Time filter

Source Type

He S.,Beihang University | He S.,Xidian University | He S.,Chinese Academy of Sciences | Wu Q.,Beihang University | And 9 more authors.
Concurrency Computation | Year: 2016

It is challenging to secure group communications among large-scale networks due to their network scale. We observe that in many large-scale networks, the scale of actual group communication is nevertheless predicable and not very large. For instance, although the entire social network (e.g., Facebook) may have billions of users, the members in a concrete group are usually about tens to hundreds. We manage to secure group communication in such scenarios with efficient group management protocols. Technically, we achieve this goal by using a novel dual-ring approach in which two rings of nodes are established, one active and one dummy. When some nodes leave, the remaining nodes can replace these nodes with dummy nodes, minimizing the required communications and computations after the protocol is set up and thus providing significant advantage over existing group key management protocols. Formal security arguments show that our protocols are secure under standard computational assumptions. Thorough analysis confirms that our protocols are efficient in computation and communication. Copyright © 2015 John Wiley & Sons, Ltd.

Liu W.,Beihang University | Liu X.,Beihang University | Liu J.,Beihang University | Wu Q.,Beihang University | And 2 more authors.
Proceedings - 2015 IEEE 17th International Conference on High Performance Computing and Communications, 2015 IEEE 7th International Symposium on Cyberspace Safety and Security and 2015 IEEE 12th International Conference on Embedded Software and Systems, HPCC-CSS-ICESS 2015 | Year: 2015

Electronic Health Record (EHR) systems have an abundance of convenience for telediagnosis, medical data sharing and management. The main obstacle for wide adoption of EHR systems is due to the privacy concerns of patients. In this work, we propose a role-based access control (RBAC) scheme for EHR systems to secure private EHRs. In our RBAC, there are two main types of roles, namely independent patients and hierarchically organized medical staff. A patient is identified by his/her identity, and a medical staff is recognized by his/her role in the medical institute. A user can comprehend an EHR only if he/she satisfies the access policy associated with this EHR, which implies a fine-grained access control. A public auditor is employed to verify whether the EHR is correctly encapsulated with the specified access policy, which provides an a priori approach to find fraudulent EHRs and prevent potential medical disputes. Moreover, our RBAC enforces a forward revocation mechanism. A revoked user cannot access to the future EHRs even if his/her previous role satisfies the access policy. We analyse the security and efficiency of our RBAC, showing that it is an practical solution to secure EHRs. © 2015 IEEE.

Liu W.,Beihang University | Liu W.,Xidian University | Liu J.,Beihang University | Liu J.,Aerospace Hengxing Science and Technology Co. | And 4 more authors.
International Journal of Information Security | Year: 2015

We focus on practical Hierarchical Identity-Based Broadcast Encryption (HIBBE) with semantic security against adaptively chosen-ciphertext attacks (CCA2) in the standard model. We achieve this goal in two steps. First, we propose a new HIBBE scheme that is secure against chosen-plaintext attacks (CPA). Compared with the existing HIBBE scheme that is built from composite-order bilinear groups, our construction is based on prime-order bilinear groups. The much better efficiency of group operations in prime-order bilinear groups makes our proposed HIBBE scheme more practical. Then, we convert it into a CCA2-secure scheme at the cost of a one-time signature. Instead of extending one user hierarchy in the Canetti–Halevi–Katz approach from CPA-secure ((Formula presented.))-Hierarchical Identity-Based Encryption [((Formula presented.))-HIBE] to CCA2-secure (Formula presented.)-HIBE, our construction merely adds one on-the-fly dummy user in the basic scheme. We formally prove the security of these two schemes in the standard model. Comprehensive theoretical analyses and experimental results demonstrate that the proposed HIBBE schemes achieve desirable performance. © 2015 Springer-Verlag Berlin Heidelberg

Zhou Y.,Beihang University | Zhou Y.,Xidian University | Deng H.,Wuhan University | Wu Q.,Beihang University | And 6 more authors.
Future Generation Computer Systems | Year: 2015

Proxy re-encryption (PRE) enables an authorized proxy to convert a ciphertext under Alice's public key into a ciphertext under Bob's public key without exposing the encrypted message. In existing PRE systems, the original ciphertexts and the re-encrypted ones are both required to be in the same cryptosystem, which limits their applications in cloud computing systems. In this paper, we propose a new proxy re-encryption pattern, referred to as an identity-based proxy re-encryption version 2 (IBPRE2). It allows an authorized proxy to convert a ciphertext of an identity-based broadcast encryption (IBBE) scheme into a ciphertext of an identity-based encryption (IBE) scheme. With IBPRE2, one can take advantage of IBBE to securely share data with a set of recipients, and then incorporate an additional one into the authorized set through the re-encryption mechanism, without decrypting the IBBE ciphertext nor leaking any sensitive information. We formalize the security requirements in IBPRE2 and propose a provably CCA-secure scheme. The unique feature of ciphertext transformation from a complicated cryptosystem to a simple one makes our IBPRE2 a versatile cryptographic tool to secure outsourced data in cloud computing. © 2015 Elsevier B.V.

Loading Aerospace Hengxing Science and Technology Co. collaborators
Loading Aerospace Hengxing Science and Technology Co. collaborators