Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Abstract
Abstract
CHAPTER 1
INTRODUCTION
1.1 Introduction
Identity based public key system is an attractive alternative for public key cryptography.
DENTITY (ID)-based public key system (ID-PKS) [1], [2] ID-PKS setting eliminates the
demands of public key infrastructure (PKI) and certificate administration in conventional
public key settings. An ID-PKS setting consists of users and a trusted third party (i.e.
private key generator, PKG). The PKG is responsible to generate each user’s private key
by using the associated ID information (e.g. e-mail address, name or social security
number). Therefore, no certificate and PKI are required in the associated cryptographic
mechanisms under ID-PKS settings. In such a case, ID-based encryption (IBE) allows a
sender to encrypt message directly by using a receiver’s ID without checking the
validation of public key certificate.
Accordingly, the receiver uses the private key associated with her/his ID to decrypt such
cipher text. Since a public key setting has to provide a user revocation mechanism, the
research issue on how to revoke misbehaving/compromised users in an ID-PKS setting is
naturally raised. In conventional public key settings, certificate revocation list (CRL) [3]
is a well-known revocation approach. In the CRL approach, if a party receives a public
key and its associated certificate, she/he first validates them and then looks up the CRL to
ensure that the public key has not been revoked. In such a case, the procedure requires the
online assistance under PKI so that it will incur communication bottleneck. To improve
the performance, several efficient revocation mechanisms [4], [5], [6], [7], [8] for
conventional public key settings have been well studied for PKI. Indeed, researchers also
pay attention to the revocation issue of ID-PKS settings. Several revocable IBE schemes
have been proposed regarding the revocation mechanisms in ID-PKS settings.
We introduce a cloud revocation authority (CRA) to replace the role of the KU-CSP in Li
et al.’s scheme. The CRA only needs to hold a random secret value (master time key) for
all the users without affecting the security of revocable IBE scheme. The CRA uses the
master time key to generate the current time update key periodically for each non-
revoked user and sends it to the user via a public channel. It is evident that our scheme
solves the un-scalability problem of the KU-CSP. Our system model is depicted in Fig. 2.
The project report is as follows with total 9 chapters, references and appendices
Chapter 1: Introduction- Brief explanations and overall information carried out in this
phase.
Chapter 2: Literature Survey- Surveys all the related work to the project.
Chapter 3: System Requirements Specification- It describes all the functional and non-
functional requirements of the project work.
Chapter 5: System Design- The task of data flow diagram and the system architecture
and sequence diagrams.
Chapter 6: Implementation- It describes the modules used for project and the
technologies used.
Chapter 7: Testing- Deals with the types of testing that are used to rectify the faults in
systems and also test cases to validate the project.
Bibliography: This section deals with the references with are referred to establish this
work.
Appendix: This section deals with related paper publication and the abbreviation of
terms used in this project.
CHAPTER 2
LITERATURE SURVEY
In 2001, Boneh and Franklin [2] proposed the first practical IBE scheme from the Weil
pairing and suggested a simple revocation method in which each non-revoked user
receives a new private key generated by the PKG periodically. A period can be set as a
day, a week, a month, etc. A sender uses a designated receiver’s ID and current period to
encrypt messages while the designated receiver decrypts the ciphertext using the current
private key. Hence, it is necessary for the users to update new private keys periodically.
To revoke a user, the PKG simply stops providing the new private key for the user. It is
obvious that a secure channel must be established between the PKG and each user to
transmit the new private key and this would result in heavy load for the PKG.
In order to alleviate the load of the PKG in Boneh and Franklin’s scheme, Boneh et al.
[9] proposed another revocation method, called immediate revocation. Immediate
revocation method employs a designated semi-trusted and online authority (i.e. mediator)
to mitigate the management load of the PKG and assist users to decrypt ciphertext [10],
[11], [12], [13]. In such a case, the online mediator must hold shares of all the users’
private keys. Since the decryption operation must involve both parties, neither the user
nor the online mediator can cheat one another. When a user was revoked, the online
mediator is instructed to stop assistingthe user. However, the online mediator must help
users to decrypt each ciphertext so that it becomes a bottleneck for such schemes as the
number of users grows enormously.
