A Secure Multimedia Data Sharing Scheme for Wireless Networkdownloads.hindawi.com/journals/scn/2018/5037892.pdf · 2019. 7. 30. · ResearchArticle A Secure Multimedia Data Sharing

Research ArticleA Secure Multimedia Data Sharing Scheme for Wireless Network

Liming Fang12 Liang Liu 12 Jinyue Xia3 and Maosheng Sun4

1Nanjing University of Aeronautics and Astronautics 29 Yudao Street Nanjing Jiangsu 210016 China2Key Laboratory of Computer Network Technology of Jiangsu Province China3IBM 3039 E Cornwallis Rd Research Triangle Park NC 27709 USA4Yangzhou University 88 South University Ave Yangzhou Jiangsu 225009 USA

Correspondence should be addressed to Liang Liu flm12311231hotmailcom

Received 12 June 2018 Accepted 3 September 2018 Published 18 October 2018

Guest Editor Zhaoqing Pan

Copyright copy 2018 Liming Fang et al This is an open access article distributed under the Creative Commons Attribution Licensewhich permits unrestricted use distribution and reproduction in any medium provided the original work is properly cited

A large number of wireless devices like WiFi cameras and 4G robots have been deployed in the rapidly growing wireless networksuch as Internet of Things All of the devices (sensors) are collecting and analyzing multimedia data all the time while they areactively working and it is also required to share data among these the sensors Typically the wireless data is transmitted throughthe network gateway or the cloud platforms In such a wireless environment if there is no appropriate protection to the data itis easy to cause potential data leakage In reality the owner of the sensor might only want to share the multimedia data stored inthe sensor with a trusted third party (eg a family member or a coworker) through an internet gateway or the cloud platformIdeally the gateway or the cloud platform in the wireless network should transform one userrsquos encrypted data (wireless multimediadata) directly into another ciphertext under a set of new users (eg a trusted third party) without accessing the userrsquos plaintextdata In this work a new secure notion called fuzzy-conditional proxy broadcast re-encryption (FC-PBRE) is presented to addressthe concern In a FC-PBRE scheme the proxy (the gateway or cloud server) uses a broadcast re-encryption key to re-encrypt theencrypted wireless multimedia data which can be decrypted by a set of delegatees if and only if the broadcast keyrsquos conditional set119882 is close to the conditional set 1198821015840 of the ciphertext With the FC-PBRE scheme the wireless multimedia data is not disclosedand cannot be learnt by the proxy (the gateway or cloud server) In this paper we first present the definition of security againstchosen-ciphertext attacks for FC-PBRE Second we propose an efficient fuzzy-conditional proxy broadcast re-encryption schemeThird we prove that our FC-PBRE scheme is CCA-secure in the randomoraclemodel based on theDecisional nBDHE assumption

1 Introduction

Generally a user (can be an attacker) has the access to the datastored in the wireless devices via (1) a direct connection withthe devices (2) the gateway of the network and (3) a cloudplatform Because many wireless devices need to localize theconfiguration before they start working they usually havea backend configuration interface (eg WEB PC) openMoreover the devices sometimes go offline even when theyare actively working As a result the attacker can simply hackthe login system of the configuration interface and obtainthe multimedia data In this case even though the deviceand the cloud have been authenticated and encrypted (egusing SSL) the attack cannot be prevented So ensuring themultimedia data to be stored and shared securely has becomeextremely important [1ndash8] To share the data partially it

would be good if all themultimedia data are encrypted via thedata ownerrsquos public key For example the device owner cangive the data permission of the wireless camera configurationto the maintenance engineer but the maintenance is notallowed to access to the video data Obviously such ascheme cannot allow sharing the private key directly with themaintenance engineer because sharing the private key meansexposing the data to the engineer

One approach to ensure data confidentiality in the wire-less network is that user data can be encrypted before it isupdated into the server The encryption technology is aneffective way to protect user data however it does have somedrawbacks For example when a cloud user Alice shares herdata with another user Bob her encrypted data cannot beas the plain data and cloud servers should not be directlytransmitted to the shared userrsquos ciphertext because users

HindawiSecurity and Communication NetworksVolume 2018 Article ID 5037892 10 pageshttpsdoiorg10115520185037892

2 Security and Communication Networks

(including Bob) cannot decrypt the received data Of courseone easy way for Alice to fix this issue is to download herown encrypted data that is saved in the cloud then decryptand upload the decrypted data to the cloud again and finallysend it to Bob who Alice wants to share the data Howeverusing this method the userrsquos data will be obtained by theuntrusted third-party cloud which cannot guarantee the dataconfidentiality Therefore in the cloud storage environmenta security mechanism is needed to allow the cloud server totransform the encrypted data of users directly into anothershared userrsquos encrypted data without accessing the userrsquosplaintext data

Since the data security problem of users in the nontrustedthird-party cloud server is increasingly prominent and tradi-tional encryption technology has been unable to meet theseapplication needs the cloud server really should be able toconvert a userrsquos ciphertext to a secondrsquos user ciphertext onthe basis of not involving decryption There have been quitea few researches done in this area to address this concernFor example proxy re-encryption [9] can directly transferencrypted data of a user Alice stored in a nontrusted third-party cloud under the authorization of Alice into user Bobrsquosciphertext so as to achieve data sharing of Alice and BobBecause of this feature proxy re-encryption has been appliedin IoT cloud computing email forwarding systems [9] anddistributed file systems [10] In proxy re-encryption the thirdparty can convert all Alicersquos ciphertexts into Bobrsquos ciphertextbut in many applications Alice hopes that the third party canonly transform some specific conditions of ciphertext insteadof all ciphertext For example the owners of wireless devicesmight only want to share part of the encrypted multimediadata instead of sharing all the data with a group of otherusers To achieve that goal conditional proxy re-encryptionwas proposed to provide such a mechanism that allows Aliceto freely determine which encrypted data needs to be sharedwith Bob [11] The third party in the conditional proxy re-encryption scheme has the ability to convert a ciphertext onlyif it meets certain specific conditions

For applications like group photo sharing howeverconditional proxy re-encryption scheme becomes a problemif one personrsquos multimedia needs to be shared with a groupof users via a cloud platform For example in a scenario ofa picturersquos owner (Alice) who wishes to share the encryptedphoto data with the family members the cloud cannotdirectly forward the owner Alicersquos encrypted data of camerato a group of family members since only Alice has theprivate key to decrypt after forwarding Although conditionalproxy re-encryption can convert Alicersquos ciphertext into adifferent ciphertext only the one person can decrypt theciphertext not a group of people to decrypt Thus it cannotbe adapted to the situation of group data sharing Recentlythe conditional proxy broadcast re-encryption(C-PBRE) waspresented [12] to resolve the issue In a C-PBRE scheme auserrsquos ciphertext can be transformed to another ciphertextfor a group of users by a third party proxy Moreover thethird-party proxy can only convert ciphertext with specificconditions

Although the C-PBRE has addressed some concerns stillthere is a flaw which is that the C-PBRE scheme cannot

support fuzzy condition matching Here we give an exampleof an online medical service system to show the importanceof fuzzy condition matching and the fuzzy-conditional proxybroadcast re-encryption (FC-PBRE) Usually a multimediaelectronicmedical record is a system that tracks the electronicmedical record of the patients It integrates image videoaudio and text and everything can be stored in the cloud atthe same time Doing so enables the medical staff to look upall medical records related to the patient such as an MRI orX-ray image from a PC or a smart phone In order to protectpatient privacy of multimedia electronic medical recordswe need to encrypt and protect relevant data But how toimplement the sharing of multimedia electronic medicalrecords after encryption is a difficult problem and FC-PBREcomes to solve this problem More specifically in an onlinemedical system patients are more likely to find a doctorwho meets the following requirements for the treatment ofa cold We can simply denote the requirements as followsR1 = (ldquoColdrdquo and ldquofeverrdquo and ldquorunny noserdquo and ldquosore throatrdquo) WithR1 a patient can encrypt her health record before she uploadsit to the medical system However the medical system cannotdirectly access the disease record in this case because itdoes not necessarily have a matching secret key under R1What the system can do is re-encrypt the ciphertext so thatother doctors may be able to see the case as long as thesedoctors meet at least 119889(119889 le |R1|) conditions of R1 Byadopting FC-PBRE a doctor sets up a different access policyR2 and sends a re-encryption key 119903119896R1

to the proxy Whena doctor is away the proxy can re-encrypt the ciphertext ifand only if |R1 cap R2| ge 119889 However in many situations Alicemay want to cooperate with a set of colleagues satisfyingR2 to consultation on the patientrsquos condition In traditionalFC-PRE if Alice wants to consulate with 119873 colleagues theproxy needs to perform 119873 re-encryption operations Theproblem though is that the proxyrsquos computation is linearwith 119873 this may not be desirable in terms of the complexityIn contrast in FC-PBRE the proxy can re-encrypte Alicersquosciphertext to a group of users at one time As a resultan FC-PBRE scheme is likely to resolve this complexityproblem

In the multimedia data sharing environment it is neededto have a secure mechanism that allows the cloud server totransform one userrsquos encrypted data directly into anotherciphertext under a set of new users without accessing theuserrsquos plaintext data In this paper fuzzy-conditional proxybroadcast re-encryption (FC-PBRE) is proposed to addressthe concern In FC-PBRE the proxy uses a broadcast re-encryption key to re-encrypt a ciphertext which can bedecrypted by a set of delegatees if and only if the broadcastkeyrsquos conditional set 119882 is close to the conditional set 1198821015840

of the ciphertext With the FC-PBRE scheme the plaintextdata is not disclosed and cannot be learnt by the proxyThe paper is structured as follows First we introduce thesecurity definition against chosen-ciphertext attacks for FC-PBRE Second our efficient fuzzy-conditional proxy broad-cast re-encryption scheme is presented Finally we provethat our FC-PBRE scheme is CCA-secure in the randomoracle model based on the Decisional nBDHE assump-tion

Security and Communication Networks 3

2 Related Work

Proxy re-encryption [9] can directly transfer encrypted dataof user Alice stored in nontrusted third-party cloud underthe authorization of Alice into user Bob ciphertext so as toachieve data sharing of Alice and Bob But the third party cantransform all Alicersquos ciphertext into Bobs ciphertext in PREscheme but in many applications Alice hopes that the thirdparty can only transform some specific conditions of cipher-text instead of all ciphertext In a C-PRE scheme [11] only theone ciphertext from Alice that meets certain specific condi-tions can be converted by third parties into a Bobrsquos ciphertextTherefore with conditional proxy re-encryption Alice candetermine which ciphertext for third parties to re-encryptthus a flexible control of the ciphertext can be observedWenget al [11] proposed conditional proxy re-encryption schemeand they proved that it is chosen-ciphertext attack secure inthe random oracle model Similarly Tang [13] proposed atype based proxy re-encryption scheme a secure proxy re-encryption with keyword search scheme and it is provensecure in the random oracle model [14] On top of thekeyword search scheme an anonymous conditional proxyre-encryption with keyword search scheme was proposed byFang et al [15] On the paper they also proved that theirscheme is chosen-ciphertext secure Fang et al [16] presenteda fuzzy-conditional proxy re-encryption scheme and provedthe security in the random oracle model The scheme cansupport fuzzy matching between multiple keywords thatis only some key words in the re-encryption key satisfythe matching and the third party can complete the re-encryption

Without the random oracle a conditional proxy re-encryption scheme [17] was proposed to support a morefine-grained access strategy under the standard model Ref-erence [18] designed an identity based proxy re-encryptionmechanism for multiple hop (Multihop) under the standardmodel In this scheme the re-encrypt ciphertext can still bere-encrypted repeatedly and the length of ciphertext does notincrease with the number of re-encryptions So the length ofthe ciphertext is constant

