on networking
4. IEEE based on Image processing
5. IEEE based on Multimedia
6. IEEE based on Network security
7. IEEE based on parallel and distributed systems
ECE IEEE Projects 2015
1. Matlab project
2. Ns2 project
3. Embedded project
4. Robotics project
Eligibility
Final Year students of
1. BSc (C.S)
2. BCA/B.E(C.S)
3. B.Tech IT
4. BE (C.S)
5. MSc (C.S)
6. MSc (IT)
7. MCA
8. MS (IT)
9. ME(ALL)
10. BE(ECE)(EEE)(E&I)
TECHNOLOGY USED AND FOR TRAINING IN
1. DOT NET
2. C sharp
3. ASP
4. VB
5. SQL SERVER
6. JAVA
7. J2EE
8. STRINGS
9. ORACLE
10. VB dotNET
11. EMBEDDED
12. MAT LAB
13. LAB VIEW
14. Multi Sim
CONTACT US
1 CRORE PROJECTS
Door No: 214/215,2nd Floor,
No. 172, Raahat Plaza, (Shopping Mall) ,Arcot Road, Vadapalani, Chennai,
Tamin Nadu, INDIA - 600 026
Email id: 1croreprojects@gmail.com
website:1croreprojects.com
Phone : +91 97518 00789 / +91 72999 51536
A Hybrid Cloud Approach for Secure Authorized DeduplicationSWAMI06
Data deduplication is one of important data compression techniques for eliminating duplicate copies of repeating data,
and has been widely used in cloud storage to reduce the amount of storage space and save bandwidth. To protect the confidentiality
of sensitive data while supporting deduplication, the convergent encryption technique has been proposed to encrypt the data before
outsourcing. To better protect data security, this paper makes the first attempt to formally address the problem of authorized data
deduplication. Different from traditional deduplication systems, the differential privileges of users are further considered in duplicate
check besides the data itself.We also present several new deduplication constructions supporting authorized duplicate check in a hybrid
cloud architecture. Security analysis demonstrates that our scheme is secure in terms of the definitions specified in the proposed
security model. As a proof of concept, we implement a prototype of our proposed authorized duplicate check scheme and conduct
testbed experiments using our prototype. We show that our proposed authorized duplicate check scheme incurs minimal overhead
compared to normal operations.
IRJET- Secure Cloud Data Using Attribute Based EncryptionIRJET Journal
This document proposes a system for secure cloud data storage using attribute-based encryption. It aims to address challenges of key management, defining and enforcing access policies based on data attributes, and enabling keyword search over encrypted data. The system uses multi-authority attribute-based access control (MA-ABAC) to reduce key management complexity for data owners and users. Patient medical records are encrypted and access is determined based on user attributes from professional and personal domains. Attribute-based encryption, proxy re-encryption, and uniquely combining techniques are used to achieve security, key management, user revocation and efficient searches of encrypted data on the cloud.
Bio-Cryptography Based Secured Data Replication Management in Cloud StorageIJERA Editor
Cloud computing is new way of economical and efficient storage. The single data mart storage system is a less
secure because data remain under a single data mart. This can lead to data loss due to different causes like
hacking, server failure etc. If an attacker chooses to attack a specific client, then he can aim at a fixed cloud
provider, try to have access to the client’s information. This makes an easy job of the attackers, both inside and
outside attackers get the benefit of using data mining to a great extent. Inside attackers refer to malicious
employees at a cloud provider. Thus single data mart storage architecture is the biggest security threat
concerning data mining on cloud, so in this paper present the secure replication approach that encrypt based on
biocrypt and replicate the data in distributed data mart storage system. This approach involves the encryption,
replication and storage of data
1) The document proposes a system model for secure data sharing in cloud environments using cryptography.
2) It aims to provide data confidentiality, access control of shared data, remove the burden of key management and file encryption/decryption for users, and support dynamic changes to user membership without requiring the data owner to always be online.
3) The proposed system addresses common challenges with secure data sharing in cloud computing like data security, access control, key management, and user revocation and rejoining.
A Secure Multi-Owner Data Sharing Scheme for Dynamic Group in Public Cloud. IJCERT JOURNAL
In cloud computing outsourcing group resource among cloud users is a major challenge, so cloud computing provides a low-cost and well-organized solution. Due to frequent change of membership, sharing data in a multi-owner manner to an untrusted cloud is still its challenging issue. In this paper we proposed a secure multi-owner data sharing scheme for dynamic group in public cloud. By providing AES encryption with convergent key while uploading the data, any cloud user can securely share data with others. Meanwhile, the storage overhead and encryption computation cost of the scheme are independent with the number of revoked users. In addition, I analyze the security of this scheme with rigorous proofs. One-Time Password is one of the easiest and most popular forms of authentication that can be used for securing access to accounts. One-Time Passwords are often referred to as secure and stronger forms of authentication in multi-owner manner. Extensive security and performance analysis shows that our proposed scheme is highly efficient and satisfies the security requirements for public cloud based secure group sharing.
IRJET - Reliable and Efficient Revocation and Data Sharing using Identity...IRJET Journal
This document discusses a proposed system for reliable and efficient revocation and data sharing using identity-based encryption over cloud. The system aims to securely store and share data in the cloud while allowing revocation of user access. It proposes using identity-based encryption where a user's public key is generated from unique identity information like their email address, without needing to pre-share keys. When a user's authorization expires, they can be revoked to prevent future access. The system encrypts files with keys generated from user identities before uploading to cloud servers. Authorized users can download and decrypt data, while unauthorized users and servers cannot access plaintext.
IRJET- Efficient Traceable Authorization Search System for Secure Cloud StorageIRJET Journal
This document proposes an efficient traceable authorization search system for secure cloud storage called EF-TAMKS-VOD. The system allows for flexible multiple keyword subset search over encrypted files stored on a cloud server. It solves key escrow problems by having a key generation center generate public/secret key pairs without escrowing the secret keys. The system also enables traceability of malicious users who leak their secret keys by identifying the original key owner. It further improves efficiency by allowing decryption computations to be outsourced to the cloud server and verified by users. Analysis shows the system improves efficiency and reduces computation overhead for users compared to previous solutions.
IRJET- Secure Data Sharing Scheme for Mobile Cloud Computing using SEDASCIRJET Journal
1) The document proposes a Secure Data Sharing in Clouds (SeDaSC) methodology for secure data sharing in cloud computing.
2) SeDaSC provides data confidentiality and integrity, access control, secure data sharing without reencryption, protection from insider threats, and forward/backward access control.
3) The methodology encrypts files with a single encryption key and distributes key shares to users and a cryptographic server to counter insider threats while allowing authorized access.
IRJET- Secure Data Sharing Scheme for Mobile Cloud Computing using SEDASCIRJET Journal
1) The document proposes a Secure Data Sharing in Clouds (SeDaSC) methodology for secure data sharing in cloud computing.
2) SeDaSC provides data confidentiality and integrity, access control, secure data sharing without reencryption, protection from insider threats, and forward/backward access control.
3) It encrypts files with a single key, and generates two shares of the key - one given to the user and the other stored by a trusted third party, to prevent insider threats from malicious users.
Efficient and Empiric Keyword Search Using CloudIRJET Journal
This document discusses efficient and empirical keyword search using cloud computing. It proposes a secure and reliable keyword search scheme across multiple clouds that allows users to search for files privately and reliably. The proposed system uses an iterative encryption approach to ensure file privacy even if multiple cloud servers collude. It implements a bloom filter tree index structure and integrity verification algorithm to securely search encrypted files across clouds and detect malicious servers. The system aims to provide an efficient and secure solution for keyword search on outsourced encrypted data stored in multiple cloud servers.
IRJET- An Efficient Data Sharing Scheme in Mobile Cloud Computing using Attri...IRJET Journal
This document proposes an efficient data sharing scheme for mobile cloud computing using attribute-based encryption. It discusses challenges with securely storing data in the cloud, including ensuring data confidentiality and integrity. Existing techniques like fully homomorphic encryption and attribute-based encryption are reviewed, but have limitations for resource-constrained mobile devices. The proposed scheme aims to provide security while reducing computational overhead, through using proxy servers to handle intensive operations and a lazy re-encryption approach for user revocation. It also discusses using provable data possession techniques to verify the integrity of outsourced data.
Similar to Audit free cloud storage via deniable attribute-based encryption (20)
This document proposes a reduced latency list decoding algorithm and high throughput decoder architecture for polar codes. The reduced latency list decoding algorithm visits fewer nodes in the decoding tree and considers fewer possibilities of information bits than existing successive cancellation list decoding algorithms, significantly reducing decoding latency and improving throughput with little performance degradation. An implementation of the proposed decoder architecture in a 90nm CMOS technology demonstrates significant latency reduction and area efficiency improvement compared to other list polar decoders.
A researcher developed a radix-8 divider for binary64 division units to improve energy efficiency at high clock rates. Simulation results showed the radix-8 divider requires less energy per division than radix-4 or radix-16 approaches. The researcher used Xilinx 10.1 and ModelSim 6.4b tools and VHDL/Verilog languages to develop and test the minimally redundant radix-8 divider.
Hybrid FPGA architectures containing a mixture of lookup tables (LUTs) and hardened multiplexers are evaluated to improve logic density and reduce chip area. Simulation results show that non-fracturable hybrid architectures naturally save up to 8% area after placement and routing without optimizing the technology mapper, and additional area is saved with architecture-aware mapping optimizations. Fracturable hybrid architectures only provide marginal area gains of up to 2% after placement and routing. For the most area-efficient hybrid architectures, timing performance is minimally impacted.
Input-Based Dynamic Reconfiguration of Approximate Arithmetic Units for Video...Pvrtechnologies Nellore
This document proposes a reconfigurable approximate architecture for MPEG encoders that optimizes power consumption while maintaining a particular Peak Signal-to-Noise Ratio threshold for any input video. It designs reconfigurable adder/subtractor blocks that can modulate their degree of approximation, and integrates them into the motion estimation and discrete cosine transform modules of the MPEG encoder. Experimental results show the approach dynamically adjusts the degree of hardware approximation based on the input video to respect the given quality bound across different videos while achieving up to a 38% power saving over a conventional non-approximated MPEG encoder architecture.
This document lists 69 MATLAB projects related to various domains including image processing, biometrics, medical image processing, computer vision, and more. It provides the project titles, domains or sub-domains, programming languages and years. It also lists the support that will be provided to registered students including the IEEE base paper, documentation, source code, execution help, and publication support. The projects involve techniques such as image segmentation, super resolution, steganography, action recognition, and license plate detection. Support includes documentation templates, software installation guides, and assistance with conferences or journal publications.
This document lists 50 VLSI projects from 2016-2017 across various domains such as low power, high speed data transmission, area efficient/timing and delay reduction, audio/video processing, networking, verification, and Tanner/Microwind. The projects cover a range of topics including ECG acquisition systems, modular multiplication, adaptive radios, arrhythmia prediction, electrical capacitance tomography, approximate computing using memoization, FFT processors, error correction coding, carry skip adders, dynamic voltage and frequency scaling, code compression, turbo decoding, variable digital filters, parallel FFTs, MIMO communications, timing error correction, LU decomposition, FPGA logic architectures, LDPC decoding, minimum energy systems, elliptic curve multiplication, NB
This document lists 97 potential final year projects for students in various domains including embedded systems, Internet of Things, robotics, ZigBee, GSM and GPS, consumer electronics, automation, and more. It provides contact information for the project coordinator and describes the domain and programming language/year for each potential project. Students who register will receive support including an IEEE base paper, documentation, source code, and assistance with publication.
This document describes a high-speed FPGA implementation of an elliptic curve cryptography processor based on redundant signed digit representation. The processor employs pipelining techniques to achieve high throughput for Karatsuba–Ofman multiplication. It also includes an efficient modular adder without comparison and a high throughput modular divider to maximize frequency. The processor supports the NIST P256 curve and performs single-point multiplication in 2.26 ms at a maximum frequency of 160 MHz on a Xilinx Virtex 5 FPGA.
Retiming of digital circuits is conventionally based on the estimates of propagation delays across different paths in the data-flow graphs (DFGs) obtained by discrete component
timing model, which implicitly assumes that operation of a node can begin only after the completion of the operation(s) of its preceding node(s) to obey the data dependence requirement. Such a discrete component timing model very often gives much higher
estimates of the propagation delays than the actuals particularly when the computations in the DFG nodes correspond to fixed point arithmetic operations like additions and multiplications
Pre encoded multipliers based on non-redundant radix-4 signed-digit encodingPvrtechnologies Nellore
This paper introduces an architecture for pre-encoded multipliers used in digital signal processing based on offline encoding of coefficients using a non-redundant radix-4 signed-digit encoding technique. Experimental analysis shows the proposed multipliers using this encoding technique, along with a coefficients memory, are more efficient in terms of area and power compared to conventional Modified Booth encoding schemes.
