Identity-Based Encryption with Cloud Revocation Authority and Its Applications

Identity-based encryption (IBE) is a public key cryptosystem and eliminates the demands of public key infrastructure (PKI) and certificate administration in conventional public key settings. Due to the absence of PKI, the revocation problem is a critical issue in IBE settings. Several revocable IBE schemes have been proposed regarding this issue. Quite recently, by embedding an outsourcing computation technique into IBE, Li et al. proposed a revocable IBE scheme with a key-update cloud service provider (KU-CSP). However, their scheme has two shortcomings. One is that the computation and communication costs are higher than previous revocable IBE schemes. The other shortcoming is lack of scalability in the sense that the KU-CSP must keep a secret value for each user. In the article, we propose a new revocable IBE scheme with a cloud revocation authority (CRA) to solve the two shortcomings, namely, the performance is significantly improved and the CRA holds only a system secret for all the users. For security analysis, we demonstrate that the proposed scheme is semantically secure under the decisional bilinear Diffie-Hellman (DBDH) assumption. Finally, we extend the proposed revocable IBE scheme to present a CRA-aided authentication scheme with period-limited privileges for managing a large number of various cloud services.

[1]  Hideki Imai,et al.  Generic Transforms to Acquire CCA-Security for Identity Based Encryption: The Cases of FOpkc and REACT , 2006, ACISP.

[2]  Kaoru Kurosawa,et al.  From Digital Signature to ID-based Identification/Signature , 2004, Public Key Cryptography.

[3]  Yuh-Min Tseng,et al.  A Pairing-Based User Authentication Scheme for Wireless Clients with Smart Cards , 2008, Informatica.

[4]  Vipul Goyal,et al.  Identity-based encryption with efficient revocation , 2008, IACR Cryptol. ePrint Arch..

[5]  G. Lakpathi,et al.  Identity-Based Encryption with Outsourced Revocation in Cloud Computing , 2016 .

[6]  S. Micali,et al.  NOVOMODO : Scalable Certificate Validation and Simplified PKI Management , 2002 .

[7]  Jean-Jacques Quisquater,et al.  Efficient revocation and threshold pairing based cryptosystems , 2003, PODC '03.

[8]  Dong Hoon Lee,et al.  Modified ID-Based Threshold Decryption and Its Application to Mediated ID-Based Encryption , 2006, APWeb.

[9]  Dan Boneh,et al.  A Method for Fast Revocation of Public Key Certificates and Security Capabilities , 2001, USENIX Security Symposium.

[10]  Vipul Goyal Certificate Revocation Using Fine Grained Certificate Space Partitioning , 2007, Financial Cryptography.

[11]  Sandra Dominikus,et al.  Strong Authentication for RFID Systems Using the AES Algorithm , 2004, CHES.

[12]  Craig Gentry,et al.  QuasiModo: Efficient Certificate Validation and Revocation , 2004, Public Key Cryptography.

[13]  Changji Wang,et al.  An Efficient and Provable Secure Revocable Identity-Based Encryption Scheme , 2014, PloS one.

[14]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[15]  Jiguo Li,et al.  Searchable ciphertext‐policy attribute‐based encryption with revocation in cloud storage , 2017, Int. J. Commun. Syst..

[16]  Vipul Gupta,et al.  Energy analysis of public-key cryptography for wireless sensor networks , 2005, Third IEEE International Conference on Pervasive Computing and Communications.

[17]  Gene Tsudik,et al.  Simple Identity-Based Cryptography with Mediated RSA , 2003, CT-RSA.

[18]  Allison Bishop,et al.  New Techniques for Dual System Encryption and Fully Secure HIBE with Short Ciphertexts , 2010, IACR Cryptol. ePrint Arch..

[19]  Dong Hoon Lee,et al.  New Constructions of Revocable Identity-Based Encryption From Multilinear Maps , 2015, IEEE Transactions on Information Forensics and Security.

[20]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[21]  Moni Naor,et al.  Certificate revocation and certificate update , 1998, IEEE Journal on Selected Areas in Communications.

[22]  Jiguo Li,et al.  Privacy-preserving personal health record using multi-authority attribute-based encryption with revocation , 2014, International Journal of Information Security.

[23]  Jean-Sébastien Coron,et al.  On the Exact Security of Full Domain Hash , 2000, CRYPTO.

[24]  David Cooper,et al.  Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile , 2008, RFC.

[25]  Keita Emura,et al.  Revocable Hierarchical Identity-Based Encryption: History-Free Update, Security Against Insiders, and Short Ciphertexts , 2015, CT-RSA.

[26]  Brent Waters,et al.  Dynamic Credentials and Ciphertext Delegation for Attribute-Based Encryption , 2012, IACR Cryptol. ePrint Arch..

[27]  Yuh-Min Tseng,et al.  Efficient Revocable ID-Based Encryption with a Public Channel , 2012, Comput. J..

[28]  Yuh-Min Tseng,et al.  An efficient user authentication and key exchange protocol for mobile client-server environment , 2010, Comput. Networks.

[29]  Paul E. Hoffman,et al.  Internet Key Exchange Protocol Version 2 (IKEv2) , 2010, RFC.

[30]  Michael Scott,et al.  Computing the Tate Pairing , 2005, CT-RSA.

[31]  G. Prashanth Audit-Free Cloud Storage via Deniable Attribute based Encryption , 2017 .

[32]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[33]  Brent Waters,et al.  Attribute-Based Encryption with Fast Decryption , 2013, Public Key Cryptography.

[34]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[35]  Benoît Libert,et al.  Adaptive-ID Secure Revocable Identity-Based Encryption , 2009, CT-RSA.

[36]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[37]  Keita Emura,et al.  Efficient Delegation of Key Generation and Revocation Functionalities in Identity-Based Encryption , 2013, CT-RSA.

[38]  Joonsang Baek,et al.  Identity-Based Threshold Decryption , 2004, Public Key Cryptography.

[39]  Kenneth G. Paterson,et al.  Pairings for Cryptographers , 2008, IACR Cryptol. ePrint Arch..

[40]  Rafail Ostrovsky,et al.  Fast Digital Identity Revocation (Extended Abstract) , 1998, CRYPTO.

[41]  Michael Scott,et al.  Implementing Cryptographic Pairings on Smartcards , 2006, CHES.

[42]  Keita Emura,et al.  Revocable Identity-Based Encryption Revisited: Security Model and Construction , 2013, Public Key Cryptography.

[43]  Tatsuaki Okamoto,et al.  How to Enhance the Security of Public-Key Encryption at Minimum Cost , 1999, Public Key Cryptography.