With regard to anonymity Ateniese et al [19] came outwith the idea of anonymous proxy re-encryption and provedthat their scheme is chosen plaintext attack security underthe standard model With anonymous proxy re-encryptionan attacker cannot obtain userrsquos identity from the key Later anew scheme was proposed to achieve the security of chosen-ciphertext attack with the random oracle [20] SubsequentlyShao et al improved the scheme by using the standardmodel for the security proof [21] Followed by Shao et alrsquoswork a security model is enhanced for anonymous proxy re-encryption [22] In the securitymodel of [22] it allows attack-ers to get re-encrypted queries directly instead of obtainingre-encrypted query by acquiring re-encryption key queryShao et al [23] proposed an anonymous ID based proxyre-encryption to extend anonymous proxy re-encryptionto identity based anonymous proxy re-encryption Theirscheme is proven secure in the random oracle model Ananonymous identity based multiuser identity based proxy re-encryption scheme was proven CCA-secure in the standard

model [18] The same literature also analyzed its applica-tion in privacy protection and data sharing in big datastorage system The above schemes are about proxy anony-mous encryption with user identity anonymity A keywordanonymity conditional proxy re-encryption scheme [24] wasdemonstrated to achieve the anonymity of conditions

3 Preliminaries

31 Bilinear Map 119866 and 119866119879 denote two multiplicative cyclicgroups with the same prime order 119901 119892 is a generator of group119866 A bilinear pairing is a bilinear map 119890 119866 times 119866 997888rarr 119866119879 withthe following properties

(1) 119890(119880119886 119881119887) = 119890(119880 119881)119886119887 for all 119886 119887 119877larr997888 119885lowast119901 and 119880 119881 isin 119866

(2) 119890(119880 119880) = 1(3) 119890(119880 119881) can be computed in polynomial time for all119880 119881 isin 119866

32 The n-BDHE Assumption If 119901 is a prime let 119885119901 denotethe set 0 1 119901 minus 1 and 119885lowast

119901 denote the set 1 2 119901 minus 1Let 119890 119866 times 119866 997888rarr 119866119879 be a bilinear map Given 2119899 + 1 elements

(120583 ] ]120574 ]1205742 ]120574119899 ]120574119899+2 ]1205742119899) isin 1198662119899+1 (1)

and an element 119879 isin 119866119879 the adversaryrsquos task is to decide if119879 997904997904997904 119890(120583 ])120574119899+1 Denote ]120574119894 as ]119894 and define the advantage of an adversary

A as

119860119889V119899minus119861119863119867119864119866A

= 1003816100381610038161003816100381610038161003816100381610038161003816119875119903 [A (120583 ] ]1 ]119899 ]119899+2 ]2119899 119890 (]119899+1 120583)) = 1]minus119875119903 [A (120583 ] ]1 ]119899 ]119899+2 ]2119899 119879) = 1]

1003816100381610038161003816100381610038161003816100381610038161003816(2)

where ] 120583 isin 119866 120574 isin 119885lowast119901 and 119879 isin 119866119879 are randomly chosen

We conclude that the n-BDHE assumption relative to (119866 119866119879)holds [25] if 119860119889V119899minus119861119863119867119864

119866A is negligible for all probabilitypolynomial time (PPT) adversary A

4 FC-PBRE Model and Security Notion

Two security definitions for fuzzy-conditional proxy broad-cast re-encryption as well as its model are introduced in thissection

Definition 1 (FC-PBRE) A (single-use) proxy broadcast re-encryption scheme runs the following algorithms

(i) 119878119890119905119906119901(120582 119899 119889) in the setup step for the input 120582 isthe security parameter 119899 is the maximum allowednumber of users and 119889 is the threshold The systemat this step generates a public key 119875119870 and a mastersecret key 119872119870

(ii) 119870119890119899119866119890119899(119875119870 119872119870 119894) given the public key 119875119870 themaster key 119872119870 and a user 119894 the system generatessecret key 119904119896119894 for the user 119894


(iii) 119864119899119888119903119910119901119905(119875119870 119878 119898 119882) the 119864119899119888119903119910119901119905() algorithm takesthe public key 119875119870 a user sets 119878 sube 1 2 119899 amessage 119898 and a set of keywords 119882 as the input itthen outputs the ciphertext 119862 for the user set 119878 withcondition set 119882

(iv) 119877119890119870119866119890119899(119875119870 119904119896119894 1198781015840 1198821015840) on inputting 119875119870 the userrsquosprivate key 119904119896119894 a set of users (1198781015840 sube 1 2 119899) anda keywords set 1198821015840 outputs the re-encryption key11990311989611989011991011989411987810158401198821015840

(v) 119877119864119899119888(119875119870 11990311989611989011991011989411987810158401198821015840 119894 119878 1198781015840 119862) with the public key119875119870 a re-encryption key 1199031198961198901199101198941198781015840 1198821015840 the user 119894 two dif-ferent user sets 119878 and 1198781015840 and the original ciphertext119862this algorithm computes the re-encrypted ciphertext119862119877 This step requires |119882 cap 1198821015840| ge 119889 where 119889 is thethreshold and if the condition cannot be met an errorsymbol perp will be output instead

(vi) 1198631198901198881199031199101199011199051198712(119875119870 119904119896119894 119894 119878 119862) 1198631198901198881199031199101199011199051198712 represents thedecryption algorithm for the original ciphertext Ittakes the public key 119875119870 user 119894 the private key 119904119896119894 ofthe user 119894 a set of users 119878 and ciphertext 119862 for userset 119878 and it outputs the plaintext 119898

(vii) 1198631198901198881199031199101199011199051198711(119875119870 119904119896119895 119894 119895 119878 1198781015840 119862119877) 1198631198901198881199031199101199011199051198711 repre-sents the re-encrypted ciphertext decryption algo-rithm It outputs the plaintext 119898 from the input of apublic key a userrsquos private key 119904119896119895 users 119894 119895 user sets119878 1198781015840 and a re-encrypted 119862119877 If the algorithm abortsit outputs perp

Correctness The definition of the correctness of a FC-PBRE scheme is as follows given two user sets 119878 1198781015840condition sets 119882 1198821015840 119862 = 119864119899119888119903119910119901119905(119875119870 119878 119898 119882) and11990311989611989011991011989411987810158401198821015840 = 119877119890119870119866119890119899(119875119870 119904119896119894 1198781015840 1198821015840) then 119862119877 = 119877119864119899119888(11987511987011990311989611989011991011989411987810158401198821015840 119894 119878 1198781015840 119862) if |119882 cap 1198821015840| ge 119889119875119903[1198631198901198881198881199101199011199051198712(119875119870 119904119896119894 119894 119878 119862) = 119898] = 1 if 119894 isin 119878119875119903[1198631198901198881199031199101199011199051198711(119875119870 119904119896119895 119894 119895 119878 1198781015840 119862119877) = 119898] = 1 if 119895 isin 1198781015840

The game-based model is used to define the security forthe FC-PBRE scheme Similar to a security model from [25]the CCA security of the FC-PBRE scheme is considered inthe selective-set model In such a model the adversary issupposed to commit ahead the challenge user set 119878lowast and thecondition set 119882lowast

Definition 2 (IND-set-CCA game) The following lists twogames between one adversary A and a challenger C

Game 1 is to consider the security of the original cipher-texts We define the IND-OR-CCA game as follows

(1) Init In the initial phase the adversary A selects atarget users set 119878lowast sube 1 2 119899 and the conditionset 119882lowast = 120596lowast

1 120596lowast2 120596lowast

119899 (2) Setup At this stage of the game the challengerC runs119878119890119905119906119901(119899) and as a result he can generate the public

key 119875119870 and the master key 119872119870 Then he gives 119875119870 toA

(3) Query phase 1Amakes the following queries

(a) 119864119909119905119903119886119888119905(119894) the challenger runs 119904119896119894 =119870119890119910119866119890119899(119875119870 119872119870 119894) and returns 119904119896119894 toA(b) 119877119890119870119866119890119899(119894 1198781015840 1198821015840) C runs 1199031198961198901199101198941198781015840 1198821015840 =119877119890119870119866119890119899(119875119870 119904119896119894 1198781015840 1198821015840) and 119904119896119894 =119870119890119910119866119890119899(119875119870 119872119870 119894) and returns 1199031198961198901199101198941198781015840 1198821015840

toA(c) 119877119864119899119888(119894 119878 1198781015840 119862) C runs 119877119864119899119888(119875119870 1199031198961198901199101198941198781015840 1198821015840 119894 119878 1198781015840 119862) where 1199031198961198901199101198941198781015840 1198821015840 = 119877119890119870119866119890119899(119875119870 1199041198961198941198781015840 1198821015840) and 119904119896119894 = 119870119890119910119866119890119899(119875119870 119872119870 119894) and

returns the output toA(d) 1198631198901198881199031199101199011199051198712(119894 119878 119862) C runs 1198631198901198881199031199101199011199051198712(119875119870 119904119896119894119894 119878 119862) where 119904119896119894 = 119870119890119910119866119890119899(119875119870 119872119870 119894) and

returns the output toA(e) 1198631198901198881199031199101199011199051198711(119894 119895 119878 1198781015840 119862119877) C runs119863119890119888r1199101199011199051198711(119875119870 119904119896119895 119894 119895 119878 1198781015840 119862119877) where 119904119896119895 =119870119890119910119866119890119899(119875119870 119872119870 119895) and returns the output to

A

A has to follow the restrictions in this phase FirstA cannot make 119864119909119905119903119886119888119905(119894) for any 119894 isin 119878lowast second Acannot make 119877119890119870119866119890119899(119894 1198781015840 1198821015840) and 119864119909119905119903119886119888119905(119895) if 119894 isin119878lowast 119895 isin 1198781015840 and |1198821015840 cap 119882lowast| ge 119889

(4) Challenge As soon as A finishes Query phase 1A computes two equal length messages (1198980 1198981) Cselects a bit 119887 isin 0 1 and sets the challenge ciphertextto be 119862lowast = 119864119899119888119903119910119901119905(119875119870 119898119887 119878lowast 119882lowast) 119862lowast is then senttoA

(5) Query phase 2 In addition to the restrictions inphase 1 A continues making queries with the fol-lowing extra restrictions A is not allowed to run119877119864119899119888(119894 119878lowast 1198781015840 119862lowast) and 119864119909119905119903119886119888119905(119895) if 119894 isin 119878lowast and 119895 isin 1198781015840

(a) A is not allowed to run1198631198901198881199031199101199011199051198712(119894 119878lowast 119862lowast) forany 119894 isin 119878lowast

(b) A is not allowed to run 1198631198901198881199031199101199011199051198711(119894 119895 119878lowast1198781015840 119862119877) if 119894 isin 119878lowast 119895 isin 1198781015840 and 119862119877 = 119877119864119899119888(119894 119878lowast1198781015840 119862lowast)(6) Guess A makes the guess for 1198871015840 The adversary wins

the game if 1198871015840 = 119887The above adversary A is referred to as an IND-OR-CCAadversary The advantage is defined as

119860119889V1198661198861198981198901A119899 = 1003816100381610038161003816100381610038161003816119875119903 [1198871015840 = 119887] minus 121003816100381610038161003816100381610038161003816 (3)

Game 2 IND-Re-CCA game is used for the indistin-guishability of the re-encrypted ciphertext

(1) Init To begin the game an adversaryA selects a targetusers set 119878lowast sube 1 2 119899 and a condition set 119882lowast =120596lowast


119899 (2) Setup The challenger C generates the public key 119875119870

and master key 119872119870 by running runs 119878119890119905119906119901(119899) ThenC gives 119875119870 toA

(3) Query phase 1 The adversary Amakes the followingqueries


(a) 119864119909119905119903119886119888119905(119894)C gets 119904119896119894 from119870119890119910119866119890119899(119875119870 119872119870 119894)Then it returns it toA Note thatA cannot make119864119909119905119903119886119888119905(119894) for any user 119894 isin 119878lowast

(b) 119877119890119870119866119890119899(119894 1198781015840 1198821015840) C runs 11990311989611989011991011989411987810158401198821015840 =119877119890119870119866119890119899(119875119870 119904119896119894 1198781015840 1198821015840) where 119904119896119894 =119870119890119910119866119890119899(119875119870 119872119870 119894) and returns 11990311989611989011991011989411987810158401198821015840

toA(c) 1198631198901198881199031199101199011199051198711(119894 119895 119878 1198781015840 119862119877) C runs1198631198901198881199031199101199011199051198711(119875119870 119904119896119895 119894 119895 119878 1198781015840 119862119877) where 119904119896119895 =119870119890119910119866119890119899(119875119870 119898119904119896 119895) and returns the result to