Quality of-protection-driven data forwarding for intermittently connected wir...Pvrtechnologies Nellore
The document proposes a quality-of-protection (QoP)-driven data forwarding strategy for intermittent wireless networks. The existing system relies on collaborative data delivery, but non-cooperative behavior impairs network QoP and user quality of experience (QoE). The proposed system evaluates process-based and relationship-based credibility of nodes in a distributed manner using locally recorded forwarding behavior information. An intrusion detection mechanism helps select reliable relay nodes for transmission, improving QoP, QoE, reducing network load, and enhancing resource utilization. Numerical results show the proposed approach provides reliable data transmission with high QoP and improved user QoE.
The document provides information about an IT services company called Coalesce Technologies. It discusses Coalesce's services, commitment to client satisfaction, growing network, and customized solutions. It also describes the library management system project, including the problems with existing systems, proposed new system features, and UML diagrams for modeling the system. Key aspects of the proposed system include automating transactions, providing a simple GUI, efficient database updating, and restricting administrative access for security.
The document discusses an e-voting system project that aims to provide a secure and user-friendly online voting system. It outlines the existing paper-based voting system and proposes an online voting system where voters can cast their votes from anywhere in India through a database that stores voter information and votes. The proposed system is designed to accurately record and retrieve voter information and votes in a planned, reliable, and redundant manner. It requires hardware like a PC and Windows OS along with Java programming language to develop the online voting software.
PVR Technology lists 26 new web-based projects including an airline automation system, attendance management system, automated college admission system, clustering datasets using machine learning algorithms, corporate transportation system, courier information system, e-voting system, e-complaints system in PHP, e-learning system in PHP, exam result application, hairstylesalon system, inventory management system, library management system, medical reference system, online placement and training system, online admission system, online bank system, vehicle investigation system, resource management system in PHP, online vegetables purchase system, online shopping for gadgets system, online seat booking system, online requitment system, online quiz system, online placement and training cell system, online movie ticket system,
The document proposes a new medium access control (MAC) protocol called PoCMAC that uses distributed power control to manage interference in full-duplex WiFi networks. PoCMAC allows simultaneous uplink and downlink transmissions between an access point and half-duplex clients. It identifies regimes where power control provides throughput gains and develops a full 802.11-based protocol for distributed selection of three-node topologies. Simulations and software-defined radio experiments show PoCMAC achieves higher capacity and throughput compared to half-duplex networks, while maintaining similar fairness.
This document contains information about PVR Technology, including their head office location, website, email, and phone number. It then lists 20 project titles related to power electronics and renewable energy systems. The projects cover topics like power quality improvement, single-stage converters, grid-connected inverters, maximum power point tracking, stand-alone energy sources, power factor correction, resonant inverters, DC-DC converters, AC-DC converters, filters, and induction heating applications.
Control cloud data access privilege and anonymity with fully anonymous attrib...Pvrtechnologies Nellore
This document proposes two schemes, AnonyControl and AnonyControl-F, to address privacy issues in existing access control schemes for cloud storage. AnonyControl decentralizes the central authority to limit identity leakage and achieve semi-anonymity. It also generalizes file access control to privilege control. AnonyControl-F fully prevents identity leakage and achieves full anonymity. The schemes use attribute-based encryption and a multi-authority system to securely control user access privileges without revealing identity information. Security analysis shows the schemes are secure under certain cryptographic assumptions.
The document proposes CloudKeyBank, a key management framework that addresses the confidentiality, search privacy, and owner authorization of outsourced encryption keys. It does so using a new cryptographic primitive called Searchable Conditional Proxy Re-Encryption (SC-PRE) that combines Hidden Vector Encryption and Proxy Re-Encryption. The framework allows key owners to encrypt keys for outsourcing while maintaining privacy and granting controlled authorization. It aims to solve security issues not addressed by traditional outsourced data solutions.
Circuit ciphertext policy attribute-based hybrid encryption with verifiablePvrtechnologies Nellore
The document proposes a scheme for circuit ciphertext-policy attribute-based hybrid encryption with verifiable delegation in cloud computing. It aims to ensure data confidentiality, fine-grained access control, and verifiability of delegated computation results. The scheme uses a combination of ciphertext-policy attribute-based encryption, symmetric encryption, and verifiable computation. It is proven secure based on computational assumptions and simulations show it is practical for cloud computing applications.
The document proposes using microaggregation techniques to generate k-anonymous datasets that satisfy t-closeness, addressing limitations of existing approaches using generalization and suppression. It presents three microaggregation-based algorithms to reconcile privacy and utility goals: one merges clusters as needed for t-closeness, while two modify the microaggregation process to directly consider t-closeness. Microaggregation preserves data utility better than generalization by maintaining granularity and numbers' continuous nature, and handles outliers less disruptively. The algorithms are empirically evaluated for generating privacy-preserving datasets.
A SYSTEMATIC RISK ASSESSMENT APPROACH FOR SECURING THE SMART IRRIGATION SYSTEMSIJNSA Journal
The smart irrigation system represents an innovative approach to optimize water usage in agricultural and landscaping practices. The integration of cutting-edge technologies, including sensors, actuators, and data analysis, empowers this system to provide accurate monitoring and control of irrigation processes by leveraging real-time environmental conditions. The main objective of a smart irrigation system is to optimize water efficiency, minimize expenses, and foster the adoption of sustainable water management methods. This paper conducts a systematic risk assessment by exploring the key components/assets and their functionalities in the smart irrigation system. The crucial role of sensors in gathering data on soil moisture, weather patterns, and plant well-being is emphasized in this system. These sensors enable intelligent decision-making in irrigation scheduling and water distribution, leading to enhanced water efficiency and sustainable water management practices. Actuators enable automated control of irrigation devices, ensuring precise and targeted water delivery to plants. Additionally, the paper addresses the potential threat and vulnerabilities associated with smart irrigation systems. It discusses limitations of the system, such as power constraints and computational capabilities, and calculates the potential security risks. The paper suggests possible risk treatment methods for effective secure system operation. In conclusion, the paper emphasizes the significant benefits of implementing smart irrigation systems, including improved water conservation, increased crop yield, and reduced environmental impact. Additionally, based on the security analysis conducted, the paper recommends the implementation of countermeasures and security approaches to address vulnerabilities and ensure the integrity and reliability of the system. By incorporating these measures, smart irrigation technology can revolutionize water management practices in agriculture, promoting sustainability, resource efficiency, and safeguarding against potential security threats.
Embedded machine learning-based road conditions and driving behavior monitoringIJECEIAES
Car accident rates have increased in recent years, resulting in losses in human lives, properties, and other financial costs. An embedded machine learning-based system is developed to address this critical issue. The system can monitor road conditions, detect driving patterns, and identify aggressive driving behaviors. The system is based on neural networks trained on a comprehensive dataset of driving events, driving styles, and road conditions. The system effectively detects potential risks and helps mitigate the frequency and impact of accidents. The primary goal is to ensure the safety of drivers and vehicles. Collecting data involved gathering information on three key road events: normal street and normal drive, speed bumps, circular yellow speed bumps, and three aggressive driving actions: sudden start, sudden stop, and sudden entry. The gathered data is processed and analyzed using a machine learning system designed for limited power and memory devices. The developed system resulted in 91.9% accuracy, 93.6% precision, and 92% recall. The achieved inference time on an Arduino Nano 33 BLE Sense with a 32-bit CPU running at 64 MHz is 34 ms and requires 2.6 kB peak RAM and 139.9 kB program flash memory, making it suitable for resource-constrained embedded systems.
Batteries -Introduction – Types of Batteries – discharging and charging of battery - characteristics of battery –battery rating- various tests on battery- – Primary battery: silver button cell- Secondary battery :Ni-Cd battery-modern battery: lithium ion battery-maintenance of batteries-choices of batteries for electric vehicle applications.
Fuel Cells: Introduction- importance and classification of fuel cells - description, principle, components, applications of fuel cells: H2-O2 fuel cell, alkaline fuel cell, molten carbonate fuel cell and direct methanol fuel cells.
DEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODELgerogepatton
As digital technology becomes more deeply embedded in power systems, protecting the communication
networks of Smart Grids (SG) has emerged as a critical concern. Distributed Network Protocol 3 (DNP3)
represents a multi-tiered application layer protocol extensively utilized in Supervisory Control and Data
Acquisition (SCADA)-based smart grids to facilitate real-time data gathering and control functionalities.
Robust Intrusion Detection Systems (IDS) are necessary for early threat detection and mitigation because
of the interconnection of these networks, which makes them vulnerable to a variety of cyberattacks. To
solve this issue, this paper develops a hybrid Deep Learning (DL) model specifically designed for intrusion
detection in smart grids. The proposed approach is a combination of the Convolutional Neural Network
(CNN) and the Long-Short-Term Memory algorithms (LSTM). We employed a recent intrusion detection
dataset (DNP3), which focuses on unauthorized commands and Denial of Service (DoS) cyberattacks, to
train and test our model. The results of our experiments show that our CNN-LSTM method is much better
at finding smart grid intrusions than other deep learning algorithms used for classification. In addition,
our proposed approach improves accuracy, precision, recall, and F1 score, achieving a high detection
accuracy rate of 99.50%.
CHINA’S GEO-ECONOMIC OUTREACH IN CENTRAL ASIAN COUNTRIES AND FUTURE PROSPECTjpsjournal1
The rivalry between prominent international actors for dominance over Central Asia's hydrocarbon
reserves and the ancient silk trade route, along with China's diplomatic endeavours in the area, has been
referred to as the "New Great Game." This research centres on the power struggle, considering
geopolitical, geostrategic, and geoeconomic variables. Topics including trade, political hegemony, oil
politics, and conventional and nontraditional security are all explored and explained by the researcher.
Using Mackinder's Heartland, Spykman Rimland, and Hegemonic Stability theories, examines China's role
in Central Asia. This study adheres to the empirical epistemological method and has taken care of
objectivity. This study analyze primary and secondary research documents critically to elaborate role of
china’s geo economic outreach in central Asian countries and its future prospect. China is thriving in trade,
pipeline politics, and winning states, according to this study, thanks to important instruments like the
Shanghai Cooperation Organisation and the Belt and Road Economic Initiative. According to this study,
China is seeing significant success in commerce, pipeline politics, and gaining influence on other
governments. This success may be attributed to the effective utilisation of key tools such as the Shanghai
Cooperation Organisation and the Belt and Road Economic Initiative.
Electric vehicle and photovoltaic advanced roles in enhancing the financial p...IJECEIAES
Climate change's impact on the planet forced the United Nations and governments to promote green energies and electric transportation. The deployments of photovoltaic (PV) and electric vehicle (EV) systems gained stronger momentum due to their numerous advantages over fossil fuel types. The advantages go beyond sustainability to reach financial support and stability. The work in this paper introduces the hybrid system between PV and EV to support industrial and commercial plants. This paper covers the theoretical framework of the proposed hybrid system including the required equation to complete the cost analysis when PV and EV are present. In addition, the proposed design diagram which sets the priorities and requirements of the system is presented. The proposed approach allows setup to advance their power stability, especially during power outages. The presented information supports researchers and plant owners to complete the necessary analysis while promoting the deployment of clean energy. The result of a case study that represents a dairy milk farmer supports the theoretical works and highlights its advanced benefits to existing plants. The short return on investment of the proposed approach supports the paper's novelty approach for the sustainable electrical system. In addition, the proposed system allows for an isolated power setup without the need for a transmission line which enhances the safety of the electrical network
A review on techniques and modelling methodologies used for checking electrom...nooriasukmaningtyas
The proper function of the integrated circuit (IC) in an inhibiting electromagnetic environment has always been a serious concern throughout the decades of revolution in the world of electronics, from disjunct devices to today’s integrated circuit technology, where billions of transistors are combined on a single chip. The automotive industry and smart vehicles in particular, are confronting design issues such as being prone to electromagnetic interference (EMI). Electronic control devices calculate incorrect outputs because of EMI and sensors give misleading values which can prove fatal in case of automotives. In this paper, the authors have non exhaustively tried to review research work concerned with the investigation of EMI in ICs and prediction of this EMI using various modelling methodologies and measurement setups.
International Conference on NLP, Artificial Intelligence, Machine Learning an...gerogepatton
International Conference on NLP, Artificial Intelligence, Machine Learning and Applications (NLAIM 2024) offers a premier global platform for exchanging insights and findings in the theory, methodology, and applications of NLP, Artificial Intelligence, Machine Learning, and their applications. The conference seeks substantial contributions across all key domains of NLP, Artificial Intelligence, Machine Learning, and their practical applications, aiming to foster both theoretical advancements and real-world implementations. With a focus on facilitating collaboration between researchers and practitioners from academia and industry, the conference serves as a nexus for sharing the latest developments in the field.
