PRECISE: Identity-based private data sharing with conditional proxy re-encryption in online social networks

doi:10.1016/j.future.2017.05.026

Future Generation Computer Systems

Volume 86, September 2018, Pages 1523-1533

https://doi.org/10.1016/j.future.2017.05.026 Get rights and content

Highlights

•
This paper presents a private data sharing scheme in OSNs with big data.
•
We employ IBBE technique to achieve secure and efficient data sharing in OSN.
•
We provide fine-grained data disseminating mechanism in OSNs with attribute-based CPRE.
•
The theoretical analysis and experimental results prove the security and efficiency .

Abstract

Online social networks (OSNs) have become popular around the world due to its openness. Although cryptographic techniques can provide privacy protection for users in OSNs, several issues also remain problematic, such as fine-grained access control, efficiency and usability. In this paper, we propose PRECISE, an identity-based private data sharing scheme in OSNs with big data, in which the data owner could broadcast private data to a group of users at one time in a convenient and secure way. In order to achieve secure and fine-grained data disseminating in OSNs, we adopt attribute-based conditional proxy re-encryption to guarantee that only the data disseminators whose attributes satisfy access policy can disseminate the data to their own social space. The re-encryption key is associated with a set of attributes such that only the matched ciphertexts can be re-encrypted, which allows data owner to enforce access control over the disseminated ciphertexts in a fine-grained manner. The secure and performance analysis shows our scheme is secure and efficient.

Introduction

In recent years, we have seen the incredibly quick development of online social networks (OSNs). OSNs have become so welcomed around the world because these networks step into people’s daily life as virtual meeting places which could facilitate communications [1]. What is more, nowadays considerable OSNs (facebook, twitter, instagram, weibo, etc.) have become more powerful in practical applications by integrating their infrastructure in big data which could scale OSNs service to match the basic needs of large numbers of users in OSNs and provide tremendous resource. In addition, OSNs service could benefit from the advantages of accessing data ubiquitously when moving to cloud and big data to store and process users’ data as cloud service enables its users to access data from anyplace and any devices. The social networking big data has been attractive to researchers.

Although OSNs are immensely popular around the world, secure problems may somehow impede the quick development of them, including privacy risks [2], [3], identity theft [4], malware and fake profiles [5]. Take the privacy risks for example, users would post their data to OSNs service provider (OSP) for the preparations of data sharing. However, the OSP is assumed to be honest-but-curious. On one hand, it will honestly execute the tasks assigned by legitimate parties in the system. On the other hand, it wants to know more information about the data as much as possible, which may prompt privacy concerns. Users currently are allowed to manually maintain the access control list (ACL) [6] to select which users or groups could access the shared data. For example, facebook users can choose friends, families, specific groups or all users to view their photos, videos, and some other posts in their own space according to their personal preferences. Nevertheless, the ACL mechanism is too coarse-grained and inflexible as data owner can only share their data with all users in OSNs or choose approved users to access data by manually updating and maintaining the ACL. Additionally, this security policy does not protect data from OSP’s data leak.

These security matters existing in OSNs motivate the requirement for useful solutions to appropriately keep users’ privacy. Several schemes exploiting cryptographic mechanisms to settle the privacy problems have been proposed, by an add-on atop of current OSNs [7], by setting up new privacy-friendly architectures [8], by employing paillier encryption based protocol using a broker [9] and etc. Tran et al. proposed a scheme with proxy re-encryption (PRE) in OSNs [10], in which data owners use the same public key to encrypt data, and intended receivers with different private keys can decrypt the ciphertext. The PRE technique [11] discloses no plain information to both unauthorized users and the OSP, which protects data confidentiality. Attribute-based encryption (ABE) is one of new cryptographic mechanisms used in OSNs [12], [13], [14], to reach flexible and fine-grained secure data sharing. In order to guarantee secure data sharing and achieve efficient key management, identity-based broadcast encryption (IBBE) scheme is employed in OSNs [15], in which data owners could broadcast their encrypted data to multiple receivers at one time and the public key of the user can be regarded as any valid strings, such as the email, unique id and username. Hence, by using an OSN identity, data owner can share private data with other users in a secure manner, which motivates more users to share their social data.

Except for being able to allow users to share photos, videos and etc. with friends in their own space, OSNs also offer users chances to share others’ data [16]. For example, when Bob views a photo in Alice’s space and hopes to share this photo with his friends, the photo will be in turn posted to his space and he can specify access control policies to authorize his friends to see this photo. In this case, Bob is a disseminator of the photo. However, the encrypted data sharing may not support data dissemination as disseminators have no right to change the ciphertext defined by data owners. The PRE scheme in a manner could achieve secure data disseminating in OSNs, it may not meet the requirements when data owner does not expect all the authorized users who can view his data to disseminate data or allow the disseminators to disseminate all of his data. For example, Alice authorizes Bob and Caroline to access her data. However, she only allows Bob to disseminate some specific photos or videos to his space. The conditional PRE (CPRE) scheme [17] could address this issue by allowing users to generate a re-encryption key associated with a condition and only the encrypted data meeting the condition can be re-encrypted. However, conditions in traditional CPRE which are only keywords may not well match situations in OSNs with big data because data owners may have a large number of requirements for different disseminators to disseminate his different data, such as photos taken in home only for families to disseminate and traveling photos allowed to be disseminated by friends. Thus, fine-grained conditions are needed in social network with big data [18].