In Boneh and Franklin’s revocation method [2], all the users must periodically update
new private keys sent by the PKG. As the number of users increases, the load of key
updates becomes a bottleneck for the PKG. In 2008, Boldyreva et al. [14] proposed a
revocable IBE scheme to improve the key update efficiency. Their revocable IBE scheme
is based on the concept of the Fuzzy IBE [35] and adopts the complete subtree method to
decrease the number of key updates from linear to logarithmic in the number of users.
Indeed, by binary tree data structure of users, the scheme efficiently alleviates the key-
update load of the PKG. Furthermore, Libert and Vergnaud [16] improved the security of
Moreover, Seo and Emura [17] refined the security model of Boldyreva et al.’s revocable
IBE scheme [14] by considering a new threat, called decryption key exposure attacks.
Based on the idea of Libert and Vergnaud’s scheme [16], they also proposed a revocable
IBE scheme with decryption key exposure resistance. In order to reduce the sizes of both
private keys and update keys, Park et al. [18] proposed a new revocable IBE scheme by
using multilinear maps, but the size of the public parameters is dependent to the number
of users. For achieving constant the size of the public parameters, Wang et al. [19]
employed both the dual system encryption methodology [20] and the complete subtree
method [14] to propose a new revocable IBE scheme.
Furthermore, Seo and Emura [21] extended the concept of revocable IBE scheme to
propose the first revocable HIBE scheme. In Seo and Emura’s scheme, for each period,
each user generates a secret key by multiplying some of the partial keys, which depends
on the partial keys used by ancestors in the hierarchy tree. In such a case, the secret key
size of each user increases quadratically in the hierarchy tree wherein a low-level user
must know the history of key updates performed by ancestors in the current time period,
and it renders the scheme very complex. In 2015, Seo and Emura [22] proposed a new
method to construct a novel revocable HIBE scheme with history-free updates.
Nevertheless, the mentioned revocable IBE and HIBE schemes above [17], [18], [19],
[21], [22] employed the complete subtree method to decrease the number of key updates
from linear to logarithmic in the number of users. However, these schemes also suffered
from the same disadvantages of Boldyreva et al.’s revocable IBE scheme [14] and still
used a secure channel to transmit periodic private keys. In 2012, Tseng and Tsai [23]
proposed a new revocable IBE scheme to remove the usage of secure channel between
each user and the authority and use a public channel instead to transmit users’ periodic
private keys. They partition a user’s private key into two components, namely, an identity
key and a time update key. The identity key is a secret key associated with user’s ID,
which is sent to the user via a secure channel and remains fixed since being issued. The
time update key is a key associated with user’s ID and time period, which is changed
along with time. The PKG periodically generates current time update keys for non-
revoked users and sends them to these users via a public channel. A user is able to
decrypt the ciphertext if she/he possesses both the identity key and the legitimate time
update key. In other words, to revoke a particular user, the PKG simply stops issuing the
new time update key for the user. However, the key-update efficiency is linear in the
number of users so that the computation burden of PKG is still enormous.
CHAPTER 3
System Requirement Specification is used for the programming contexture that are
basically being for the functionality of the system can do, and also for the work behind
the organization for describing and to understand the client’s needs. The purpose of SRS
gives the requirement to be master planed of a system or sub-system. It generally
provides for the capable clients needful conditions at a particular instance of time before
the work is finalize.
Purpose:
The purpose of SRS document is to list the user requirements in the organized manner. It
defines all the constraints and software requirements needed to understand the application
and documents. The user should be able to understand the purposed system after going
through the SRS documents and should be in position to incorporate some changes
required.
requirement of system should understand the brief description of clients needs. The
resources those are very essential to estimate the operations, costs, analysis and the
information to be carried.
Functional Requirements
3.2.1 Java
Java is a multi-paradigm with the object-oriented of class based and structure data.
