An Efficient Certificateless Encryption for Secure Data Sharing in Public Clouds

Seung Hyun Seo, Mohamed Nabeel, Xiaoyu Ding, Elisa Bertino

Research output: Contribution to journalArticle

60 Citations (Scopus)

Abstract

We propose a mediated certificateless encryption scheme without pairing operations for securely sharing sensitive information in public clouds. Mediated certificateless public key encryption (mCL-PKE) solves the key escrow problem in identity based encryption and certificate revocation problem in public key cryptography. However, existing mCL-PKE schemes are either inefficient because of the use of expensive pairing operations or vulnerable against partial decryption attacks. In order to address the performance and security issues, in this paper, we first propose a mCL-PKE scheme without using pairing operations. We apply our mCL-PKE scheme to construct a practical solution to the problem of sharing sensitive information in public clouds. The cloud is employed as a secure storage as well as a key generation center. In our system, the data owner encrypts the sensitive data using the cloud generated users' public keys based on its access control policies and uploads the encrypted data to the cloud. Upon successful authorization, the cloud partially decrypts the encrypted data for the users. The users subsequently fully decrypt the partially decrypted data using their private keys. The confidentiality of the content and the keys is preserved with respect to the cloud, because the cloud cannot fully decrypt the information. We also propose an extension to the above approach to improve the efficiency of encryption at the data owner. We implement our mCL-PKE scheme and the overall cloud based system, and evaluate its security and performance. Our results show that our schemes are efficient and practical.

Original languageEnglish
Article number6574849
Pages (from-to)2107-2119
Number of pages13
JournalIEEE Transactions on Knowledge and Data Engineering
Volume26
Issue number9
DOIs
Publication statusPublished - 1 Sep 2014
Externally publishedYes

Fingerprint

Cryptography
Public key cryptography
Access control

Keywords

  • Data encryption
  • Public key cryptosystems

ASJC Scopus subject areas

  • Information Systems
  • Computer Science Applications
  • Computational Theory and Mathematics

Cite this

An Efficient Certificateless Encryption for Secure Data Sharing in Public Clouds. / Seo, Seung Hyun; Nabeel, Mohamed; Ding, Xiaoyu; Bertino, Elisa.

In: IEEE Transactions on Knowledge and Data Engineering, Vol. 26, No. 9, 6574849, 01.09.2014, p. 2107-2119.

Research output: Contribution to journalArticle

@article{711f4a8a865f43ff90761bb6bb16b4fe,
title = "An Efficient Certificateless Encryption for Secure Data Sharing in Public Clouds",
abstract = "We propose a mediated certificateless encryption scheme without pairing operations for securely sharing sensitive information in public clouds. Mediated certificateless public key encryption (mCL-PKE) solves the key escrow problem in identity based encryption and certificate revocation problem in public key cryptography. However, existing mCL-PKE schemes are either inefficient because of the use of expensive pairing operations or vulnerable against partial decryption attacks. In order to address the performance and security issues, in this paper, we first propose a mCL-PKE scheme without using pairing operations. We apply our mCL-PKE scheme to construct a practical solution to the problem of sharing sensitive information in public clouds. The cloud is employed as a secure storage as well as a key generation center. In our system, the data owner encrypts the sensitive data using the cloud generated users' public keys based on its access control policies and uploads the encrypted data to the cloud. Upon successful authorization, the cloud partially decrypts the encrypted data for the users. The users subsequently fully decrypt the partially decrypted data using their private keys. The confidentiality of the content and the keys is preserved with respect to the cloud, because the cloud cannot fully decrypt the information. We also propose an extension to the above approach to improve the efficiency of encryption at the data owner. We implement our mCL-PKE scheme and the overall cloud based system, and evaluate its security and performance. Our results show that our schemes are efficient and practical.",
keywords = "Data encryption, Public key cryptosystems",
author = "Seo, {Seung Hyun} and Mohamed Nabeel and Xiaoyu Ding and Elisa Bertino",
year = "2014",
month = "9",
day = "1",
doi = "10.1109/TKDE.2013.138",
language = "English",
volume = "26",
pages = "2107--2119",
journal = "IEEE Transactions on Knowledge and Data Engineering",
issn = "1041-4347",
publisher = "IEEE Computer Society",
number = "9",

}

TY - JOUR

T1 - An Efficient Certificateless Encryption for Secure Data Sharing in Public Clouds

AU - Seo, Seung Hyun

AU - Nabeel, Mohamed

AU - Ding, Xiaoyu

AU - Bertino, Elisa

PY - 2014/9/1

Y1 - 2014/9/1

N2 - We propose a mediated certificateless encryption scheme without pairing operations for securely sharing sensitive information in public clouds. Mediated certificateless public key encryption (mCL-PKE) solves the key escrow problem in identity based encryption and certificate revocation problem in public key cryptography. However, existing mCL-PKE schemes are either inefficient because of the use of expensive pairing operations or vulnerable against partial decryption attacks. In order to address the performance and security issues, in this paper, we first propose a mCL-PKE scheme without using pairing operations. We apply our mCL-PKE scheme to construct a practical solution to the problem of sharing sensitive information in public clouds. The cloud is employed as a secure storage as well as a key generation center. In our system, the data owner encrypts the sensitive data using the cloud generated users' public keys based on its access control policies and uploads the encrypted data to the cloud. Upon successful authorization, the cloud partially decrypts the encrypted data for the users. The users subsequently fully decrypt the partially decrypted data using their private keys. The confidentiality of the content and the keys is preserved with respect to the cloud, because the cloud cannot fully decrypt the information. We also propose an extension to the above approach to improve the efficiency of encryption at the data owner. We implement our mCL-PKE scheme and the overall cloud based system, and evaluate its security and performance. Our results show that our schemes are efficient and practical.

AB - We propose a mediated certificateless encryption scheme without pairing operations for securely sharing sensitive information in public clouds. Mediated certificateless public key encryption (mCL-PKE) solves the key escrow problem in identity based encryption and certificate revocation problem in public key cryptography. However, existing mCL-PKE schemes are either inefficient because of the use of expensive pairing operations or vulnerable against partial decryption attacks. In order to address the performance and security issues, in this paper, we first propose a mCL-PKE scheme without using pairing operations. We apply our mCL-PKE scheme to construct a practical solution to the problem of sharing sensitive information in public clouds. The cloud is employed as a secure storage as well as a key generation center. In our system, the data owner encrypts the sensitive data using the cloud generated users' public keys based on its access control policies and uploads the encrypted data to the cloud. Upon successful authorization, the cloud partially decrypts the encrypted data for the users. The users subsequently fully decrypt the partially decrypted data using their private keys. The confidentiality of the content and the keys is preserved with respect to the cloud, because the cloud cannot fully decrypt the information. We also propose an extension to the above approach to improve the efficiency of encryption at the data owner. We implement our mCL-PKE scheme and the overall cloud based system, and evaluate its security and performance. Our results show that our schemes are efficient and practical.

KW - Data encryption

KW - Public key cryptosystems

UR - http://www.scopus.com/inward/record.url?scp=84959540048&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84959540048&partnerID=8YFLogxK

U2 - 10.1109/TKDE.2013.138

DO - 10.1109/TKDE.2013.138

M3 - Article

AN - SCOPUS:84959540048

VL - 26

SP - 2107

EP - 2119

JO - IEEE Transactions on Knowledge and Data Engineering

JF - IEEE Transactions on Knowledge and Data Engineering

SN - 1041-4347

IS - 9

M1 - 6574849

ER -