Search Results (142)

As a new generation of mobile communication networks, 6G security faces many new security challenges. Vehicle to Everything (V2X) will be an important part of 6G. In V2X, connected and automated vehicles (CAVs) need to frequently share data with other vehicles and infrastructures. Therefore, identity revocation technology in the authentication is an important way to secure CAVs and other 6G scenario applications. This paper proposes an efficient credential revocation scheme with a four-layer architecture. First, a rapid pre-filtration layer is constructed based on the cuckoo filter, responsible for the initial screening of credentials. Secondly, a directed routing layer and the precision judgement layer are designed based on the consistency hash and the dynamic RSA accumulator. By proposing the dynamic expansion of the RSA accumulator and load-balancing algorithm, a smaller and more stable revocation delay can be achieved when many users and terminal devices access 6G. Finally, a trusted storage layer is built based on the blockchain, and the key revocation parameters are uploaded to the blockchain to achieve a tamper-proof revocation mechanism and trusted data traceability. Based on this architecture, this paper also proposes a detailed identity credential revocation and verification process. Compared to existing solutions, this paper’s solution has a combined average improvement of 59.14% in the performance of the latency of the cancellation of the inspection, and the system has excellent load balancing, with a standard deviation of only 11.62, and the maximum deviation is controlled within the range of ±4%. Full article

In the deep integration process between digital infrastructure and new economic forms, structural imbalance between the evolution rate of cloud storage technology and the growth rate of data-sharing demands has caused systemic security vulnerabilities such as blurred data sovereignty boundaries and nonlinear surges in privacy leakage risks. Existing academic research indicates current proxy re-encryption schemes remain insufficient for cloud access control scenarios characterized by diversified user requirements and personalized permission management, thus failing to fulfill the security needs of emerging computing paradigms. To resolve these issues, a revocable attribute-based proxy re-encryption scheme supporting policy-hiding is proposed. Data owners encrypt data and upload it to the blockchain while concealing attribute values within attribute-based encryption access policies, effectively preventing sensitive information leaks and achieving fine-grained secure data sharing. Simultaneously, proxy re-encryption technology enables verifiable outsourcing of complex computations. Furthermore, the SM3 (SM3 Cryptographic Hash Algorithm) hash function is embedded in user private key generation, and key updates are executed using fresh random factors to revoke malicious users. Ultimately, the scheme proves indistinguishability under chosen-plaintext attacks for specific access structures in the standard model. Experimental simulations confirm that compared with existing schemes, this solution delivers higher execution efficiency in both encryption/decryption and revocation phases. Full article

Smart healthcare establishes a safe, reliable, and efficient medical information system for the public with the help of the Internet of Things, cloud storage, and other Internet technologies. To enable secure data sharing and case-matching functions in smart healthcare, we construct a revocable identity-based matchmaking encryption with an equality test (RIBME-ET) scheme for smart healthcare. Our scheme not only ensures the confidentiality and authenticity of messages and protects the privacy of users, but also enables a cloud server to perform equality tests on encrypted ciphertexts from different identities to determine whether they contain the same plaintext and protects the confidentiality of data in the system through a user revocation mechanism. Compared with the existing identity-based encryption with equality test (IBEET) and identity-based matchmaking encryption with equality test (IBME-ET) schemes, we have improved the efficiency of the scheme and reduced communication overhead. In addition, the scheme’s security is proven in the random oracle model under the computational bilinear Diffie–Hellman (CBDH) assumption. Finally, the feasibility and effectiveness of the proposed scheme are verified by performance analysis. Full article

The use of Verifiable Credentials under the new eIDAS Regulation introduces privacy concerns, particularly during revocation status checks. This paper proposes a privacy-preserving revocation mechanism tailored to the European Digital Identity Wallet and its Architecture and Reference Framework. Our method publishes a daily randomized revocation list as a cascaded Bloom filter, enhancing unlinkability by randomizing revocation indexes derived from ARF guidelines. The implementation extends open-source components developed by the European Committee. This work demonstrates a practical, privacy-centric approach to revocation in digital identity systems, supporting the advancement of privacy-preserving technologies. Full article