Java is designed by James Gosling. It is object-oriented programming language
with similar to C++. Java is originated at Sun Micro system and it is designed to
have a implementation dependencies. Java is the one of the most recommended
programming language in the web applications for client-server development. The
Java technologies are mainly under General Public License (GNU). The java
compliers, virtual machines and class libraries are developed by Sun Micro
systems. The latest version of Java 8, it is the only version supported by Oracle
o It is dynamic in nature.
3.2.2 MySQL
MySQL mainly deals with the storing and retrieving the databases. The databases are
mainly in the form of RDBMS (Relational Database Management System). The database
provides and used to the open sources for the client-server model. The database that
allows constraints with the implementation of tables, indexes, columns and also for the
update the indexes simultaneously. MySQL is a open source software with the license
specified, so it is free to use for user. The language that used in MySQL standards is SQL
Data. MySQL is very effective and quickly access the database in the traditional business
areas. It is a very powerful program to handles the packages. The language that supports
the MySQL is PHP, PERL, C, C++ etc. It is user friendly with the license provided to
modify to fit the user environment.
CHAPTER 4
SYSTEM ANALYSIS
The software development is generally carried out with the System Analysis and Design.
The system analysis provides various detailed information of existing performance that
may lead to the configuration of the new system. The problem in the existing system will
be the drawbacks and to overcome this problem, the proposed system may raise with the
improvement with the solutions for existing system. The process of studying the system
analysis in order to identify the goals and objectives of system
In the proposed approach Each user’s private key consists of an identity key and a time
update key. We introduce a cloud revocation authority (CRA) to replace the role of the
KU-CSP in Li et al.’s scheme. The CRA only needs to hold a random secret value
(master time key) for all the users without affecting the security of revocable IBE
scheme. The CRA uses the master time key to generate the current time update key
periodically for each non-revoked user and sends it to the user via a public channel. It is
evident that our scheme solves the un-scalability problem of the KU-CS
4.1.1 Objectives:
The Feasibility of project provides the various constraints to the quality of being weak or
strong to plan the purpose of the business needs. To estimate the costs, performance, the
designed implementation and the resource being defined for the environment. The
various accepts that perform through the description of project, the operation of technical
knowledge, managing the resources and mainly capable for the success. It is carried out
during the proposed system, the future requirements may also includes the level of
system resources.
o Economic Feasibility
o Technical Feasibility
o Social Feasibility
The Economic Feasibility provides the constraints that determine the quality and
identifying the purpose of project. It provides the estimation for possible technical
requirements; the investment offered by organizer to develop a system and the
technologies is often used for the customer needs.
The study of social feasibility defines how the outside environment will accepts the
system requirements. It is designed in such a way that how confidently and convincingly
reaches to the user, the level of accepting the project and the defined requirement of
project. The goal is to satisfy the clients required outcome and also to manage how the
system to be used by user for further purpose.
The proposed approach address the the limitations of the existing approach. In this
research methodology each user’s private key still consists of an identity key and a time
update key. This research introduces a cloud revocation authority (CRA) to replace the
role of the KU-CSP in Li et al.’s scheme. The CRA only needs to hold a random secret
value (master time key) for all the users without affecting the security of revocable IBE
scheme. The CRA uses the master time key to generate the current time update key
periodically for each non-revoked user and sends it to the user via a public channel. It is
evident that our scheme solves the un-scalability problem of the KU-CSP. Proposed
system model is depicted below.
CHAPTER 5
SYSTEM DESIGN
This document gives the design of the overall project. Software development is the phase
which is very important for the supernova of the software, which is called as design
phase. The design phase should satisfy the functional and non-functional requirements for
the effectiveness for satisfying all the constraints and objectives of the project. It mainly
concentrates on the modules that needed for system. The design phase depends mainly on
the specification of feasibility survey.
The information stream outline demonstrates the graphical portrayal, similar to game
plans it is utilized to speak to the information through the sources of info, different sorts
of information examination will be completed and the coveted yield will be produced.