A

(4) Challenge OnceA finishes Query phase 1A outputstwo equal length messages (1198980 1198981) Challenger C

chooses a bit 119887 isin 0 1 and sets the challenge cipher-text to be 119862lowast = 119877119864119899119888(119875119870 119903119896119890119910119894119878lowast 119882lowast 119894 119878 119878lowast 119862)where 119894 isin 119878 119894 notin 119878lowast and 119862 = 119864119899119888119903119910119901119905(119875119870 119898119887 119878 119882lowast)119862lowast is returned to the adversary A

(5) Query phase 2 A continues making queries but issubject to the following restrictions

(a) A cannot make 119864119909119905119903119886119888119905(119894) for any 119894 isin 119878lowast(b) A cannot make 1198631198901198881199031199101199011199051198711(119894 119895 119878 119878lowast 119862lowast) if 119894 isin119878 and 119895 isin 119878lowast

(6) Guess Amakes the guess 1198871015840 The adversary wins thegame if 1198871015840 = 119887

The above adversary A is referred as an IND-Re-CCAadversary Its advantage is defined as

119860119889V1198661198861198981198902A119899 = 1003816100381610038161003816100381610038161003816119875119903 [1198871015840 = 119887] minus 12 1003816100381610038161003816100381610038161003816 (4)

A fuzzy-conditional proxy broadcast re-encryptionscheme is called IND-Set-CCA-secure if for all PPTadversary A 119860119889V1198661198861198981198901

A119899 and 119860119889V1198661198861198981198902A119899 are negligible

5 The Proposed FC-PBRE Scheme

51 Our Construction A Lagrange coefficient Δ 120596119878(119909) isdefined for 120596 isin 119885119901 and a set 119878 of elements in 119885119901

Δ 120596119878 (119909) = prod119894isin119878119894 =120596

119909 minus 119894120596 minus 119894 (5)

Our FC-PBRE scheme contains the following algorithms

(i) 119878119890119905119906119901(120582 119899 119889) Let 119872 = 0 1119896 denote the messagespace The algorithm randomly selects 120572 120574 isin 119885119901 and119885 isin 119866 and computes ]119894 = 119892120572119894 for 119894 = 1 2 119899 119899 +2 2119899 Let 119867119886119904ℎ1 0 1119896 times 119866119879 997888rarr 119885lowast

119901 119867119886119904ℎ2 119866119879 997888rarr 0 1119896119867119886119904ℎ3 119866119879 times119866times119866times119866times0 1119896 997888rarr 119866119867119886119904ℎ4 119885lowast119901 997888rarr 119866 and 119867119886119904ℎ5 0 1119896 997888rarr 119885lowast

119901

be collusion-resistant hash functions It computes 120592 =

119892120574 119878119890119905119906119901(120582 119899 119889) outputs the public key 119875119870 and themaster key 119872119870 for the cloud server as follows

119875119870 = (] ]1 ]119899 ]119899+2 ]2119899 120592 119885 119867119886119904ℎ1 119867119886119904ℎ2 119867119886119904ℎ3119867119886119904ℎ4)

119872119870 = 120574(6)

(ii) 119870119890119910119866119890119899(119875119870 119872119870 119894) The secret key for a cloud user 119894is generated in this phase where

119904119896119894 = ]120574119894 (7)

(iii) 119864119899119888119903119910119901119905(119875119870 119878 119898 119882) To encrypt a plaintext 119898 isin 119872under the set 119878 sube 1 2 119899 with condition 119882 itrandomly picks a119877 isin 119866119879 computes 119905 = 119867119886119904ℎ1(119898 119877)and outputs the results of the ciphertext 119862 =(1198621 1198622 1198623 1198624 1198625 1198626)

1198621 = 119877 sdot 119890 (]1 ]119899)119905 1198622 = ]1199051198623 = (120592 sdot prod

119895isin119878

]119899+1minus119895)119905

1198624 = (119862120596 = 119867119886119904ℎ4 (120596)119905)120596isin119882

1198625 = 119898 oplus 119867119886119904ℎ2 (119877) 1198626 = 119867119886119904ℎ3 (1198621 1198622 1198623 1198624 1198625)119905

(8)

(iv) 119877119890119870119866119890119899(119875119870 119904119896119894 1198781015840 1198821015840) On inputting 119904119896119894 = ]120574119894 1198781015840 isin1 2 119899 and 1198821015840 it randomly selects 120590 isin 0 1119896

and a polynomial119891(119909)with119889minus1degree where119891(0) =119867119886119904ℎ5(120590) For each 120596 isin 1198821015840 it selects a random value119903120596 and computes

119886 = (119886120596 = 119904119896119894 sdot 119885119902(120596)119867119886119904ℎ4 (120596)119903120596)120596isin1198821015840 119887 = (119887120596 = ]119903120596)120596isin1198821015840 (9)

It chooses random value 119904 isin 119885lowast119901 1198771015840 isin 1198662 computes1199051015840 = 119867119886119904ℎ1(120590 1198771015840) and sets

1199031198961198901199101 = 1198771015840 sdot 119890 (]1 ]119899)1199051015840 1199031198961198901199102 = ]1199051015840 1199031198961198901199103 = (120592 sdot prod

119895isin1198781015840

]119899+1minus119895)1199051015840

1199031198961198901199104 = 120590 oplus 119867119886119904ℎ2 (1198771015840) 1199031198961198901199105 = 119867119886sℎ3 (1199031198961198901199101 1199031198961198901199102 1199031198961198901199103 1199031198961198901199104)1199051015840

(10)


It outputs the re-encryption key 11990311989611989411987810158401198821015840 = (119886 1198871199031198961198901199101 1199031198961198901199102 1199031198961198901199103 1199031198961198901199104 1199031198961198901199105)(v) 119877119864119899119888(119875119870 11990311989611989011991011989411987810158401198821015840 119894 119878 1198781015840 119862) On inputting a re-

encryption key 1199031198961198901199101198941198781015840 1198821015840 = (119886 119887 1199031198961198901199101 1199031198961198901199102 11990311989611989011991031199031198961198901199104 1199031198961198901199105) and a ciphertext 119862 = (1198621 1198622 1198623 11986241198625 1198626) it verifies whether the following hold119890 (1198622 120592 sdot prod

119895isin119878

]119899+1minus119895) 997904997904997904 119890 (] 1198623) (11)

119890 (1198622 119867119886119904ℎ4 (120596))120596isin119878

997904997904997904 119890 (] 119862120596)120596isin119878 (12)

119890 (1198622 119867119886119904ℎ3 (1198621 1198622 1198623 1198624 1198625)) 997904997904997904 119890 (] 1198626) (13)

If not it outputs perp Otherwise it randomly selects a119889 element set 119865 sube 119882 cap 1198821015840 If such a set 119865 cannot befound the algorithm outputs perp or else it computes

1198621 = 1198621

sdot prod120596isin119865

(119890 (1199031198961198901199100 sdot prod119895isin119878119895 =119894]119899+1minus119895+119894 1198622)119890 (]119894 1198623) sdot 119890 (119887120596 119862120596) )Δ120596119865(0) (14)

Then the re-encrypted ciphertext is 119862119877 = (1198621 11986221198625 1199031198961198901199101 1199031198961198901199102 1199031198961198901199103 1199031198961198901199104 1199031198961198901199105)(vi) 1198631198901198881199031199101199011199051198712(119875119870 119904119896119894 119894 119878 119862) It takes a secret key 119904119896119894

and a ciphertext 119862 = (1198621 1198622 1198623 1198624 1198625 1198626) as theinputs it

(1) verifies if the three equations (11)ndash(13) hold Ifnot it aborts and outputs the error perp or else

(2) computes 119877 = 1198621 sdot 119890(119904119896119894 sdot prod119895isin119878119895 =119894]119899+1minus119895+119894 1198622)119890(]119894 1198623)119898 = 1198625 oplus119867119886119904ℎ2(119877) and 119905 = 119867119886119904ℎ1(119898119877) and verifies whether

1198622 = ]119905 (15)

1198623 = (120592 sdot prod119895isin119878

]119899+1minus119895)119905 (16)

1198626 = 119867119886119904ℎ3 (1198621 1198622 1198623 1198624 1198625)119905 (17)

hold It returns 119898 or else returns perp(vii) 1198631198901198881199031199101199011199051198711(119875119870 119904119896119895 119894 119895 119878 1198781015840 119862119877) On inputting a

secret key 119904119896119895 and a re-encrypted ciphertext 119862119877 =(1198621 1198622 1198625 1199031198961198901199101 1199031198961198901199102 1199031198961198901199103 1199031198961198901199104 1199031198961198901199105) it pro-ceeds as followsFirst verifying whether all of the equations hold

119890 (1199031198961198901199102 120592 sdot prod119895isin119878

]119899+1minus119895) 997904997904997904 119890 (] 1199031198961198901199103) (18)

119890 (1199031198961198901199102 119867119886119904ℎ3 (1199031198961198901199101 1199031198961198901199104)) 997904997904997904 119890 (] 1199031198961198901199105) (19)

If they do not hold it outputs perp Otherwise itcomputes

1198771015840 = 1199031198961198901199101 sdot 119890 (119904119896119895 sdot prod119897isin1198781015840119897 =119895]119899+1minus119897+119895 1199031198961198901199102)119890 (119892119895 1199031198963)

120590 = 1199031198961198901199105 oplus 119867119886119904ℎ2 (1198771015840) 119892119904 = 1199031198961198901199104119867119886119904ℎ4 (120590) 1199051015840 = 119867119886119904ℎ1 (120590 1198771015840)

(20)

It verifies whether

1199031198961198901199102 = ]1199051015840 1199031198961198901199103 = (120592 sdot prod

119897isin1198781015840

]119899+1minus119897)1199051015840 1199031198961198901199105 = 119867119886119904ℎ3 (1199031198961198901199101 1199031198961198901199102 1199031198961198901199103 1199031198961198901199104)1199051015840

(21)

hold If not it returns perp or elseit computes 119877 = 1198621119890(1198622 119885119867119886119904ℎ5(120590)) 119898 = 1198625 oplus119867119886119904ℎ2(119877) and 119905 = 119867119886119904ℎ1(119898 119877) It verifies whether1198622 = ]119905 holds If it holds it returns 119898 or else it returnsperp

52 Security Proof In section we prove that our scheme isIND-Set-CCA-secure in the ROM

Theorem 3 If 119867119886119904ℎ1 119867119886119904ℎ2 119867119886119904ℎ3 119867119886119904ℎ4 119867119886119904ℎ5 are tar-get collision-resistant hash functions and the DecisionalnBDHE assumption holds the above scheme then is IND-Set-CCA-secure in the ROM

Lemma 4 If an IND-OR-CCA is attackerA that can success-fully attack FC-PBRE then we are able to construct a simulatorS that can solve Decisional nBDHE assumption

Proof The simulator S is provided a Decisional nBDHEinstance (120583 ] ]1 ]119899 ]119899+2 ]2119899 119879) and has to decidewhether 119879 = 119890(]119899+1 120583) from a random value The sim-ulator S controls the random oracles (RO) 119867119886119904ℎ1 119867119886119904ℎ2119867119886119904ℎ3 119867119886119904ℎ4 119867119886119904ℎ5 as follows

S searches119867119886119904ℎ1 for (119898 119877 119905) If119867119886119904ℎ1 list already existsthen S sends 119905 toA ElseS randomly selects 119905 isin 119885lowast

119901 sends 119904toA and puts (119898 119877 119905) in 119867119886119904ℎ1 list

S searches 119867119886119904ℎ2 for (119877 120581) If 119867119886119904ℎ2 list already existsthen S sends 120581 to A Else S randomly selects 120581 isin 0 1119896sends 120581 toA and puts (119877 120581) to 119867119886119904ℎ2

S searches 119867119886119904ℎ3 for (1198621 1198622 1198623 1198624 1198625 120601 120593) If 119867119886119904ℎ3

list already exists then S sends 120595 to A Else S randomlyselects 120601 isin 119885lowast

119901 generates 120595 = ]120601 sends 120595 to A and puts(1198621 1198622 1198623 1198624 1198625 120601 120593) to 119867119886119904ℎ3 listS searches119867119886119904ℎ4 for (120596 120591 120603) If119867119886119904ℎ4 list already exists

thenS sends120603 toA ElseS randomly selects 120591 isin 119885lowast119901 and sets120603 = ]120591 sends 120603 toA and puts (120596 120591 120603) to 119867119886119904ℎ4 list


