Javad Mohajeri

Mostafa Chegenizadeh, Mohammad Ali, Javad Mohajeri et al.

Attribute-based encryption (ABE) is a promising cryptographic mechanism for providing confidentiality and fine-grained access control in the cloud-based area. However, due to high computational overhead, common ABE schemes are not suitable for resource-constrained devices. Moreover, data owners should be able to update their defined access policies efficiently, and in some cases, applying hidden access policies is required to preserve the privacy of clients and data. In this paper, we propose a ciphertext-policy attribute-based access control scheme which for the first time provides online/offline encryption, hidden access policy, and access policy update simultaneously. In our scheme, resource-constrained devices are equipped with online/offline encryption reducing the encryption overhead significantly. Furthermore, attributes of access policies are hidden such that the attribute sets satisfying an access policy cannot be guessed by other parties. Moreover, data owners can update their defined access policies while outsourcing a major part of the updating process to the cloud service provider. In particular, we introduce blind access policies that enable the cloud service provider to update the data owners' access policies without receiving a new re-encryption key. Besides, our scheme supports fast decryption such that the decryption algorithm consists of a constant number of bilinear pairing operations. The proposed scheme is proven to be secure in the random oracle model and under the hardness of Decisional Bilinear Diffie-Hellman (DBDH) and Decision Linear (D-Linear) assumptions. Also, performance analysis results demonstrate that the proposed scheme is efficient and practical.

Alireza Kavousi, Javad Mohajeri, Mahmoud Salmasizadeh

Private Set Intersection (PSI) is a vital cryptographic technique used for securely computing common data of different sets. In PSI protocols, often two parties hope to find their common set elements without needing to disclose their uncommon ones. In recent years, the cloud has been playing an influential role in PSI protocols which often need huge computational tasks. In 2017, Abadi et al. introduced a scheme named EO-PSI which uses a cloud to pass on the main computations to it and does not include any public-key operations. In EO-PSI, parties need to set up secure channels beforehand; otherwise, an attacker can easily eavesdrop on communications between honest parties and find private information. This paper presents an improved EO-PSI scheme which has the edge on the previous scheme in terms of privacy and complexity. By providing possible attacks on the prior scheme, we show the necessity of using secure channels between parties. Also, our proposed protocol is secure against passive attacks without having to have any secure channels. We measure the protocol's overhead and show that computational complexity is considerably reduced and also is fairer compared to the previous scheme.

Mohammad Ali, Javad Mohajeri, Mohammad-Reza Sadeghi

Ciphertext-policy hierarchical attribute-based encryption (CP-HABE) is a promising cryptographic primitive for enforcing the fine-grained access control with scalable key delegation and user revocation mechanisms on the outsourced encrypted data in a cloud. Wang et al. (2011) proposed the first CP-HABE scheme and showed that the scheme is semantically secure in the random oracle model [4, 5]. Due to some weakness in its key delegation mechanism, by presenting two attacks, we demonstrate the scheme does not offer any confidentiality and fine-grained access control. In this way, anyone who has just one attribute can recover any outsourced encrypted data in the cloud.