These parts will be utilized to demonstrate the framework and it will be displayed by to
contemplate quickly regarding the info. In the framework outline the DFD will
demonstrate the stream of whole parts. The stream of data will in arrangement of change
utilizing this framework.
USE CASE:
An utilization case in programming designing and frameworks building is a portrayal of a
framework's conduct as it reacts to a demand that starts from outside of that framework.
As it were, an utilization case depicts "who" can do "what" with the framework being
referred to. The utilization case method is utilized to catch a framework's behavioral
necessities by specifying situation driven strings through the useful prerequisites.
Utilize cases portray the connection between at least one performing artists (an on-screen
character that is the initiator of the communication might be alluded to as the 'essential
performer') and the framework itself, spoken to as a succession of basic strides.
Performing artists are something or somebody which exists outside the framework ('black
box') under review, and that partake in a grouping of exercises in a discourse with the
framework to accomplish some objective. On-screen characters might be end clients,
different frameworks, or equipment gadgets. Each utilization case is a total arrangement
of occasions, depicted from the perspective of the on-screen character.
SEQUENCE DIAGRAM
CHAPTER 6
IMPLEMENTATION
Usage is a procedure of preparatory game plan of use or the execution of plan which may
prompt the fruitful result of the venture. The utilization of framework must require the
advances required for the setting of module to work, the thought behind the arranging,
playing out the calculations as a programming execution and the product and equipment
prerequisites detail of PC framework utilizing the fruitful arrangement of establishments,
designs, running of venture, execution of venture. What's more, principally testing will
improve the outline of venture. The execution is the acknowledgment of utilization,
calculations and the product parts of the framework ought to be conveyed.
The execution arranges in a system reach out to the benefit of possess right. It
additionally incorporates:
Carefully planned.
Investigation for future work.
Developers should be trained.
Several revocable IBE schemes have been proposed regarding this issue. Quite
recently, by embedding an outsourcing computation technique into IBE, Li et al.
proposed a revocable IBE scheme with a key-update cloud service provider (KU-CSP).
However, their scheme has two shortcomings.
One is that the computation and communication costs are higher than previous
revocable IBE schemes. The other shortcoming is lack of scalability in the sense that the
KU-CSP must keep a secret value for each user.
In the article, we propose a new revocable IBE scheme with a cloud revocation
authority (CRA) to solve the two shortcomings, namely, the performance is significantly
improved and the CRA holds only a system secret for all the users. For security analysis,
we demonstrate that the proposed scheme is semantically secure under the decisional
bilinear Diffie-Hellman (DBDH) assumption.
Revocation method in which each non-revoked user receives a new private key
generated by the PKG periodically. A period can be set as a day, a week, a month, etc. A
sender uses a designated receiver’s ID and current period to encrypt messages while the
designated receiver decrypts the ciphertext using the current private key.
Hence, it is necessary for the users to update new private keys periodically. To
revoke a user, the PKG simply stops providing the new private key for the user. It is
obvious that a secure channel must be established between the PKG and each user to
transmit the new private key and this would result in heavy load for the PKG.
In order to alleviate the load of the PKG in Boneh and Franklin’s scheme, Boneh
et al. proposed another revocation method, called immediate revocation. Immediate
revocation method employs a designated semi-trusted and online authority (i.e. mediator)
to mitigate the management load of the PKG and assist users to decrypt ciphertext In
such a case.
the online mediator must hold shares of all the users’ private keys. Since the
decryption operation must involve both parties, neither the user nor the online mediator
can cheat one another.
Key updates from linear to logarithmic in the number of users. However, each user’s
private key size is O(log n), where n is the number of users. These schemes still used a
secure channel to transmit periodic private keys while no other authority shares the
responsibility of user revocation.
In Tseng and Tsai’s revocable IBE scheme , both the identity key and time update
key are issued by the PKG. In order to alleviate the load of the PKG, Li et al. employed a
key update cloud service provider (KU-CSP) to share the responsibility of user
revocation. In our revocable IBE scheme, we employ a cloud revocation authority (CRA)
to perform user revocation.