As the Internet of Things (IoT) continues to evolve, the demand for cross-domain collaboration between devices and data sharing has grown significantly. Operations confined to a single trust domain can no longer satisfy this requirement, so cross-domain access to resources is becoming an inevitable trend in the evolution of the IIoT. Due to identity trust issues between different domains, authorized access is required before resources can be shared. However, most existing cross-domain authentication schemes face significant challenges in terms of dynamic membership management, privacy protection, and traceability. These schemes involve complex and inefficient interactions and fail to meet the dynamic and lightweight requirements of the IIoT. To address these issues, we propose a privacy-preserving and traceable cross-domain authentication scheme based on dynamic group signatures that enables efficient authentication. The scheme supports anonymous authentication via succinct proofs and incorporates a trapdoor mechanism to enable group managers to trace and revoke malicious identities. Additionally, our solution supports efficient joining and revoking of members and implements blacklist-based proof of non-membership. We formally prove the security of the proposed scheme. The experimental results demonstrate that the proposed scheme outperforms others in terms of computational cost and revocation overhead. Full article

We introduce TrustShare, a novel blockchain-based framework designed to enable secure, privacy-preserving, and trust-aware cyber threat intelligence (CTI) sharing across organizational boundaries. Leveraging Hyperledger Fabric, the architecture supports fine-grained access control and immutability through smart contract-enforced trust policies. The system combines Ciphertext-Policy Attribute-Based Encryption (CP-ABE) with temporal, spatial, and controlled revelation constraints to grant data owners precise control over shared intelligence. To ensure scalable decentralized storage, encrypted CTI is distributed via the IPFS, with blockchain-anchored references ensuring verifiability and traceability. Using STIX for structuring and TAXII for exchange, the framework complies with the GDPR requirements, embedding revocation and the right to be forgotten through certificate authorities. The experimental validation demonstrates that TrustShare achieves low-latency retrieval, efficient encryption performance, and robust scalability in containerized deployments. By unifying decentralized technologies with cryptographic enforcement and regulatory compliance, TrustShare sets a foundation for the next generation of sovereign and trustworthy threat intelligence collaboration. Full article

Cloud computing has witnessed widespread adoption across numerous sectors, primarily due to its substantial storage capacity and powerful computational resources. In this context, secure data sharing in cloud environments is critically important. Identity-based broadcast proxy re-encryption (IB-BPRE) has emerged as a promising solution; however, existing IB-BPRE schemes lack dynamic functionality—specifically, the ability to support user revocation and addition without updating re-encryption keys. Consequently, data owners must frequently reset and distribute these keys in response to user membership changes, leading to increased system complexity and communication overhead. In this paper, we propose an identity-based broadcast proxy re-encryption scheme with dynamic functionality (IB-BPRE-DF) to address this challenge. The proposed scheme utilizes a symmetric design of re-encryption keys to enable dynamic user updates while preserving a constant re-encryption key size. Furthermore, IB-BPRE-DF is constructed under the $(f,g,F)$-GDDHE assumption and achieves semantic security in the random oracle model. Performance evaluations demonstrate that IB-BPRE-DF significantly reduces both the communication overhead (by maintaining a constant size for the re-encryption key and re-encrypted ciphertext) and the computational burden (with near-zero computational cost for generating the re-encryption key) for resource-constrained users. This work provides a practical and scalable cryptographic solution for secure and efficient data sharing in dynamic cloud environments. Full article

Self-sovereign identity (SSI) is an emerging model for digital identity management that empowers individuals to control their credentials without reliance on centralized authorities. This work presents YouGovern, a blockchain-based SSI system deployed on Binance Smart Chain (BSC) and compliant with W3C Decentralized Identifier (DID) standards. The architecture includes smart contracts for access control, decentralized storage using the Inter Planetary File System (IPFS), and long-term persistence via Web3.Storage. YouGovern enables users to register, share, and revoke identities while preserving privacy and auditability. The system supports role-based permissions, verifiable claims, and cryptographic key rotation. Performance was evaluated using Ganache and Hardhat under controlled stress tests, measuring transaction latency, throughput, and gas efficiency. Results indicate an average DID registration latency of 0.94 s and a peak throughput of 12.5 transactions per second. Compared to existing SSI systems like Sovrin and uPort, YouGovern offers improved revocation handling, lower operational costs, and seamless integration with decentralized storage. The system is designed for portability and real-world deployment in academic, municipal, or governmental settings. Full article

