Phase 6 2 1 Keygen Generator
AbstractDue to the rapid development of new technologies such as cloud computing, Internet of Things (IoT), and mobile Internet, the data volumes are exploding. Particularly, in the industrial field, a large amount of data is generated every day. How to manage and use industrial Big Data primely is a thorny challenge for every industrial enterprise manager.
As an emerging form of service, cloud computing technology provides a good solution. It receives more and more attention and support due to its flexible configuration, on-demand purchase, and easy maintenance. Using cloud technology, enterprises get rid of the heavy data management work and concentrate on their main business. Although cloud technology has many advantages, there are still many problems in terms of security and privacy.
To protect the confidentiality of the data, the mainstream solution is encrypting data before uploading. In order to achieve flexible access control to encrypted data, attribute-based encryption (ABE) is an outstanding candidate. At present, more and more applications are using ABE to ensure data security. However, the privacy protection issues during the key generation phase are not considered in the current ABE systems. That is to say, the key generation center (KGC) knows both of attributes and corresponding keys of each user. This problem is especially serious in the industrial big data scenario, because it will cause great damage to the business secrets of industrial enterprises.
In this paper, we design a new ABE scheme that protects user’s privacy during key issuing. In our new scheme, we separate the functionality of attribute auditing and key generating to ensure that the KGC cannot know user’s attributes and that the attribute auditing center (AAC) cannot obtain the user’s secret key. This is ideal for many privacy-sensitive scenarios, such as industrial big data scenario. IntroductionDue to the rapid development of new technologies such as cloud computing, Internet of Things (IoT), and mobile Internet, the data volumes are exploding, and we have truly entered the era of “Big Data.” Big Data technology has been focused and applied to almost every industry, retail, healthcare, financial services, government, and so on. Particularly, in the field of industrial production, a large amount of data is generated every day, and it includes business data from information systems, machine data from industrial IoT systems, and some other data from related websites, etc. For a manufacturing enterprise, Big Data can not only be used to improve the efficiency of the business, but more importantly change the manufacturing process and business model.
Industrial Big Data is the core of intelligent manufacturing and industrial IoT and provides the most favorable support for the development of Industry 4.0. How to manage and use industrial Big Data efficiently is a great challenge for every enterprise manager.Cloud computing technology can provide better solutions to the above challenge. Using cloud technology, enterprises get rid of the heavy data management work and concentrate on their main business. Nowadays, large cloud service providers, such as Amazon, Microsoft, IBM, etc., have launched industrial cloud platforms, and more and more industrial enterprises migrate their data to these platforms. However, hosting data to third-party platforms will create new problems, because the security and privacy of the data have to depend on the credibility of the third-party. For businesses, the biggest concern is the confidentiality of industrial data.
The main solution to this problem is to use encrypting methods to protect data before uploading it. However, traditional symmetric and asymmetric encryption schemes are not appropriate for providing fine-grained access control. Therefore, the above problems have brought new challenges to data encryption, and numerous studies have focused on these issues –.Among various solutions, attribute-based encryption (ABE) has become an excellent candidate because of its ability to provide data confidentiality and fine-grained access control for cloud storage. Currently, more and more industrial enterprises are using ABE.
In an industrial alliance, enterprises can share encrypted data based on the attributes. Only those enterprises whose attributes meet the access policy can decrypt the encrypted data. Although much research has been done on ABE –, there are still some problems that have not been solved well. The current ABE systems do not consider privacy protection during the key generation phase. That is to say, the key generation center (KGC) knows the attributes and corresponding keys of each user in this system. This causes great damage to the user’s privacy and data confidentiality.
Particularly, in the application scenarios of industrial big data, the attributes of enterprise users may be related to the business secrets of enterprises. Our ContributionIn order to solve the privacy protection problem in key generation phase, we propose a new ABE system, in which we separate the functionality of attribute auditing and key extracting to ensure that the KGC does not know the specific attributes of the user and that the attribute auditing center (AAC) does not obtain the user’s key. In this system, when user applies its private key, it authenticates its attributes to AAC first and gets a blind token, which only certificates its attributes blindly and reveals nothing about specific attributes. The user presents the blind token to the KGC to obtain the corresponding blind key, from which user can extract the final private key.
During this process, no information about the user’s attributes is leaked to the KGC, and no information about the private key is leaked to the AAC. We implicitly use the oblivious transfer (OT) protocol to solve this problem. This protects the user’s privacy during key generation phase.Our ABE is suitable for privacy sensitive scenarios. Particularly, in the encryption system of industrial cloud, the attributes often involve business secrets of industrial enterprises. KGC, as a technology department, should not know these types of secret information.