In this paper, we propose a secure and fine-grained private data sharing and disseminating scheme in OSNs with big data, called PRECISE, based on attribute-based conditional identity-based broadcast PRE. The main contributions of our scheme are as follows:

(1) We employ IBBE technique to achieve secure data sharing in OSNs, which allows data owner to outsource encrypted data to the semi-trusted OSP with big data and share it with a group of receivers at one time. It is more convenient that email, unique id and username could be used as public keys for users.

(2) We achieve secure and fine-grained data disseminating in OSNs by taking the advantages of attribute-based CPRE and IBBE, which deploys an access policy in the ciphertexts. The OSP can re-encrypt the initial ciphertexts for the data disseminator whose attributes associated with the re-encryption key satisfy the access policy in the ciphertexts. Hence, data owner could use the fine-grained access policy to limit who could disseminate his data, which improves both security and flexibility.

This paper is structured as follows: we review related work in Section 2. We introduce the preliminaries in Section 3, and provide the system model, security requirements and system definition in Section 4. The detailed construction is given in Section 5. Then, we analyze the security and performance of our scheme in Sections 6 Security analysis, 7 Performance analysis respectively. Finally, we conclude this paper in Section 8.

Section snippets

Related work

The security and privacy are important in social network with big data, and many efforts have been made, including data access control, secure data sharing and so on. Hu et al. introduced a multiparty authorization framework (MAF) [16] to realize data sharing with multiparty access control in OSNs. In this work, it sets up an access control model to meet multiparty authorization requirements from data owner, data disseminator and data accessor. Later, an improved scheme [19] was proposed to

Bilinear pairing

Let $G$ and $G_{T}$ be two multiplicative groups of prime order $p$ . A bilinear map is a function $e : G \times G \to G_{T}$ with the following properties [12]:

(1) Bilinearity: for all $g, h \in G$ and $a, b \in Z_{p}$ , we have $e (g^{a}, h^{b}) = e {(g, h)}^{a b}$ .

(2) Non-degeneracy: $e (g, h) \neq 1$ .

Access tree

Let $T$ denote a tree, a logical representation of an access policy. Each non-leaf node $x$ represents a threshold gate, described by its children and a threshold value. Let ${num}_{x}$ denote the number of children of a node $x$ , and $k_{x}$ represent its threshold value. For each leaf node $y$ , we

System model

The OSN can be represented by a relationship network, a set of users, and a collection of user private data. Fig. 1 shows the system model of PRECISE, which consists of the following system entities.

(1) Key generation center (KGC). It is a trusted authority that generates system parameters to initialize the data sharing and disseminating system. It also generates private keys with users’ identity, and generates attribute keys for users.

(2) OSP. The OSP provides a data sharing service based on

System setup

The KGC runs Setup algorithm to choose a security parameter $λ \in Z_{p}$ , the maximum number of receivers $N$ , and select a bilinear map $e : G \times G \to G_{T}$ , where $G$ and $G_{T}$ are two multiplicative group with prime order $p$ . Then the KGC randomly chooses $g, h, u \in G$ and $γ, β \in Z_{p}^{*}$ , chooses cryptographic hash functions $H_{1} : {0, 1} * \to Z_{p}^{*}, H_{2} : {0, 1} * \to G$ and $H_{3} : G_{T} \to G$ , finally outputs a system public key $PK = (h, h^{γ}, \dots, h^{γ^{N}}, u, u^{γ}, \dots, u^{γ^{N}}, h^{β}, u^{β}, e (g, h), e {(g, h)}^{γ}, g^{γ}, H_{1}, H_{2}, H_{3})$ and a master secret key $MK = (g, γ, β)$ .

Key generation

When a user registers on the OSP, the KGC runs KeyGen

Security analysis

The consistency of the proposed PRECISE scheme is guaranteed by the following Theorem 1, and its security is defined in Theorem 2.

Theorem 1

For any initial ciphertext and any private key, if the data accessor is the intended receiver, the decryption algorithm can output the plaintext.

When $ID \in U$ , we have $K$ given inBox I. Thus, the data accessor can recover the DK of initial ciphertext. Also, the intended data accessor can compute $K^{'}$ and decrypt re-encrypted ciphertext successfully.