Using recycled concrete aggregates (RCA) for pavements is crucial to achieving sustainability. Implementing RCA for new pavement can minimize carbon footprint, conserve natural resources, reduce harmful emissions, and lower life cycle costs. Compared to natural aggregate (NA), RCA pavement has fewer comprehensive studies and sustainability assessments.
Comparative analysis between traditional aquaponics and reconstructed aquapon...bijceesjournal
The aquaponic system of planting is a method that does not require soil usage. It is a method that only needs water, fish, lava rocks (a substitute for soil), and plants. Aquaponic systems are sustainable and environmentally friendly. Its use not only helps to plant in small spaces but also helps reduce artificial chemical use and minimizes excess water use, as aquaponics consumes 90% less water than soil-based gardening. The study applied a descriptive and experimental design to assess and compare conventional and reconstructed aquaponic methods for reproducing tomatoes. The researchers created an observation checklist to determine the significant factors of the study. The study aims to determine the significant difference between traditional aquaponics and reconstructed aquaponics systems propagating tomatoes in terms of height, weight, girth, and number of fruits. The reconstructed aquaponics system’s higher growth yield results in a much more nourished crop than the traditional aquaponics system. It is superior in its number of fruits, height, weight, and girth measurement. Moreover, the reconstructed aquaponics system is proven to eliminate all the hindrances present in the traditional aquaponics system, which are overcrowding of fish, algae growth, pest problems, contaminated water, and dead fish.
Comparative analysis between traditional aquaponics and reconstructed aquapon...
Audit free cloud storage via deniable attribute-based encryption
1. 2168-7161 (c) 2015 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See
http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/TCC.2015.2424882, IEEE Transactions on Cloud Computing
1
Audit-Free Cloud Storage via Deniable
Attribute-based Encryption
Po-Wen Chi and Chin-Laung Lei, Member, IEEE
Abstract—Cloud storage services have become increasingly popular. Because of the importance of privacy, many cloud storage
encryption schemes have been proposed to protect data from those who do not have access. All such schemes assumed that cloud
storage providers are safe and cannot be hacked; however, in practice, some authorities (i.e., coercers) may force cloud storage
providers to reveal user secrets or confidential data on the cloud, thus altogether circumventing storage encryption schemes. In this
paper, we present our design for a new cloud storage encryption scheme that enables cloud storage providers to create convincing
fake user secrets to protect user privacy. Since coercers cannot tell if obtained secrets are true or not, the cloud storage providers
ensure that user privacy is still securely protected.
Index Terms—Deniable Encryption, Composite Order Bilinear Group, Attribute-Based Encryption, Cloud Storage.
✦
1 INTRODUCTION
Cloud storage services have rapidly become increasingly
popular. Users can store their data on the cloud and
access their data anywhere at any time. Because of
user privacy, the data stored on the cloud is typically
encrypted and protected from access by other users.
Considering the collaborative property of the cloud data,
attribute-based encryption (ABE) is regarded as one of
the most suitable encryption schemes for cloud storage.
There are numerous ABE schemes that have been pro-
posed, including [1], [2], [3], [4], [5], [6], [7].
Most of the proposed schemes assume cloud storage
service providers or trusted third parties handling key
management are trusted and cannot be hacked; however,
in practice, some entities may intercept communications
between users and cloud storage providers and then
compel storage providers to release user secrets by us-
ing government power or other means. In this case,
encrypted data are assumed to be known and storage
providers are requested to release user secrets. As an
example, in 2010, without notifying its users, Google re-
leased user documents to the FBI after receiving a search
warrant [8]. In 2013, Edward Snowden disclosed the ex-
istence of global surveillance programs that collect such
cloud data as emails, texts, and voice messages from
some technology companies [9], [10]. Once cloud stor-
age providers are compromised, all encryption schemes
lose their effectiveness. Though we hope cloud storage
providers can fight against such entities to maintain user
privacy through legal avenues, it is seemingly more and
more difficult. As one example, Lavabit was an email
service company that protected all user emails from
• The authors are with the Distributed Computing and Network Security
(DCNS) Laboratory, Department of Electrical Engineering, National Tai-
wan University, Taiwan.
E-mail: {d99921015,cllei}@ntu.edu.tw
outside coercion; unfortunately, it failed and decided to
shut down its email service [11].
Since it is difficult to fight against outside coercion,
we aimed to build an encryption scheme that could help
cloud storage providers avoid this predicament. In our
approach, we offer cloud storage providers means to
create fake user secrets. Given such fake user secrets,
outside coercers can only obtained forged data from a
user’s stored ciphertext. Once coercers think the received
secrets are real, they will be satisfied and more impor-
tantly cloud storage providers will not have revealed any
real secrets. Therefore, user privacy is still protected.
This concept comes from a special kind of encryption
scheme called deniable encryption, first proposed in
[12]. Deniable encryption involves senders and receivers
creating convincing fake evidence of forged data in
ciphertexts such that outside coercers are satisfied. Note
that deniability comes from the fact that coercers cannot
prove the proposed evidence is wrong and therefore
have no reason to reject the given evidence. This ap-
proach tries to altogether block coercion efforts since
coercers know that their efforts will be useless. We make
use of this idea such that cloud storage providers can
provide audit-free storage services. In the cloud storage
scenario, data owners who store their data on the cloud
are just like senders in the deniable encryption scheme.
Those who can access the encrypted data play the role of
receiver in the deniable encryption scheme, including the
cloud storage providers themselves, who have system-
wide secrets and must be able to decrypt all encrypted
data1
.
In this work, we describe a deniable ABE scheme for
1. Some papers divide this role into service providers and trusted
key managers. More specifically, one is for cloud service operation,
while the other is for key management and is assumed to be trusted.
In this work we use cloud storage providers for both functions for
simplicity. Further, this is also a common case in practice. Note that it
is not difficult to apply our scheme to an architecture that has these
two different roles defined.
For More Details Contact G.Venkat Rao
PVR TECHNOLOGIES 8143271457
2. 2168-7161 (c) 2015 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See
http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/TCC.2015.2424882, IEEE Transactions on Cloud Computing
2
cloud storage services. We make use of ABE character-
istics for securing stored data with a fine-grained access
control mechanism and deniable encryption to prevent
outside auditing. Our scheme is based on Waters cipher-
text policy-attribute based encryption (CP-ABE) scheme
[4]. We enhance the Waters scheme from prime order
bilinear groups to composite order bilinear groups. By
the subgroup decision problem assumption, our scheme
enables users to be able to provide fake secrets that seem
legitimate to outside coercers.
1.1 Previous Work on ABE
Sahai and Waters first introduced the concept of ABE in
which data owners can embed how they want to share
data in terms of encryption [1]. That is, only those who
match the owner’s conditions can successfully decrypt
stored data. We note here that ABE is encryption for
privileges, not for users. This makes ABE a very useful
tool for cloud storage services since data sharing is an
important feature for such services. There are so many
cloud storage users that it is impractical for data owners
to encrypt their data by pairwise keys. Moreover, it is
also impractical to encrypt data many times for many
people. With ABE, data owners decide only which kind
of users can access their encrypted data. Users who
satisfy the conditions are able to decrypt the encrypted
data.
There are two types of ABE, CP-ABE and Key-Policy
ABE (KP-ABE). The difference between these two lies in
policy checking. KP-ABE is an ABE in which the policy
is embedded in the user secret key and the attribute
set is embedded in the ciphertext. Conversely, CP-ABE
embeds the policy into the ciphertext and the user secret
has the attribute set. Goyal et al. proposed the first KP-
ABE in [2]. They constructed an expressive way to relate
any monotonic formula as the policy for user secret
keys. Bethencourt et al. proposed the first CP-ABE in
[3]. This scheme used a tree access structure to express
any monotonic formula over attributes as the policy in
the ciphertext. The first fully expressive CP-ABE was
proposed by Waters in [4], which used Linear Secret
Sharing Schemes (LSSS) to build a ciphertext policy.
Lewko et al. enhanced the Waters scheme to a fully
secure CP-ABE, though with some efficiency loss, in [13].
Recently, Attrapadung et al. constructed a CP-ABE with
a constant-size ciphertext in [14] and Tysowski et al.
designed their CP-ABE scheme for resource-constrained
users in [7].
1.2 Previous Work on Deniable Encryption
The concept of deniable encryption was first proposed in
[12]. Like normal encryption schemes, deniable encryp-
tion can be divided into a deniable shared key scheme
and a public key scheme. Considering the cloud storage
scenario, we focus our efforts on the deniable public key
encryption scheme.
There are some important deniable public key en-
cryption schemes2
. Canetti et al. used translucent sets
to construct deniable encryption schemes in [12]. A
translucent set is a set containing a trapdoor subset. It
is easy to randomly pick an element from the universal
set or from the subset; however, without the trapdoor,
it is difficult to determine if a given element belongs
to the subset. Canetti et al. showed that any trapdoor
permutation can be used to construct the translucent set.
To build a deniable public key encryption scheme from
a translucent set, the translucent set is the public key
and the trapdoor is the private key. The translucent set
is used to represent one encrypted bit. Elements in the
subset are represented by 1 whereas other non-subset
elements are represented by 0. The sender can encrypt
1 by sending an element in the subset, but can claim
the element is chosen from the universal set (i.e., 0).
The above is a basic sender-deniable scheme. Canetti
et al. also proved that a sender-deniable scheme can
be transformed to a receiver-deniable scheme or a bi-
deniable scheme with the help of intermediaries. There
is research on how best to design a translucent set.
Durmuth et al. designed the translucent set from the
samplable encryption in [15]. ONeill et al. designed the
bi-translucent set from a lattice in [16], which can build
a native bi-deniable scheme.
In addition to the bitranslucent set, there are other
proposed approaches to building deniable encryption
schemes. ONeill et al. proposed a new deniable method
through a simulatable public key system [16]. The sim-
ulatable public key system provides an oblivious key
generation function and an oblivious ciphertext function.
When sending an encrypted bit, the sender will send a
set of encrypted data which may be normally encrypted
or oblivious. Therefore, the sender can claim some sent
messages are oblivious while actually they are not. The
idea can be applied to the receiver side such that the
scheme is a bi-deniable scheme. In [17], Gasti et al.
proposed another deniable scheme in which one public-
private key pair is set up for each user while there are
actually two pairs. The sender can send a true message
encrypted by one key with a fake message encrypted
by the other key. The sender decides which key is
released according to the coercer’s identity. Gasti et al.
also applied this idea to cloud storage services. There are
still other deniable encryption schemes, including [18]
and [19].
Aside from the above deniable schemes, there is
research investigating the limitations of the deniable
schemes. In [20]. Nielsen states that it is impossible
to encrypt unbounded messages by one short key in
non-committing schemes, including deniable schemes.
In [21], Bendlin et al. shows that noninteractive and fully
receiver-deniable schemes cannot be achieved simultane-
ously. We construct our scheme under these limitations.
2. For simplicity, in this paper deniable encryption means deniable
public key encryption.
For More Details Contact G.Venkat Rao
PVR TECHNOLOGIES 8143271457
3. 2168-7161 (c) 2015 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See
http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/TCC.2015.2424882, IEEE Transactions on Cloud Computing
3
1.3 Our Contributions
In this work, we construct a deniable CP-ABE scheme
that can make cloud storage services secure and audit-
free. In this scenario, cloud storage service providers are
just regarded as receivers in other deniable schemes.
Unlike most previous deniable encryption schemes,
we do not use translucent sets or simulatable public
key systems to implement deniability. Instead, we adopt
the idea proposed in [17] with some improvements.
We construct our deniable encryption scheme through
a multidimensional space. All data are encrypted into
the multidimensional space. Only with the correct com-
position of dimensions is the original data obtainable.
With false composition, ciphertexts will be decrypted to
predetermined fake data. The information defining the
dimensions is kept secret. We make use of composite
order bilinear groups to construct the multidimensional
space. We also use chameleon hash functions to make
both true and fake messages convincing.
Our deniable ABE has the advantages described below
over previous deniable encryption schemes.
• Blockwise Deniable ABE. Most deniable public key
schemes (e.g., [12], [15], [16]) are bitwise, which
means these schemes can only process one bit a
time; therefore, bitwise deniable encryption schemes
are inefficient for real use, especially in the cloud
storage service case. To solve this problem, O’Neil
et al. designed a hybrid encryption scheme that
simultaneously uses symmetric and asymmetric en-
cryption. They use a deniably encrypted plan-ahead
symmetric data encryption key, while real data are
encrypted by a symmetric key encryption mecha-
nism. This reduces the repeating number from the
block size to the key size. Though bitwise deniable
encryption is more flexible than blockwise deniable
encryption in ”cooking” fake data, when consider-
ing cloud storage services, blockwise encryption is
much more efficient in use.