S searches 119867119886119904ℎ5 for (120590 984858) If 119867119886119904ℎ5 list already existsthen S sends 984858 toA Else S randomly selects 984858 isin 119885lowast

119901 sends984858 toA and adds (120590 984858) to 119867119886119904ℎ5 listS then keeps the lists as follows(i) 119870119890119910119871119894119904119905 stores the tuples (120573 119894 119904119896119894)(ii) 119877119890119870119890119910119871119894119904119905 stores the tuples (1205731 119894 1198781015840 1198821015840 11990311989611989011991011989411987810158401198821015840 120590 119877 119865119897119886119892119874119899119890) which maintains the results of query119877119890119870119866119890119899(119904119896119894 1198781015840 1198821015840) If 119865119897119886119892119874119899119890 = 1 then it is a valid

re-encryption key or else it is random(iii) 119877119864119899119888119871119894119904119905 stores the tuples (119894 119878 1198781015840 119862 119862119877 119865119897119886119892119879119908119900)

which maintains query 119877119864119899119888(119894 119878 1198781015840 119862) Note that if119865119897119886119892119879119908119900 = 1 then a re-encryption key which is used togenerate the re-encrypted ciphertext should be valid orelse the re-encrypted ciphertext is invalid and randomlygenerated

(1) Init The attacker selects a challenge user set 119878lowast sube1 2 119899 and challenge conditional set 119882lowast =120596lowast1 120596lowast

2 120596lowast119899

(2) SetupThe simulator S randomly selects values 120603 isin119885119901 and 119885 isin 119866 and sets

120592 = ]120603 sdot (prod119895isin119878lowast

]119899+1minus119895)minus1 ≜ ]120574 (22)

S sets the public key as

119875119870 = (120592 ] ]1 ]119899 ]119899+2 ]2119899 119885 119867119886119904ℎ1 119867119886119904ℎ2119867119886119904ℎ3 119867119886119904ℎ4 119867119886119904ℎ5) (23)

and 119904119896 = 120574S sends 119875119870 to the attacker A(3) Query phase 1 A does some of the columns of the

query and the response ofS is as follows

(i) 119864119909119905119903119886119888119905(119894) If 119894 isin 119878lowast then S aborts Elsethe simulator S first searches 119870119890119910119871119894119904119905 and if(120573 119894 119904119896119894) are in 119870119890119910119871119894119904119905 then it outputs 119904119896119894Otherwise S throws a biased coin 120573 (119875119903[120573 = 1]= 120575 for some 120575)(a) When 120573 = 0 S aborts and outputs a

random bit(b) When 120573 = 1 S calculates 119904119896119894 = ]120583

119894 sdot(prod119895isin119878lowast]119899+1minus119895+119894)minus1 Note that we have

119904119896119894 = ]120603119894 sdot (prod

119895isin119878lowast]119899+1minus119895+119894)

minus1

= (]120603 sdot (prod119895isin119878lowast

]119899+1minus119895)minus1)

120572119894

= 120592120572119894 = ]120574119894

(24)

(ii) 119877119890119870119866119890119899(119894 1198781015840 1198821015840) the simulator S verifieswhether tuple (lowast 119895 119904119896119895) is in 119870119890119910119871119894119904119905 (119894 isin 119878lowast119895 isin 1198781015840 and |1198821015840cap119882lowast| ge 119889) If not thenS aborts

Otherwise S searches whether there is a tuple(lowast 119894 1198781015840 1198821015840 1199031198961198901199101198941198781015840 1198821015840 120590 119877 lowast) in 119877119890119870119890119910119871119894119904119905 Ifyes S outputs 11990311989611989011991011989411987810158401198821015840 Otherwise the simu-lator S proceeds(a) If (1 119894 119904119896119894) exists in 119870119890119910119871119894119904119905 as in the

real algorithm of the scheme the simu-lator S generates the re-encryption key11990311989611989011991011989411987810158401198821015840 from 119877119890119870119866119890119899 by using thesecret key 119904119896119894 S returns 11990311989611989011991011989411987810158401198821015840 to AThen it puts (lowast 119894 1198781015840 1198821015840 1199031198961198901199101198941198781015840 1198821015840 120590 119877 1)to 119877119890119870119890119910119871119894119904119905 where 120590 119877 are randomlyselected

(b) Otherwise S throws a biased coin 120573 If120573 = 1 S queries the 119864119909119905119903119886119888119905(119894) oracle toget 119904119896119894 and then generates 11990311989611989011991011989411987810158401198821015840 from119877119890119870119866119890119899 S returns the re-encryption key11990311989611989011991011989411987810158401198821015840 to A Then it adds (1 119894 119904119896119894) and(lowast 119894 1198781015840 1198821015840 1199031198961198901199101198941198781015840 1198821015840 120590 119877 1) to 119870119890119910119871119894119904119905

and 119877119890119870119890119910119871119894119904119905 respectively If 120573 = 0S sets119886 = (119886120596 = 120588120596) 119887 = (119887120596 = 1205881015840120596) 120596 isin 1198821015840

for randomly chosen 120588120596 1205881015840120596 isin 119866 Then S

constructs 1199031198961198901199101 1199031198961198901199102 1199031198961198901199103 1199031198961198901199104 1199031198961198901199105

to encrypted random 120590 119877 as the realenvironment The simulator S sendsthe re-encryption key to A Then itadds (lowast 119894 1198781015840 1198821015840 1199031198961198901199101198941198781015840 1198821015840 120590 119877 0) to119877119890119870119890119910119871119894119904119905

(iii) 119877119864119899119888(119894 119878 1198781015840 119862) S searches (119894 119878 1198781015840 119862 119862119877 lowast) in119877119864119899119888119871119894119904119905 If yes S returns 119862119877 Else it is dealtwith in the below(a) If (lowast 119894 1198781015840 1199031198961198901199101198941198781015840 1198821015840 120590 119877 lowast) in 119877119890119870119890119910119871119894119904119905

as the real environment S uses 1199031198961198901199101198941198781015840 1198821015840

to construct119862119877 by119877119864119899119888 and sends119862119877 toAThen it adds (119894 119878 1198781015840 119862 119862119877 lowast) to 119877119864119899119888119871119894119904119905Here we need 119862 = 119864119899119888119903119910119901119905(119875119870 119878 119898 119882)and |119882 cap 1198821015840| ge 119889

(b) Otherwise S first makes 119877119890119870119866119890119899(119894 1198781015840)query to retrieve the re-encryption key11990311989611989011991011989411987810158401198821015840 Next S constructs 119862119877 Then itputs (119894 119878 1198781015840 119862 119862119877 lowast) to 119877119864119899119888119871119894119904119905

(iv) 1198631198901198881199031199101199011199051198712(119894 119878 119862) S tests (11)-(13) If the testdoes not pass it aborts with an error perp Else(a) If (1 119894 119904119896119894) already exists in 119870119890119910119871119894119904119905 S

recovers 119898 by using 119904119896119894(b) Otherwise S queries 119864119909119905119903119886119888119905(119894) to obtain119904119896119894 and S recovers 119898 by using 119904119896119894

(v) 1198631198901198881199031199101199011199051198711(119894 119895 119878 1198781015840 119862119877) S checks (18)-(19) Ifone of the equations cannot be validated itaborts and outputs perp Otherwise S proceeds(a) If (1 119895 119904119896119895) already exists in 119870119890119910119871119894119904119905 S

recovers 119898 by using 119904119896119895(b) Otherwise S queries 119864119909119905119903119886119888119905(119895) to get 119904119896119895

and S recovers 119898 by using 119904119896119895

(4) Challenge Once the attacker A decides that Phase 1is finished it outputs two messages (1198980 1198981) And S


randomly selects 119887 isin 0 1 119877lowast isin 119866119879 Let 120583 = 119892119905lowast forsome randomly chosen 119905lowast S computes

119862lowast1 = 119877lowast sdot 119879

119862lowast2 = 120583 = ]119905lowast

119862lowast3 = 120583120603 = ]120603119905lowast


]119899+1minus119895)minus1 (prod

119895isin119878lowast]119899+1minus119895))

119905lowast

= (120592prod119895isin119878lowast

]119899+1minus119895)119905lowast

119862lowast4 = (119862120596 = 120583120591 = (]120591)119905lowast = 119867119886119904ℎ4 (120596)119905lowast)

120596isin119882lowast

119862lowast5 = 119898119887 oplus 119867119886119904ℎ2 (119877lowast)

120593lowast = 119867119886119904ℎ3 (119862lowast1 119862lowast


4 119862lowast5 )

119862lowast6 = 120583120601lowast = 119867119886119904ℎ3 (119862lowast



5 )119905lowast

(25)

where S queries (119862lowast1 119862lowast


4 119862lowast5 ) to RO 119867119886119904ℎ3

for entry (119862lowast1 119862lowast


4 119862lowast5 120601lowast 120593lowast) S sends 119862lowast =(119862lowast



5 119862lowast6 ) to A If 119879 = 119890(]119899+1 120583) we

have 119862lowast1 = 119877lowast sdot 119879 = 119877lowast sdot 119890(] ]119899+1)119905lowast Hence the

challenge ciphertext 119862lowast is a valid one Otherwise 119862lowast

is independent of 119887 if 119879 is a random value in theattackerrsquos view

(5) Query phase 2Amakes queries continuously(6) Guess A generates the guess bit 1198871015840 if 1198871015840 = 119887 and

then outputs 1 which means that 119879 = 119890(]119899+1 120583)else outputs 0 In this case 119879 is a random value in1198662

Probability analysisWhenS1015840119904 aborting happens we definethe game as 119860119887119900119903119905 In the case S does not abort A doesnot know the different between the game and the actualscheme Let 119902 denote the total number of all queries wehave 119875119903[not119860119887119900119903119905] ge 120575119902 sdot ((119901 minus 1)119901)119902 ≜ 120585119902 ge 120585119902(1 minus120585) which is maximized at 120575119900119901119905 = 119902(1 + 119902) Using120575119900119901119905 the probability 119875119903[not119860119887119900119903119905] is at least 1 119890(1 + 119902)where 119890 is the base of the nature logarithm Therefore wehave

1205981015840 ⩾ 120598119890 (1 + 119902) minus 119860119889V119879119862119877119867119886119904ℎ1A

minus 119860119889V119879119862119877119867119886119904ℎ2 A

minus 119860119889V119879119862119877119867119886119904ℎ3 A

minus 119860119889V119879119862119877119867119886119904ℎ4A

minus 119860119889V119879119862119877119867119886119904ℎ5A

(26)

With this we complete the proof of Lemma 4

Lemma 5 If an IND-Re-CCA attacker can successfully attackour scheme then a simulatorS that can be constructed to solvethe Decisional nBDHE assumption

Proof We use the same game construction from the proof ofLemma 4 and modify the challenge phase to prove Lemma 5To construct the challenge re-encrypt ciphertextS randomlyselects 119887 isin 0 1 119877lowast isin 119866119879 Let ℎ = 119892119905lowast for the randomlyselected 119905lowast S then computes

1198621

lowast = 119877lowast sdot 119890 (120583 119885)119867119886119904ℎ5(120590) 119862lowast

2 = 120583 = ]119905lowast 119862lowast

5 = 119898119887 oplus 119867119886119904ℎ2 (119877lowast) (27)

S then constructs 119903119896119890119910lowast1 119903119896119890119910lowast

2 119903119896119890119910lowast3 119903119896119890119910lowast

4 119903119896119890119910lowast5 in the

same way as in game 1The proofs of Lemmas 4 and 5 conclude that we have

provenTheorem 3

6 Comparison

We use schemes from [24 26] as baselines as [26] achievesthe same security and [24] supports the same fuzzy propertywith our scheme In the implementation we selected twomost efficient schemes to do experimental comparisons Ourexperimental environment is as follows Core i7 Processor(6M Cache 340GHz) with a Linux operating system Inthe implementation the proxy re-encrypted the ciphertextof the delegator to 20 different ciphertext for the delegateThe average value of the execution time of 50 experimentsis used to eliminate the errors Table 1 lists the comparisonof the performance of the schemes Although 119877119890119870119866119890119899 119864119899119888119877119864119899119888 1198631198901198881199031199101199011199051198712 and 1198631198901198881199031199101199011199051198711 time is a little greater than[24 26] as our scheme needs to support the property ofbroadcast the time overhead of the re-encryption algorithmis much slower than our scheme This is due to the fact thatthe proxy is only required to run the re-encryption algorithmonce