Indeed, the PKG in Li et al.’s scheme and ours may also perform the revocation
operations. Both the KUCSP and the CRA are designated to share responsibility for
performing user revocation. For scalability, the KU-CSP in Li et al.’s scheme must keep
n various time keys for n users so that it does not possess scalability and incurs the
management load.
On the contrast, the CRA in our scheme holds only one master time key for all
the users. When the number n of users in the system is very large, the PKG may
designate multiple CRAs to share the responsibility of user revocation while each CRA
holds only the same master time key. However, in Li et al.’s scheme, each KUCSP must
also keep n time keys. Indeed, cloud computing is a ubiquitous computing environment.
Moreover, Seo and Emura refined the security model of Boldyreva et al.’s
revocable IBE scheme by considering a new threat, called decryption key exposure
attacks. Based on the idea of Libert and Vergnaud’s scheme they also proposed a
revocable IBE scheme with decryption key exposure resistance.
In order to reduce the sizes of both private keys and update keys, Park et al.
proposed a new revocable IBE scheme by using multilinear maps, but the size of the
public parameters is dependent to the number of users. For achieving constant the size of
the public parameters, Wang et al. employed both the dual system encryption
methodology and the complete subtree method to propose a new revocable IBE scheme.
Furthermore, Seo and Emura extended the concept of revocable IBE scheme to
propose the first revocable HIBE scheme. In Seo and Emura’s scheme, for each period,
each user generates a secret key by multiplying some of the partial keys, which depends
on the partial keys used by ancestors.
In such a case, the secret key size of each user increases quadratically in the
hierarchy tree wherein a low-level user must know the history of key updates performed
by ancestors in the current time period, and it renders the scheme very complex Seo and
Emura proposed a new method to construct a novel revocable HIBE scheme with history-
free updates.
Nevertheless, the mentioned revocable IBE and HIBE schemes above employed
the complete subtree method to decrease the number of key updates from linear to
logarithmic in the number of users. However, these schemes also suffered from the same
disadvantages of Boldyreva et al.’s revocable IBE scheme and still used a secure channel
to transmit periodic private keys.
CHAPTER 7
TESTING
Programming Testing is the most critical piece of the developer where the blunders or
blames or the disappointments of the framework is discernable. Programming testing is
one of the predetermined parts of planning, nature of the product and the execution of
code, where the disappointments happens the framework won't gives the legitimate yield
to clients. Disappointments are happened because of the developer's issues, so it can
simple to recognize by the software engineers. It might bring about the disappointment
for the framework, so the software engineer ought to know about outlining devices,
scraps for changing the conduct of framework. In the wake of creating stage,
programming testing is vital to break up the deficiencies rapidly. Testing is a
synchronized procedure where the data is taken care by improvement group.
The primary objective of testing is to correct the bugs, issues or blunders. To recognize
mistakes the test engineers needs to test every individual segments of the venture arrange
module. Every module is tried for the better execution and by checking the modules the
mistakes are recognized. It confirms that the frameworks achieved its prerequisites are
definitely not. By examining the every modules and mistakes are pester out of framework
to get particular yield.
Dissimilar to every module gives the required yield, the assurance of test designer
prompts the rightness of framework projects. The last module stage is intended to
maintain a strategic distance from the disappointments and to expel deficiencies. So it's
ideal to give the testing stage to the advancement of the venture.
The testing goal of the framework programming is to make a point to substantiate the
framework condition by dissolving the flaws and blunders.
o “A successful test to be carried out which holds the capability of finding errors.”
o “Planning of testing phase may required long time.”
o “The tests are performed according to the clients need.”
o “Effective test should require for detecting all errors.”
o “Exhaustive testing is not possible”
The test plan is one of the essential stages in the framework testing. It serves to the
general population who are working outside the testing field. The correct arranging
makes the item to build up to customer. The test arrange gives the documentation of the
exercises performed for programming testing and its serves to approve the yield work.