Unlike those techniques used in previous deniable
encryption schemes, we build two encryption en-
vironments at the same time, much like the idea
proposed in [17]. We build our scheme with multiple
dimensions while claiming there is only one dimen-
sion. This approach removes obvious redundant
parts in [17]. We apply this idea to an existing
ABE scheme by replacing prime order groups with
composite order groups. Since the base ABE scheme
can encrypt one block each time, our deniable CP-
ABE is certainly a blockwise deniable encryption
scheme. Though the bilinear operation for the com-
posite order group is slower than the prime order
group, there are some techniques that can convert
an encryption scheme from composite order groups
to prime order groups for better computational per-
formance, such as those described in [22] and [23].
We use composite order groups to describe our idea
in Section 4 and transform it to prime order groups
in Section 5.
• Consistent Environment. Most of the previous
deniable encryption schemes are inter-encryption-
independent. That is, the encryption parameters
should be totally different for each encryption op-
eration. If two deniable encryptions are performed
in the same environment, the latter encryption will
lose deniability after the first encryption is coerced,
because each coercion will reduce flexibility. For
example, once coercers get private keys, which are
the most common receiver proofs, these keys should
be convincing not only under some particular files,
but also under all related stored data. Otherwise,
the coercers will know that these keys are fake;
however, all proposed schemes only provide con-
vincing proofs for particular transmissions. In the
secure cloud storage service, this is not practical. It
is impossible for a cloud storage service provider
to prepare a unique encryption environment for
each file, much less to maintain the access control
mechanism at the same time.
In this work, we build a consistent environment
for our deniable encryption scheme. By consistent
environment, we means that one encryption envi-
ronment can be used for multiple encryption times
without system updates. The opened receiver proof
should look convincing for all ciphertexts under this
environment3
, regardless of whether a ciphertext
is normally encrypted or deniably encrypted. The
deniability of our scheme comes from the secret of
the subgroup assignment, which is determined only
once in the system setup phase. By the canceling
property and the proper subgroup assignment, we
can construct the released fake key to decrypt nor-
mal ciphertexts correctly.
• Deterministic Decryption. Most deniable encryp-
tion schemes have decryption error problems. These
errors come from the designed decryption mecha-
nisms. For example, in [12], Canetti et al. uses the
subset decision mechanism for decryption. The re-
ceiver determines the decrypted message according
to the subset decision result. If the sender chooses an
element from the universal set but unfortunately the
element is located in the specific subset, then an er-
ror occurs. The same error occurs in all translucent-
set-based deniable encryption schemes. Another ex-
ample is in [16], which uses a voting mechanism for
decryption. Decryption is correct if and only if the
correct part overwhelms the false part. Otherwise,
the receiver will get the error result.
The concept of our deniable scheme is different than
these schemes described above. Our scheme extends
a pairing ABE, which has a deterministic decryption
algorithm, from the prime order group to the com-
3. The sender proof is still inter-independent, because receiver proofs
are related to user keys whereas sender proofs are related to random
choices for encryption.
For More Details Contact G.Venkat Rao
PVR TECHNOLOGIES 8143271457
4. 2168-7161 (c) 2015 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See
http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/TCC.2015.2424882, IEEE Transactions on Cloud Computing
4
posite order group. The decryption algorithm in our
scheme is still deterministic; therefore, there is no
decryption errors using our scheme.
1.4 Organization
In additional to this introductory section, we introduce
preliminaries used in this paper in Section 2. In Section 3,
we formally define deniable CP-ABE and its properties.
In Section 4, we show how to set up a basic deniable CP-
ABE scheme and prove security, deniability and other
features of our scheme. In Section 5, we transform our
basic scheme from composite order groups to prime
order groups. We then enhance our scheme to be chosen-
ciphertext attack (CCA) secure in Section 6. In section
7, we implement our deniable schemes and evaluate
their performance. Finally, we present our conclusions
in Section 8.
2 PRELIMINARIES
2.1 Prime Order Bilinear Groups
Let G and GT be two multiplicative cyclic groups of
prime order p, with map function e : G × G → GT . Let
g be a generator of GG. G is a bilinear map group if G
and e have the following properties:
• Bilinearity: ∀u, v ∈ G and a, b ∈ Z, e(ua
, vb
) =
e(u, v)ab
.
• Non-degeneracy: e(g, g) = 1.
• Computability: the group action in G and map
function e can be computed efficiently.
2.2 Waters CP-ABE
In this subsection, we provide an introduction to Waters
CP-ABE [4]. Waters used LSSS to build an access control
mechanism. Here, we first review the definition of LSSS.
Definition 1 (LSSS: Linear Secret Sharing Schemes [24]):
A secret sharing scheme Π over set of parties P is called
linear (over Zp) if
1) The shares for each party form a vector over Zp.
2) There exists a l × n matrix M called the share-
generating matrix for Π. For all i = 1, . . . , l, the
i’th row of M is labeled by party ρ(i), where
ρ is a mapping function from {1, . . . , l} to party
field P. When considering column vector v =
(s, r2, . . . , rn), where s ∈ Zp is the secret to be
shared and r2, . . . , rn ∈ Zp are randomly chosen,
Mv is the vector of l shares of secret s according
to Π. The share (Mv)i belongs to party ρ(i).
According to the above definition, an LSSS scheme has
the linear reconstruction property. That is, given LSSS
Π, access structure A, and valid shares of a secret s, s
can be recovered by those who have authorized sets.
In [24], Beimel shows that the recovery procedure is
time polynomial in the size of M. In an ABE scheme,
parties represent attributes. The Waters CP-ABE scheme
is composed of the following algorithms:
• Setup() → (MSK, PK): This algorithm chooses a
bilinear group of prime order p with generator g,
random elements α, a ∈ Zp, and hash function H :
{0, 1}∗
→ G. The public key PK is {g, e(g, g)α
, ga
}
and the system secret key MSK is gα
.
• Encrypt(PK, (M, ρ), M) → CT : Given message M
and LSSS access structure (M, ρ), this algorithm first
chooses a random vector −→v = (s, y2, . . . , yn) ∈
Zn
p . Let M be a l × n matrix and Mi denote
the ith row of M. This algorithm calculates λi =
−→v Mi, ∀i ∈ {1, . . . , l}. Further, this algorithm chooses
r1, . . . , rl ∈ Zp. The output ciphertext will be:
CT = {Me(g, g)αs
, gs
, (gaλ1
H(ρ(1))−r1
, gr1
), . . . ,
(gaλl
H(ρ(l))−rl
, grl
)}
= {C, C′
, (C1, D1), . . . , (Cl, Dl)},
with a description of (M, ρ).
• KeyGen(MSK, S) → SK: Given set S of attributes,
this algorithm chooses t ∈ Zp randomly and outputs
the private key as:
K = gα+at
, L = gt
, ∀x ∈ SKx = H(x)t
.
• Decrypt(CT, SK) → M: Suppose that S satisfies the
access structure and let I ⊂ {1, . . . , l} be defined as
I = {i : ρ(i) ∈ S}. This algorithm finds a set of
constants {wi ∈ Zp} such that i∈I wiλi = s. The
decryption algorithm computes
e(C′
, K)/(
i∈I
(e(Ci, L)e(Di, Kρ(i)))wi
) = e(g, g)αs
and derives M from the ciphertext.
The security of Waters CP-ABE scheme is based on the
decisional q-parallel bilinear BDHE assumption, which is
defined as follows:
Definition 2 (Decisional q-parallel BDHE Assumption):
Let a, s, b1, . . . , bq
R
←− Zp and g be a generator of G.
Given
D :=
g, gs
, ga
, . . . , g(aq
)
, g(aq+2
)
, . . . , g(a2q
)
∀1≤j≤q
gs·bj
, ga/bj
, . . . , g(aq
/bj )
,
g(aq+2
/bj )
, . . . , g(a2q
/bj )
∀1≤j,k≤q,k=j ga·s·bk/bj
, . . . , gaq
·s·bk/bj
and element T ∈ GT , we assume that for any PPT
algorithm A that outputs in {0, 1},
AdvA := |P[A(D, e(g, g)aq+1
s
) = 1] − P[A(D, T ) = 1]|
is negligible.
Theorem 1: Suppose the decisional q-parallel BDHE
assumption holds, then no polynomial time adversary
can selectively break the Waters CP-ABE system in the
CPA-model.
The proof can be found in [4] and is omitted here.
For More Details Contact G.Venkat Rao
PVR TECHNOLOGIES 8143271457
5. 2168-7161 (c) 2015 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See
http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/TCC.2015.2424882, IEEE Transactions on Cloud Computing
5
2.3 Composite Order Bilinear Groups
The composite order bilinear group was first introduced
in [25]; we use it to construct our scheme. Here we
provide a brief introduction. Let G and GT be two
multiplicative cyclic groups of composite order N =
p1p2 . . . pm, where p1, p2, . . . , pm are distinct primes, with
bilinear map function e : G × G → GT . For each
prime pi, G has a subgroup Gpi of order pi. We let
g1, g2, . . . , gm be the generators of these subgroups re-
spectively. Each element in G can be expressed in the
form of ga1
1 ga2
2 . . . gam
m , where a1, a2, . . . , am ∈ ZN . If ai is
congruent to zero modulo pi, we say that this element
has no Gpi component. We say an element is in i∈S Gpi ,
where S is a subset from 1 . . . m, if ∀i ∈ S, ai is not
congruent to zero modulo pi.
The most important property of the composite bilinear
groups is orthogonality between all subgroups under
bilinear map e. This means that if u ∈ Gpi , v ∈ Gpj and
i = j, then e(u, v) = 1, where 1 is the identity element in
GT .
The general complexity assumption used in the com-
posite group is the subgroup decision assumption,
stating that it is difficult to determine the existence of
a given subgroup in a random composite order group
element without orthogonality testing. The general form
of this assumption is described as follows, as defined in
[23]:
Definition 3 (General Subgroup Decision Assumption):
Let S0, S1, S2, . . . , Sk be non-empty subsets of 1, . . . , m
such that for each 2 ≤ j ≤ k, either Sj ∩S0 = ∅ = Sj ∩S1
or Sj ∩ S0 = ∅ = Sj ∩ S1. Given group generator G , we
define the following distribution:
PP := {N = p1p2 . . . pm, G, GT , e}
R
←−− G
Zi
R
←−− GSi ∀i ∈ {1, . . . , k},
D := {PP, Z2, . . . , Zk}.
We assume that for that for any PPT algorithm A with
output in {0, 1},
AdvG,A := |P[A(D, Z0) = 1] − P[A(D, Z1) = 1]|
is negligible.
This assumption also implies that it is hard to dis-
tinguish the outputs of the bilinear map function from
other elements when they contain at least one common
subgroup.
2.4 Chameleon Hash
The idea behind the chameleon hash scheme was first
introduced in [26]. Just like other common secure hash
functions, a chameleon hash scheme has two key prop-
erties, namely collision resistance and semantic secu-
rity. Further, a chameleon hash scheme also provides
collision forgery with a predetermined trapdoor. The
input of a chameleon hash includes two parts, one being
input message m and the other random string r. The
random string r is used to provide a chance to adapt
the message for the hash value. The definitions of the
three aforementioned requirements, collision resistance,
semantic security and collision forgery, are listed below.
Definition 4 (Collision Resistance): Given chameleon
hash scheme {PK, SK, CH(·, ·)}, where PK is the
public information, SK is the trapdoor and CH(·, ·) is
the hash function. Let m, m′
be two different messages
and r a random string. We call the scheme collision
resistant if for any probabilistic polynomial time
(PPT) algorithm A, it is hard to output r′
such that
CH(m, r) = CH(m′
, r′
) without SK.
Definition 5 (Semantic Security): Given chameleon
hash scheme {PK, SK, CH(·, ·)}, where PK is the
public information, SK is the trapdoor and CH(·, ·)
is the hash function. We call the scheme semantically
secure if for all pairs of message m, m′
and random
string r, the probability distribution of CH(m, r) and
CH(m′
, r) are computationally indistinguishable.
Definition 6 (Collision Forgery): Given chameleon hash
scheme {PK, SK, CH(·, ·)}, where PK is the public
information, SK is the trapdoor and CH(·, ·) is the hash
function. Let m, m′
be two different messages and r is a
random string. We call the scheme a collision forgery
scheme if there exists one PPT algorithm A that on
input SK, outputs a string r′
that satisfies CH(m, r) =
CH(m′
, r′
).
In this paper, we use CH to denote the chameleon
hash public information and CH(·, ·) to denote the
chameleon hash operation.
3 DEFINITION
3.1 Deniable CP-ABE Scheme
Deniable encryption schemes may have different prop-
erties and we provide an introduction to many of these
properties below.
• ad hoc deniability vs. plan-ahead deniability: The for-
mer can generate a fake message (from the entire
message space) when coerced, whereas the latter re-
quires a predetermined fake message for encryption.
Undoubtedly, all bitwise encryption schemes are ad
hoc.