Therefore, we expressly introduce an application of our new scheme in the industrial cloud. Related Work 1.2.1. Attribute-Based EncryptionAttribute-based encryption is a one-to-many public key encryption. Only the user, whose attributes satisfy the access policy set by the encryptor, can decrypt the ciphertext. This concept originates from identity-based encryption.
In 2005, Sahai and Waters proposed the concept of fuzzy identity encryption, which became a precedent for attribute-based encryption. In 2006, Goyal et al. first proposed the formal definition of attribute-based encryption (ABE), which classifies as key-policy ABE (KP-ABE) and ciphertext-policy ABE (CP-ABE).
They also constructed the first KP-ABE scheme. In the next year, Bethencourt et al. gave the CP-ABE construction for the first time. In a CP-ABE scheme, the encryptor sets an access policy in the ciphertext to determine which kind of users can decrypt the data.
This is very consistent with the security requirements of cloud storage. In recent years, more and more researches focus on CP-ABE –. However, none of the aforementioned works deals with privacy protection problem in the key generation phase. Oblivious TransferThe concept of oblivious transfer (OT) is originally proposed by Rabin in 1981, and then it became an important basic primitive in the field of cryptography. In an OT protocol, the sender delivers part of messages to the receiver and is still unaware of which parts (if any) are delivered.
In other words, a secure OT protocol must satisfy two security features: the sender cannot obtain the selection information of the receiver; the receiver cannot obtain any information about other messages except for its choice.In 1985, Even et al. presented a specific 1-out-of-2 OT protocol, in which the sender has 2 values, and receiver only gets one of them. Then, Brassard et al.
extended to. In 1998, Stern gave a generalized construction of OT protocol based on public key encryption. In 2001, Naor and Pinkas gave a 2-round protocol based on Diffie-Hellman assumption without random oracle. In the same year, Aiello et al. constructed a 2-round protocol based on homomorphic public-key encryption. In 2002, Tzeng gave an protocol with better round complexity and better communication complexity. In 2003, Ishai et al.
proposed OT extension, from which a large number of OTs can be performed using only cheap symmetric-key operations. In the past decades, OT protocol has been fully studied and widely used –. OrganizationIn Section, we introduce the preliminaries of this paper. In Section, we introduce the concept of attribute-based encryption with privacy preserving key generation (PPKG-ABE) and its security definition. In Section, we propose a specific PPKG-ABE scheme and analyze its security in Section.
In Section, we introduce the application of PPKG-ABE in industrial cloud environment for protecting the security of industrial Big Data. Preliminaries 2.1. CP-ABEIn CP-ABE system, there are three types of entities, i.e., key generation center (KGC), encryptor, and decryptor. The KGC issues secret key according to users’ attributes.
The encryptor encrypts the messages according to a designated access policy. System model.The specific process is as follows:The user shows its attributes and relevant evidence to the attribute audit center (AAC).The AAC audits the user’s attributes and returns a blind token to the user with its signature.When a user needs to obtain its attributes key, it will submit its blind token to the key generation center (KGC). The KGC cannot get any information about the user’s attributes.
It only can confirm that the user truly has related attributes.The key generation center (KGC) first checks the legitimacy of the token, and if the signature is illegal, it aborts; otherwise, it runs the key generation algorithm and outputs a blind key.The user receives the blind key from KGC and extracts the private key. SyntaxIn detail, an attribute-based encryption with privacy preserving key generation scheme (PPKG-ABE) includes seven fundamental algorithms: Setup, UserTemKeyGen, BlindTokenGen, BlindKenGen, KeyExtra, Encrypt, and Decrypt. The specific algorithms are described as follows:Setup( ): the setup algorithm is run by KGC, it inputs security parameter, and it outputs public parameters and master secret key.UserTemKeyGen(, ),: the user’s temporary-key generation algorithm is run by user. It takes and security parameters as input and outputs user’s temporary public key and user’s temporary secret key.BlindTokenGen(, ): the blind token generation algorithm is run by AAC.