7 Application

With the proposed FC-PBRE scheme we illustrate an exam-ple of the schemersquos possible application and show how FC-PBRE scheme protects the confidentiality and privacy ofmultimedia data in the Internet of Things

71 Application of Security in Internet of Things With thedevelopment of wireless networks and the Internet ofThingsa large number of wireless devices (WiFi cameras wire-less sensors etc) are deployed they are collecting andanalyzing multimedia data at all times Many applicationsrequire these wireless devices to share data and insecuredata sharing before wireless devices can easily lead to dataleakage Usually a normal user accesses a wireless devicein three ways first through direct connection with thewireless device second through the gateway third throughthe cloud platform Because many wireless devices needto be localized before they start to work they usuallyhave backend configuration interfaces (WEB PC) and areoffline at some point during their work so it is moreconvenient for an attacker to access multimedia data directly


Table 1 Comparison with Weng et al [26] and Fang et al [24]

Scheme ReKGen(ms) Enc(ms) REnc(ms) DecryptL2(ms) DecryptL1(ms)Weng et al 922 564 4032 509 627Fang et al 1146 603 3662 631 713Our scheme 1242 701 2808 754 836

by cracking the login password of the backend configura-tion interface In this case even if the device and cloudhave been authenticated and encrypted (such as using SSL)they cannot prevent the attack How to ensure the safestorage and sharing of wireless multimedia data becomesparticularly important In this environment we can deployFC-PBRE to ensure the security of the system The dataof each device (including multimedia data control data)is encrypted by the device ownerrsquos public key (119862119860 =119864119899119888119903119910119901119905(119875119870119860 119878 119898 119882)) Obviously no user can decrypt thedata except the data owner A When the device owner Aneeds to grant data privileges to the maintenance engineerfor the configurations of wireless devices (such as WiFicameras) the maintenance engineer B has to request a re-encryption key 11990311989611986011987810158401198821015840 = 119877119890119870119866119890119899(119875119870 119904119896119860 1198781015840 1198821015840) where1198611198941198991198781015840 from the device owner A The maintenance engineer Bcan use the re-encrypted key to perform the re-encryptionalgorithm 119862119877 = 119877119864119899119888(119875119870119860 11990311989611989411987810158401198821015840 119894 119878 1198781015840 119862119860) to convertthe device ownerrsquos ciphertext 119862119860 into their own ciphertext119862119877 and then B uses his own public key to decrypt theciphertext by performing the re-encrypted ciphertext decryp-tion algorithm 119898 = 1198631198901198881199031199101199011199051198711(119875119870119860 119904119896119861 119860 119861 119878 1198781015840 119862119877)Similarly if the gateway or cloud platform wishes to shareencrypted multimedia data to authorized third-party users(ie 119864 = 1198641 1198642 119864119899) without decryption the deviceowner A only needs to produce a re-encrypted key 1199031198961198601198641198821015840 =119877119890119870119866119890119899(119875119870119860 119904119896119860 119864 1198821015840) which will be used to re-encryptthe message from the device owner A to the third-partyuser sets 119864 = 1198641 1198642 119864119899 After the key 1199031198961198601198641198821015840 isgenerated it will be sent to the cloud platform Thereforethe cloud platform can run the re-encryption algorithm 119862119877 =119877119864119899119888(119875119870119860 1199031198961198941198641198821015840 119860 119878 1198781015840 119862119860) to convert the device ownerrsquosciphertext into 119862119877 which can be decrypted with the thirdpartyrsquos own private key

8 Conclusions

In the paper a new security notion called fuzzy-conditionalproxy broadcast re-encryption (FC-PBRE) is presented Ina FC-PBRE the proxy uses a broadcast re-encryption keyto re-encrypt a ciphertext which can be decrypted by a setof delegatees if and only if the broadcast keyrsquos conditionalset 119882 is close to the conditional set 1198821015840 of the ciphertextMoreover the proxy learns nothing about the plaintextfrom entire process Second we define the security notionagainst chosen-ciphertext attacks for FC-PBRE and proposean efficient fuzzy-conditional proxy broadcast re-encryptionscheme Finally we prove that our FC-PBRE scheme is thechosen-ciphertext attack secure in the random oracle modelunder the Decisional nBDHE assumption

Given our contributions further research might exploreconstructing a CCA-secure FC-PBRE scheme in the standardmodel It also can focus on the construction of the fuzzy-conditional proxy broadcast re-encryption schemes withoutpairings

Data Availability

The data used to support the findings of this study areincluded within the article

Disclosure

This paper is an extended version of the oral report [27]the authors made at the International Conference on CloudComputing and Security (ICCCS 2018) However this paperhas not been published by the conference ICCCS 2018

Conflicts of Interest

Theauthors declare that the funding in theAcknowledgmentsdid not lead to any conflicts of interest regarding the publica-tion of this manuscript Also there is no conflicts of interestin the manuscript

Acknowledgments

Liming Fang is supported by the National Natural Sci-ence Foundation of China (nos 61872181 61702236 and61300236) the National Natural Science Foundation ofJiangsu (under Grant no BK20130809) the National Sci-ence Foundation for Postdoctoral Scientists of China (no2013M530254) the National Science Foundation for Post-doctoral Scientists of Jiangsu (no 1302137C) China Post-doctoral Science Special Foundation (no 2014T70518) andChangzhou SciampTech Program (no CJ20179027) JinyueXia is partially supported by the National Natural ScienceFoundation of China (no 6127208361300236)

References

[1] Y Ren J Shen J Wang J Han and S Lee ldquoMutual verifiableprovable data auditing in public cloud storagerdquo Journal ofInternet Technology vol 16 no 2 pp 317ndash323 2015

[2] Y Ren J Shen D Liu J Wang and J-U Kim ldquoEvidentialquality preserving of electronic record in cloud storagerdquo Journalof Internet Technology vol 17 no 6 pp 1125ndash1132 2016

[3] J Kaur and K Kaur ldquoA fuzzy approach for an IoT-based auto-mated employee performance appraisalrdquo Computers Materialsand Continua vol 53 no 1 pp 24ndash38 2017


[4] A Pradeep S Mridula and P Mohanan ldquoHigh securityidentity tags using spiral resonatorsrdquo Computers Materials andContinua vol 52 no 3 pp 185ndash195 2016

[5] Z Pan J Lei Y Zhang and F L Wang ldquoAdaptive fractional-Pixel motion estimation skipped algorithm for efficient HEVCmotion estimationrdquoACMTransactions onMultimedia Comput-ing Communications and Applications (TOMM) vol 14 no 1pp 1ndash19 2018

[6] J G Li W Yao Y C Zhang H L Qian and J G HanldquoFlexible and fine-grained attribute-based data storage in cloudcomputingrdquo IEEE Transactions on Services Computing vol 10no 5 pp 785ndash796 2017

[7] J Li W Yao J Han Y Zhang and J Shen ldquoUser CollusionAvoidance CP-ABE With Efficient Attribute Revocation forCloud Storagerdquo IEEE Systems Journal 2017

[8] J G Li X N Lin Y C Zhang and J G Han ldquoKSF-OABEoutsourced attribute-based encryption with keyword searchfunction for cloud storagerdquo IEEE Transactions on ServicesComputing vol 10 no 5 pp 715ndash725 2017

[9] M Blaze G Bleumer and M Strauss ldquoDivertible proto-cols and atomic proxy cryptographyrdquo in Advances in Cryp-tologymdashEUROCRYPT rsquo98 (Espoo) vol 1403 of Lecture Notes inComputer Science pp 127ndash144 Springer Berlin Germany 1998

[10] G Ateniese K Fu M Green and S Hohenberger ldquoImprovedproxy re-encryption schemes with applications to secure dis-tributed storagerdquoACM Transactions on Information and SystemSecurity vol 9 no 1 pp 1ndash30 2006

[11] J Weng R H Deng X Ding C Chu and J Lai ldquoConditionalproxy re-encryption secure against chosen-ciphertext attackrdquoin Proceedings of the the 4th International Symposium p 322Sydney Australia March 2009

[12] C-K Chu J Weng S S M Chow J Zhou and R H DengldquoConditional proxy broadcast re-encryptionrdquo in InformationSecurity and Privacy C Boyd and J G Nieto Eds vol 5594of Lecture Notes in Computer Science pp 327ndash342 SpringerBerlin Germany 2009

[13] Q Tang ldquoType-based proxy re-encryption and its construc-tionrdquo in Progress in cryptologymdashINDOCRYPT 2008 vol 5365of Lecture Notes in Comput Sci pp 130ndash144 Springer Berlin2008

[14] J Shao Z Cao X Liang and H Lin ldquoProxy re-encryption withkeyword searchrdquo Information Sciences vol 180 no 13 pp 2576ndash2587 2010

[15] L Fang W Susilo C Ge and J Wang ldquoChosen-ciphertextsecure anonymous conditional proxy re-encryption with key-word searchrdquoTheoretical Computer Science vol 462 pp 39ndash582012

[16] L FangW Susilo and JWang ldquoAnonymousConditional ProxyRe-encryption without Random Oraclerdquo in Provable Securityvol 5848 of Lecture Notes in Computer Science pp 47ndash60Springer Berlin Heidelberg Berlin Heidelberg 2009

[17] C GeW Susilo JWang Z Huang L Fang andY Ren ldquoA key-policy attribute-based proxy re-encryption without randomoraclesrdquoThe Computer Journal vol 59 no 7 pp 970ndash982 2016

[18] K LiangW Susilo and J K Liu ldquoPrivacy-preserving ciphertextmulti-sharing control for big data storagerdquo IEEETransactions onInformation Forensics and Security vol 10 no 8 pp 1578ndash15892015

[19] GAteniese K Benson and SHohenberger ldquoKey-private proxyre-encryptionrdquo inTopics in cryptologymdashCT-RSA 2009 vol 5473of Lecture Notes in Comput Sci pp 279ndash294 Springer Berlin2009

[20] J Shao P Liu G Wei and Y Ling ldquoAnonymous proxy re-encryptionrdquo Security and Communication Networks vol 5 no5 pp 439ndash449 2012

[21] J Shao P Liu and Y Zhou ldquoAchieving key privacy withoutlosing CCA security in proxy re-encryptionrdquo The Journal ofSystems and Software vol 85 no 3 pp 655ndash665 2012

[22] Q ZhengW Zhu J Zhu and X Zhang ldquoImproved anonymousproxy re-encryption with CCA securityrdquo in Proceedings of thethe 9th ACM symposium pp 249ndash258 Kyoto Japan June 2014

[23] J Shao ldquoAnonymous ID-Based Proxy Re-Encryptionrdquo in Infor-mation Security and Privacy vol 7372 of Lecture Notes inComputer Science pp 364ndash375 Springer Berlin HeidelbergBerlin Heidelberg 2012

[24] L Fang J Wang C Ge and Y Ren ldquoFuzzy conditional proxyre-encryptionrdquo Science China Information Sciences vol 56 no5 052116 13 pages 2013

[25] D Boneh X Boyen and E-J Goh ldquoHierarchical identitybased encryption with constant size ciphertextrdquo in Proceedingsof the International Conference on Theory and Applications ofCryptographic Techniques pp 440ndash456 2005

[26] J Weng M Chen Y Yang R Deng K Chen and F BaoldquoCCA-secure unidirectional proxy re-encryption in the adap-tive corruption model without random oraclesrdquo Science ChinaInformation Sciences vol 53 no 3 pp 593ndash606 2010

[27] L Fang L Liu J Xia and M Sun ldquoA secure multimedia datasharing scheme for wireless networkrdquo Oral report at ICCCS2018 2018