• sender-, receiver-, and bi-deniability: The prefix here in
each case implies the role that can fool the coercer
with convincing fake evidence. In sender-deniable
encryption schemes and receiver-deniable schemes,
it is assumed that the other entity cannot be coerced.
Bi-deniability means both sender and receiver can
generate fake evidence to pass third-party coercion.
• full deniability vs. multi-distributional deniability: A
fully deniable encryption scheme is one in which
there is only one set of algorithms, i.e., a key-
generation algorithm, an encryption algorithm and
so on. Senders, receivers and coercers know this
set of algorithms and a sender and a receiver can
fool a coercer under this condition. As for multi-
distributional deniable encryption schemes, there
are two sets of algorithms, one being a normal set,
For More Details Contact G.Venkat Rao
PVR TECHNOLOGIES 8143271457
6. 2168-7161 (c) 2015 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See
http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/TCC.2015.2424882, IEEE Transactions on Cloud Computing
6
while the other is a deniable set. The outputs of
algorithms in these two sets are computationally in-
distinguishable. The normal set of algorithms cannot
be used to fool coercers, whereas the deniable set
can be used. A sender and a receiver can use the
deniable algorithm set, but claim that they use the
normal algorithm set to fool coercers..
• interactive encryption vs. non-interactive encryption:
The difference between these two types of encryp-
tion is that the latter scheme does not need interac-
tion between sender and receiver.
According to the above definitions, the ideal deniable
encryption scheme is ad hoc, full, bi-deniability and non-
interactive deniability; however, there is research focused
on determining the limitations of the deniable schemes.
IN [20], Nielsen stated that it is impossible to encrypt un-
bounded messages by one short key in non-committing
schemes, including deniable schemes. Since we want
our scheme to be blockwise deniable with a consistent
encryption environment, we design our scheme to be a
plan-ahead deniable encryption scheme. In [21], Bendlin
et al. showed that non-interactive and fully receiver-
deniable properties cannot be achieved simultaneously.
We prefer our scheme to have the non-interactive prop-
erty for ease of use. Therefore, our scheme is multi-
distributional. In summary, our deniable scheme is plan-
ahead, bi-deniable, and multi-distributional. Below, we
provide the definition of this kind of deniable CP-ABE
scheme.
Definition 7 (Deniable CP-ABE): Our plan-ahead, bi-
deniable, and multi-distributional CP-ABE scheme is
composed of the following algorithms:
• Setup(1λ
) → (PP, MSK): This algorithm takes
security parameter λ as input and returns public
parameter PP and system master key MSK.
• KeyGen(MSK, S) → SK: Given set of attributes S
and MSK, this algorithm outputs private key SK.
• Enc(PP, M, A) → C: This encryption algorithm
takes as input public parameter PP, message M,
and LSSS access structure A = (M, ρ) over the
universe of attributes. This algorithm encrypts M
and outputs a ciphertext C, which can be decrypted
by those who possess an attribute set that satisfies
access structure A. Note that A is contained in C.
• Dec(PP, SK, C) → {M, ⊥}: This decryption algo-
rithm takes as input public parameter PP, private
key SK with its attribute set S, and ciphertext C
with its access structure A. If S satisfies A, then
this algorithm returns M; otherwise, this algorithm
returns ⊥.
• OpenEnc(PP, C, M) → PE: This algorithm is for
the sender to release encryption proof PE for (M, C).
• OpenDec(PP, SK, C, M) → PD: This algorithm is
for the receiver to release decryption proof PD for
(M, C).
• Verify(PP, C, M, PE, PD) → {T, F}: This algorithm
is used to verify the correctness of PE and PD.
• DenSetup(1λ
) → (PP, MSK, PK): This algorithm
takes security parameter λ as input and returns
public parameters PP, system master key MSK,
and system public key PK. PK is known by all
system users and is kept secret to outsiders.
• DenKeyGen(MSK, S) → (SK, FK): Given set of
attributes S and MSK, this algorithm outputs pri-
vate key SK as well as FK for the user, where FK
will be used for generating fake proof later.
• DenEnc(PP, PK, M, M′
, A) → C′
: Aside from the
inputs of the normal encryption algorithm, this de-
niable encryption algorithm needs public key PK
and fake message M′
. The output ciphertext must
be indistinguishable from the output of Enc.
• DenOpenEnc(PP, C′
, M′
) → P′
E: This algorithm is
for the sender to release encryption proof P′
E for
fake message M′
. The output must be indistinguish-
able from the result of OpenEnc and must pass the
Verify algorithm.
• DenOpenDec(PP, SK, FK, C′
, M′
) → P′
D: This al-
gorithm is for the receiver to release decryption
proof P′
D for fake message M′
. The output must be
indistinguishable from the result of OpenDec and
must pass the Verify algorithm.
We require the following properties:
1) Security: The tuple {Setup,KeyGen,Enc,Dec}
must form a secure CP-ABE scheme in a security
model. In this work, we propose a CPA secure
scheme and a CCA secure scheme. These two
security models are defined in Section 3.2.
2) Bi-deniability: The CP-ABE is bi-deniable if,
given public parameter PP, the two distribu-
tion tuples (M, C, PE, PD) and (M′
, C′
, P′
E, P′
D)
are computational indistinguishable, where M, M′
are claimed messages, C, C′
are normally and
deniably encrypted ciphertexts, respectively, and
PE, PD, P′
E, P′
D are proofs generated from the nor-
mal and deniable open algorithms, respectively.
That is, there is no PPT algorithm A for which
AdvA :=
P[A(PP, (M, C, PE , PD)) = 1]
− P[A(PP, (M′
, C′
, P′
E, P′
D)) = 1]
is non-negligible.
3) Deniable Receiver Proof Consistency: The deni-
able CP-ABE is deniable receiver proof consistent if
a deniable receiver proof is convincing even when
considering all ciphertexts in the system. That is,
given set of ciphertexts C, including normally en-
crypted ciphertexts and deniably encrypted cipher-
texts, normal proof PD and deniable proof P′
D,
there is no PPT algorithm A for which
AdvA := |P[A(C, PD) = 1] − P[A(C, P′
D) = 1]|
is non-negligible.
We note that the last requirement is unusual for deni-
able encryption schemes. We build our scheme with this
requirement for practicality. In a cloud storage service,
For More Details Contact G.Venkat Rao
PVR TECHNOLOGIES 8143271457
7. 2168-7161 (c) 2015 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See
http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/TCC.2015.2424882, IEEE Transactions on Cloud Computing
7
it is impractical to frequently update security parame-
ters. Therefore, coercers are able to check proofs with
all stored encrypted files. For normal provided proofs,
there will be no problems. So, our scheme must ensure
deniable proofs to pass coercer checks, or coercers will
know cheating has occurred. We also note that not all
stored files are deniably encrypted. Some files are nor-
mally encrypted. A proposed receiver proof, regardless
of whether it is normal or deniable, should be convincing
for both normally and deniably encrypted files. We focus
on receiver proofs instead of sender proofs because in
most cases, senders add randomness during encryption.
Therefore, any two sender proofs are usually indepen-
dent, and sender proof consistency is unnecessary. For
the above reasons, we build our scheme such that it
adheres to the Deniable Receiver Proof Consistency
requirement.
3.1.1 Is a Confidential PK Practical?
In the above definition, our scheme assumes that PK
will be kept secret from the coercer. Some may argue that
it is impractical, stating that coercers can pretend to be
users in cloud storage services and obtain the PK. Once
the PK is released to coercers, they can easily generate
deniably encrypted ciphertexts and use these ciphertexts
to determine the types of receiver proofs. To address
this question, we must return to the basic assumption of
deniable encryption schemes, i.e., senders and receivers
want to hide their communication messages from
outside coercers. Like all other cryptographic schemes,
secrets must be assumed to be unknown to adversaries
and our scheme is no exception. Therefore assuming
that the PK is kept secret to coercers is acceptable and
unavoidable.
To keep PK secret, cloud service providers can in-
tegrate deniable CP-ABE schemes with their own user
authentication mechanisms. Note that in our definition,
a deniable CP-ABE scheme can enable cloud storage
service providers to offer two kinds of storage services,
one being normal storage service, the other being audit-
free storage service. So a user can choose to enjoy
normal cloud storage services through a basic authenti-
cation process or enjoy audit-free cloud storage services
through a much more sincere authentication process.
Therefore, we believe our idea can be used to build
practical cloud storage services, especially for those
communities who currently have serious authentication
processes.
3.2 Chosen-Plaintext-Attack (CPA) Security Model
and Chosen-Ciphertext-Attack (CCA) Security Model
Here we describe the secure model for a CP-ABE scheme.
An adversary is given a challenge question and is al-
lowed to query an oracle for some information. The
adversary wins the game if it can correctly answer
the question. The formal security game is described as
follows:
• Setup: The challenger first runs Setup and outputs
PP to the adversary.
• Phase 1: The adversary generates queries q1, . . . , qm
to the challenger. Query qi can be one of the follow-
ing two types of queries:
– Key query: the adversary chooses attribute set
Si and obtains its private key from the chal-
lenger.
– Decryption query: the adversary asks the chal-
lenger to decrypt ciphertext Ci and obtains its
plaintext.
• Challenge: The adversary chooses two plaintexts
M0, M1 for the challenger. The adversary also pro-
vides a challenge access structure A∗
, which cannot
be satisfied by the attributes used in q1, . . . , qm. The
challenger randomly chooses one bit b ∈ {0, 1} and
encrypts the message via Enc(PP, A∗
, Mb) → C∗
.
The challenger sends C∗
to the adversary as the
challenge ciphertext.
• Phase 2: As in Phase 1, the adversary generates
queries qm+1, . . . , qn to the challenger. Query qi can
be one of the following two types of queries:
– Key query: the adversary chooses attribute set
Si and obtains its private key from the chal-
lenger. Si cannot satisfy A∗
.
– Decryption query: the adversary asks the chal-
lenger to decrypt ciphertext Ci and obtains its
plaintext. Ci cannot be C∗
.
• Guess: The adversary returns guess result b′
∈
{0, 1}. The adversary wins if b′
= b.
The advantage is defined as |P(b′
= b) − 1
2 |.
Definition 8: A CP-ABE scheme is CPA secure if all
polynomial time adversaries have at most a negligible
advantage in the above game without any decryption
queries.
Definition 9: A CP-ABE scheme is CCA secure if all
polynomial time adversaries have at most a negligible
advantage in the above game.
4 DENIABLE CP-ABE CONSTRUCTION
To build an audit-free secure cloud storage service, we
use a deniable CP-ABE scheme as our core technology.
We construct our basic deniable CP-ABE scheme, which
is based on [4], as follows:
• Setup(1λ
) → (PP, MSK): This algorithm generates
bilinear group G of order N = p1p2p3, where
p1, p2, p3 are distinct primes with bilinear map func-
tion e : G × G → GT . GT is also order N. We
let Gp1 , Gp2 , Gp3 denote three orthogonal subgroups
in G of order p1, p2, p3, respectively. This algorithm
then picks generators g1 ∈ Gp1 , g3 ∈ Gp3 , and
randomly picks α, a ∈ ZN . This algorithm also
chooses hash function H1 : {0, 1}∗
→ Gp3 . Public pa-
rameter PP is {G, e, H1, g1g3, (g1g3)a
, e(g1g3, g1g3)α
}
and system secret key MSK is (g1g3)α
.
For More Details Contact G.Venkat Rao
PVR TECHNOLOGIES 8143271457
8. 2168-7161 (c) 2015 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See
http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/TCC.2015.2424882, IEEE Transactions on Cloud Computing
8
• KeyGen(MSK, S) → SK: Given set S of attributes,
this algorithm chooses t ∈ ZN randomly and out-
puts private key SK as:
SK = {(g1g3)α+at
, (g1g3)t
, {H1(x)t
}∀x∈S}
= {K, L, {Kx}∀x∈S}.
• Enc(PP, M, A = (M, ρ)) → C: Given message
M and LSSS access structure (M, ρ). Let M be a
l × n matrix and Mi denote the ith row of M. This
algorithm first chooses two random vectors −→v =
(s, y2, . . . , yn) ∈ Zn
N and −→r = (r1, . . . , rl) ∈ Zl
N . This
algorithm then calculates λi = −→v Mi, ∀i ∈ {1, . . . , l}.
In addition, this algorithm sets up one-way hash
function H(·, ·)4
with two inputs. Note that hash
function H can be any kind of one-way function and
is determined during encryption. Each transaction
may have different H. This algorithm flips two coins
b0, b1 and picks two random string t0, t1. The output
ciphertext C will be:
C = {A0, A1, B, (C1, D1), . . . , (Cl, Dl), H, t0, t1, V },
where,
Ab0 = M · e(g1g3, g1g3)αs
, A1−b0
R
←− GT ,
B = (g1g3)s
,
Ci = (g1g3)aλi
H1(ρ(i))−ri
, Di = (g1g3)ri
, i = 1 . . . l,
V = H(M, tb1 ) = H(A1−b0 · e(g1g3, g1g3)−αs
, t1−b1 ).
