[BACK]
Computer Systems Science & Engineering
DOI:10.32604/csse.2021.015004
images
Article

Front-end Control Mechanism of Electronic Records

Jiang Xu1, Ling Wang1,2, Xinyu Liu1,2, Xiujuan Feng3, Yongjun Ren1,2,* and Jinyue Xia4

1School of Computer and Software, Engineering Research Center of Digital Forensics, Ministry of Education, Nanjing University of Information Science & Technology, Nanjing, 210044, China
2Jiangsu Collaborative Innovation Center of Atmospheric Environment and Equipment Technology (CICAEET), Nanjing University of Information Science & Technology, Nanjing, 210044, China
3School of Mines, China University of Mining and Technology, Xuzhou, 221116, China
4International Business Machines Corporation (IBM), NY, USA
*Corresponding Author: Yongjun Ren. Email: renyj100@126.com
Received: 01 November 2020; Accepted: 22 March 2021

Abstract: In the digital era, how to ensure the authenticity and integrity of electronic records has become an open challenging issue. Front-end control is an important concept as well as a basic principle in electronic record management. Under the instruction of front-end control, many original management links in the record-management stage are required to move forward, and the managers enter the formation stage of the electronic records to ensure the originality. However, the front-end control technique primarily focuses on transaction management, and it lacks the strategy of providing the control of electronic records. In this paper, a novel electronic record front-end control mechanism is proposed by adopting proxy re-encryption and requiring archivists to participate in the management of electronic records before the record is created to solve the problem. Specifically, when an electronic record is generated, the proposed mechanism interacts with the producer of the electronic record to generate a corresponding encryption key. Moreover, electronic records are encrypted by the key to protect their confidentiality, which can prevent the leakage of electronic record information. In addition, when transferring the electronic record, archivists use proxy re-encryption technology to convert electronic records, allowing management by an archivist, ensuring their originality and authenticity.

Keywords: Electronic record; front-end control; proxy re-encryption

1  Introduction

It is widely acknowledged that front-end control is an important idea and basic principle of electronic records management, which is based on record life cycle theory. This concept also emphasizes that control of the electronic record starts at the beginning of its life cycle and runs through the entire archive management process [13]. Under the guidance of front-end control, many management links that belonged originally to the record management stage need to be advanced to the electronic record formation stage. The goal is to capture and control relevant records and information as required, as well as to meet the filing and archival preservation demands for electronic records [46]. This is the key to ensuring the originality and authenticity of electronic records from the source, and also aids in avoiding the distortion, loss and inadequate control of electronic records.

At present, the front-end management of electronic records mainly focuses on dividing the electronic record formation process into specific record management functions. According to the functions, the electronic record formation process can be subdivided into the following six stages: generate, capture, integrate, solidify, register, and audit trail [79]. However, the front-end management of electronic records focuses primarily on transaction management at present. In addition, there are few technical means available to support it. To solve this problem, this paper proposes a front-end control method of electronic records based on proxy re-encryption. In the proposed mechanism, the archivist and the producer of the electronic records interact before the electronic record is created. Moreover, when the electronic record is transferred from the producer to the archivist, proxy re-encryption technology is used to ensure its originality and authenticity [1012].

2  Related Work

The front-end control of electronic records is based on the digital characteristics of these records, which are totally different from those of paper records [1315]. According to record life cycle theory and the whole-process control principle, the objectives, requirements and rules of the entire electronic record management process are systematically analyzed. In this way, during the design phase of the electronic record system, the management functions implemented in the electronic record formation phase can be planned as uniformly as possible. Moreover, effective supervision should be conducted during the record formation and maintenance stage; this will ensure that the content, background and structure of electronic records are not changed or lost, keep it consistently, thereby providing better assurance of the authenticity, integrity, readability and availability of electronic records [1618].

According to record life cycle theory, electronic records have a life cycle in a similar way to paper records. The management of electronic records is a systematic process that runs through the entire life cycle when records are generated. Throughout the whole life cycle, records may be changed or lost at any time for various reasons and purposes [1921]. Accordingly, the archive scope and preservation value should be determined before records are produced, at the design phase, and corresponding protection technology should be adopted. If the archive management organization waits passively, some valuable records may be lost, or received records may be mislaid or out of date. Front-end control should focus on the overall planning of the entire record operation process. Supervision should be implemented during the record formation and maintenance phase. In other words, the value of archives should be identified during the record formation stage, with a focus on the entire record life cycle, extending the protection work forward and reflecting its foresight [2224]. Intervening from the beginning of record formation and taking corresponding protection measures for valuable records can thus effectively prevent leakage or the destruction of records by other links. This will maximize work efficiency and realize comprehensive record management in a true sense.

The ideological root of front-end control was first developed by the French archivist C. Nogales, who stated that “Archivists need to rethink the timing of their interventions in the record life cycle, even rethink the life cycle itself” [2527]. The Guidelines for the Management of Electronic Records (Draft) prepared by the Electronic Records Committee of the International Archives Council also dedicates significant space to the importance of rethinking the electronic record life cycle and the appropriate time to intervene in this life cycle. Eventually, this work determines that the “time to intervene” is at the design stage of the electronic record management system; it further puts many “post control” means in the original paper record management system at the front end, and advocates “taking action before record formation” [2830].

3  Problem Statement

With the rapid development of the information age, the number of electronic records is increasing day by day, exhibiting an exponential growth trend. Information waste is also increasing, which is generating more interest in the use of front-end control to avoid generating electronic records without practical significance [3133].

The quality of electronic records is variable. In the era of electronic records, due to the influence of traditional habits, along with the convenience and operability of sending records, the number of resulting records is much higher than in the traditional environment, and their quality is also uneven [3436]. Therefore, to ensure the record's certificate, it is necessary to control the front-end.

