World Wide Web

, Volume 21, Issue 3, pp 595–607 | Cite as

Sharing your privileges securely: a key-insulated attribute based proxy re-encryption scheme for IoT

  • Hanshu Hong
  • Zhixin Sun


Attribute based proxy re-encryption (ABPRE) combines the merits of proxy re-encryption and attribute based encryption, which allows a delegator to re-encrypt the ciphertext according to the delegatees’ attributes. The theoretical foundations of ABPRE has been well studied, yet to date there are still issues in schemes of ABPRE, among which time-bounded security and key exposure protection for the re-encryption keys are the most concerning ones. Within the current ABPRE framework, the re-encryption keys are generated independently of the system time segments and the forward security protection is not guaranteed when the users’ access privileges are altered. In this paper, we present a key-insulated ABPRE scheme for IoT scenario. We realize secure and fine-grained data sharing by utilizing attribute based encryption over the encrypted data, as well as adopting key-insulation mechanism to provide forward security for re-encryption keys and private keys of users. In particular, the lifetime of the system is divided into several time slices, and when system enters into a new slice, the user’s private keys need are required to be refreshed. Therefore, the users’ access privileges in our system are time-bounded, and both re-encryption keys and private keys can be protected, which will enhance the security level during data re-encryption, especially in situations when key exposure or privilege alternation happens. Our scheme is proved to be secure under MDBDH hardness assumptions as well as against collusion attack. In addition, the public parameters do not have to be changed during the evolution of users’ private keys, which will require less computation resources brought by parameter synchronization in IoT.


Attribute based encryption Proxy re-encryption Key exposure protection Key insulation 



This research is supported by the National Natural Science Foundation of China (61373135, 61672299).

Compliance with ethical standards

Competing interest

The authors declare that they have no competing financial interests.