Access structure A is also attached to C.
• Dec(PP, SK, C) → {M, ⊥}: To decrypt ciphertext C
for access structure A = (M, ρ), this algorithm first
checks if attribute set S of SK satisfies A. Suppose
S satisfies A and let I ⊂ {1, 2, . . ., l} be defined as
I = {i : ρ(i) ∈ S}. Then this algorithm finds a set
of constants {w ∈ Zp} such that i∈I wiλi = s. This
algorithm computes M0, M1 as follows:
M{0,1} = A{0,1} · i∈I(e(Ci, L)e(Di, Kρ(i)))wi
e(B, K)
This algorithm then calculates
vi,j = H(Mi, tj), ∀i, j ∈ {0, 1}.
If vi,j is equal to V , then Mi is the true message and
is returned. Otherwise, this algorithm returns ⊥.
• OpenEnc(PP, C, M) → PE: This algorithm returns
two coins b0, b1 as proof PE.
• OpenDec(PP, SK, C, M) → PD: This algorithm di-
rectly returns SK as proof PD since this is the most
persuasive proof.
• Verify(PP, C, M, PE, PD) → {T, F}: To verify PE
and PD, this algorithm first runs Dec(PP, PD, C)
and checks if the output is equal to declared input
M. Then, this algorithm checks PE with correct
4. We use H to represent a hash function’s public information and
H(·, ·) to represent the hash operation.
coins b0, b1 derived in the decryption process. If both
requirements are satisfied, this algorithm returns T ;
otherwise, it returns F.
• DenSetup(1λ
) → (PP, MSK, PK): This algo-
rithm runs Setup(1λ
) and obtains PP. Sys-
tem public key PK is {g2g3, (g2g3)a
, e(g3, g3)α
,
e(g2g3, g2g3)α
} and system secret key MSK is
{(g1g3)α
, g1g2g3, (g1g2g3)α
}.
• DenKeyGen(MSK, S) → (SK, FK): This algo-
rithm runs KeyGen and obtains SK for S. Next,
this algorithm picks t′
∈ ZN and generates FK as
follows:
FK = {(g1g2g3)α+at′
, (g1g2g3)t′
, {H1(x)t′
}∀x∈S}
= {K′
, L′
, {K′
x}∀x∈S}.
• DenEnc(PP, PK, M, M′
, A = (M, ρ)) → C′
: This
algorithm prepares λi, ∀i ∈ {1, . . ., l} just as the Enc
algorithm does. This algorithm sets up chameleon
hash function CH(·, ·). The chameleon hash function
is determined during encryption. Note that without
the trapdoor, a chameleon hash is just a one-way
hash function. That is, a sender can claim this is
just a normal hash function without any trapdoor.
Output deniable ciphertext C′
will be:
C′
= {A′
0, A′
1, B′
, (C′
1, D′
1), . . . , (C′
l , D′
l), CH, t0, t1, V },
where,
A′
b0
= M · e(g3, g3)αs
, A′
1−b0
= M′
· e(g2g3, g2g3)αs
,
B′
= (g2g3)s
,
C′
i = (g2g3)aλi
H1(ρ(i))−ri
, D′
i = (g1g3)ri
, i = 1, . . . , l,
V = CH(M, tb1 ) = CH(M′
, t1−b1 ).
Based on the property of the chameleon hash, the
sender can easily find tb1 and t1−b1 satisfying the
above requirements.
• DenOpenEnc(PP, C′
, M′
) → P′
E: When the sender
tries to fool the coercer with the pre-determined fake
message, this algorithm returns two coins 1−b1, 1−
b2 as its proof P′
E.
• DenOpenDec(PP, SK, FK, C′
, M′
) → P′
D: This al-
gorithm directly returns FK as proof P′
D.
4.1 Correctness
In this subsection, we show the correctness of this deni-
able CP-ABE scheme. There are four cases here:
1) When using ormal key SK to decrypt normally
encrypted ciphertext C, the decryption process will
be:
i∈I (e(Ci, L)e(Di, Kρ(i)))wi
e(B, K)
= i∈I (e((g1g3)aλi
, (g1g3)t
))wi
e((g1g3)s, (g1g3)α+at)
=
e(g1g3, g1g3)at i∈I λiwi
e(g1g3, g1g3)s(α+at)
= e(g1g3, g1g3)−αs
.
For More Details Contact G.Venkat Rao
PVR TECHNOLOGIES 8143271457
9. 2168-7161 (c) 2015 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See
http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/TCC.2015.2424882, IEEE Transactions on Cloud Computing
9
With the hash function in C and V , the receiver
can derive message M.
2) When using normal key SK to decrypt deniable
ciphertext C′
, the decryption process will be:
i∈I(e(C′
i, L)e(D′
i, Kρ(i)))wi
e(B′, K)
= i∈I(e((g2g3)aλi
, (g1g3)t
))wi
e((g2g3)s, (g1g3)α+at)
=
e(g3, g3)at i∈I λiwi
e(g3, g3)s(α+at)
= e(g3, g3)−αs
.
With chameleon hash CH and V in C′
, the receiver
can derive true message M. Therefore, via the
normal key, the receiver can obtain the correct mes-
sage regardless of whether the message is normally
encrypted.
3) When using deniable key FK to decrypt deniable
ciphertext C′
, which is the case for fooling the
coercer, the decryption process will be:
i∈I(e(C′
i, L′
)e(D′
i, K′
ρ(i)))wi
e(B′, K′)
= i∈I(e((g2g3)aλi
, (g1g2g3)t
))wi
e((g2g3)s, (g1g2g3)α+at)
=
e(g2g3, g2g3)at i∈I λiwi
e(g2g3, g2g3)s(α+at)
= e(g2g3, g2g3)−αs
.
With chameleon hash CH and V in C′
, the receiver
can derive fake message M′
. Therefore, the coercer
will be convinced by M and FK.
4) When using deniable key FK to decrypt normal
ciphertext C, which is the key compatible property,
the decryption process will be:
i∈I(e(Ci, L′
)e(Di, K′
ρ(i)))wi
e(B, K′)
= i∈I(e((g1g3)aλi
, (g1g2g3)t
))wi
e((g1g3)s, (g1g2g3)α+at)
=
e(g1g3, g1g3)at i∈I λiwi
e(g1g3, g1g3)s(α+at)
= e(g1g3, g1g3)−αs
.
Therefore, correct message M will be derived from
normal ciphertext C, even though the key is deni-
able.
From the above, our scheme has two important prop-
erties. First, a user can obtain the true message with a
valid secret key, regardless of whether the ciphertext is
normally encrypted or deniably encrypted. Second, the
fake key can be used to decrypt the normally encrypted
ciphertext.
Theorem 2: Our CP-ABE system is receiver proof con-
sistent.
Proof: In our scheme, we use keys as receiver proofs
since keys are the most immediate proofs available. As
shown above, both PD and P′
D can be used to ”correctly”
decrypt these ciphertexts. By ”correctly” here, we mean
that a ciphertext can be decrypted to a meaningful
message, which may be true or a pre-determined fake
message. With PD, regardless of whether a message
is normally encrypted or deniably encrypted, the true
message can be derived. As for P′
D, the decryption
outputs are true messages when they are normally en-
crypted and are fake messages when true messages are
deniably encrypted. Therefore, anyone who can differ-
entiate between (C1, . . . , Cn, PD) and (C1, . . . , Cn, P′
D)
can also differentiate between true and pre-determined
fake messages. In other words, these two tuples are
indistinguishable.
4.2 Security Proof
To prove that our deniable encryption scheme is secure
requires this scheme to be a valid encryption scheme.
For a multi-distributional deniable encryption scheme,
it is only necessary to prove the security from the
normal algorithm set. That is, we only need to prove
the security of a scheme composed of the following four
algorithms Setup, KeyGen, Enc, and Dec. As for the
deniable algorithms, since deniable keys and ciphertexts
are indistinguishable from normal keys and ciphertexts,
which will be proved in the next subsection, deniable
algorithms will be treated as normal algorithms which
are proved to be secure. In other words, if the normal
algorithm set can form a secure scheme, but the deniable
set cannot, the security test will be a tool to distinguish
these two sets of algorithms and there will be no denia-
bility in our scheme. For proving security, we will reduce
Waters CP-ABE to our deniable ABE scheme.
Theorem 3: Our proposed CP-ABE scheme is CPA se-
cure if Waters CP-ABE is CPA secure.
Proof: Let A be an adversary that breaks the above
deniable CP-ABE scheme. We can construct algorithm
B that can break Waters CP-ABE as follows. B is given
public parameters through the Waters CP-ABE scheme’s
Setup algorithm from challenger X
PPp3 := {g3, ga3
3 , e(g3, g3)α3
},
with prime number p3, Gp3 , e(·, ·) and H1(·). For
convenience, we use the suffix to represent different sub-
groups in our proof. Algorithm B proceeds as follows.
• Setup: B first picks two different prime numbers
p1 and p2. Next, B generates group G with order
N = p1p2p3. Note that the subgroup with p3 order
in G should be the same as Gp3 . B sets up PPp1
with the Waters CP-ABE Setup algorithm from Gp1
and outputs {g1, ga1
1 , e(g1, g1)α1
}, where a1, α1 are in
Zp1 . Next, B shows
PP := {g1g3, ga1
1 ga3
3 , e(g1, g1)α1
e(g3, g3)α3
}
to A with N, GN , e(·, ·) and H1(·). Note that e(·, ·)
and H1(·) are the same with the given function
from X. Though a3 is secret and different from a1,
For More Details Contact G.Venkat Rao
PVR TECHNOLOGIES 8143271457
10. 2168-7161 (c) 2015 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See
http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/TCC.2015.2424882, IEEE Transactions on Cloud Computing
10
which comes from Zp3 and Zp1 respectively, ga1
1 ga3
3
can be treated as (g1g3)a
, where a ∈ ZN from the
Chinese remainder theorem. For the same reason,
e(g1, g1)α1
e(g3, g3)α3
can be treated as e(g1g3, g1g3)α
,
where α ∈ ZN
• Phase 1: When B receives a key generation query
for attribute set S from A, B simply relays the query
to X and obtains SKp3 = {Kp3 , Lp3 , {Kx}∀x∈S}. B
generates Kp1 , Lp1 with the same algorithm. Next,
B replies A the secret key SK as follows:
SK = {Kp1 Kp3 , Lp1 Lp3 , {Kx}∀x∈S}.
• Challenge: A outputs two messages M0, M1 with
access structure (M, ρ) to B. B directly relays M0,
M1 and (M, ρ) to X as the challenge and obtains
{M∗
·e(g3, g3)α3s3
, Bp3 , (C1,p3 , D1,p3 ), . . . , (Cl,p3 , Dl,p3 )}
from X. M∗
∈ {M0, M1} is chosen by X. B setups
a chameleon hash function CH and randomly picks
b1, b2 from {0, 1}, {r1, . . . , rl}, s1 from Zp1 . B also
calculates {λ′
1, . . . , λ′
l}. Finally, B outputs C to A as
follows:
C = {A0, A1, B, (C1, D1), . . . , (Cl, Dl), CH, t0, t1, V },
where
Ab1 = M∗
· e(g1, g1)α1s1
e(g3, g3)α3s3
, A1−b1
R
←− GN ,
B = Bp3 · gs1
1 ,
Ci = Ci,p3 · g
a1λ′
i
1 , Di = Di,p3 g
r′
i
1 , ∀i ∈ {1, . . ., l},
V = CH(M0, tb2 ) = CH(M1, t1−b2 ).
Because of the Chinese remainder theorem, A will
treat C as a ciphertext that comes from secret s ∈
ZN . Here, a chameleon hash function is used instead
of a normal hash function; however, to A, who has
no trapdoor for the chameleon hash function, the
chameleon hash function is just a normal one-way
hash function.
• Phase 2: A submits key generation queries to B and
B responds as shown in Phase 1.
• Guess: Finally, adversary A outputs guess b′
to B
and B uses b′
to reply X.
If A achieves a non-negligible advantage against the
deniable scheme from our construction, B can use the
output of A to also achieve a non-negligible advantage
against the Waters ABE scheme in the CPA model.
Combined with Theorem 1, we have the following
theorem:
Theorem 4: Our proposed CP-ABE scheme is CPA se-
cure if the q-BDHI assumption holds.
4.3 Deniability Proof
To prove the deniability of our CP-ABE scheme, we must
show (M, C, PE, PD) and (M′
, C′
, P′
E, P′
D) are indistin-
guishable. Since M,C,PE,PD are pairwise independent
because of the security property, we need only show the
indistinguishability between C and C′
, PE and P′
E, and
PD and P′
D.
Lemma 1: Under the general subgroup decision as-
sumption, normal ciphertext C and deniable ciphertext
C′
are indistinguishable.