The security of electronic records is expected to be guaranteed. Because of their unique characteristics, matters of their security are more serious than those pertaining to paper records [3739]. It is thus urgent to strengthen the front-end control of electronic records. Electronic records exhibit a separation between information and carrier, as well as dependence on the system. Following technical innovation or improper operation, the recorded information content may be easily lost or become a “dead record”; resolving this situation also requires proper front-end control of electronic records.

The current situation in the field of electronic records management is worrying. At present, electronic record management typically adopts the “double set system” management method and multi-carrier backup. This not only demonstrates that the legal effect of electronic records has not yet been finally confirmed, but also reflects people's distrust of the security of electronic records management systems. The current situation of electronic records management and the popularization of electronic records management systems therefore needs to be addressed [4042]. Therefore, to ensure that electronic records can be safely saved, uploaded and released, it is also necessary to control the front-end.

As electronic records are processed by means of computers and network technology, it is easy to add, delete and modify electronic records without leaving any trace. This causes a loss of originality and authenticity for electronic records. The authenticity of electronic record content is linked with the premise of its original record formation and the role of investigation [4345]. The original voucher checking function is also an underlying principle of electronic records: without this function, there could be no electronic records. In addition, the content of electronic records can be read by any terminal device on the network, which puts the electronic record itself and its verification and security at risk.

In order to ensure the authenticity of electronic records, we can use “front-end control” technology. That is to say, in the formation stage of electronic records, the value of archives should be identified, with filing marks added as needed to prevent records from being modified or deleted. This approach fundamentally breaks the traditional management mode and the boundary between records and archives, enabling archives departments to intervene in the life cycle of records in advance [4648]. Adopting this approach can thus effectively prevent leakage or the destruction of electronic records by other links, thereby maximizing work efficiency and enabling truly comprehensive record management to be realized. Front-end control is therefore an important method for ensuring the authenticity and originality of archived records.

4  Front-end Control Mechanism of Electronic Records Based on Proxy Re-encryption

After an electronic record is generated, it is encrypted by the record producer. When the electronic record is transferred from the producer to the archivist, the archivist re-encrypts it. In this way, the front-end management of electronic records can be realized.

4.1 Preliminaries

4.1.1 Definition 4.1: Bilinear Pairings

G1 is a cyclic group of prime order p, while g is any generator element in G1; G2 is a multiplicative cyclic group of the same order as G1. The bilinear pairing e:G1×G2G2 is a mapping that satisfies the following properties.

Bilinear: For any a,bZp,g1,g2G1 , there is e(g1a,g2b)=e(g1,g2)ab .

● Non-degradation: For any g1,g2G1 , make e(g1,g2)IG , where IG is the unit element of the group G2.

● Computability: For any g1,g2G1 , there is an effective algorithm for calculating e(g1,g2) . A Weil pair and Tate pair can be used on an elliptic curve to construct an effective bilinear pair.

4.1.2 Definition 4.2: Hypothesis 3-QDBDH

e:G1×G1G2 is a bilinear pairing. The advantage function AdvG1,B3QDBDH(λ) of PPT adversary B is defined as follows:

|Pr[B(g,gx2,gx2,gx3,gz,e(g,g)z/x)]=1Pr[B(g,gx2,gx2,gx3,gz,e(g,g)r)]=1| (1)

Here, x,z,rZp , and they are randomly selected. If, for all probabilistic polynomial time (PPT) adversaries B,AdvG1,B3QDBDH(λ) is negligible, then the hypothesis 3-QDBDH holds.

4.1.3 Definition 4.3: Hypothesis Truncated q-ABDHE

e:G1×G1G2 is a bilinear pairing. The advantage function AdvG1,BqABDHE(λ) of PPT adversary B is defined as follows:

|Pr[B(g,gx,...,gxq,gz,gzxq+2,e(g,g)zxq+1)]=1Pr[B(g,gx,...,gxq,gz,gzxq+2,e(g,g)r)]=1| (2)

Here, x,z,rZp , and they are randomly selected. The distribution above is recorded as PqABDHE and the distribution above is recorded as RqABDHE . If AdvG1,BqABDHE(λ) is negligible for all PPT adversaries B, then the truncated q-ABDHE hypothesis holds.

4.2 Re-encryption Scheme for Electronic Records

The scheme is defined as follows:

GloSetup(λ) : λ is the security parameter, (p,g,G1,G2,e) is the parameter of the bilinear pair, u,v(u,vG1) represent the generators of G1, and Sig=(G,S,V) is a signature. The message field is G2, the conditional field is Zp , and the public parameter is GP=(p,g,G1,G2,e,u,v,Sig) .

KeyGen(i) : The electronic records producer i chooses the random number xi,yi,a0,a1,a2Zp , and calculates Xi=gxi ,Yi=gyi ,hk=gak . Its public key is set to pki=(Xi,Yi,{hk}k{0,1,2}) and its private key to ski=(pki,xi,yi,a0,a1,a2) .

RKeyGen(ski,pkj) : Given the user i’s private key ski=(pki,xi,yi) and the user j’s public key, a one-way partial re-encryption key rki,j=Xj1/xi is generated.

CKeyGen(ski,w) : Given the electronic records producer i’s private key ski ’s xi and the condition wZp , select three random numbers skZp , calculate dk=(hkgsk)1/(yiw) , and set the conditional key as cki,w=(dk,sk)k{0,1,2} .

Enc(pki,m,w) : To encrypt the electronic records mG2 with public keypki and conditions wZp , the electronic records producer takes the following steps.

I) Select a strongly unforgivable signature, set the key pair as (ssk,svk)G(λ) , and set C1=svk .

II) Select rZp at random and calculate C2=Xir , C3=e(g,g)rm , and C4=(usvkv)r .

III) Generate a signature σ=S(ssk,(C3,C4)) for (C3,C4) , and the conventional cipher text is CRi=(C1,C2,C3,C4,σ) .

