Mediated Encryption: Analysis and Design

Boneh, Ding and Tsudik presented identity-based mediated RSA encryption and signature systems in which the users are not allowed to decrypt/sign messages without the authorisation of a security mediator.We show that ID-MRSA is not secure and we present a secure modified version of it which is as efficient as the original system. We also propose a generic mediated encryption that translates any identity based encryption to a mediated version of this IBE. It envelops an IBE encrypted message using a user’s identity into an IBE envelope using the identity of the SEM. We present two security models based on the role of the adversary whether it is a revoked user or a hacked SEM. We prove that GME is as secure as the SEM’s IBE against a revoked user and as secure as the user’s IBE against a hacked SEM. We also present two implementations of GME based on Boneh-Franklin FullIBE system which is a pairing-based system and Boneh, Gentry and Hamburg (BGH) system which is pairing-free system. Disciplines Engineering | Science and Technology Studies Publication Details Elashry, I., Mu, Y. & Susilo, W. (2015). Mediated encryption: analysis and design. EAI Endorsed Transactions on Security and Safety, 15 (3), e2. This journal article is available at Research Online: http://ro.uow.edu.au/eispapers/5388 Mediated Encryption: Analysis and Design∗ I. Elashry, Y. Mu and W. Susilo University of Wollongong, Wollongong, Australia 2500

[1]  Moni Naor,et al.  Certificate revocation and certificate update , 1998, IEEE Journal on Selected Areas in Communications.

[2]  Michael T. Goodrich,et al.  Implementation of an authenticated dictionary with skip lists and commutative hashing , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[3]  Brent Waters,et al.  Efficient Identity-Based Encryption Without Random Oracles , 2005, EUROCRYPT.

[4]  Clifford C. Cocks An Identity Based Encryption Scheme Based on Quadratic Residues , 2001, IMACC.

[5]  Dan Boneh,et al.  Identity-Based Mediated RSA ? , 2002 .

[6]  Dan Boneh,et al.  Fine-grained control of security capabilities , 2004, TOIT.

[7]  Patricia L. V. Ribeiro,et al.  SPACE-EFFICIENT IDENTITY-BASED ENCRYPTION , 2009 .

[8]  Rafail Ostrovsky,et al.  Fast Digital Identity Revocation (Extended Abstract) , 1998, CRYPTO.

[9]  Dan Boneh,et al.  Efficient Selective-ID Secure Identity Based Encryption Without Random Oracles , 2004, IACR Cryptol. ePrint Arch..

[10]  Gene Tsudik,et al.  Simple Identity-Based Cryptography with Mediated RSA , 2003, CT-RSA.

[11]  Craig Gentry,et al.  Practical Identity-Based Encryption Without Random Oracles , 2006, EUROCRYPT.

[12]  David Cooper,et al.  Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile , 2008, RFC.

[13]  Peter Gemmell,et al.  Efficient and Fresh Cerification , 2000, Public Key Cryptography.

[14]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[15]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[16]  Russ Housley,et al.  Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile , 2002, RFC.

[17]  Shai Halevi,et al.  Secure Hash-and-Sign Signatures Without the Random Oracle , 1999, EUROCRYPT.

[18]  Paul C. Kocher On Certificate Revocation and Validation , 1998, Financial Cryptography.

[19]  Craig Gentry,et al.  Certificate-Based Encryption and the Certificate Revocation Problem , 2003, EUROCRYPT.

[20]  S. Micali,et al.  NOVOMODO : Scalable Certificate Validation and Simplified PKI Management , 2002 .

[21]  Dan Boneh,et al.  A Method for Fast Revocation of Public Key Certificates and Security Capabilities , 2001, USENIX Security Symposium.

[22]  S. Micali Eecient Certiicate Revocation , 1996 .

[23]  Carlisle M. Adams,et al.  X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP , 1999, RFC.