Proof: We suppose there exists PPT attacker A who
achieves a non-negligible advantage in distinguishing
the deniable ciphertext from the normal ciphertext of
our scheme. We can create PPT algorithm B that has a
non-negligible advantage against the general subgroup
decision assumption.
B receives N = p1p2p3, g1g3, g2g3, T , where g1, g2, g3
belong to Gp1 , Gp2 , Gp3 respectively. B wants to know if
T belongs to Gp1,p3 or Gp2,p3 . B runs the DenSetup(1λ
)
algorithm and obtains PP, PK, and MSK. B then re-
leases PP to A. Note that PK is unnecessary because the
coercer should not obtain the PK information. A sends
key queries to B with attribute sets and B replies to all
queries with normal keys via the KeyGen algorithm. In
the challenge phase, B receives an encryption challenge
from A with an access structure and two messages M
and M′
. The access structure cannot be satisfied by any
attribute sets that have been queried. B flips two coins
b0, b1 and returns the following ciphertext to A:
C = {A0, A1, B, (C1, D1), . . . , (Cl, Dl), CH, t0, t1, V },
where,
Ab0 = M · e(T, g1g3)α
, A1−b0 = M′
· e(T, g2g3)α
,
B = T,
Ci = T aMi,1
H(ρ(i))−ri
, Di = (g1g3)ri
, i = 1, . . . , l,
V = CH(M, tb1 ) = CH(M′
, t1−b1 ).
Mi,1 is the first element in the ith row of M. If
T = (g1g3)s
∈ Gp1,p3 , then C is a normal ciphertext; if
T = (g2g3)s
∈ Gp2,p3 , then C is a deniable ciphertext. A
can still send key queries to B and receive normal secret
keys. Finally A answers B if the ciphertext is deniable.
If A has a non-negligible advantage over the ciphertext
decision problem, B can also have a non-negligible ad-
vantage over the subgroup decision problem.
Lemma 2: Normal encryption proof PE and deniable
encryption proof P′
E are indistinguishable.
Proof: Since the encryption proof is composed of
two random coins, PE and P′
E are indistinguishable. We
note that given ciphertext C, it is impossible to build
a PPT algorithm that can correctly find PE with a non-
negligible advantage because of the security property.
Lemma 3: Under the general subgroup decision as-
sumption, normal decryption proof PD and deniable
decryption proof P′
D are indistinguishable.
Proof: In this scheme, we use private key SK as the
decryption proof. Therefore, this lemma is equal to the
indistinguishability of SK and FK. The only difference
between SK and FK is the existence of element g2.
That is, the key decision problem is a subgroup decision
For More Details Contact G.Venkat Rao
PVR TECHNOLOGIES 8143271457
11. 2168-7161 (c) 2015 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See
http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/TCC.2015.2424882, IEEE Transactions on Cloud Computing
11
problem, which is hard according to the general sub-
group decision assumption. Therefore, PD and P′
D are
indistinguishable.
From the three lemmas above, we yield the following
conclusion:
Theorem 5: Under the general subgroup decision as-
sumption, our CP-ABE system is bi-deniable.
4.4 Decryption Errors
In section 1, we described why most deniable schemes
may cause decryption errors. Most of these schemes
claim their decryption error rates are small or negligible,
but they cannot ensure that there are no errors whatso-
ever in their schemes. In our scheme, a receiver uses
a one-way function with a signature to obtain the true
message. Both the one-way function and the signature
are generated by the sender. That is, the sender can avoid
any decryption errors in encryption.
5 DENIABLE CP-ABE CONSTRUCTION FROM
PRIME ORDER BILINEAR GROUP
In the previous section, we described how to design a
deniable CP-ABE scheme with composite order bilinear
groups for building audit-free cloud storage services.
Composite order bilinear groups have two attractive
properties, namely projecting and cancelling, defined by
Freeman in [22]. We make use of the cancelling property
for building a consistent environment; however, Free-
man also pointed out the important problem of com-
putational cost in regard to the composite order bilinear
group. The bilinear map operation of a composite order
bilinear group is much slower than the operation of a
prime order bilinear group with the same security level.
That is, in our scheme, a user will spend too much time
in decryption when accessing files on the cloud. To make
composite order bilinear group schemes more practical,
Freeman converted [25], [27], and [28] into prime order
schemes. Meiklejohn et al. showed that both projecting
and cancelling cannot be simultaneously achieved in
prime order groups in [29].
For the same reason, we use a simulating tool pro-
posed by Lewko in [23] to convert our composite order
bilinear group scheme to a prime order bilinear group
scheme. This tool is based on dual orthonormal bases
and the subspace assumption. Different subgroups are
simulated as different orthonormal bases and therefore,
by the orthogonal property, the bilinear operation will
be cancelled between different subgroups. Our formal
deniable CP-ABE construction method uses only the can-
celling property of the composite order group. Therefore,
Lewko’s tool will be suitable with our construction. The
converting process is straightforward. First, we generate
dual orthonormal bases (D, D∗
) of Zn
p , where p is the
prime order and n is the dimension. Each subgroup in
the public parameter has its own basis vector in D and
uses the relative basis vector in D∗
when generating
keys. This step is slightly different from Lewko’s sys-
tem; Lewko uses more than one basis to simulate one
subgroup because multiple key elements are combined
into one. We simply make all key elements separate and
therefore only use one basis for one subgroup. Before
explaining our construction, we present some notation
below.
• For v = (v1, . . . , vn) ∈ Zn
p and g ∈ G, we use gv
to
denote n-tuple of elements (gv1
, . . . , gvn
).
• We use en to denote the product of the componen-
twise pairings:
en(gv
, gw
) =
n
i=1
e(gvi
, gwi
) = e(g, g)v·w
.
We next describe how to simulate our scheme with
prime order bilinear groups.
• Setup(1λ
) → (PP, MSK): This algorithm generates
bilinear group G of prime order p with bilinear map
function e : G × G → GT . GT is also of order p. This
algorithm generates dual orthonormal bases (D, D∗
)
from Z3
p. Let D = (d1, d2, d3) and D∗
= (d∗
1, d∗
2, d∗
3).
We then have the following property:
di · d∗
j = 0(mod p), i = j
di · d∗
j = ψ(mod p), i = j
.
The algorithm then picks generator g ∈ G and
α, γ, a ∈ Zp. The algorithm also chooses hash
function H1 : {0, 1}∗
→ Gp. Public parameter PP
is {G, e, H1, gd1
, gad1
, gd3
, gad3
, d3, e(g, g)ψ(α+γ)
}
and system secret key MSK is
{gd∗
1 , gad∗
1 , gαd∗
1 , gd∗
3 , gad∗
3 , gγd∗
3 , d∗
3}.
• KeyGen(MSK, S) → SK: Given set S of attributes,
this algorithm chooses t ∈ Zp randomly and outputs
private key SK as:
SK =
g(α+at)d∗
1+(γ+at)d∗
3 , gt(d∗
1+d∗
3)
,
{H1(x)td∗
3 }∀x∈S
= {K, L, {Kx}∀x∈S}.
• Enc(PP, M, A = (M, ρ)) → C: Given message
M and LSSS access structure (M, ρ). Let M be a
l × n matrix and Mi denote the ith row of M.
This algorithm first chooses two random vectors
−→v = (s, y2, . . . , yn) ∈ Zn
p and −→r = (r1, . . . , rl) ∈ Zl
p.
This algorithm then calculates λi = −→v Mi, ∀i ∈
{1, . . ., l}. In addition, the algorithm sets up a one-
way hash function H(·, ·) with two inputs. Note that
hash function H can be any one-way function and
is determined during encryption. Each transaction
may have different H. This algorithm flips two coins
b0, b1 and picks two random string t0, t1. Output
ciphertext C will be:
C = {A0, A1, B, (C1, D1), . . . , (Cl, Dl), H, t0, t1, V },
For More Details Contact G.Venkat Rao
PVR TECHNOLOGIES 8143271457
12. 2168-7161 (c) 2015 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See
http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/TCC.2015.2424882, IEEE Transactions on Cloud Computing
12
where,
Ab0 = M · e(g, g)sψ(α+γ)
, A1−b0
R
←− GT ,
B = gs(d1+d3)
,
Ci = gaλi(d1+d3)
H1(ρ(i))−rid3
, i = 1 . . . l,
Di = gri(d1+d3)
, i = 1 . . . l,
V = H(M, tb1 ) = H(A1−b0 · e(g, g)−sψ(α+γ)
, t1−b1 ).
Access structure A is also attached to C.
• Dec(PP, SK, C) → {M, ⊥}: To decrypt ciphertext C
for access structure A = (M, ρ), this algorithm first
checks if attribute set S of SK satisfies A. Suppose
S satisfies A and let I ⊂ {1, 2, . . ., l} be defined as
I = {i : ρ(i) ∈ S}. Then, this algorithm finds a set
of constants {w ∈ Zp} such that i∈I wiλi = s. The
algorithm computes M0, M1 as follows:
M{0,1} = A{0,1} · i∈I(e(Ci, L)e(Di, Kρ(i)))wi
e(B, K)
This algorithm then calculates
vi,j = H(Mi, tj), ∀i, j ∈ {0, 1}.
If vi,j is equal to V , then Mi is the true message and
is returned. Otherwise, this algorithm returns ⊥.
• DenSetup(1λ
) → (PP, MSK, PK): This
algorithm runs Setup(1λ
) and obtains PP.
This algorithm randomly picks β ∈ Zp. System
public key PK is {gd2
, gad2
, e(g, g)ψγ
, e(g, g)ψβ
}
and system secret key MSK is
{gd∗
1 , gad∗
1 , gαd∗
1 , gd∗
2 , gad∗
2 , gβd∗
2 , gd∗
3 , gad∗
3 , gγd∗
3 , d∗
3}.
• DenKeyGen(MSK, S) → (SK, FK): This algo-
rithm runs KeyGen and obtains SK for S. Then,
the algorithm picks t′
∈ Zp and generates FK as
follows:
FK =
g(α+at′
)d∗
1+(β+at′
)d∗
2 +(γ+at′
)d∗
3 ,
gt′
(d∗
1+d∗
2 +d∗
3)
, {H1(x)t′
d∗
3 }∀x∈S
= {K′
, L′
, {K′
x}∀x∈S}.
• DenEnc(PP, PK, M, M′
, A = (M, ρ)) → C′
: This
algorithm prepares λi, ∀i ∈ {1, . . ., l} as the Enc
algorithm does. The algorithm sets up chameleon
hash function CH(·, ·). The chameleon hash function
is determined during encryption. Note that without
the trapdoor, a chameleon hash is just a one-way
hash function. That is, a sender can claim this is
just a normal hash function without any trapdoor.
Output deniable ciphertext C′
will be:
C′
= {A′
0, A′
1, B′
, (C′
1, D′
1), . . . , (C′
l , D′
l), CH, t0, t1, V },
where,
A′
b0
= M · e(g, g)sψγ
, A′
1−b0
= M′
· e(g, g)sψ(β+γ)
,
B′
= gs(d2+d3)
,
C′
i = gaλi(d2+d3)
H1(ρ(i))−rid3
, i = 1 . . . l,
D′
i = gri(d1+d3)
, i = 1 . . . l,
V = CH(M, tb1 ) = CH(M′
, t1−b1 ).
Based on the property of the chameleon hash, the
sender can easily find tb1 and t1−b1 to satisfy the
above requirements.
• DenOpenEnc, DenOpenDec, Verify, DenOpenEnc,
DenOpenDec are the same as our basic scheme and
therefore not described here.
By this construction, we make different bases form
different subgroups. According to Definition 5 in [23],
this approach follows the subgroup decision assumption.
Therefore, bi-deniability also holds in this construction.
6 CCA SECURE DENIABLE CP-ABE
SCHEME
In [30], Boneh et al. proved that an IND-sID-CPA se-
cure IBE scheme can be transformed into an IND-sID-
CCA secure scheme with the help of one-time signa-
ture scheme (G, Sign, Verify). The one-time signature is
used to maintain the integrity of the ciphertext. Using
the same technique, we can enhance our CPA secure
deniable CP-ABE scheme to be a CCA secure deniable
CP-ABE scheme, as demonstrated in [31]. We modify the
following algorithms for this enhancement:
• Setupcca(1λ
) → (PPcca, MSK): Aside from the orig-
inal Setup algorithm process, this algorithm addi-
tionally chooses hash function H2 : {0, 1}∗
→ Gp3
and randomly picks b ∈ ZN . This algorithm attaches
(g1g3)b
, H2 to public parameter PP from the original
Setup algorithm as PPcca.
• Enccca(PPcca, M, A) → Ccca: The sender first
runs the original Enc algorithm and obtains
C = {A0, A1, B, (C1, D1), . . . , (Cl, Dl), H, t0, t1, V }.