IV) Select rZp at random and calculate K=e(g,h0)r , C3=C3K , G5=(Yigw)r,G6=e(g,g)r, t=H(C3,C5,C6),C7=e(g,h1)rte(g,h2)r .

V) Generate another one-time signature: σ=S(ssk,(C1,C2,C3,C4,σ,C5,C6,C7)) .

VI) Conditional cipher text original cipher text: CTi=(C1,C2,C3,C4,σ,C5,C6,C7,σ) .

ReEnc(CTi,rki,j,cki,w) : Enter a partial re-encryption key rki,j=Xj1/xi , conditional key cki,w , and conditional cipher textCTi . First, run Test(CTi,cki,w) , calculate t=H(C3,C5,C6) , and test to determine whether the following formula is true: V(C1,σ(C1,C2,C3,C4,σ,C5,C6,C7))=1 and C7=e(C5,d1td2)C6s1t+s2 . Print “0” if the check fails or “1” otherwise; if the result is “1,” calculate K=e(C5,d0)C6s0,C3=C3/K . Accordingly, the conventional cipher text is CRi=(C1,C2,C3,C4,σ) , and the following formula is tested to check its validity: e(C2,uC1v)=e(Xi,C4) , V(C1,σ,(C3,C4))=1 . If the preceding equation is true, CTi is re-encrypted, so that tZp is selected at random and the following formulas are calculated: C2=Xit, C2=rkij1/t=g(xj/xi)t1,C2=C2t=Xirt, and the re-encryption cipher text is the following formula: CTj=(C1,C2,C2,C2,C3,C4,σ) . If the equation is false, output the error symbol .

Dec1(CTi,ski) : Enter private key ski , conditional cipher text CTi , and break cipher text CTi=(C1,C2,C3,C4,σ,C5,C6,C7,σ) . If V(C1,σ(C1,C2,C3,C4,σ,C5,C6,C7))=1 , calculate t=H(C3,C5,C6) , and then verify whether C7=C6a1t+a2 . If not, output ; if so, calculate C3=C3/(C6a0) . Therefore, the conventional cipher text is CRi=(C1,C2,C3,C4,σ) . If the cipher text satisfies e(C2,uC1v)=e(Xi,C4) and V(C1,σ,(C3,C4))=1 , i can obtain m=C3/e(C2,g)1/xi ; otherwise, the algorithm outputs .

Dec2(CTj,skj) : After entering the private key skj and the re-encryption cipher text CTj=(C1,C2,C2,C2,C3,C4,σ), the validity of the re-encryption cipher text is checked by the following test: e(C2,C2)=e(Xj,g), e(C2,uC1v)=e(C2,C4) , and V(C1,σ,(C3,C4))=1 . If both equations are true, output plaintext m=C3/e(C2,C2)1/xj ; otherwise, the algorithm outputs the error sign .

Correctness: Properly generated original re-encryption cipher text can be correctly decrypted. As shown below, re-encryption cipher text encrypted by a proxy without the correct encryption key or conditional key cannot be decrypted by the entrusting party. Given the original conditional cipher text CTi=(C1,C2,C3,C4,σ,C5,C6,C7,σ) encrypted with the keyword w and public key pki , two cases exist.

Case 1 (incorrect conditional key): Assume that the proxy has a partial re-encryption key rki,j=Xj1/xi and conditional keys cki,w=(dk,sk)k{0,1,2} , dk=(hkgsk)1(yiw) , and ww . Run ReEnc(CTi,rki,j,cki,w) to convert the cipher text CTi to the user j’s cipher text: obviously, CTi cannot pass the legality check.

Order C5=(Yigw)r, C6=e(g,g)r, t=H(C3,C5,C6) and C7=e(g,h1)rte(g,h2)r . Then,

e(C5,(d1)t(d1))C6s1+s2e(g,h1)rte(g,h2)r=C7 (3)

e(g(yiw)r,(g(a1s1)/(yiw)))te(g(yiw)r,g(a2s2)/(yiw))e(g,g)r(s1t+s2)C7e(g,g)r(yiw)/(yiw)((a1s1)t+(a2s2))e(g,g)r(s1t+s2)e(g,g)(a1t+a2)r((a1t+a2)r((yiw)/(yiw)1))((s1t+s2)r((yiw)/(yiw)1))0(a1t+a2s1ts2)((ww)/(yiw))0 (4)

Because s1 and s2 are randomly selected, a1,a2,yi comprise the private key. Therefore, (a1t+a2s1ts2)0 , (ww)0 , and (yiw)0 .

Even if it passes the validation test, it is still evident that K=e(C5,d0)C6s0e(g,h0)r=K , because

K=e(C5,d0)C6s0e(g,h0)r=K (5)

K=e(g(yiw)r,g(a0s0)/(yiw))e(g,g)rs0e(g,g)a0re(g,g)r(yiw)/(yiw)(a0s0)e(g,g)rs0e(g,g)a0r(a0s0)r((yiw)/(yiw)1))0(a0s0)r(ww)/(yiw)0 (6)

Case 2 (incorrect re-encryption key): Assume that the proxy has a partial re-encryption key rki,j=Xj1/xi and conditional keys cki,w=(dk,sk)k{0,1,2} , dk=(hkgsk)1(yiw) , and jj . Run ReEnc(CTi,rki,j,cki,w) to convert the cipher text CTi to the user j’s cipher text. Decompose CTj and set C2=Xit,C2=rkij1/t=g(xj/xi)t1 and C2=C2t=Xirt. When decryption is conducted, CTj evidently cannot pass the legality check, because e(C2,C2)e(Xj,g) .

4.3 Safety Certificate

Theorem 1: Assuming that the 3-QDBDH problem and q-ABDHE problem are difficult to solve, the above scheme for the re-encryption of electronic records is secure under the standard model.