The development of Vehicle AD Hoc Networks (VANETs) has significantly enhanced the efficiency of intelligent transportation systems. Through real-time communication between vehicles and roadside units (RSUs), the immediate sharing of traffic information has been achieved. However, challenges such as network congestion, data privacy, and low computing efficiency still exist. Data privacy is at risk of leakage due to the sensitivity of vehicle information, especially in a resource-constrained vehicle environment, where computing efficiency becomes a bottleneck restricting the development of VANETs. To address these challenges, this paper proposes a certificateless aggregated signcryption scheme based on edge computing. This scheme integrates online/offline encryption (OOE) technology and a pseudonym mechanism. It not only solves the problem of key escrow, generating part of the private key through collaboration between the user and the Key Generation Center (KGC), but also uses pseudonyms to protect the real identities of the vehicle and RSU, effectively preventing privacy leakage. This scheme eliminates bilinear pairing operations, significantly improves efficiency, and supports conditional traceability and revocation of malicious vehicles while maintaining anonymity. The completeness analysis shows that under the assumptions of calculating the Diffie–Hellman (CDH) and elliptic curve discrete logarithm problem (ECDLP), this scheme can meet the requirements of IND-CCA2 confidentiality and EUF-CMA non-forgeability. The performance evaluation further confirmed that, compared with the existing schemes, this scheme performed well in both computing and communication costs and was highly suitable for the resource-constrained VANET environment. Full article

By leveraging Internet of Things (IoT) technology, patients can utilize medical devices to upload their collected personal health records (PHRs) to the cloud for analytical processing or transmission to doctors, which embodies smart health systems and greatly enhances the efficiency and accessibility of healthcare management. However, the highly sensitive nature of PHRs necessitates efficient and secure transmission mechanisms. Revocable and verifiable attribute-based encryption (ABE) enables dynamic fine-grained access control and can verify the integrity of outsourced computation results via a verification tag. However, most existing schemes have two vital issues. First, in order to achieve the verifiable function, they need to execute the secret sharing operation twice during the encryption process, which significantly increases the computational overhead. Second, during the revocation operation, the verification tag is not updated simultaneously, so revoked users can infer plaintext through the unchanged tag. To address these challenges, we propose a revocable ABE scheme with efficient and secure verification, which not only reduces local computational load by optimizing the encryption algorithm and outsourcing complex operations to the cloud server, but also updates the tag when revocation operation occurs. We present a rigorous security analysis of our proposed scheme, and show that the verification tag retains its verifiability even after being dynamically updated. Experimental results demonstrate that local encryption and decryption costs are stable and low, which fully meets the real-time and security requirements of smart health systems. Full article

With the widespread deployment of video surveillance systems, effective access control is essential to enhance the accuracy and security of video anomaly detection. This paper proposes a Searchable and Revocable Attribute-Based Encryption scheme (ABE-RS) that is specifically designed for dynamic video anomaly detection scenarios. By integrating a user management tree structure, attribute-based key distribution, and keyword grouping techniques, the proposed scheme enables efficient user-level revocation along with dynamic updates to ciphertexts and keyword indexes. Furthermore, an inverted index structure is introduced to accelerate keyword search, facilitating the rapid detection and retrieval of anomalous video events. Formal security analysis demonstrates that the scheme is secure against chosen plaintext attacks (CPAs) and chosen keyword attacks (CKAs). The experimental results demonstrate that the scheme maintains millisecond-level revocation efficiency in methodology involving 512 users and either 50 attributes or a thousand keywords. Full article

