Combinatorial Subset Difference—IoT-Friendly Subset Representation and Broadcast Encryption

In the Internet of Things (IoT) systems, it is often required to deliver a secure message to a group of devices. The public key broadcast encryption is an efficient primitive to handle IoT broadcasts, by allowing a user (or a device) to broadcast encrypted messages to a group of legitimate devices. This paper proposes an IoT-friendly subset representation called Combinatorial Subset Difference (CSD), which generalizes the existing subset difference (SD) method by allowing wildcards (*) in any position of the bitstring. Based on the CSD representation, we first propose an algorithm to construct the CSD subset, and a CSD-based public key broadcast encryption scheme. By providing the most general subset representation, the proposed CSD-based construction achieves a minimal header size among the existing broadcast encryption. The experimental result shows that our CSD saves the header size by 17% on average and more than 1000 times when assuming a specific IoT example of IP address with 20 wildcards and 220 total users, compared to the SD-based broadcast encryption. We prove the semantic security of CSD-based broadcast encryption under the standard l-BDHE assumption, and extend the construction to a chosen-ciphertext-attack (CCA)-secure version.

[1]  M. Laurent-Maknavicius,et al.  PHOABE: Securely outsourcing multi-authority attribute based encryption with policy hidden for cloud assisted IoT , 2018, Comput. Networks.

[2]  Moni Naor,et al.  Multicast security: a taxonomy and some efficient constructions , 1999, IEEE INFOCOM '99. Conference on Computer Communications. Proceedings. Eighteenth Annual Joint Conference of the IEEE Computer and Communications Societies. The Future is Now (Cat. No.99CH36320).

[3]  Dan Boneh,et al.  Generalized Identity Based and Broadcast Encryption Schemes , 2008, ASIACRYPT.

[4]  Brent Waters,et al.  Fully Collusion Resistant Traitor Tracing with Short Ciphertexts and Private Keys , 2006, EUROCRYPT.

[5]  Hua Wang,et al.  A secure multicast protocol with copyright protection , 2002, CCRV.

[6]  Eric J. Harder,et al.  Key Management for Multicast: Issues and Architectures , 1999, RFC.

[7]  Jin Li,et al.  Fully secure fuzzy identity-based encryption for secure IoT communications , 2016, Comput. Stand. Interfaces.

[8]  Brent Waters,et al.  Collusion Resistant Broadcast Encryption with Short Ciphertexts and Private Keys , 2005, CRYPTO.

[9]  Zhi Chen,et al.  A lightweight attribute-based encryption scheme for the Internet of Things , 2015, Future Gener. Comput. Syst..

[10]  Jong Hwan Park,et al.  Identity-Based Revocation From Subset Difference Methods Under Simple Assumptions , 2019, IEEE Access.

[11]  Jung Hee Cheon,et al.  Skipping, Cascade, and Combined Chain Schemes for Broadcast Encryption , 2008, IEEE Transactions on Information Theory.

[12]  Ahmed Obied,et al.  Broadcast Encryption , 2008, Encyclopedia of Multimedia.

[13]  Adi Shamir,et al.  The LSD Broadcast Encryption Scheme , 2002, CRYPTO.

[14]  Yevgeniy Dodis,et al.  Public Key Broadcast Encryption for Stateless Receivers , 2002, Digital Rights Management Workshop.

[15]  Dilip Sarkar,et al.  ESIoT: enabling secure management of the internet of things , 2017, WISEC.

[16]  Moni Naor,et al.  Revocation and Tracing Schemes for Stateless Receivers , 2001, CRYPTO.

[17]  Dong Hoon Lee,et al.  Public-Key Revocation and Tracing Schemes with Subset Difference Methods Revisited , 2014, ESORICS.

[18]  Antoine Joux,et al.  Multicollisions in Iterated Hash Functions. Application to Cascaded Constructions , 2004, CRYPTO.

[19]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[20]  Yevgeniy Dodis,et al.  ID-based encryption for complex hierarchies with applications to forward security and broadcast encryption , 2004, CCS '04.

[21]  Jonathan Katz,et al.  Chosen-Ciphertext Security from Identity-Based Encryption , 2004, SIAM J. Comput..

[22]  Dan Boneh,et al.  Hierarchical Identity Based Encryption with Constant Size Ciphertext , 2005, EUROCRYPT.

[23]  Xiaohui Liang,et al.  How to Construct Interval Encryption from Binary Tree Encryption , 2010, ACNS.

[24]  Rajendra Kumar,et al.  A computationally efficient centralized group key distribution protocol for secure multicast communications based upon RSA public key cryptosystem , 2020, J. King Saud Univ. Comput. Inf. Sci..

[25]  Moni Naor,et al.  Efficient trace and revoke schemes , 2000, International Journal of Information Security.

[26]  Jiayuan Sui,et al.  An Overview of the Advanced Access Content System ( AACS ) , 2007 .

[27]  Cécile Delerablée,et al.  Identity-Based Broadcast Encryption with Constant Size Ciphertexts and Private Keys , 2007, ASIACRYPT.

[28]  Palash Sarkar,et al.  Complete tree subset difference broadcast encryption scheme and its analysis , 2011, IACR Cryptol. ePrint Arch..

[29]  Brent Waters,et al.  A fully collusion resistant broadcast, trace, and revoke system , 2006, CCS '06.

[30]  Michael T. Goodrich,et al.  Efficient Tree-Based Revocation in Groups of Low-State Devices , 2004, CRYPTO.