Lemma 1: If an IND-CCA attacker exists that can attack the scheme in this paper, there is an algorithm 'B' that can solve the 3-QDBDH problem. To prove lemma 1, we first prove an assertion.

Assertion 1: The difficulty assumption of 3-QDBDH is equivalent to whether a given (g,g1/a,ga,gas,gb) decides that T is equal to e(g,g)b/a2 or a random value.

Proof: Given (g,g1/a,ga,ga2,gb) , set up a 3-QDBDH instance by setting (y=g1/a,yx=g,yx2=g,yx3=ga2,y2=b) ; this implies x=a,z=ab . One then has e(g,g)z/x=e(g1/a,g1/a)(ab)/a=e(g,g)b/a2 , which means that these two problems are equivalent, thereby completing the proof of Assertion 1.

Proof of Lemma 1: If there is a PPT attacker that can attack the scheme proposed in this paper, a simulator B exists that can solve the 3-QDBDH problem. The simulation proceeds as follows.

First, the challenger sets the groups G1 and G2, the bilinear pair e, and generator g of group G1. The simulator enters an instance of a q-ABDHE problem (A1=g1/a,A1=ga,A2=ga2,B=gb,T) : the purpose of the simulator B is to distinguish T=e(g,g)b/a2 , T or a random number of group G2.

CT=(C1,C2,C3,C4,σ,C5,C6,C7,σ) represents the challenge cipher text sent to A in the game. The event FOTS indicates that A performs A’s decryption query and A’s re-encryption query on the cipher text CT=(C1,C2,C3,C4,σ,C5,C6,C7,σ) , but V(C1,σ,(C1,C2,C3,C4,σ,C5,C6,C7,σ))=1 , or V(C1,σ(C3,C4))=1 .

In phase 1, A has no information on the event svk , meaning that the probability of the previous event FOTS is no more than qkθ . qk denotes the total number of times the query was tested, while θ represents the maximum probability (no more than 1/p ) of a signature’s verification key svk . In phase 2, FOTS presents an algorithm to break a signature. Therefore, Pr[FOTS]qk/p+AdvOTS ; the second part represents the probability of a signature being destroyed, which is also negligible. A detailed description of the B simulation is now provided: when FOTS occurs, B simply stops and output a random bit. During the preparation phase, B generates a signature pair (ssk,svk)G(λ) and provides public parameters to A, including u=A1α1 and v=A1α1svkA2α2 , where α1 and α2 are random and α1,α1Zp . The set of honest participants is represented by HU, including the user i specifying the public key pki , while CU is the set of corrupted participants. The environment simulation of A proceeds as follows.

(a) System setup: λ is the security parameter, (p,g,G1,G2,e) is the bilinear pair parameter, u=A1α1 , and v=A1α1svkA2α2 , where α1 and α2 are random, and α1,α1Zp . Generate a signature Sig=(G,S,V) . The public parameter is GP=(p,q,G1,G2,e,u,v,Sig) .

(b) Query phase 1: The attacker A makes the following queries.

- Uncorrupted-key-generation query i : The public key of the honest user iHU{i} is defined as Xi=(ga)xi=gaxi , while xiZp is random. Select yi,a0,a1,a2Zp at random and calculate Yi=gyi,hk=gak . Then, set the public key to pki=(xi,yi,{hk}k{0,1,2}) and send to A.

- Corrupt-key-generation query j : Considering the corrupt user jCU , select random numbers xi,yj,a0,a1,a2Zp and calculate Xj=gxj,Yj=gyj,hk=gak . Set its public key pkj=(Xj,Yj,{hk}k{0,1,2}) and private key skj=(pkj,xj,yj,a0,a1,a2) , and send (pkj,skj) to A.

- Partial-re-encryption-key query pki,pkj : The following cases involving B must be distinguished.

- If iCU , B knows that ski=(pki,xi,yi,a0,a1,a2) and Xj is given, such that it is easy to output the one-way re-encryption key rki,j=Xj1/xi .

- If iHU{i} and j=i , B returns a valid re-encryption key rki,i=(g1/a)xi/xi=g(axi)/(a2xi) .

- If i=i,jHU{i} , B returns the correct distribution rki,i=(g1/a)xi/xi=g(axi)/(a2xi) .

- If i,jHU{i} , B returns rki,j=gxj/xi=g(axj)/(axi) .

- Conditional key query pki,w : B selects skZp at random and calculates dk=(hkgsk)1/(yiw) .

- Re-encryption key query pki,pkj,(w,CTi) : For the re-encryption key query of the conditional cipher text CTi=(C1,C2,C3,C4,σ,C5,C6,C7,σ) from user i to j, the conditional key is cki,w={dw,k,sw,k}k{0,1,2} . Calculate t=H(C3,C5,C6) , and then verify whether the following formula is true: V(C1,σ(C1,C2,C3,C4,σ,C5,C6,C7))=1 and C7=e(C5,d1td2)C6s1t+s2 . If the verification fails, output ; otherwise, calculate K=e(C5,d0)C6s0,C3=C3/K , obtain the conventional cipher text CRi=(C1,C2,C3,C4,σ) and check its validity by testing the following expressions:

e(C2,uC1v)=e(Xi,C4) ,

V(C1,σ,(C3,C4))=1. (7)

If the equation is not true, then B returns .

- If i=i or i=i,jHU{i} , in both cases B is encrypted with the re-encryption key rki,j .

- If i=i and jCU :

     i)  If C1=svk , then (C1,C2,C3,C4,σ,C5,C6,C7,σ)(C1,C2,C3,C4,σ,C5,C6,C7,σ) , and B is faced with the FOTS event and stops the game.

    ii)  Another possible situation is the following: C1svk , i=i , jCU . At this time, C21/xi is given from C4=(usvkv)r=((ga)α1(svksvk)(ga2)α2)r . B calculates (A1)r=(ga)r=(C4/(C2α2/xi))1/(α1(svksvk))

and knows (A1)r and user j’s private key. B randomly selects tZp , calculates C2=(A1)t=gat, C2=(A1)xj/t=(g1/a)xj/t,C2=(A1)rt=Xirt , and returns the correct cipher text Cj=(C1,C2,C2,C2,C3,C4,σ) .

