Business Wire, July 28, 2010
TOKYO — Nippon Telegraph and Telephone Corporation (NYSE:NTT)(“NTT”) and
Mitsubishi Electric Corporation (TOKYO:6503)(“Mitsubishi Electric”)
today announced that they have developed a new advanced encryption
(fine-grained encryption) scheme expected to become a potential solution
to the security risks in cloud computing. This new encryption scheme
achieves the most advanced logic in the encryption-decryption mechanism,
which enables sophisticated and fine-grained data transmission/access
control.
The rapid development of information and communication technology has
led to the recent spread of cloud computing and other advanced network
systems. These networks, however, transmit private or confidential
information to the server to process, which demands higher security than
current systems that use symmetric *1 and public *2
key encryption to maintain network security. These advanced network
systems therefore require a more sophisticated encryption scheme.
NTT and Mitsubishi Electric have successfully developed a new
fine-grained encryption scheme with the most advanced logic as an
encryption-decryption mechanism. This scheme, developed using a
mathematical approach called the “dual pairing vector spaces,” *3
will allow network users to maintain highly confidential information
encrypted even in cloud computing environments. This achievement will
help expand cloud computing applications to fields where they could
previously not be applied.
The details of this scheme will be presented at “CRYPTO 2010,” the 30th
International Cryptology Conference, which is scheduled to be held in
Santa Barbara, California, USA from August 15 to 19, 2010.
Main features of the new fine-grained
encryption scheme
1. Achieving the most general logic
For the past few years, fine-grained encryption has attracted many
researchers in the field of cryptography. The new, fine-grained
encryption scheme by the two companies achieves the most advanced logic
that comprehends those of the existing fine-grained encryption schemes.
This logic can be realized by comprising AND, OR, NOT and threshold
gates.
One of the most significant achievements is that the NOT gate is now
available, allowing cloud computing systems to manage databases easily
and flexibly in cases of change in user attributes and other information.
2. Available to a variety of applications
In fine-grained encryption, a variety of parameters are added to the
ciphertext and decryption key in the encryption-decryption logic. In
this logic, attributes and predicates on them become the parameter of
the ciphertext or decryption key. The newly developed encryption scheme
is available to a variety of applications because it is capable of being
used in either of the following forms: (1) attributes as the parameter
of the decryption key, predicates as that of the ciphertext, and (2)
attributes as the parameter of the ciphertext, predicates as that of the
decryption key.
In case (1), various access conditions will be set in detail for each
encrypted data in a cloud computing database, and a user will be able to
decrypt and access the data by using the decryption key when the
attributes of the decryption key satisfy the pre-set predicates in the
ciphertext. Applications include confidential document management
systems in firms, as well as personal information database management by
public organizations. For confidential document management systems in
firms, for example, each document will be set by a predicate that
describes the attributes of users allowed to decrypt the encrypted
document. The document and its predicate as a set will then be encrypted
and placed in a cloud computing database. The encrypted document will
only be able to be decrypted and accessed by an employee who has a
decryption key associated with some attributes, when the decryption
key’s attributes satisfy the predicate pre-set in the encrypted document.
Meanwhile, in case (2), data and attributes will be encrypted as a set
when it is managed by the cloud computing system, and each user can only
decrypt and read the data if the attributes of the encrypted data
satisfy the predicate in the decryption key
computer forensics investigator