It takes, user’s attributes set, and user’s temporary public key as input and outputs a blind token for attributes set.BlindKenGen(, ): the blind key generation algorithm is run by KGC. It takes, master secret key, and user’s blind token as input and outputs blind secret key for attributes set.KeyExtra(, ): the key extract algorithm is run by user locally. It takes blind secret key and user’s temporary secret key as input and outputs the final secret key for attributes set.Encrypt(, ): the encryption algorithm is run by encryptor. It takes, message, and access structure as input and outputs ciphertext.Decrypt(, ): the decryption algorithm is run by decryptor. It takes ciphertext and secret key as input and outputs message, if.We note, in PPKG-ABE scheme, that AAC is responsible for auditing user’s attributes and issuing blind token to user. The blind token includes a description of the authenticity of user’s attributes, along with the signature of AAC, and reveals on information about specific attributes. Security ModelWe define the security in two aspects: confidentiality and privacy.
Specifically, in this security model, we do not allow AAC and KGC to collude. ConfidentialityWe introduce the selective security model of choosing plaintext attacks for the PPKG-ABE scheme. The specific process is working between adversary and challenger:Init.
Specifies an access structure for challenge.Setup. Calls the Setup algorithm and returns to.Phase 2. Queries secret key on any attributes set. Returns the secret key for.Challenge.
Submits two messages and, where. Chooses randomly and encrypts under. Then, it returns to.Phase 3. Repeats as Phase.Guess. The advantage for is defined as -.Definition 4. The PPKG-ABE scheme is selectively IND-CPA secure if is negligible for any polynomial time adversaries.
PrivacyWe introduce a new security game for defining privacy. In this game, we define the following two oracles.Blind Token Oracle: it takes attributes set as input and outputs corresponding blind token.Blind Key Oracle: it takes blind token as input and outputs corresponding blind key.The specific process is working between adversary and challenger:Setup. Calls the Setup algorithm and returns to.Phase 5.
Queries blind token oracle and blind key oracle freely.Challenge. Submits two attributes sets and, where. Chooses randomly and queries blind token oracle on input.
It returns blind token to.Phase 6. Repeats as Phase.Guess.
The advantage for is defined as -.Definition 7. The PPKG-ABE scheme is privacy-protected in key generation phase, if is negligible for any polynomial time adversaries.
A Specific PPKG-ABE Scheme 4.1. ConstructionIn this construction, the PPKG-ABE scheme is constructed on the basis of , which only supports AND gates.
Suppose that the attribute universe is =, where each has values: “+” and “−”. The “+” denotes that user owns this attribute, while the “−” denotes that user does not own this attribute.
Download free license key for dopisp software download. The specific scheme is as follows:Setup(, ): the setup algorithm is run by KGC. It takes security parameters and attribute universe as input, where. The algorithm first chooses order bilinear groups, and, where is a generator of and is a generator of. Let be a cryptographic hash function;. For, it chooses, randomly and sets.
It outputs In general speaking, correspond to the positive attributes and correspond to the negative attributes.UserTemKeyGen(, ): the user’s temporary-key generation algorithm is run by user. It takes public parameters and security parameters as input and chooses randomly for, as its temporary secret key. Then, it calculates the temporary public key.BlindTokenGen(, ): the blind token generation algorithm is run by AAC. It takes public parameters, user’s attributes set, and user’s temporary public key as input. Expresses an attributes set, which includes signs, e.g., where “+” indicates that the user owns this attribute and “−” indicates that the user does not own this attribute. It selects randomly and calculates, and, for.If the attribute “+”, then it sets,.
Otherwise, the attribute “−” ∈, and it sets,.Then, it runs standard signature algorithm on to get a signature and returns to user.BlindKenGen(, ): the user submits the token corresponding to attributes set to the KGC for applying secret key. KGC first checks that all, and that is legal. If not, it aborts outputting; otherwise it randomly chooses for and calculates the following values:Then, it randomly chooses for each user and calculates, for. It calculates, for.The blind secret key It returns to user.KeyExtra(, ): the key extract algorithm is run by user.For, if “+”, it sets,; else if, it sets, and calculatesIt outputsWe note, in the above key issuing procedure, that KGC cannot obtain the specific attributes of user, and AAC cannot obtain the secret key.Encrypt(, ): it takes public key, AND gate structure, and message as input, where, for is the related attributes set, and,. It chooses randomly and sets, where for each,if “+”,if,Then, it computes.The ciphertext is defined as.Decrypt(, ): if, the decryption algorithm computes, for related attributes set.
Then, it computes the message 4.2. CorrectnessThe correctness is guaranteed by 5. Proof of Security 5.1. ConfidentialityTheorem 8. If the decisional BDHE assumption holds for bilinear groups, and, our PPGK-ABE scheme is selectively IND-CPA secure.Proof. If the adversary can win above security game with nonnegligible advantage, we can construct an algorithm to break the decision BDHE assumption.