- Decryption query pki,CTi or pkj,CTj : If pki,CTi represents a decryption query on the original conditional re-encryption cipher text CTj=(C1,C2,C2,C2,C3,C4,σ) , use the following formulae to check the validity of the re-encryption cipher text: e(C2,C2)=e(Xj,g),e(C2,uc1v)=e(C2,C4) , and V(C1,σ,(C3,C4))=1 . If the equation is not true, return . Supposing that jHU , because B otherwise knows the private key, it does not need to perform a decryption query.

First, if C1=C1=svk : if (C3,C4,σ)(C3,C4,σ) , B faces the occurrence of the FOTS event and stops the game; if (C3,C4,σ)=(C3,C4,σ) , B outputs , indicating that pkj,CTj is derived from pki,CT . As in stage 2 for the same hidden index r, the following must be the case that, assuming C1C1 :

•   For Xj=gaxj , if jHU{i} , the legitimacy of the cipher text ensures that, for rZp , the following formulas are satisfied: e(C2,C2)=e(g,Xj)r=e(g,g)arxj and C4=(usvkv)r=((ga)α1(svksvk)(ga2)α2)r .

Therefore,

e(C4,A1)=e(C4,g1/a)=e(g,g)a1r(svksvk)e(g,g)aα2r (8)

e(g,g)r=((e(C4,A1))/(e(C2,C2))α2/xj)1/(α1(svksvk)) (9)

It is thus easy to calculate the plaintext m.

- If j=i , for the index, it is known that xiZp and one has Xj=ga2xi . Because

e(C2,C2)=e(g,Xi)r=e(g,g)a2rxi (10)

and

e(C4,g)=e(g,g)aα1r(svksvk)e(g,g)a2α2r, (11)

B first obtains γ=e(g,g)ar=((e(C4,g))/(e(C2,C2))α2/xi)1/(α1(svksvk)) .

As relationship e(C4,A1)=e(C4,g1/a)=e(g,g)a1r(svksvk)e(g,g)aa2r , γ reveals that

e(g,g)r=((e(C4,A1))/(γ)a2/xi))1/(α1(svksvk)). (12)

It is thus easy to calculate the plaintext m=C3/e(g,g)r .

In phase 2, B must check that m is different from the challenge message to m0, m1. According to the security model’s restriction rules, if m{m0,m1} , B returns .

(c) Challenge: Once A decides that the query 1 phase is over, it outputs the challenge condition w and two plaintexts of the same length (m0, m1). Challenge B randomly selects b{0,1} , and sets the challenge cipher text by taking the following steps: set C1=svk and calculate C2=Bxi, C3=TmbandC3=Bx2 ; for (C3,C4) generating a strong and unforgettable σ=S(ssk,(C3,C4)) , so that the conventional cipher text is CRi=(C1,C2,C3,C4,σ) ; choose rZp randomly, calculate K=e(g,h0)r ,C3 *=C3*K , G5=(Yigw)r, G6=e(g,g)r , t=H(C3,C5,C6) ,C7=e(g,h1)rte(g,h2)r ; generate another strong and unforgettable σ=S(ssk,(C1, C2,C3,C4,σ,C5,C6,C7)) ; therefore, the conditional cipher text is CT=(C1,C2,C3,C4,σ,C5,C6,C7,σ) . Return CT to A.

(d) Query phase 2: A executes the same query as in phase 1.

(e) Guess: The attacker outputs his guess b'. If b=b', it outputs 1, T=e(g,g)b/a2 ; otherwise, it outputs 0, T=e(g,g)r .

Probabilistic Analysis: Suppose there is a PPT attacker A in game 1 capable of attacking the scheme proposed in this paper with a non-negligible advantage ε under the standard model. The probability of the simulator is now given, supposing FOTS does not happen.

Because xi=(ga2)xi=ga2xi and B=gb , if T=e(g,g)b/a2 , then CT is the legal cipher text with index r=b/a2 mb . Conversely, if T is a random number in G2, CT hides mb perfectly. A guesses that the probability of b does not exceed 1/2. Obviously,

|Pr[B(g,g1/a,ga,ga2,gb,e(g,g)b/a2)=1]Pr[B(g,g1/a,ga,ga2,gb,e(g,g)r||(1/2±ε)1/2|=ε(13) is not negligible. This completes the proof of Lemma 1.

Lemma 2: Assuming that an IND-CCA can attack KP-CPRE, an algorithm B exists that can solve the q-ABDHE problem for all qqk+1 , where qk denotes the total number of conditional key queries for challenge users.

Proof: Supposing there is a polynomial time attacker A in the game that can attack the KP-CPRE scheme in the standard model. Let qk be the total number of trap door queries, setting up a simulator A that can solve the q-ABDHE problem for all qqk+1 . HU represents honest participation in the square set, including user i with the specified public key pki , while CU is corrupt participation in the square set.

This is simulated as follows.

First, the challenger sets up the group G1,G2, the effective bilinear pair e, and the generator g of group G1. The simulator enters an instance of the q-ABDHE problem (g,gx,gx2,...,gxq,gzxq+2,T) . The

purpose of the simulator B is to distinguish T=e(g,g)zxq+2 or T is a random number in the group G2.

A. System setup: λ is a security parameter, while (p,g,G1,G2,e) is a parameter of bilinear pairing, producing u,vG1 and a strong and unforgettable Sig=(G,S,V) . The public parameter is GP=(p,g,G1,G2,e,u,v,Sig) .