  1. 1.
    Ateniese, G., Fu, K., Green, M., et al.: Improved proxy re-encryption schemes with applications to secure distributed storage. In: Proceedings of NDSS05. The Internet Society, pp. 1–30. San Diego: ACM (2006)Google Scholar
  2. 2.
    Bin, G., Daqing, Z., Yu, Z., et al.: From the internet of things to embedded intelligence. World Wide Web. 16(4), 399–420 (2013)CrossRefGoogle Scholar
  3. 3.
    Blaze, M., Bleumer, G., Strauss, M.: Divertible protocols and atomic proxy cryptography. In: Proceedings of Eurocrypt ‘98, vol. 1403, pp. 127–144. (1998)Google Scholar
  4. 4.
    Chu, C., Tzeng, W.: Identity-based proxy re-encryption without random oracles. In: Proceedings of ISC 2007. LNCS, vol. 4779, pp. 189–202. Springer, Heidelberg (2007)Google Scholar
  5. 5.
    Goyal, V., Pandey, O., Sahai, A. et al.: Attribute Based Encryption for Fine-Grained Access Control of Encrypted Data. In: Proceedings of ACM 13th conference on Computer and Communications Security, pp. 89–98. Alexandria, USA (2006)Google Scholar
  6. 6.
    Guo, S.Q., Zeng, Y.P., Wei, J., et al.: Attribute-based re-encryption scheme in the standard model. Wuhan University Journal of Natural Sciences. 5, 621–625 (2008)MathSciNetCrossRefzbMATHGoogle Scholar
  7. 7.
    Hong, H.S., Sun, Z.X.: High efficient key-insulated attribute based encryption scheme without bilinear pairing operations. Springerplus. 5, 1–12 (2016)CrossRefGoogle Scholar
  8. 8.
    Hong, H.S., Sun, Z.X., Xi, M.L.: A key-insulated CP-ABE with key exposure accountability for secure data sharing in the cloud. KSII T Internet Info. 5, 2394–2406 (2016)Google Scholar
  9. 9.
    Liang, X.H., Cao, Z.F., Lin, H., et al.: Attribute based proxy re-encryption with delegating capabilities. In: Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, pp. 276–286. New York (2009)Google Scholar
  10. 10.
    Liang, K.T., Fang, L.M., Susilo, W. et al.: A Ciphertext-Policy Attribute-Based Proxy Re-Encryption with Chosen-Ciphertext Security. 5th International Conference on Intelligent Networking and Collaborative Systems, pp. 552–559. Xi’an (2013)Google Scholar
  11. 11.
    Luo, S., Hu, J.B., Chen, Z.: Ciphertext policy attribute-based proxy re-encryption. Information and Communications Security. 401–415 (2010)Google Scholar
  12. 12.
    Mambo, M., Okamoto, E.: Proxy cryptosystems: delegation of the power to Decrypt Ciphertexts. IEICE Trans. Fundam. Electron. Commun. Comput. Sci. 80, 54–63 (1997)Google Scholar
  13. 13.
    Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Proceedings of 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, pp. 457–473. Aarhus (2005)Google Scholar
  14. 14.
    Seo, H.J., Kim, H.: Attribute-based proxy re-encryption with a constant number of pairing operations. Journal of Information and Communication Convergence Engineering. 3, 53–60 (2012)CrossRefGoogle Scholar
  15. 15.
    Sun, W.H., Yu, S.C., Lou, W.J., et al.: Protecting your right: verifiable attribute-based keyword Search with fine-grained owner-enforced Search authorization in the cloud. IEEE Trans. Parallel Distrib. Sytst. 4, 1187–1198 (2016)CrossRefGoogle Scholar
  16. 16.
    Wang, Y.T., Chen, K.F., Chen, J.H.: Attribute-based traitor tracing. J. Inf. Sci. Eng. 27, 181–195 (2011)MathSciNetGoogle Scholar
  17. 17.
    Wang, H., Sun, L.L., Bertino, E.: Building access control policy model for privacy preserving and testing policy conflicting problems. J. Comput. Syst. Sci. 80(8), 1493–1503 (2014)MathSciNetCrossRefzbMATHGoogle Scholar
  18. 18.
    Wang, H., Cao, J.L., Zhang, Y.C.: A flexible payment scheme and its role-based access control. IEEE Trans. Knowl. Data Eng. 17(3), 425–436 (2015)CrossRefGoogle Scholar
  19. 19.
    Weng, J., Li, X.X., Chen, K.F., et al.: Identity-based parallel key-insulated signature without random oracles. J. Inf. Sci. Eng. 4, 1143–1157 (2008)zbMATHGoogle Scholar
  20. 20.
    Weng, J., Yang, Y., Tang, Q., et al.: Efficient conditional proxy re-encryption with chosen-ciphertext security. In: Proceedings of the 12th International Conference on Information Security (ISC 2009), pp. 151–166. Springer Verlag, Heidelberg (2009)Google Scholar
  21. 21.
    Weng, J., Chen, M., Yang, Y., et al.: CCA-secure unidirectional proxy re-encryption in the adaptive corruption model without random oracles. Sci. China Inform. Sci. 53, 593–606 (2010)MathSciNetCrossRefGoogle Scholar
  22. 22.
    Weng, J., Zhao, Y.L., Hanaoka, G.: On the security of a bidirectional proxy re-encryption scheme from PKC 2010. In: Proceedings of PKC 2011, pp. 284–295. Springer Verlag, Berlin (2011)Google Scholar
  23. 23.
    Ying, Z.B., Li, H., Ma, J.F., et al.: Adaptively secure ciphertext-policy attribute-based encryption with dynamic policy updating. Sci. China Inform. Sci. 4, 1–16 (2016)CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media, LLC 2017

Authors and Affiliations

  1. 1.Key Laboratory of Broadband Wireless Communication and Sensor Network Technology, Ministry EducationNanjing University of Posts and TelecommunicationsNanjingChina

Personalised recommendations