The sender generates B2 = (g1g3)bs
. The output Ccca
will be
Ccca =
A0, A1, B, B2,
(C1, D1), . . . , (Cl, Dl),
H, t0, t1, V, V2
,
where
V2 = H2
A0, A1, B, B2, (C1, D1), . . . ,
(Cl, Dl), H, t0, t1, V
s
.
• Deccca(PPcca, SK, Ccca) → M: The receiver first ver-
ifies the following two equations:
e(B, (g1g3)b
) =?
e(B2, g1g3),
V3 = H2
A0, A1, B, B2, (C1, D1), . . . ,
(Cl, Dl), H, t0, t1, V
,
e(V3, B2) =?
e(V2, (g1g3)b
).
If the above two equations do not hold, this al-
gorithm returns ⊥. Otherwise, we proceed as the
original algorithm.
• DenSetupcca(1λ
) → (PPcca, MSK, PKcca): This al-
gorithm executes Setupcca and obtains PPcca, MSK.
The algorithm also generates (g2g3)b
. PKcca is PK,
which is derived from DenSetup, and (g2g3)b
.
For More Details Contact G.Venkat Rao
PVR TECHNOLOGIES 8143271457
13. 2168-7161 (c) 2015 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See
http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/TCC.2015.2424882, IEEE Transactions on Cloud Computing
13
• DenEnccca(PPcca, PKcca, M, M′
, A) → C′
cca:
The sender first runs the original
DenEnc algorithm and obtains C′
=
{A′
0, A′
1, B′
, (C′
1, D′
1), . . . , (C′
l , D′
l), CH, t0, t1, V }.
The sender generates B′
2 = (g2g3)bs
. The output
Ccca will be
C′
cca =
A′
0, A′
1, B′
, B′
2,
(C′
1, D′
1), . . . , (C′
l , D′
l),
CH, t0, t1, V, V2
,
where
V2 = H2
A′
0, A′
1, B′
, B′
2, (C′
1, D′
1), . . . ,
(C′
l, D′
l), CH, t0, t1, V
s
.
Theorem 6: Our enhanced scheme is CCA secure if our
basic scheme is CPA secure.
Proof: The difference between the CPA and CCA
models is that CCA allows the existence of a decryption
oracle. Therefore, we focus here on how to answer
the adversary’s decryption queries. When receiving a
decryption query, the oracle proceeds as follows:
1) If e(B, (g1g3)b
) = e(B2, g1g3) and e(V3, B2) =
e(V2, (g1g3)b
) do not hold, return ⊥.
2) In phase 2, if both equations hold and the queried
ciphertext is the same as the challenged ciphertext,
return ⊥.
3) The oracle generates SK for a set S that can
satisfy the access structure in the ciphertext and
decrypt the ciphertext. Then, the oracle returns the
decryption result.
From theorem 4 and theorem 6, we have the following
conclusion:
Theorem 7: Our enhanced scheme is CCA secure if the
q-BDHI assumption holds.
7 PERFORMANCE EVALUATION
In this section, we evaluate the performance of our idea
by implementing two deniable schemes: the composite
order scheme and the prime order simulation scheme.
We compare them with the Waters scheme [4]. We use
the Pairing Based Cryptography (PBC) library for cryp-
tographic operations. We use type A1 pairing because
this type of pairing can support both prime order and
composite order groups. In our experiment, we set the
size of each prime to 512 bits, which is equal to 256
bits of security [32]. Under this setting, the composite
group order size is 1536 bits. However, when considering
security, the composite order scheme with a group size
of 1536 bits is equal to the prime order scheme with
a group size of 512 bits. This is because a message is
encrypted in one subgroup whose group size is 512 bits.
Our experiments focus on encryption and decryption
performance. The Setup and KeyGen performance are
skipped because these two algorithms are not time crit-
ical. The four Open algorithms are low-cost algorithms
Fig. 1. Encryption benchmark.
Fig. 2. Decryption benchmark.
because these algorithms only return existing informa-
tion. The cost of Verify algorithm is equal to that of Dec.
Note that we do not distinguish deniable encryption
from normal encryption; their numbers of arithmetic op-
erations and pairing operations are equal, and therefore
the normal one and the deniable one will have similar
performance. In our design, the encryption cost and the
decryption cost depend on required attribute numbers.
For convenience, we make all attributes mandatory as
our cryptographic policy. We run the experiments with
different attribute numbers, from 10 to 1000. Our exper-
iments focus on one block encryption/decryption. Each
block is set to 128 bytes because PBC reads around 130
bytes to generate a GT element when the group size is
512 bits5
. A large file can be divided into multiple blocks,
and all blocks can be protected by one secret s. Because
GT multiplication and H are lightweight operations,
we use one-block encryption/decryption to evaluate the
performance. The experiments are tested on a virtual
machine with 3.47 GHz CPU and 8 GB memory.
Figures 1 and 2 show the experiment results. As we
can see, encryption time and decryption time grow lin-
early over the attribute number in all three schemes. The
composite order scheme is undoubtedly the most time-
consuming scheme; its performance is almost unaccept-
able for practical applications. The reason for this poor
5. In the composite order scheme, the group size is 1536 bits and
PBC reads around 388 bytes to generate a GT element. For simplicity,
our experiments fix a block size to 128 bytes in three schemes.
For More Details Contact G.Venkat Rao
PVR TECHNOLOGIES 8143271457
14. 2168-7161 (c) 2015 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See
http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/TCC.2015.2424882, IEEE Transactions on Cloud Computing
14
performance is that all arithmetic and pairing operations
are executed in a group much larger than those for the
other two schemes. As for the prime order simulation
scheme, it takes little time to get the deniability feature
from the Waters scheme and therefore, the prime order
simulation scheme is suitable to be distributed to cloud
storage services for the deniability feature.
8 CONCLUSIONS
In this work, we proposed a deniable CP-ABE scheme to
build an audit-free cloud storage service. The deniability
feature makes coercion invalid, and the ABE property
ensures secure cloud data sharing with a fine-grained ac-
cess control mechanism. Our proposed scheme provides
a possible way to fight against immoral interference with
the right of privacy. We hope more schemes can be
created to protect cloud user privacy.
REFERENCES
[1] A. Sahai and B. Waters, “Fuzzy identity-based encryption,” in
Eurocrypt, 2005, pp. 457–473.
[2] V. Goyal, O. Pandey, A. Sahai, and B. Waters, “Attribute-based
encryption for fine-grained access control of encrypted data,” in
ACM Conference on Computer and Communications Security, 2006,
pp. 89–98.
[3] J. Bethencourt, A. Sahai, and B. Waters, “Ciphertext-policy
attribute-based encryption,” in IEEE Symposium on Security and
Privacy, 2007, pp. 321–334.
[4] B. Waters, “Ciphertext-policy attribute-based encryption: An ex-
pressive, efficient, and provably secure realization,” in Public Key
Cryptography, 2011, pp. 53–70.
[5] A. Sahai, H. Seyalioglu, and B. Waters, “Dynamic credentials and
ciphertext delegation for attribute-based encryption,” in Crypto,
2012, pp. 199–217.
[6] S. Hohenberger and B. Waters, “Attribute-based encryption with
fast decryption,” in Public Key Cryptography, 2013, pp. 162–179.
[7] P. K. Tysowski and M. A. Hasan, “Hybrid attribute- and re-
encryption-based key management for secure and scalable mobile
applications in clouds.” IEEE T. Cloud Computing, pp. 172–186,
2013.
[8] Wired. (2014) Spam suspect uses google docs; fbi happy. [Online].
Available: http://www.wired.com/2010/04/cloud-warrant/
[9] Wikipedia. (2014) Global surveillance disclosures (2013present).
[Online]. Available: http://en.wikipedia.org/wiki/Global
surveillance disclosures (2013-present)
[10] ——. (2014) Edward snowden. [Online]. Available: http://en.
wikipedia.org/wiki/Edward Snowden
[11] ——. (2014) Lavabit. [Online]. Available: http://en.wikipedia.
org/wiki/Lavabit
[12] R. Canetti, C. Dwork, M. Naor, and R. Ostrovsky, “Deniable
encryption,” in Crypto, 1997, pp. 90–104.
[13] A. B. Lewko, T. Okamoto, A. Sahai, K. Takashima, and B. Waters,
“Fully secure functional encryption: Attribute-based encryption
and (hierarchical) inner product encryption,” in Eurocrypt, 2010,
pp. 62–91.
[14] N. Attrapadung, J. Herranz, F. Laguillaumie, B. Libert,
E. de Panafieu, and C. R`afols, “Attribute-based encryption
schemes with constant-size ciphertexts,” Theor. Comput. Sci., vol.
422, pp. 15–38, 2012.
[15] M. D¨urmuth and D. M. Freeman, “Deniable encryption with
negligible detection probability: An interactive construction,” in
Eurocrypt, 2011, pp. 610–626.
[16] A. O’Neill, C. Peikert, and B. Waters, “Bi-deniable public-key
encryption,” in Crypto, 2011, pp. 525–542.
[17] P. Gasti, G. Ateniese, and M. Blanton, “Deniable cloud storage:
sharing files via public-key deniability,” in WPES, 2010, pp. 31–
42.
[18] M. Klonowski, P. Kubiak, and M. Kutylowski, “Practical deniable
encryption,” in SOFSEM, 2008, pp. 599–609.
[19] M. H. Ibrahim, “A method for obtaining deniable public-key
encryption,” I. J. Network Security, vol. 8, no. 1, pp. 1–9, 2009.
[20] J. B. Nielsen, “Separating random oracle proofs from complexity
theoretic proofs: The non-committing encryption case,” in Crypto,
2002, pp. 111–126.
[21] R. Bendlin, J. B. Nielsen, P. S. Nordholt, and C. Orlandi, “Lower
and upper bounds for deniable public-key encryption,” Cryp-
tology ePrint Archive, Report 2011/046, 2011, http://eprint.iacr.
org/.
[22] D. M. Freeman, “Converting pairing-based cryptosystems from
composite-order groups to prime-order groups,” in Eurocrypt,
2010, pp. 44–61.
[23] A. B. Lewko, “Tools for simulating features of composite order
bilinear groups in the prime order setting,” in Eurocrypt, 2012,
pp. 318–335.
[24] A. Beimel, “Secure schemes for secret sharing and key distribu-
tion,” Ph.D. dissertation, Israel Institute of technology, 1996.
[25] D. Boneh, E.-J. Goh, and K. Nissim, “Evaluating 2-dnf formulas
on ciphertexts,” in TCC, 2005, pp. 325–341.
[26] H. Krawczyk and T. Rabin, “Chameleon signatures,” in NDSS,
2000.
[27] D. Boneh, A. Sahai, and B. Waters, “Fully collusion resistant traitor
tracing with short ciphertexts and private keys,” in Eurocrypt,
2006, pp. 573–592.
[28] J. Katz, A. Sahai, and B. Waters, “Predicate encryption support-
ing disjunctions, polynomial equations, and inner products,” in
Eurocrypt, 2008, pp. 146–162.
[29] S. Meiklejohn, H. Shacham, and D. M. Freeman, “Limitations on
transformations from composite-order to prime-order groups: The
case of round-optimal blind signatures,” in Asiacrypt, 2010, pp.
519–538.
[30] D. Boneh, R. Canetti, S. Halevi, and J. Katz, “Chosen-ciphertext se-
curity from identity-based encryption,” SIAM J. Comput., vol. 36,
no. 5, pp. 1301–1328, 2007.
[31] K. Liang, L. Fang, D. S. Wong, and W. Susilo, “A ciphertext-
policy attribute-based proxy re-encryption with chosen-ciphertext
security,” IACR Cryptology ePrint Archive, vol. 2013, p. 236, 2013.
[32] E. Barker, W. Barker, W. Burr, W. Polk, and M. Smid, “Recommen-
dation for key management: Part 1: General (revision 3),” NIST,
Tech. Rep., 2012.
Po-Wen Chi received his B.S. and M.S. in Elec-
trical Engineering from National Taiwan Univer-
sity in 2003 and 2005. He is currently a Ph.D.
candidate in the Department of Electrical En-
gineering at National Taiwan University. His re-
search interests include network security, ap-
plied cryptography, software-defined networking,
and telecommunications.
Chin-Laung Lei received the B.S. degree in
Electrical Engineering from the National Taiwan
University, Taipei, in 1980 and the Ph.D. degree
in computer science from the University of Texas
at Austin in 1986. From 1986 to 1988, he was
an assistant professor in the Computer and In-
formation Science Department, Ohio State Uni-
versity, Columbus. In 1988, he joined the fac-
ulty of the Department of Electrical Engineering,
National Taiwan University, where he is now a
professor. He is a cowinner of the first IEEE LICS
test-of-time award, and has published more than 250 technical articles
in scientific journals and conference proceedings. His current research
interests include network security, cloud computing, and multimedia
QoE management.
For More Details Contact G.Venkat Rao
PVR TECHNOLOGIES 8143271457