B. Query phase 1: The attacker A makes the following queries.

- Non-corrupted-key-generation query i : The public key of challenge user i=i is defined as follows: B randomly chooses three q-order polynomials fk(X) where k{0,1,2} . Defining {hk=fk(x)fk(x)}k{0,1,2} and Yi=gx , then the private key of the system is {ak=fk(x)}k{0,1,2} . Randomly select XiZp and calculate Xi=gxi . Set the public key of the challenge user to pki=(xi,yi,{hk}k{0,1,2}) and send the public key to A. The honest user iHU{i} is consistent with the key algorithm; this means that the simulator B knows the public and private keys of iHU{i} and sends them to A.

- Corrupted-key-generation query i : The corrupt user iCU is consistent with the key-generation algorithm. Simulator B knows the public and private keys of iCU and sends them to A.

- Partial-re-encryption-key query pki,pkj : B generates a one-way re-encryption key rki,j=Xj1/xi ; because B knows the Xi part of all user private keys, B’s calculations are correct.

- Conditional key query pki,w : For challenge users i=i , B calculates {sw,k=fk(w)}k{0,1,2} , dw,k=g(fk(x)fk(w))/(xw) and sends the condition key cki,w={dw,k,sw,k}k{0,1,2} to A. When qqk+1 , {sw,k=fk(w)}k{0,1,2} is random from A’s perspective, as fk(X) is a random polynomial of order q.

For user ii, B randomly chooses skZp , calculates dk=(hkgsk)1/(yiw) , and sets cki,w={dw,k,sw,k}k{0,1,2} .

- Re-encryption query: Because, for all users i and j, B can calculate a one-way re-encryption key rki,j , and a condition key cki,w={dw,k,sw,k}k{0,1,2} , for pki,pkj,(w,CTi) , B can calculate it correctly.

- Decryption query pkj,CTj : If pkj,CTj indicates a query for re-encryption cipher text Cj=(C1,C2,C2,C2,C3,C4,σ) , the legality of the re-encryption cipher text Cj is checked as follows: e(C2,C2)=e(Xj,g) ,e(C2,uC1v)=e(C2,C4) , and V(C1,σ,(C3,C4))=1 . If the equation is true, B returns plaintext m=C3/e(C2,C2)1/xj ; otherwise, it returns .

- Decryption query pkj,(w,CTj) : If pki,CTi represents a query that re-encrypts the original condition, B performs a re-encryption query on pki,pkj,(w,CTi) to obtain the re-encryption cipher text CTj , then performs a decryption query on pkj,CTj and returns the result to A.

C. Challenge: Once A has decided to end query 1 and output the challenge condition to (w0, w1) and two plaintexts (m0, m1) of the same length, Challenge B randomly chooses b{0,1} and sets {Swb,k=fk(wb)}k{0,1,2} . B then calculates dwb,k=g(fk(x)fk(wb))/(xwb) , selects a key-pair with a strong unforgettable signature as (ssk,svk)G(λ) , and sets C1=svk ; B randomly chooses rZp and calculates C2=Xir,C3=e(g,g)rm, C4=(uswkv)r . It then produces a strong unforgettable σ=S(ssk,(C3,C4)) and cipher CRi=(C1,C2,C3,C4,σ) , and then defines a polynomial of order q+1:

F(X)=(Xq+2(w)q+2)/(Xw)=i=0q+1(FiXi). (14)

Calculate C5*=gzxq+2(gz)(w*)q+2,C6*=TFq+1*e(gZ,i=0q(gxi)F2*),Ca3=C3*e(C5*,dwb,0)(C6*)Swb,0, t=H(C3,C5,C6) , and C7=e((C5,dwb,1)tdwb,2)(C6)Swb,1t+Swb,2 . Set r=zF(x), if T=e(g,g)zxq+1 , and then C5=g(xwb)r=(Yigwb)r, C6=e(g,g)r ,C3=C3e(g,h0)r , and C7=e(g,h1)tre(g,h2)r ; generate another signature σ=S(ssk,(C1,C2,C3,C4,C5,C6,C7)) ; the conditional cipher text is CT=(C1,C2,C3,σ, C4,C5,C6,C7) ; return CT to A.

D. Query phase 2: A runs the same query as in phase 1.

E. Guess: The attacker outputs his guess b'. If b=b', output 1, T=e(g,g)zxq+1 ; otherwise, output 0, T=e(g,g)r .

Probability analysis: If T=e(g,g)zxq+1 , the simulation is perfect: A correctly guesses that the probability of b is 1/2 + ε. Otherwise, T is a random number, and (C5,C6) are random and independent of each other. In this case, the probability that the inequality C6e(C5,g)1/(xWb) is established is 1−1/p. When the inequality is true, K=e(C5,dwb,0)(C6)Swb,0=e(C5,(h0)1/(xwb))((C6)/e(C5,g)1/(xwb))Swb,0 is random, and from the perspective of A is independent of each other (apart from C3 ). swb,0 (when qqk+1 , {sw,k= fk(w)}k{0,1,2} is random from A’s perspective) is random, and from the perspective of A, all elements are independent of each other (apart from C3 ). Thus, C3 is random and independent. Moreover, (C5,C6,C3) does not disclose any information in b. This completes the proof of Lemma 2. Therefore, Theorem 1 is proved.

5  Conclusion

The present paper investigates and applies proxy re-encryption. In our approach, before the electronic record is generated, its producer interacts with the record manager. When an electronic record is generated, the record producer encrypts it. When the electronic record needs to be verified, it is decrypted to verify authenticity. When the producer hands the electronic record over to the record manager, the record manager re-encrypts it. When verifying, our approach can use the record manager's secret key to decrypt again so that the authenticity of the electronic record is guaranteed.

Funding Statement:Y. J. Ren gratefully acknowledges the financial support of the NSFC (61772280, 62072249), http://www.nsfc.gov.cn.