Plays the security game with as follows:Init. Receives challenge gate from. We suppose, and.Setup. Chooses, randomly, for,.For, computes public parameters as follows:If, If, For, computes as follows:If, If, For, computesPhase 9. Queries secret key on any attributes set; therefore, s.t.
Phase 6 2 1 Keygen Generator 2017
Either for, or for. Suppose that.
Chooses randomly and computes.For, computes.For, is computed as follows:If, calculateIf, calculateIf, calculate(a), if;(b), if.answers secret key query for:Challenge. For, is calculated as follows:submits and with. Randomly chooses, and computesIf, is a valid ciphertext; else if is random, is independent of.Guess. If outputs, guesses that.
Otherwise, guesses that is random.Therefore, can break the decisional BDHE assumption with nonnegligible advantage. PrivacyTheorem 10. If the DDH assumption holds in, our PPGK-ABE scheme is privacy preserving in key generation phase.Proof. If DDH assumption holds in, no probabilistic polynomial-time adversary can distinguish following tuple: and, where is a generator of group, and are selected from randomly. Therefore, no probabilistic polynomial-time adversary can win the security game for privacy. Application in Industrial CloudNowadays, new technological revolution represented by Big Data, cloud computing, and Internet of Things is changing the traditional industrial manufacturing system ,.
Industrial cloud provides more convenient and secure cooperation model for the industrial enterprises –. The ABE scheme has been gradually used in the industrial cloud environment. In these applications, the qualifications, patents, and procurement plans owned by an enterprise often represent its attributes. Using traditional ABE system, the enterprise has to disclose these attributes' information that may relate to business secret to the KGC for applying the corresponding private key. Our PPGK-ABE scheme can solve this problem correctly. In this section, we introduce how to deploy our scheme in the industrial cloud environment.
Figure shows the specific structure of the application using our PPGK-ABE scheme. It consists of the following entities: (i) Industry Enterprise: in this system, the role of industry enterprise is data user. They want to get useful information according to their business, but they do not want to reveal their attributes information that may relate to their business secret to KGC.
(ii) Industry Alliance Manager: in this system, the role of the industry alliance manager is AAC, which issues blind token for the attributes of industry enterprises after reviewing the relevant evidence. (iii) KGC: its responsibility is to issue the corresponding key to the attributes of industry enterprises.
In this system, KGC cannot get these attributes. (iv) Industrial Information Provider: in this system, industrial information providers are the members of the industrial alliance and include manufacturing enterprises, sales enterprises, logistics enterprises, scientific research institutions, consultant firms, and so on. They will use ABE scheme to share their encrypted data. (v) Industrial Cloud: industrial cloud serves as data storage center and data sharing center in this system. In order to protect security and privacy of industrial Big Data, the industrial information providers upload their data in encrypted form. Application in industrial cloud.The specific workflow is as follows: (1) After checking the relevant evidence, the industry enterprise and the industry alliance manager run UserTemKeyGen and BlindTokenGen algorithms, respectively.
The industry enterprise gets the blind token corresponding to its attributes. (2) When the industry enterprises need to ask for their attributes keys, they will submit their blind tokens to KGC. The KGC runs BlindKenGen algorithm and returns blind secret keys to the industry enterprises.
In this process, the KGC cannot get any information about the enterprises’ attributes. (3) After receiving the blind secret keys, the industry enterprises run KeyExtra algorithm to obtain their own secret key. Even if the industry alliance manager knows the attributes of industry enterprises, it does not know the secret keys corresponding to these attributes. (4) The industrial information providers run Encrypt algorithm to encrypt the industrial data based on some access policies. Then, they share encrypted data on the cloud. Only the enterprises that meet the policies can access corresponding data. (5) The industry enterprises acquire encrypted data from the cloud and run Decrypt algorithm to get plaintext.In the above application, industrial information providers can share industrial data according to enterprises’ attributes.
Only the enterprises that meet the access policy are able to access data. Unlike traditional ABE solutions, in this application, the attributes information of enterprises will not be known by KGC. The business secret of enterprises is protected. Data AvailabilityThe data used to support the findings of this study are available from the corresponding author upon request. Conflicts of InterestThe authors declare that they have no conflicts of interest. AcknowledgmentsThis work is supported by the National Natural Science Foundation of China (No. 61602287, No.
61802235, No. 61672330, and No. 61702168), the Primary Research & Development Plan of Shandong Province (No. 2018GGX101037), and the Major Scientific and Technological Innovation Project of Shandong Province (No.