PHE: An Efficient Traitor Tracing and Revocation for Encrypted File Syncing-and-Sharing in Cloud

Recently, many enterprises have moved their data into the cloud by using file syncing and sharing (FSS) services, which have been deployed for mobile users. However, Bring-Your-Own-Device (BYOD) solutions for increasingly deployed mobile devices have also in fact raised a new challenge for how to prevent users from abusing the FSS service. In this paper, we address this issue by using a new system model involving anomaly detection, tracing, and revocation approaches. The presented solution applies a new threshold public key based cryptosystem, called partially-ordered hierarchical encryption (PHE), which implements a partial-order key hierarchy and it is similar to role hierarchy widely used in RBAC. PHE provides two main security mechanisms, i.e., traitor tracing and key revocation, which can greatly improve the efficiency compared to previous approaches. The security and performance analysis shows that PHE is a provably secure threshold encryption and provides following salient management and performance benefits: it can promise to efficiently trace all possible traitor coalitions and support public revocation not only for the users but for the specified groups.

[1]  Selim G. Akl,et al.  Cryptographic Solution to a Multilevel Security Problem , 1982, CRYPTO.

[2]  Stephen B. Wicker,et al.  Hierarchical key management for multi-resolution load data representation , 2014, 2014 IEEE International Conference on Smart Grid Communications (SmartGridComm).

[3]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[4]  Bradley Malin,et al.  Detection of anomalous insiders in collaborative environments via relational analysis of access logs , 2011, CODASPY '11.

[5]  Adi Shamir,et al.  The LSD Broadcast Encryption Scheme , 2002, CRYPTO.

[6]  Rafail Ostrovsky,et al.  Attribute-based encryption with non-monotonic access structures , 2007, CCS '07.

[7]  Wen-Guey Tzeng,et al.  A Time-Bound Cryptographic Key Assignment Scheme for Access Control in a Hierarchy , 2002, IEEE Trans. Knowl. Data Eng..

[8]  Brent Waters,et al.  Fully Collusion Resistant Traitor Tracing with Short Ciphertexts and Private Keys , 2006, EUROCRYPT.

[9]  Ernest F. Brickell,et al.  Fast Exponentiation with Precomputation (Extended Abstract) , 1992, EUROCRYPT.

[10]  Dan Boneh,et al.  Hierarchical Identity Based Encryption with Constant Size Ciphertext , 2005, EUROCRYPT.

[11]  Dennis G. Shea,et al.  Cloud Service Portal for Mobile Device Management , 2010, 2010 IEEE 7th International Conference on E-Business Engineering.

[12]  Zhen Liu,et al.  Traceable CP-ABE: How to Trace Decryption Devices Found in the Wild , 2015, IEEE Transactions on Information Forensics and Security.

[13]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[14]  Elisa Bertino,et al.  An Efficient Time-Bound Hierarchical Key Management Scheme for Secure Broadcasting , 2008, IEEE Transactions on Dependable and Secure Computing.

[15]  Hung-Yu Chen,et al.  Efficient time-bound hierarchical key assignment scheme , 2004 .

[16]  Hideki Imai,et al.  Conjunctive Broadcast and Attribute-Based Encryption , 2009, Pairing.

[17]  Brent Waters,et al.  A fully collusion resistant broadcast, trace, and revoke system , 2006, CCS '06.

[18]  Goichiro Hanaoka,et al.  Generic Constructions for Chosen-Ciphertext Secure Attribute Based Encryption , 2011, Public Key Cryptography.

[19]  Hideki Imai,et al.  Content and Key Management to Trace Traitors in Broadcasting Services , 2015, STM.

[20]  Brent Waters,et al.  Building efficient fully collusion-resilient traitor tracing and revocation schemes , 2010, CCS '10.

[21]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[22]  Niels Provos,et al.  Preventing Privilege Escalation , 2003, USENIX Security Symposium.

[23]  Sangjin Lee,et al.  Digital forensic investigation of cloud storage services , 2012, Digit. Investig..

[24]  Shimshon Berkovits,et al.  How To Broadcast A Secret , 1991, EUROCRYPT.

[25]  Bradley Malin,et al.  Detecting Anomalous Insiders in Collaborative Information Systems , 2012, IEEE Transactions on Dependable and Secure Computing.

[26]  Yiming Ye,et al.  Security of Tzeng's Time-Bound Key Assignment Scheme for Access Control in a Hierarchy , 2003, IEEE Trans. Knowl. Data Eng..

[27]  James Demmel,et al.  The Accurate and Efficient Solution of a Totally Positive Generalized Vandermonde Linear System , 2005, SIAM J. Matrix Anal. Appl..

[28]  Byoungcheon Lee,et al.  New Key Management Systems for Multilevel Security , 2005, ICCSA.

[29]  Alfredo De Santis,et al.  New constructions for provably-secure time-bound hierarchical key assignment schemes , 2007, SACMAT.

[30]  Kim-Kwang Raymond Choo,et al.  Google Drive: Forensic analysis of data remnants , 2014, J. Netw. Comput. Appl..

[31]  Tomoyuki Asano Reducing Receiver's Storage in CS, SD and LSD Broadcast Encryption Schemes , 2005, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[32]  Marina Blanton,et al.  Efficient Multi-dimensional Key Management in Broadcast Services , 2010, ESORICS.

[33]  Marina Blanton,et al.  Dynamic and Efficient Key Management for Access Hierarchies , 2009, TSEC.

[34]  Matthew K. Franklin,et al.  An Efficient Public Key Traitor Tracing Scheme , 1999, CRYPTO.

[35]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[36]  Amos Fiat,et al.  Broadcast Encryption , 1993, CRYPTO.

[37]  Wen-Guey Tzeng,et al.  A Public-Key Traitor Tracing Scheme with Revocation Using Dynamic Shares , 2001, Des. Codes Cryptogr..

[38]  Yu-Fang Chung,et al.  Access control in user hierarchy based on elliptic curve cryptosystem , 2008, Inf. Sci..

[39]  Oded Goldreich,et al.  Foundations of Cryptography: Volume 2, Basic Applications , 2004 .