Conflicts of Interest:The authors declare that they have no conflicts of interest to report regarding the present study. Xiujuan Feng and Yongjun Ren are the co-corresponding authors.

References

  1. Y. Bi and H. Xie, “Web archiving and preservation from the archival science perspective,” Archives Science Study, vol. 26, no. 4, pp. 74–78, 2015.
  2. Y. J. Ren, Y. Leng, F. J. Zhu, J. Wang and H.J. Kim, “Data storage mechanism based on blockchain with privacy protection in wireless body area network,” Sensors, vol. 19, no. 10, pp. 2395.1–2395. 16, 2019.
  3. Y. N. Liu and J. Y. Li, “Conceptual comparison and linkage between electronic data in law field and electronic records in archival field,” Archives Science Study, vol. 28, no. 4, pp. 92–99, 2017.
  4. Y. J. Ren, J. Shen, D. Z. Liu, J. Wang and J. Kim, “Evidential quality preserving of electronic record in cloud storage,” Journal of Internet Technology, vol. 17, no. 6, pp. 1125–1132, 2016.
  5. Y. Fu, S. Wen, L. Ma and J. Shu, “Survey on single disk failure recovery methods for erasure coded storage systems,” Journal of Computer Research and Development, vol. 55, no. 1, pp. 1–13, 2018.
  6. J. Wang, Y. Gao, W. Liu, W. Wu and S. Lim, “An asynchronous clustering and mobile data gathering schema based on timer mechanism in wireless sensor networks,” Computers, Materials & Continua, vol. 58, no. 3, pp. 711–725, 2019.
  7. Y. Huang, “Research on the connotation and management of trusted electronic records,” Zhejiang Archives, vol. 31, no. 5, pp. 12–15, 2014.
  8. S. Zhang, Y. Chang, L. Yan, Z. Sheng, F. Yang et al., “Yang etal, Quantum communication networks and trust management: a survey,” Computers, Materials & Continua, vol. 61, no. 3, pp. 1145–1174, 2019.
  9. K. Gu, Y. Wang and S. Wen, “Traceable threshold proxy signature,” Journal of Information Science and Engineering, vol. 33, no. 1, pp. 63–79, 2017.
  10. C. Ge, Z. Liu, J. Xia and L. Fang, “Revocable identity-based broadcast proxy re-encryption for data sharing in clouds,” IEEE Trans. on Dependable and Secure Computing, vol. 19, no. 6, pp. 1–1, 2019.
  11. Y. Chen, J. Wang, R. Xia, Q. Zhang, Z. Cao et al., “The visual object tracking algorithm research based on adaptive combination kernel,” Journal of Ambient Intelligence and Humanized Computing, vol. 10, no. 12, pp. 4855–4867, 2019, 2019.
  12. Y. J. Ren, F. J. Zhu, J. Qi, J. Wang and A. K. Sangaiah, “Identity management and access control based on blockchain under edge computing for the Industrial Internet of Things,” Applied Sciences, vol. 19, no. 9, pp. 2058.1–2058, 2019.
  13. Q. Xiao and L. Wu, “Research on digital continuity plan of Australian National Archives,” Journal of Information Resources Management, vol. 5, no. 4, pp. 19–23, 2015.
  14. Y. J. Ren, Y. Leng, J. Qi, K. S. Pradip, J. Wang et al., “Multiple cloud storage mechanism based on blockchain in smart homes,” Future Generation Computer Systems, vol. 115, no. 2, pp. 304–313, 2021.
  15. J. Zhang, X. Jin, J. Sun, J. Wang and A. K. Sangaiah, “Spatial and semantic convolutional features for robust visual object tracking,” Multimedia Tools and Applications, vol. 79, no. 21-22, pp. 15095–15115, 2020.
  16. N. Zhang, C. Wang, Z. Liu and W. Wang, “Study on the evaluation strategy of electronic document authenticity based on digital continuity thought,” Archives Research, vol. 6, pp. 69–72, 2015.
  17. L. Fang, C. Yin, L. Zhou, Y. Li, C. Su et al., “A physiological and behavioral feature authentication scheme for medical cloud based on fuzzy-rough core vector machine,” Information Sciences, vol. 507, no. 1, pp. 143–160, 2020.
  18. W. Li, H. Liu, J. Wang, L. Xiang and Y. Yang, “An improved linear kernel for complementary maximal strip recovery: simpler and smaller,” Theoretical Computer Science, vol. 786, no. 1, pp. 55–66, 2019.
  19. L. Johnston, “ERA 2.0: the national archives new framework for electronic records preservation,” in Proc. of the Association for Information Science and Technology, New York, NY, USA, pp. 197–202, 2017.
  20. Y. J. Ren, F. J. Zhu, S. P. Kumar, T. Wang, J. Wang et al., “Data query mechanism based on hash computing power of blockchain in Internet of Things,” Sensors, vol. 20, no. 7, pp. 2071–207. 22, 20
  21. K. Gu, L. Yang and B. Yin, “Location data record privacy protection based on differential privacy mechanism,” Information Technology and Control, vol. 47, no. 4, pp. 639–654, 2018.
  22. Y. Qian, “Millennial-scale phase relationship between North Atlantic deep-level temperature and Qinghai-Tibet Plateau temperature and its evolution since the Last Interglaciation,” Chinese Science Bulletin, vol. 59, no. 3, pp. 75–81, 2014, 2014.
  23. Y. Mao, J. Zhang, H. Qi and L. Wang, “DNN-MVL: DNN-multi-view-learning-based recover block missing data in a dam safety monitoring system,” Sensors, vol. 19, no. 13, pp. 2895.1–2895.19, 2019.
  24. Y. Lu and T. Feng, “Research on trusted DNP3-BAE protocol based on hash chain,” EURASIP Journal on Wireless Communications and Networking, vol. 2018, no. 5, pp. 108.1–108.10, 2018, 2018.