While blockchain’s immutability ensures data integrity, it also poses significant challenges when dealing with illegal or erroneous data that require modification. The concept of redactable blockchain has emerged, utilizing Chameleon Hash (CH) and subsequent Policy-based Chameleon Hash (PCH) for controlled data editing. However, current redactable blockchain implementations exhibit significant limitations, particularly in their inability to separate data editing from policy modification and their insufficient support for decentralized management of diverse editing operations. To address these issues, this paper initially introduces the concept of Flexible Policy Chameleon Hash (FPCH), which integrates PCH with non-interactive zero-knowledge proofs to enable enhanced policy management flexibility. Moreover, this paper proposes a Redactable Blockchain Framework with Fine-grained Access Control (RBFAC) based on FPCH. The RBFAC framework employs a hybrid cryptographic approach to separate the right of data editing from policy modification. The framework also provides essential functionalities, including editing accountability, key tracking and revocation mechanisms, and policy privacy protection. Finally, experimental evaluations demonstrate that the RBFAC framework maintains acceptable performance overhead while delivering these advanced features. The results indicate that the proposed solution addresses the limitations of existing redactable blockchain systems, offering a more flexible and secure approach to controlled data editing in blockchain environments. Full article

In the digital age, sharing moments through photos has become a daily habit. However, every face captured in these photos is vulnerable to unauthorized identification and potential misuse through AI-powered synthetic content generation. Previously, we introduced SnapSafe, a secure system for enabling selective image privacy focusing on facial regions for single-party scenarios. Recognizing that group photos with multiple subjects are a more common scenario, we extend SnapSafe to support multi-user facial privacy protection with dynamic access control designed for online photo platforms. Our approach introduces key splitting for access control, an owner-centric permission system for granting and revoking access to facial regions, and a request-based mechanism allowing subjects to initiate access permissions. These features ensure that facial regions remain protected while maintaining the visibility of non-facial content for general viewing. To ensure reproducibility and isolation, we implemented our solution using Docker containers. Our experimental assessment covered diverse scenarios, categorized as “Single”, “Small”, “Medium”, and “Large”, based on the number of faces in the photos. The results demonstrate the system’s effectiveness across all test scenarios, consistently performing face encryption operations in under 350 ms and achieving average face decryption times below 286 ms across various group sizes. The key-splitting operations maintained a $100\%$ success rate across all group configurations, while revocation operations were executed efficiently with server processing times remaining under 16 ms. These results validate the system’s capability in managing facial privacy while maintaining practical usability in online photo sharing contexts. Full article

In smart grids, power monitoring equipment produces large volumes of data that are exchanged between microgrids and the main grid. This data exchange can potentially expose users’ private information, including their living habits and economic status. Therefore, implementing secure and effective data access control mechanisms is crucial. Ciphertext-Policy Attribute-Based Encryption (CP-ABE) is a widely used encryption scheme in distributed systems, offering fine-grained access control. However, in CP-ABE systems, malicious users might leak decryption keys to third parties, creating a significant security threat. Thus, there is an urgent need for tracing mechanisms to identify and track these malicious users. Moreover, tracing and user revocation are complementary processes. Although using a binary tree for user revocation is efficient, it limits the number of users. This paper suggests an access control scheme that combines CP-ABE with blockchain to overcome these limitations, leveraging blockchain’s tamper-resistant features. This scheme enables user revocation, tracing, partial policy hiding, and ciphertext searchability, and it has been proven secure. Simulation results show that our approach reduces time overhead by 24% to 68%, compared to other solutions. While some solutions are similar in efficiency to ours, our approach offers more comprehensive functionality and better meets the security requirements of smart grids. Full article

The medical industry has made significant advancements in recent years. However, the lack of accountability in medical management has resulted in systemic deficiencies, which have adversely affected patient trust and contributed to an increase in medical disputes. As a result, there is a growing emphasis on managing the quality of medical services, particularly in enhancing patient experience. To address these challenges, we propose a new system for evaluating health services. This system will allow patients to anonymously rate the services they receive while also providing doctors the opportunity to appeal specific reviews. The hospital handles the evaluations and appeals through the management of the cloud platform. We propose a new scheme to assist the work of the platform, which is a lattice-based group signature with verifier-local revocation (VLR-GS). Most of the work on VLR-GS has focused on the random oracle model (ROM) or using non-interactive zero-knowledge proofs (NIZKs). Our construction is anonymous and traceable in the standard model under the hardness of the learning with errors problem and short integer solution problem. Furthermore, theoretically analyzing it has practical significance in both security and efficiency. In conclusion, the proposed scheme establishes a secure and privacy-oriented platform for an anonymous medical service evaluation system, with the goal of fostering patient trust and improving hospital service quality within the healthcare sector. Full article