International Journal of

AerospaceEngineeringHindawiwwwhindawicom Volume 2018

RoboticsJournal of

Hindawiwwwhindawicom Volume 2018


Active and Passive Electronic Components

VLSI Design



Shock and Vibration


Civil EngineeringAdvances in

Acoustics and VibrationAdvances in



Electrical and Computer Engineering

Journal of

Advances inOptoElectronics

Hindawiwwwhindawicom

Volume 2018

Hindawi Publishing Corporation httpwwwhindawicom Volume 2013Hindawiwwwhindawicom

The Scientific World Journal

Volume 2018

Control Scienceand Engineering

Journal of



Journal ofEngineeringVolume 2018

SensorsJournal of



RotatingMachinery


Modelling ampSimulationin EngineeringHindawiwwwhindawicom Volume 2018


Chemical EngineeringInternational Journal of Antennas and

Propagation




Navigation and Observation


Hindawi

wwwhindawicom Volume 2018

Advances in

Multimedia

Submit your manuscripts atwwwhindawicom


(including Bob) cannot decrypt the received data Of courseone easy way for Alice to fix this issue is to download herown encrypted data that is saved in the cloud then decryptand upload the decrypted data to the cloud again and finallysend it to Bob who Alice wants to share the data Howeverusing this method the userrsquos data will be obtained by theuntrusted third-party cloud which cannot guarantee the dataconfidentiality Therefore in the cloud storage environmenta security mechanism is needed to allow the cloud server totransform the encrypted data of users directly into anothershared userrsquos encrypted data without accessing the userrsquosplaintext data

Since the data security problem of users in the nontrustedthird-party cloud server is increasingly prominent and tradi-tional encryption technology has been unable to meet theseapplication needs the cloud server really should be able toconvert a userrsquos ciphertext to a secondrsquos user ciphertext onthe basis of not involving decryption There have been quitea few researches done in this area to address this concernFor example proxy re-encryption [9] can directly transferencrypted data of a user Alice stored in a nontrusted third-party cloud under the authorization of Alice into user Bobrsquosciphertext so as to achieve data sharing of Alice and BobBecause of this feature proxy re-encryption has been appliedin IoT cloud computing email forwarding systems [9] anddistributed file systems [10] In proxy re-encryption the thirdparty can convert all Alicersquos ciphertexts into Bobrsquos ciphertextbut in many applications Alice hopes that the third party canonly transform some specific conditions of ciphertext insteadof all ciphertext For example the owners of wireless devicesmight only want to share part of the encrypted multimediadata instead of sharing all the data with a group of otherusers To achieve that goal conditional proxy re-encryptionwas proposed to provide such a mechanism that allows Aliceto freely determine which encrypted data needs to be sharedwith Bob [11] The third party in the conditional proxy re-encryption scheme has the ability to convert a ciphertext onlyif it meets certain specific conditions

For applications like group photo sharing howeverconditional proxy re-encryption scheme becomes a problemif one personrsquos multimedia needs to be shared with a groupof users via a cloud platform For example in a scenario ofa picturersquos owner (Alice) who wishes to share the encryptedphoto data with the family members the cloud cannotdirectly forward the owner Alicersquos encrypted data of camerato a group of family members since only Alice has theprivate key to decrypt after forwarding Although conditionalproxy re-encryption can convert Alicersquos ciphertext into adifferent ciphertext only the one person can decrypt theciphertext not a group of people to decrypt Thus it cannotbe adapted to the situation of group data sharing Recentlythe conditional proxy broadcast re-encryption(C-PBRE) waspresented [12] to resolve the issue In a C-PBRE scheme auserrsquos ciphertext can be transformed to another ciphertextfor a group of users by a third party proxy Moreover thethird-party proxy can only convert ciphertext with specificconditions

Although the C-PBRE has addressed some concerns stillthere is a flaw which is that the C-PBRE scheme cannot

support fuzzy condition matching Here we give an exampleof an online medical service system to show the importanceof fuzzy condition matching and the fuzzy-conditional proxybroadcast re-encryption (FC-PBRE) Usually a multimediaelectronicmedical record is a system that tracks the electronicmedical record of the patients It integrates image videoaudio and text and everything can be stored in the cloud atthe same time Doing so enables the medical staff to look upall medical records related to the patient such as an MRI orX-ray image from a PC or a smart phone In order to protectpatient privacy of multimedia electronic medical recordswe need to encrypt and protect relevant data But how toimplement the sharing of multimedia electronic medicalrecords after encryption is a difficult problem and FC-PBREcomes to solve this problem More specifically in an onlinemedical system patients are more likely to find a doctorwho meets the following requirements for the treatment ofa cold We can simply denote the requirements as followsR1 = (ldquoColdrdquo and ldquofeverrdquo and ldquorunny noserdquo and ldquosore throatrdquo) WithR1 a patient can encrypt her health record before she uploadsit to the medical system However the medical system cannotdirectly access the disease record in this case because itdoes not necessarily have a matching secret key under R1What the system can do is re-encrypt the ciphertext so thatother doctors may be able to see the case as long as thesedoctors meet at least 119889(119889 le |R1|) conditions of R1 Byadopting FC-PBRE a doctor sets up a different access policyR2 and sends a re-encryption key 119903119896R1

to the proxy Whena doctor is away the proxy can re-encrypt the ciphertext ifand only if |R1 cap R2| ge 119889 However in many situations Alicemay want to cooperate with a set of colleagues satisfyingR2 to consultation on the patientrsquos condition In traditionalFC-PRE if Alice wants to consulate with 119873 colleagues theproxy needs to perform 119873 re-encryption operations Theproblem though is that the proxyrsquos computation is linearwith 119873 this may not be desirable in terms of the complexityIn contrast in FC-PBRE the proxy can re-encrypte Alicersquosciphertext to a group of users at one time As a resultan FC-PBRE scheme is likely to resolve this complexityproblem

In the multimedia data sharing environment it is neededto have a secure mechanism that allows the cloud server totransform one userrsquos encrypted data directly into anotherciphertext under a set of new users without accessing theuserrsquos plaintext data In this paper fuzzy-conditional proxybroadcast re-encryption (FC-PBRE) is proposed to addressthe concern In FC-PBRE the proxy uses a broadcast re-encryption key to re-encrypt a ciphertext which can bedecrypted by a set of delegatees if and only if the broadcastkeyrsquos conditional set 119882 is close to the conditional set 1198821015840

of the ciphertext With the FC-PBRE scheme the plaintextdata is not disclosed and cannot be learnt by the proxyThe paper is structured as follows First we introduce thesecurity definition against chosen-ciphertext attacks for FC-PBRE Second our efficient fuzzy-conditional proxy broad-cast re-encryption scheme is presented Finally we provethat our FC-PBRE scheme is CCA-secure in the randomoracle model based on the Decisional nBDHE assump-tion


2 Related Work





3 Preliminaries






(120583 ] ]120574 ]1205742 ]120574119899 ]120574119899+2 ]1205742119899) isin 1198662119899+1 (1)


A as

119860119889V119899minus119861119863119867119864119866A

= 1003816100381610038161003816100381610038161003816100381610038161003816119875119903 [A (120583 ] ]1 ]119899 ]119899+2 ]2119899 119890 (]119899+1 120583)) = 1]minus119875119903 [A (120583 ] ]1 ]119899 ]119899+2 ]2119899 119879) = 1]

1003816100381610038161003816100381610038161003816100381610038161003816(2)




























A







119860119889V1198661198861198981198901A119899 = 1003816100381610038161003816100381610038161003816119875119903 [1198871015840 = 119887] minus 121003816100381610038161003816100381610038161003816 (3)











A







119860119889V1198661198861198981198902A119899 = 1003816100381610038161003816100381610038161003816119875119903 [1198871015840 = 119887] minus 12 1003816100381610038161003816100381610038161003816 (4)





Δ 120596119878 (119909) = prod119894isin119878119894 =120596

119909 minus 119894120596 minus 119894 (5)




119901



119875119870 = (] ]1 ]119899 ]119899+2 ]2119899 120592 119885 119867119886119904ℎ1 119867119886119904ℎ2 119867119886119904ℎ3119867119886119904ℎ4)

119872119870 = 120574(6)


119904119896119894 = ]120574119894 (7)


1198621 = 119877 sdot 119890 (]1 ]119899)119905 1198622 = ]1199051198623 = (120592 sdot prod

119895isin119878

]119899+1minus119895)119905

1198624 = (119862120596 = 119867119886119904ℎ4 (120596)119905)120596isin119882

1198625 = 119898 oplus 119867119886119904ℎ2 (119877) 1198626 = 119867119886119904ℎ3 (1198621 1198622 1198623 1198624 1198625)119905

(8)



119886 = (119886120596 = 119904119896119894 sdot 119885119902(120596)119867119886119904ℎ4 (120596)119903120596)120596isin1198821015840 119887 = (119887120596 = ]119903120596)120596isin1198821015840 (9)


1199031198961198901199101 = 1198771015840 sdot 119890 (]1 ]119899)1199051015840 1199031198961198901199102 = ]1199051015840 1199031198961198901199103 = (120592 sdot prod

119895isin1198781015840

]119899+1minus119895)1199051015840

1199031198961198901199104 = 120590 oplus 119867119886119904ℎ2 (1198771015840) 1199031198961198901199105 = 119867119886sℎ3 (1199031198961198901199101 1199031198961198901199102 1199031198961198901199103 1199031198961198901199104)1199051015840

(10)




119895isin119878

]119899+1minus119895) 997904997904997904 119890 (] 1198623) (11)

119890 (1198622 119867119886119904ℎ4 (120596))120596isin119878

997904997904997904 119890 (] 119862120596)120596isin119878 (12)

119890 (1198622 119867119886119904ℎ3 (1198621 1198622 1198623 1198624 1198625)) 997904997904997904 119890 (] 1198626) (13)


1198621 = 1198621







1198622 = ]119905 (15)

1198623 = (120592 sdot prod119895isin119878

]119899+1minus119895)119905 (16)

1198626 = 119867119886119904ℎ3 (1198621 1198622 1198623 1198624 1198625)119905 (17)



119890 (1199031198961198901199102 120592 sdot prod119895isin119878

]119899+1minus119895) 997904997904997904 119890 (] 1199031198961198901199103) (18)

119890 (1199031198961198901199102 119867119886119904ℎ3 (1199031198961198901199101 1199031198961198901199104)) 997904997904997904 119890 (] 1199031198961198901199105) (19)



120590 = 1199031198961198901199105 oplus 119867119886119904ℎ2 (1198771015840) 119892119904 = 1199031198961198901199104119867119886119904ℎ4 (120590) 1199051015840 = 119867119886119904ℎ1 (120590 1198771015840)

(20)

It verifies whether

1199031198961198901199102 = ]1199051015840 1199031198961198901199103 = (120592 sdot prod

119897isin1198781015840

]119899+1minus119897)1199051015840 1199031198961198901199105 = 119867119886119904ℎ3 (1199031198961198901199101 1199031198961198901199102 1199031198961198901199103 1199031198961198901199104)1199051015840

(21)



















2 120596lowast119899



]119899+1minus119895)minus1 ≜ ]120574 (22)


119875119870 = (120592 ] ]1 ]119899 ]119899+2 ]2119899 119885 119867119886119904ℎ1 119867119886119904ℎ2119867119886119904ℎ3 119867119886119904ℎ4 119867119886119904ℎ5) (23)






119904119896119894 = ]120603119894 sdot (prod


minus1


]119899+1minus119895)minus1)

120572119894

= 120592120572119894 = ]120574119894

(24)







constructs 1199031198961198901199101 1199031198961198901199102 1199031198961198901199103 1199031198961198901199104 1199031198961198901199105















119862lowast2 = 120583 = ]119905lowast

119862lowast3 = 120583120603 = ]120603119905lowast




119905lowast


]119899+1minus119895)119905lowast






4 119862lowast5 )




5 )119905lowast

(25)



4 119862lowast5 ) to RO 119867119886119904ℎ3






5 119862lowast6 ) to A If 119879 = 119890(]119899+1 120583) we







1205981015840 ⩾ 120598119890 (1 + 119902) minus 119860119889V119879119862119877119867119886119904ℎ1A

minus 119860119889V119879119862119877119867119886119904ℎ2 A

minus 119860119889V119879119862119877119867119886119904ℎ3 A

minus 119860119889V119879119862119877119867119886119904ℎ4A

minus 119860119889V119879119862119877119867119886119904ℎ5A

(26)




