Biblio

Attribute-based encryption (ABE) is an access control mechanism where a sender encrypts messages according to an attribute set for multiple receivers. With fine-grained access control, it has been widely applied to cloud storage and file sharing systems. In such a mechanism, it is a challenge to achieve the revocation efficiently on a specific user since different users may share common attributes. Thus, dynamic membership is a critical issue to discuss. On the other hand, most works on LSSS-based ABE do not address the situation about threshold on the access structure, and it lowers the diversity of access policies. This manuscript presents an efficient attribute-based encryption scheme with dynamic membership by using LSSS. The proposed scheme can implement threshold gates in the access structure. Furthermore, it is the first ABE supporting complete dynamic membership that achieves the CCA security in the standard model, i.e. without the assumption of random oracles.

In 2008, 3GPP proposed the Long Term Evolution (LTE) in version 8. The standard is used in high-speed wireless communication standard for mobile terminal in telecommunication. It supports subscribers to access internet via specific base station after authentication. These authentication processes were defined in standard TS33.401 and TS33.102 by 3GPP. Authenticated processing standard inherits the authentication and key agreement protocol in RFC3310 and has been changed into authenticated scheme suitable for LTE. In the origin LTE authenticated scheme, subscribers need to transfer its International Mobile Subscriber Identity (IMSI) with plaintext. The IMSI might be intercepted and traced by fake stations. In this work, we propose a new scheme with a pseudo IMSI so that fake stations cannot get the real IMSI and trace the subscriber. The subscriber can keep anonymous and be confirmed by the base station for the legality. The pseudo identity is unlinkable to the subscriber. Not only does the proposed scheme enhance the security but also it just has some extra costs for signature generation and verification as compared to the original scheme.

Named data network (NDN) is one of the most promising information-centric networking architectures, where the core concept is to focus on the named data (or contents) themselves. Users in NDN can easily send a request packet to get the desired content regardless of its address. The routers in NDN have cache functionality to make the users instantly retrieve the desired file. Thus, the user can immediately get the desired file from the nearby nodes instead of the remote host. Nevertheless, NDN is a novel proposal and there are still some open issues to be resolved. In view of previous research, it is a challenge to achieve access control on a specific user and support potential receivers simultaneously. In order to solve it, we present a fine-grained access control mechanism tailored for NDN, supporting data confidentiality, potential receivers, and mobility. Compared to previous works, this is the first to support fine-grained access control and potential receivers. Furthermore, the proposed scheme achieves provable security under the DBDH assumption.

Due to users' network flow requirement and usage amount nowadays, TCP/IP networks may face various problems. For one, users of video services may access simultaneously the same content, which leads to the host incurring extra costs. Second, although nearby nodes may have the file that a user wants to access, the user cannot directly verify the file itself. This issue will lead the user to connect to a remote host rather than the nearby nodes and causes the network traffic to greatly increase. Therefore, the named data network (NDN), which is based on data itself, was brought about to deal with the aforementioned problems. In NDN, all users can access a file from the nearby nodes, and they can directly verify the file themselves rather than the specific host who holds the file. However, NDN still has no complete standard and secure file transfer protocol to support the ciphertext transmission and the problem of the unknown potential receivers. The straightforward solution is that a sender uses the receiver's public key to encrypt a file before she/he sends the file to NDN nodes. However, it will limit the behavior of users and incur significant storage costs of NDN nodes. This paper presents a complete secure file transfer protocol, which combines the data re-encryption, satisfies the requirement of secure ciphertext transmission, solves the problem of the unknown potential receivers, and saves the significant storage costs of NDN nodes. The proposed protocol is the first one that achieves data confidentiality and solves the problem of the unknown potential receivers in NDN. Finally, we also provide formal security models and proofs for the proposed FTP-NDN.

Cloud computing undoubtedly is the most unparalleled technique in rapidly developing industries. Protecting sensitive files stored in the clouds from being accessed by malicious attackers is essential to the success of the clouds. In proxy re-encryption schemes, users delegate their encrypted files to other users by using re-encryption keys, which elegantly transfers the users' burden to the cloud servers. Moreover, one can adopt conditional proxy re-encryption schemes to employ their access control policy on the files to be shared. However, we recognize that the size of re-encryption keys will grow linearly with the number of the condition values, which may be impractical in low computational devices. In this paper, we combine a key-aggregate approach and a proxy re-encryption scheme into a key-aggregate proxy re-encryption scheme. It is worth mentioning that the proposed scheme is the first key-aggregate proxy re-encryption scheme. As a side note, the size of re-encryption keys is constant.

In IoT environments, the user may have many devices to connect each other and share the data. Also, the device will not have the powerful computation and storage ability. Many studies have focused on the lightweight authentication between the cloud server and the client in this environment. They can use the cloud server to help sensors or proxies to finish the authentication. But in the client side, how to create the group session key without the cloud capability is the most important issue in IoT environments. The most popular application network of IoT environments is the wireless body area network (WBAN). In WBAN, the proxy usually needs to control and monitor user's health data transmitted from the sensors. In this situation, the group authentication and group session key generation is needed. In this paper, in order to provide an efficient and robust group authentication and group session key generation in the client side of IoT environments, we propose a lightweight authentication scheme with dynamic group members in IoT environments. Our proposed scheme can satisfy the properties including the flexible generation of shared group keys, the dynamic participation, the active revocation, the low communication and computation cost, and no time synchronization problem. Also our scheme can achieve the security requirements including the mutual authentication, the group session key agreement, and prevent all various well-known attacks.