  25. Z. Yi, “Research on the formation process of electronic records based on the thought of front-end control,” Archives Science Study, vol. 23, no. 3, pp. 16–23, 2012.
  26. Y. J. Ren, J. Qi, Y. P. Cheng, J. Wang and O. Alfarraj, “Digital continuity guarantee approach of electronic record based on data quality theory,” Computers, Materials & Continua, vol. 63, no. 3, pp. 1471–1483, 2020.
  27. J. Wang, X. Gu, W. Liu, A. K. Sangaiah and H. Kim, “An empower Hamilton loop based data collection algorithm with mobile agent for WSNs,” Human-Centric Computing and Information Sciences, vol. 18, no. 9, pp. 1794–1808, 2019.
  28. F. Upword, B. Reed, G. Oliver and J. Evans, “Record keeping informatics: Re-figuring a discipline in crisis with a single-minded approach,” Records Management Journal, vol. 23, no. 1, pp. 47–54, 2013.
  29. J. M. Zhang, W. Wang, Ch Q. Lu, J. Wang and A. K. Sangaiah, “Lightweight deep network for traffic sign classification,” Annals of Telecommunications, vol. 75, no. 7-8, pp. 369–379, 2020.
  30. Y. J. Ren, Y. Leng, Y. P. Cheng and J. Wang, “Secure data storage based on blockchain and coding in edge computing,” Mathematical Biosciences and Engineering, vol. 16, no. 4, pp. 1874–1892, 2019.
  31. Y. Chen, H. Hou, H. Su and Q. Yang, “Records management in e-government system: issues and reflections,” Archives Science Study, vol. 26, no. 2, pp. 28–37, 2015.
  32. W. Zhang, F. Y. Shih, S. Hu and M. Jian, “A visual secret sharing scheme based on improved local binary pattern,” International Journal of Pattern Recognition and Artificial Intelligence, vol. 32, no. 6, pp. 185–195, 2018.
  33. Y. J. Ren, Y. P. Liu, S. Ji, K. Arun and J. Wang, “Incentive mechanism of data storage based on blockchain for wireless sensor networks,” Mobile Information Systems, vol. 2018, no. 8, pp. 1–10, 2018.
  34. S. B. Dewdney and L. Jason, “Electronic records, registries, and the development of ‘big data’: crowd-sourcing quality toward knowledge,” Frontiers in Oncology, vol. 268, no. 1, pp. 20–27, 2017.
  35. W. Wan, J. Chen and S. Zhang, “A cluster correlation power analysis against double blinding exponentiation,” Journal of Information Security and Applications, vol. 48, no. 10, pp. 102357, 2019.
  36. D. Zeng, Y. Dai, J. Wang, F. Li and A. K. Sangaiah, “Aspect based sentiment analysis by a linguistically regularized CNN with gated mechanism,” Journal of Intelligent & Fuzzy Systems, vol. 36, no. 5, pp. 3971–3980, 2019.
  37. X. Jia, “Analysis and implications of the New Zealand digital continuity action plan,” Library and Information Work, vol. 2016, no. 1, pp. 45–51, 2016, 2016.
  38. L. Xie, J. Wang and L. Ma, “Trusting records: findings of team asia InterPARES,” Archives Science Study, vol. 28, no. S1, pp. 8–13, 2017.
  39. T. Li, Y. Ren and J. Xia, “Blockchain queuing model with non-preemptive limited-priority,” Intelligent Automation & Soft Computing, vol. 26, no. 5, pp. 1111–1122, 2020.
  40. L. Xie, J. Wang and L. Ma, “The project of InterPARES: Where it has been and where it is going,” Archives Science Study, vol. 28, no. S1, pp. 14–20, 2017.
  41. Y. T. Chen, J. J. Tao, L. W. Liu, J. Xiong, R. L. Xia et al., “Research of improving semantic image segmentation based on a feature fusion model,” Journal of Ambient Intelligence and Humanized Computing, vol. 20, no. 5, pp. 1–13, 2020.
  42. J. Wang, Y. Gao, W. Liu, A. K. Sangaiah and H. Kim, “An intelligent data gathering schema with data fusion supported for mobile sink in WSNs,” Int. Journal of Distributed Sensor Networks, vol. 2019, no. 3, pp. 1550–1561, 2019, 2019.
  43. L. Chao and H. Qu, “Electronic records management systems: from digital continuity to data continuity,” Archives Science Bulletin, vol. 64, no. 1, pp. 20–25, 2019.
  44. C. P. Ge, W. Susilo, Z. Liu, J. Y. Xia, P. Szalachowski et al., “Secure keyword search and data sharing mechanism for cloud computing,” IEEE Trans. on Dependable and Secure Computing, vol. 20, no. 3, pp. 1–1, 2020.
  45. Y. Ren, J. Qi, Y. Liu, J. Wang and G. Kim, “Integrity verification mechanism of sensor data based on bilinear map accumulator,” ACM Trans. on Internet Technology, vol. 21, no. 1, pp. 1–19, 2021.
  46. J. Seymour, “The modern records management program: An overview of electronic records management standards,” Bulletin of the Association for Information Science and Technology, vol. 43, no. 2, pp. 35–39, 2017.
  47. J. Wang, C. W. Ju, Y. Gao, A. K. Sangaiah and G.-J. Kim, “A PSO based energy efficient coverage control algorithm for wireless sensor networks,” Computers Materials & Continua, vol. 56, no. 3, pp. 433–466, 2018.
  48. A. A. Aziz, Z. M. Yusof, U. A. Mokhtar and D. I. Jambari, “Establishing policy for the implementation of electronic document and records management system in public sector in Malaysia: the influencing factors,” Advanced Science Letters, vol. 23, no. 11, pp. 10732–10736, 2017.
images This work is licensed under a Creative Commons Attribution 4.0 International License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.