Theorem 2

The proposed PRECISE scheme is

Functionality comparisons

We analyze and compare our scheme with several OSN schemes including Beato et al. [7], He et al. [13], Sun et al. [14], Beato et al. [15], Hu et al. [19], Liang et al. [36], and CPRE schemes including Yang et al. [35], Fang et al. [18], Xu et al. [17] in terms of data confidentiality, multiple receivers, suitable for OSN, secure data disseminating, re-encryption key generation and conditional dissemination. Table 1 shows the results with regard to these aspects.

First of all, compared with He

Conclusion

In this paper, we propose PRECISE scheme based on attribute-based conditional identity-based broadcast PRE to achieve secure data sharing and disseminating in OSNs with big data. Our scheme supports users to share private data with multiple receivers by using OSN identity such as email and username, which would guarantee data sharing security and convenience in OSNs. Besides, with the usage of fine-grained conditional PRE, our scheme allows data owners to custom access policies in ciphertext

Acknowledgments

This work has been supported by the National Key Research and Development Program of China under Grant No. 2016YFB0800605, the National Natural Science Foundation of China under Grant No. 61572080, the CCF and Venustech Research Program under Grant No. 2016012.

Qinlong Huang received the Ph.D. degree from Beijing University of Posts and Telecommunications in 2014, and now works at the School of Cyberspace Security, Beijing University of Posts and Telecommunications. He was the PI of the project of National Natural Science Foundation of China. He was serving as reviewer for IEEE Transactions on Information Forensics & Security, ACM Computing Surveys, ACM Transactions on Multimedia Computing, Communications and Applications, IET Information Security,

References (39)

NettletonD.F. et al.
A data driven anonymization system for information rich online social network graphs
Expert Syst. Appl.
(2016)
FangL. et al.
Interactive conditional proxy re-encryption with fine grain policy
J. Syst. Softw.
(2011)
HuangQ. et al.
Encrypted data sharing with multi-owner based on digital rights management in online social networks
J. China Univ. Posts Telecommun.
(2014)
ZhouY. et al.
Identity-based proxy re-encryption version 2: making mobile access easy in cloud
Future Gener. Comput. Syst.
(2016)
LiangK. et al.
A secure and efficient ciphertext-policy attribute-based proxy re-encryption for cloud data sharing
Future Gener. Comput. Syst.
(2015)
FireM. et al.
Online social networks: threats and solutions
IEEE Commun. Surv. Tutor.
(2014)
ZhuH. et al.
Fairness-aware and privacy-preserving friend matching protocol in mobile social networks
IEEE Trans. Emerging Top. Comput.
(2013)
Y. Wang, R.K. Nepali, Privacy threat modeling framework for online social networks, in: Proceedings of 2015...
RahmanS. et al.
Detecting malicious facebook applications
IEEE/ACM Trans. Netw.
(2016)
H. Shuai, W. Zhu, Masque: Access control for interactive sharing of encrypted data in social networks, in: Proceedings...

F. Beato, M. Kohlweiss, K. Wouters, Scramble! your social network data, in: Proceedings of the 11th International...

E.D. Cristofaro, C. Soriente, G. Tsudik, et al., Hummingbird: privacy at the time of twitter, in: Proceedings of the...

F. Abbas, U. Rajput, R. Hussain, et al., A trustless broker based protocol to discover friends in proximity-based...

D.H. Tran, H.L. Nguyen, W. Zha, et al., Towards security in sharing data on cloud-based social networks, in:...

M. Blaze, G. Bleumer, M. Strauss, Divertible protocols and atomic proxy cryptography, in: Proceedings of EUROCRYPT...

HurJ. et al.

Attribute-based access control with efficient revocation in data outsourcing systems

IEEE Trans. Parallel Distrib. Syst.

(2011)

HeZ. et al.

An energy efficient privacy-preserving content sharing scheme in mobile social networks

Pers. Ubiquitous Comput.

(2016)

SunX. et al.

Towards efficient sharing of encrypted data in cloud-based mobile social network

KSII Trans. Internet Inf. Syst.

(2016)

BeatoF. et al.

Practical identity-based private sharing for online social networks

Comput. Commun.

(2015)

Cited by (0)

Yixian Yang received the Ph.D. degree from Beijing University of Posts and Telecommunications in 1988. He was a Changjiang Scholar and Distinguished Professor with Beijing University of Posts and Telecommunications, Beijing, China. He is the director of National Engineering Laboratory for Disaster Backup and Recovery, and Information Security Center, Beijing University of Posts and Telecommunications. He is the Fellow of China Institute of Communications, the Fellow of Chinese Association for Cryptologic Research. He has published more than 300 journals and conference papers. His research interests include cryptography, information and network security.

Jingyi Fu received the master degree from School of Computer Science, Beijing University of Posts and Telecommunications in 2015. Her research interests include cloud security and social network security.

View full text