It is test where every one of the exhibitions are planned with the product testing
procedure and individual set programming's are coordinated to perform in a gathering to
run the one program. The fulfillment of this testing leads just when exhibitions of every
necessities, programming modules and programming design. The yield execution makes
when all reconciliation test modules are determined to play out the testing procedure with
craving input. At long last mix testing furnishes end-client with accuracy of the yield
with determined programming testing.
Test cases are the arrangement of conditions that are being utilized to mediate an
application by building up the testing of all the required things that must be tried whether
the application is working legitimately or not. It will check the target and the objective a
framework should be accomplished. At long last the info which must be given and the
normal yield from the framework are to be known the execution of the framework can be
additionally checked.
CHAPTER 8
CONCLUSION
In this article, we proposed a new revocable IBE scheme with a cloud revocation
authority (CRA), in which the revocation procedure is performed by the CRA to alleviate
the load of the PKG. This outsourcing computation technique with other authorities has
been employed in Li et al.’s revocable IBE scheme with KU-CSP. However, their scheme
requires higher computational and communicational costs than previously proposed IBE
schemes. For the time key update procedure, the KU-CSP in Li et al.’s scheme must keep
a secret value for each user so that it is lack of scalability. In our revocable IBE scheme
with CRA, the CRA holds only a master time key to perform the time key update
procedures for all the users without affecting security. As compared with Li et al.’s
scheme, the performances of computation and communication are significantly improved.
By experimental results and performance analysis, our scheme is well suited for mobile
devices. For security analysis, we have demonstrated that our scheme is semantically
secure against adaptive-ID attacks under the decisional bilinear Diffie-Hellman
assumption. Finally, based on the proposed revocable IBE scheme with CRA, we
constructed a CRA aided authentication scheme with period-limited privileges for
managing a large number of various cloud services.
REFERENCES
[2] D. Boneh and M. Franklin, “Identity-based encryption from the Weil pairing,” Proc.
Crypto’01, LNCS, vol. 2139, pp. 213-229, 2001.
[3] R. Housley, W. Polk, W. Ford, and D. Solo, “Internet X.509 public key infrastructure
certificate and certificate revocation list (CRL) profile,” IETF, RFC 3280, 2002.
[4] W. Aiello, S. Lodha, and R. Ostrovsky, “Fast digital identity revocation,” Proc.
Crypto’98, LNCS, vol. 1462, pp. 137-152, 1998.
[5] M. Naor and K. Nissim, “Certificate revocation and certificate update,” IEEE Journal
on Selected Areas in Communications, vol.18 , no. 4, pp. 561 - 570, 2000.
[8] V. Goyal, “Certificate revocation using fine grained certificate space partitioning,”
Proc. Financial Cryptography, LNCS, vol. 4886, pp.247-259, 2007.
[9] D. Boneh, X. Ding, G. Tsudik, and C.-M. Wong, “A Method for fast revocation of
public key certificates and security capabilities,” Proc.10th USENIX Security Symp., pp.
297-310. 2001.
[10] X. Ding and G. Tsudik, “Simple identity-based cryptography with mediated RSA,”
Proc. CT-RSA’03, LNCS, vol. 2612, pp. 193-210, 2003.
[11] B. Libert and J. J. Quisquater, “Efficient revocation and threshold pairing based
cryptosystems,” Proc. PODC2003, pp. 163-171, 2003.
[12] J. Baek and Y. Zheng, “Identity-based threshold decryption,” Proc. PKC’04, LNCS,
vol. 2947, pp. 262-276, 2004.
[13] H.-S. Ju, D.-Y. Kim, D.-H. Lee, H. Park, and K. Chun, “Modified ID-based
threshold decryption and its application to mediated IDbased encryption,” Proc.
APWeb2006, LNCS, vol. 3841, pp. 720-725,2006.
[17] J.-H. Seo and K. Emura, “Revocable identity-based encryption revisited: security
model and construction,” Proc. PKC’13, LNCS, vol. 7778, pp. 216-234, 2013.
[18] S. Park, K. Lee, and D.H. Lee, “New constructions of revocable identity-based
encryption from multilinear maps,” IEEE Transactions on Information Forensics and
Security, vol.10 , no. 8, pp. 1564- 1577, 2015.