1198621


2 = 120583 = ]119905lowast 119862lowast

5 = 119898119887 oplus 119867119886119904ℎ2 (119877lowast) (27)


2 119903119896119890119910lowast3 119903119896119890119910lowast

4 119903119896119890119910lowast5 in the


provenTheorem 3

6 Comparison


7 Application







8 Conclusions



Data Availability


Disclosure




Acknowledgments


References































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia



2 Related Work





3 Preliminaries






(120583 ] ]120574 ]1205742 ]120574119899 ]120574119899+2 ]1205742119899) isin 1198662119899+1 (1)


A as

119860119889V119899minus119861119863119867119864119866A

= 1003816100381610038161003816100381610038161003816100381610038161003816119875119903 [A (120583 ] ]1 ]119899 ]119899+2 ]2119899 119890 (]119899+1 120583)) = 1]minus119875119903 [A (120583 ] ]1 ]119899 ]119899+2 ]2119899 119879) = 1]

1003816100381610038161003816100381610038161003816100381610038161003816(2)




























A







119860119889V1198661198861198981198901A119899 = 1003816100381610038161003816100381610038161003816119875119903 [1198871015840 = 119887] minus 121003816100381610038161003816100381610038161003816 (3)











A







119860119889V1198661198861198981198902A119899 = 1003816100381610038161003816100381610038161003816119875119903 [1198871015840 = 119887] minus 12 1003816100381610038161003816100381610038161003816 (4)





Δ 120596119878 (119909) = prod119894isin119878119894 =120596

119909 minus 119894120596 minus 119894 (5)




119901



119875119870 = (] ]1 ]119899 ]119899+2 ]2119899 120592 119885 119867119886119904ℎ1 119867119886119904ℎ2 119867119886119904ℎ3119867119886119904ℎ4)

119872119870 = 120574(6)


119904119896119894 = ]120574119894 (7)


1198621 = 119877 sdot 119890 (]1 ]119899)119905 1198622 = ]1199051198623 = (120592 sdot prod

119895isin119878

]119899+1minus119895)119905

1198624 = (119862120596 = 119867119886119904ℎ4 (120596)119905)120596isin119882

1198625 = 119898 oplus 119867119886119904ℎ2 (119877) 1198626 = 119867119886119904ℎ3 (1198621 1198622 1198623 1198624 1198625)119905

(8)



119886 = (119886120596 = 119904119896119894 sdot 119885119902(120596)119867119886119904ℎ4 (120596)119903120596)120596isin1198821015840 119887 = (119887120596 = ]119903120596)120596isin1198821015840 (9)


1199031198961198901199101 = 1198771015840 sdot 119890 (]1 ]119899)1199051015840 1199031198961198901199102 = ]1199051015840 1199031198961198901199103 = (120592 sdot prod

119895isin1198781015840

]119899+1minus119895)1199051015840

1199031198961198901199104 = 120590 oplus 119867119886119904ℎ2 (1198771015840) 1199031198961198901199105 = 119867119886sℎ3 (1199031198961198901199101 1199031198961198901199102 1199031198961198901199103 1199031198961198901199104)1199051015840

(10)




119895isin119878

]119899+1minus119895) 997904997904997904 119890 (] 1198623) (11)

119890 (1198622 119867119886119904ℎ4 (120596))120596isin119878

997904997904997904 119890 (] 119862120596)120596isin119878 (12)

119890 (1198622 119867119886119904ℎ3 (1198621 1198622 1198623 1198624 1198625)) 997904997904997904 119890 (] 1198626) (13)


1198621 = 1198621







1198622 = ]119905 (15)

1198623 = (120592 sdot prod119895isin119878

]119899+1minus119895)119905 (16)

1198626 = 119867119886119904ℎ3 (1198621 1198622 1198623 1198624 1198625)119905 (17)



119890 (1199031198961198901199102 120592 sdot prod119895isin119878

]119899+1minus119895) 997904997904997904 119890 (] 1199031198961198901199103) (18)

119890 (1199031198961198901199102 119867119886119904ℎ3 (1199031198961198901199101 1199031198961198901199104)) 997904997904997904 119890 (] 1199031198961198901199105) (19)



120590 = 1199031198961198901199105 oplus 119867119886119904ℎ2 (1198771015840) 119892119904 = 1199031198961198901199104119867119886119904ℎ4 (120590) 1199051015840 = 119867119886119904ℎ1 (120590 1198771015840)

(20)

It verifies whether

1199031198961198901199102 = ]1199051015840 1199031198961198901199103 = (120592 sdot prod

119897isin1198781015840

]119899+1minus119897)1199051015840 1199031198961198901199105 = 119867119886119904ℎ3 (1199031198961198901199101 1199031198961198901199102 1199031198961198901199103 1199031198961198901199104)1199051015840

(21)



















2 120596lowast119899



]119899+1minus119895)minus1 ≜ ]120574 (22)


119875119870 = (120592 ] ]1 ]119899 ]119899+2 ]2119899 119885 119867119886119904ℎ1 119867119886119904ℎ2119867119886119904ℎ3 119867119886119904ℎ4 119867119886119904ℎ5) (23)






119904119896119894 = ]120603119894 sdot (prod


minus1


]119899+1minus119895)minus1)

120572119894

= 120592120572119894 = ]120574119894

(24)







constructs 1199031198961198901199101 1199031198961198901199102 1199031198961198901199103 1199031198961198901199104 1199031198961198901199105















119862lowast2 = 120583 = ]119905lowast

119862lowast3 = 120583120603 = ]120603119905lowast




119905lowast


]119899+1minus119895)119905lowast






4 119862lowast5 )




5 )119905lowast

(25)



4 119862lowast5 ) to RO 119867119886119904ℎ3






5 119862lowast6 ) to A If 119879 = 119890(]119899+1 120583) we







1205981015840 ⩾ 120598119890 (1 + 119902) minus 119860119889V119879119862119877119867119886119904ℎ1A

minus 119860119889V119879119862119877119867119886119904ℎ2 A

minus 119860119889V119879119862119877119867119886119904ℎ3 A

minus 119860119889V119879119862119877119867119886119904ℎ4A

minus 119860119889V119879119862119877119867119886119904ℎ5A

(26)




1198621


2 = 120583 = ]119905lowast 119862lowast

5 = 119898119887 oplus 119867119886119904ℎ2 (119877lowast) (27)


2 119903119896119890119910lowast3 119903119896119890119910lowast

4 119903119896119890119910lowast5 in the


provenTheorem 3

6 Comparison


7 Application







8 Conclusions



Data Availability


Disclosure




Acknowledgments


References































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia





















A







119860119889V1198661198861198981198901A119899 = 1003816100381610038161003816100381610038161003816119875119903 [1198871015840 = 119887] minus 121003816100381610038161003816100381610038161003816 (3)











A







119860119889V1198661198861198981198902A119899 = 1003816100381610038161003816100381610038161003816119875119903 [1198871015840 = 119887] minus 12 1003816100381610038161003816100381610038161003816 (4)





Δ 120596119878 (119909) = prod119894isin119878119894 =120596

119909 minus 119894120596 minus 119894 (5)




119901



119875119870 = (] ]1 ]119899 ]119899+2 ]2119899 120592 119885 119867119886119904ℎ1 119867119886119904ℎ2 119867119886119904ℎ3119867119886119904ℎ4)

119872119870 = 120574(6)


119904119896119894 = ]120574119894 (7)


1198621 = 119877 sdot 119890 (]1 ]119899)119905 1198622 = ]1199051198623 = (120592 sdot prod

119895isin119878

]119899+1minus119895)119905

1198624 = (119862120596 = 119867119886119904ℎ4 (120596)119905)120596isin119882

1198625 = 119898 oplus 119867119886119904ℎ2 (119877) 1198626 = 119867119886119904ℎ3 (1198621 1198622 1198623 1198624 1198625)119905

(8)



119886 = (119886120596 = 119904119896119894 sdot 119885119902(120596)119867119886119904ℎ4 (120596)119903120596)120596isin1198821015840 119887 = (119887120596 = ]119903120596)120596isin1198821015840 (9)


1199031198961198901199101 = 1198771015840 sdot 119890 (]1 ]119899)1199051015840 1199031198961198901199102 = ]1199051015840 1199031198961198901199103 = (120592 sdot prod

119895isin1198781015840

]119899+1minus119895)1199051015840

1199031198961198901199104 = 120590 oplus 119867119886119904ℎ2 (1198771015840) 1199031198961198901199105 = 119867119886sℎ3 (1199031198961198901199101 1199031198961198901199102 1199031198961198901199103 1199031198961198901199104)1199051015840

(10)




119895isin119878

]119899+1minus119895) 997904997904997904 119890 (] 1198623) (11)

119890 (1198622 119867119886119904ℎ4 (120596))120596isin119878

997904997904997904 119890 (] 119862120596)120596isin119878 (12)

119890 (1198622 119867119886119904ℎ3 (1198621 1198622 1198623 1198624 1198625)) 997904997904997904 119890 (] 1198626) (13)


1198621 = 1198621







1198622 = ]119905 (15)

1198623 = (120592 sdot prod119895isin119878

]119899+1minus119895)119905 (16)

1198626 = 119867119886119904ℎ3 (1198621 1198622 1198623 1198624 1198625)119905 (17)



119890 (1199031198961198901199102 120592 sdot prod119895isin119878

]119899+1minus119895) 997904997904997904 119890 (] 1199031198961198901199103) (18)

119890 (1199031198961198901199102 119867119886119904ℎ3 (1199031198961198901199101 1199031198961198901199104)) 997904997904997904 119890 (] 1199031198961198901199105) (19)



120590 = 1199031198961198901199105 oplus 119867119886119904ℎ2 (1198771015840) 119892119904 = 1199031198961198901199104119867119886119904ℎ4 (120590) 1199051015840 = 119867119886119904ℎ1 (120590 1198771015840)

(20)

It verifies whether

1199031198961198901199102 = ]1199051015840 1199031198961198901199103 = (120592 sdot prod

119897isin1198781015840

]119899+1minus119897)1199051015840 1199031198961198901199105 = 119867119886119904ℎ3 (1199031198961198901199101 1199031198961198901199102 1199031198961198901199103 1199031198961198901199104)1199051015840

(21)



















2 120596lowast119899



]119899+1minus119895)minus1 ≜ ]120574 (22)


119875119870 = (120592 ] ]1 ]119899 ]119899+2 ]2119899 119885 119867119886119904ℎ1 119867119886119904ℎ2119867119886119904ℎ3 119867119886119904ℎ4 119867119886119904ℎ5) (23)






119904119896119894 = ]120603119894 sdot (prod


minus1


]119899+1minus119895)minus1)

120572119894

= 120592120572119894 = ]120574119894

(24)







constructs 1199031198961198901199101 1199031198961198901199102 1199031198961198901199103 1199031198961198901199104 1199031198961198901199105















119862lowast2 = 120583 = ]119905lowast

119862lowast3 = 120583120603 = ]120603119905lowast




119905lowast


]119899+1minus119895)119905lowast






4 119862lowast5 )




5 )119905lowast

(25)



4 119862lowast5 ) to RO 119867119886119904ℎ3






5 119862lowast6 ) to A If 119879 = 119890(]119899+1 120583) we







1205981015840 ⩾ 120598119890 (1 + 119902) minus 119860119889V119879119862119877119867119886119904ℎ1A

minus 119860119889V119879119862119877119867119886119904ℎ2 A

minus 119860119889V119879119862119877119867119886119904ℎ3 A

minus 119860119889V119879119862119877119867119886119904ℎ4A

minus 119860119889V119879119862119877119867119886119904ℎ5A

(26)




1198621


2 = 120583 = ]119905lowast 119862lowast

5 = 119898119887 oplus 119867119886119904ℎ2 (119877lowast) (27)


2 119903119896119890119910lowast3 119903119896119890119910lowast

4 119903119896119890119910lowast5 in the


provenTheorem 3

6 Comparison


7 Application







8 Conclusions



Data Availability


Disclosure




Acknowledgments


References































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia






A







119860119889V1198661198861198981198902A119899 = 1003816100381610038161003816100381610038161003816119875119903 [1198871015840 = 119887] minus 12 1003816100381610038161003816100381610038161003816 (4)