[19] C. Wang, Y. Li, X. Xia, and K. Zheng, “An efficient and provable secure revocable
identity-based encryption scheme,” PLoS ONE, vol. 9, no. 9, article: e106925, 2014.
[20] A. Lewko A and B. Waters, “New techniques for dual system encryption and fully
secure hibe with short ciphertexts,” Proc. TCC’10, LNCS, vol. 5978, pp. 455-479, 2010.
[21] J.-H. Seo and K. Emura, “Efficient delegation of key generation and revocation
functionalities in identity-based encryption,” Proc.CT-RSA’13, LNCS, vol. 7779, pp.
343-358, 2013.
[22] J.-H. Seo and K. Emura, “Revocable hierarchical identity-based encryption: history-
free update, security against insiders, and short Ciphertexts,” Proc. CT-RSA’15, LNCS,
vol. 9048, pp. 106-123, 2015.
[23] Y.-M. Tseng. and T.-T. Tsai, “Efficient revocable ID-based encryption with a public
channel,” Computer Journal, vol.55, no.4, pp.475-486, 2012.
[24] J. Li, J. Li, X. Chen, C. Jia, and W. Lou, “Identity-based encryption with outsourced
revocation in cloud computing,” IEEE Trans. On Computers, vol. 64, no. 2, pp. 425-437,
2015.
[26] E. Fujisaki and T. Okamoto, “How to enhance the security of public-key encryption
at minimum Cost,” Proc. PKC’99, LNCS, vol.1560, pp. 53-68, 1999.
[28] J. S. Coron, “On the exact security of full domain hash,” Proc.Crypto’00, LNCS,
vol. 1880, pp. 229-235, 2000.
[29] M. Scott, “Computing the Tate pairing,” Proc. CT-RSA’05, LNCS, vol. 3376, pp.
293-304, 2005
[31] T.-Y. Wu and Y.-M. Tseng, “An efficient user authentication and key exchange
protocol for mobile client-server environment,” Computer Networks, vol. 54, no. 9, pp.
1520-1530, 2010.
[32] B. Lynn (2015), Java Pairing Based Cryptography Library (JPBC) [Online].
Available: http://gas.dia.unisa.it/projects/jpbc/benchmark.html
[33] A. Wander, N. Gura, H. Eberle, V. Gupta, and S. Shantz, ”Energy analysis of public-
key cryptography for wireless sensor networks,”Proc. 3rd IEEE International Conf.
Pervasive Computing Commun,pp. 324-328, 2005.
[36] V. Goyal, O. Pandey, A. Sahai, and B. Waters, ”Attribute-based encryption for fine-
grained access control of encrypted data,” Proc.ACM CCS, pp. 89-98, 2006.
[39] P.-W. Chi and C.-L. Lei, ”Audit-free cloud Storage via deniable attribute-based
encryption,” IEEE Transactions on Cloud Computing, article in press (DOI:
10.1109/TCC.2015.2424882), 2015.
[41] H. Qian, J. Li, Y. Zhang, and J. Han, ”Privacy preserving personal health record
using multi-authority attribute-based encryption with revocation,” International Journal
of Information Security, vol. 14, no. 6, pp. 487-497, 2015.
[42] A. Fiat and A. Shamir, “How to prove yourself: practical solutions to identification
and signature Problems,” Proc. Crypto’ 86, LNCS, vol. 263, pp. 186-194, 1987.
[45] Y.-M. Tseng, T.-Y. Wu, and J.-D. Wu, “A pairing-based user authentication scheme
for wireless clients with smart cards,” Informatica,vol. 19, no. 2, pp. 285-302, 2008.
[46] C. Kaufman, P. Hoffman, Y. Nir, P. Eronen, and T. Kivinen, “Internet key exchange
protocol version 2 (IKEv2) ,” IETF, RFC 7296,2014.
[47] A. Freier, P. Karlton, and P. Kocher, “The secure sockets layer (SSL) protocol
version 3.0,” IETF, RFC 6101, 2011.