Δ 120596119878 (119909) = prod119894isin119878119894 =120596

119909 minus 119894120596 minus 119894 (5)




119901



119875119870 = (] ]1 ]119899 ]119899+2 ]2119899 120592 119885 119867119886119904ℎ1 119867119886119904ℎ2 119867119886119904ℎ3119867119886119904ℎ4)

119872119870 = 120574(6)


119904119896119894 = ]120574119894 (7)


1198621 = 119877 sdot 119890 (]1 ]119899)119905 1198622 = ]1199051198623 = (120592 sdot prod

119895isin119878

]119899+1minus119895)119905

1198624 = (119862120596 = 119867119886119904ℎ4 (120596)119905)120596isin119882

1198625 = 119898 oplus 119867119886119904ℎ2 (119877) 1198626 = 119867119886119904ℎ3 (1198621 1198622 1198623 1198624 1198625)119905

(8)



119886 = (119886120596 = 119904119896119894 sdot 119885119902(120596)119867119886119904ℎ4 (120596)119903120596)120596isin1198821015840 119887 = (119887120596 = ]119903120596)120596isin1198821015840 (9)


1199031198961198901199101 = 1198771015840 sdot 119890 (]1 ]119899)1199051015840 1199031198961198901199102 = ]1199051015840 1199031198961198901199103 = (120592 sdot prod

119895isin1198781015840

]119899+1minus119895)1199051015840

1199031198961198901199104 = 120590 oplus 119867119886119904ℎ2 (1198771015840) 1199031198961198901199105 = 119867119886sℎ3 (1199031198961198901199101 1199031198961198901199102 1199031198961198901199103 1199031198961198901199104)1199051015840

(10)




119895isin119878

]119899+1minus119895) 997904997904997904 119890 (] 1198623) (11)

119890 (1198622 119867119886119904ℎ4 (120596))120596isin119878

997904997904997904 119890 (] 119862120596)120596isin119878 (12)

119890 (1198622 119867119886119904ℎ3 (1198621 1198622 1198623 1198624 1198625)) 997904997904997904 119890 (] 1198626) (13)


1198621 = 1198621







1198622 = ]119905 (15)

1198623 = (120592 sdot prod119895isin119878

]119899+1minus119895)119905 (16)

1198626 = 119867119886119904ℎ3 (1198621 1198622 1198623 1198624 1198625)119905 (17)



119890 (1199031198961198901199102 120592 sdot prod119895isin119878

]119899+1minus119895) 997904997904997904 119890 (] 1199031198961198901199103) (18)

119890 (1199031198961198901199102 119867119886119904ℎ3 (1199031198961198901199101 1199031198961198901199104)) 997904997904997904 119890 (] 1199031198961198901199105) (19)



120590 = 1199031198961198901199105 oplus 119867119886119904ℎ2 (1198771015840) 119892119904 = 1199031198961198901199104119867119886119904ℎ4 (120590) 1199051015840 = 119867119886119904ℎ1 (120590 1198771015840)

(20)

It verifies whether

1199031198961198901199102 = ]1199051015840 1199031198961198901199103 = (120592 sdot prod

119897isin1198781015840

]119899+1minus119897)1199051015840 1199031198961198901199105 = 119867119886119904ℎ3 (1199031198961198901199101 1199031198961198901199102 1199031198961198901199103 1199031198961198901199104)1199051015840

(21)



















2 120596lowast119899



]119899+1minus119895)minus1 ≜ ]120574 (22)


119875119870 = (120592 ] ]1 ]119899 ]119899+2 ]2119899 119885 119867119886119904ℎ1 119867119886119904ℎ2119867119886119904ℎ3 119867119886119904ℎ4 119867119886119904ℎ5) (23)






119904119896119894 = ]120603119894 sdot (prod


minus1


]119899+1minus119895)minus1)

120572119894

= 120592120572119894 = ]120574119894

(24)







constructs 1199031198961198901199101 1199031198961198901199102 1199031198961198901199103 1199031198961198901199104 1199031198961198901199105















119862lowast2 = 120583 = ]119905lowast

119862lowast3 = 120583120603 = ]120603119905lowast




119905lowast


]119899+1minus119895)119905lowast






4 119862lowast5 )




5 )119905lowast

(25)



4 119862lowast5 ) to RO 119867119886119904ℎ3






5 119862lowast6 ) to A If 119879 = 119890(]119899+1 120583) we







1205981015840 ⩾ 120598119890 (1 + 119902) minus 119860119889V119879119862119877119867119886119904ℎ1A

minus 119860119889V119879119862119877119867119886119904ℎ2 A

minus 119860119889V119879119862119877119867119886119904ℎ3 A

minus 119860119889V119879119862119877119867119886119904ℎ4A

minus 119860119889V119879119862119877119867119886119904ℎ5A

(26)




1198621


2 = 120583 = ]119905lowast 119862lowast

5 = 119898119887 oplus 119867119886119904ℎ2 (119877lowast) (27)


2 119903119896119890119910lowast3 119903119896119890119910lowast

4 119903119896119890119910lowast5 in the


provenTheorem 3

6 Comparison


7 Application







8 Conclusions



Data Availability


Disclosure




Acknowledgments


References































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia





119895isin119878

]119899+1minus119895) 997904997904997904 119890 (] 1198623) (11)

119890 (1198622 119867119886119904ℎ4 (120596))120596isin119878

997904997904997904 119890 (] 119862120596)120596isin119878 (12)

119890 (1198622 119867119886119904ℎ3 (1198621 1198622 1198623 1198624 1198625)) 997904997904997904 119890 (] 1198626) (13)


1198621 = 1198621







1198622 = ]119905 (15)

1198623 = (120592 sdot prod119895isin119878

]119899+1minus119895)119905 (16)

1198626 = 119867119886119904ℎ3 (1198621 1198622 1198623 1198624 1198625)119905 (17)



119890 (1199031198961198901199102 120592 sdot prod119895isin119878

]119899+1minus119895) 997904997904997904 119890 (] 1199031198961198901199103) (18)

119890 (1199031198961198901199102 119867119886119904ℎ3 (1199031198961198901199101 1199031198961198901199104)) 997904997904997904 119890 (] 1199031198961198901199105) (19)



120590 = 1199031198961198901199105 oplus 119867119886119904ℎ2 (1198771015840) 119892119904 = 1199031198961198901199104119867119886119904ℎ4 (120590) 1199051015840 = 119867119886119904ℎ1 (120590 1198771015840)

(20)

It verifies whether

1199031198961198901199102 = ]1199051015840 1199031198961198901199103 = (120592 sdot prod

119897isin1198781015840

]119899+1minus119897)1199051015840 1199031198961198901199105 = 119867119886119904ℎ3 (1199031198961198901199101 1199031198961198901199102 1199031198961198901199103 1199031198961198901199104)1199051015840

(21)



















2 120596lowast119899



]119899+1minus119895)minus1 ≜ ]120574 (22)


119875119870 = (120592 ] ]1 ]119899 ]119899+2 ]2119899 119885 119867119886119904ℎ1 119867119886119904ℎ2119867119886119904ℎ3 119867119886119904ℎ4 119867119886119904ℎ5) (23)






119904119896119894 = ]120603119894 sdot (prod


minus1


]119899+1minus119895)minus1)

120572119894

= 120592120572119894 = ]120574119894

(24)







constructs 1199031198961198901199101 1199031198961198901199102 1199031198961198901199103 1199031198961198901199104 1199031198961198901199105















119862lowast2 = 120583 = ]119905lowast

119862lowast3 = 120583120603 = ]120603119905lowast




119905lowast


]119899+1minus119895)119905lowast






4 119862lowast5 )




5 )119905lowast

(25)



4 119862lowast5 ) to RO 119867119886119904ℎ3






5 119862lowast6 ) to A If 119879 = 119890(]119899+1 120583) we







1205981015840 ⩾ 120598119890 (1 + 119902) minus 119860119889V119879119862119877119867119886119904ℎ1A

minus 119860119889V119879119862119877119867119886119904ℎ2 A

minus 119860119889V119879119862119877119867119886119904ℎ3 A

minus 119860119889V119879119862119877119867119886119904ℎ4A

minus 119860119889V119879119862119877119867119886119904ℎ5A

(26)




1198621


2 = 120583 = ]119905lowast 119862lowast

5 = 119898119887 oplus 119867119886119904ℎ2 (119877lowast) (27)


2 119903119896119890119910lowast3 119903119896119890119910lowast

4 119903119896119890119910lowast5 in the


provenTheorem 3

6 Comparison


7 Application







8 Conclusions



Data Availability


Disclosure




Acknowledgments


References































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia








2 120596lowast119899



]119899+1minus119895)minus1 ≜ ]120574 (22)


119875119870 = (120592 ] ]1 ]119899 ]119899+2 ]2119899 119885 119867119886119904ℎ1 119867119886119904ℎ2119867119886119904ℎ3 119867119886119904ℎ4 119867119886119904ℎ5) (23)






119904119896119894 = ]120603119894 sdot (prod


minus1


]119899+1minus119895)minus1)

120572119894

= 120592120572119894 = ]120574119894

(24)







constructs 1199031198961198901199101 1199031198961198901199102 1199031198961198901199103 1199031198961198901199104 1199031198961198901199105















119862lowast2 = 120583 = ]119905lowast

119862lowast3 = 120583120603 = ]120603119905lowast




119905lowast


]119899+1minus119895)119905lowast






4 119862lowast5 )




5 )119905lowast

(25)



4 119862lowast5 ) to RO 119867119886119904ℎ3






5 119862lowast6 ) to A If 119879 = 119890(]119899+1 120583) we







1205981015840 ⩾ 120598119890 (1 + 119902) minus 119860119889V119879119862119877119867119886119904ℎ1A

minus 119860119889V119879119862119877119867119886119904ℎ2 A

minus 119860119889V119879119862119877119867119886119904ℎ3 A

minus 119860119889V119879119862119877119867119886119904ℎ4A

minus 119860119889V119879119862119877119867119886119904ℎ5A

(26)




1198621


2 = 120583 = ]119905lowast 119862lowast

5 = 119898119887 oplus 119867119886119904ℎ2 (119877lowast) (27)


2 119903119896119890119910lowast3 119903119896119890119910lowast

4 119903119896119890119910lowast5 in the


provenTheorem 3

6 Comparison


7 Application







8 Conclusions



Data Availability


Disclosure




Acknowledgments


References































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia





119862lowast2 = 120583 = ]119905lowast

119862lowast3 = 120583120603 = ]120603119905lowast




119905lowast


]119899+1minus119895)119905lowast






4 119862lowast5 )




5 )119905lowast

(25)



4 119862lowast5 ) to RO 119867119886119904ℎ3






5 119862lowast6 ) to A If 119879 = 119890(]119899+1 120583) we







1205981015840 ⩾ 120598119890 (1 + 119902) minus 119860119889V119879119862119877119867119886119904ℎ1A

minus 119860119889V119879119862119877119867119886119904ℎ2 A

minus 119860119889V119879119862119877119867119886119904ℎ3 A

minus 119860119889V119879119862119877119867119886119904ℎ4A

minus 119860119889V119879119862119877119867119886119904ℎ5A

(26)




1198621


2 = 120583 = ]119905lowast 119862lowast

5 = 119898119887 oplus 119867119886119904ℎ2 (119877lowast) (27)


2 119903119896119890119910lowast3 119903119896119890119910lowast

4 119903119896119890119910lowast5 in the


provenTheorem 3

6 Comparison


7 Application







8 Conclusions



Data Availability


Disclosure




Acknowledgments


References































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia






8 Conclusions



Data Availability


Disclosure




Acknowledgments


References































RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia





























RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia




RoboticsJournal of




VLSI Design



Shock and Vibration







Journal of



Volume 2018



Volume 2018


Journal of




SensorsJournal of



RotatingMachinery





Propagation






Hindawi


Advances in

Multimedia


Documents

A Secure Multimedia Data Sharing Scheme for Wireless Networkdownloads.hindawi.com/journals/scn/2018/5037892.pdf · 2019. 7. 30. · ResearchArticle A Secure Multimedia Data Sharing