• PDF / 371,901 Bytes
• 21 Pages / 439.37 x 666.142 pts Page_size
• 39 Downloads / 189 Views

DOWNLOAD

REPORT

National and Kapodistrian University of Athens, Athens, Greece [email protected] 2 University of Connecticut, Storrs, USA [email protected]

Abstract. Identity-Based Encryption (IBE) provides a compelling solution to the PKI management problem, however it comes with the serious privacy consideration that a trusted party (called the PKG) is required to generate (and hence also know) the secret keys of all users. This inherent key escrow problem is considered to be one of the major reasons hindering the wider utilization of IBE systems. In order to address this problem, Goyal [20] introduced the notion of accountable authority IBE (A-IBE), in which a judge can differentiate the PKG from the user as the source of a decryption software. Via this “tracing” mechanism, A-IBE deters the PKG from leaking the user’s secret key and hence offers a defense mechanism for IBE users against a malicious PKG. All previous works on A-IBE focused on specialized constructions trying to achieve different properties and efficiency enhancements. In this paper for the first time we show how to add accountability to any IBE scheme using oblivious transfer (OT), with almost the same ciphertext efficiency as the underlying IBE. Furthermore, we extend our generic construction to support identity reuse without losing efficiency. This property is desirable in practice as users may accidentally lose their secret keys and they -naturally- prefer not to abandon their identities. How to achieve this property was open until our work. Along the way, we first modify the generic construction and develop a new technique to provide public traceability generically.

1

Introduction

Identity-Based Encryption (IBE) was introduced by Shamir [31], to remove the need for maintaining a certificate based public-key infrastructure (PKI). Long time after the concept was proposed, Boneh and Franklin constructed the first practical IBE [8] in the random oracle model [4]. Since then, IBE has gotten more attention and a lot of alternative schemes have emerged with an extended set of properties, cf. [5,6,11,19,22,29,32,33]. Although significant progress has been made in constructing secure and efficient IBE schemes, a critical problem of IBE is that a trusted authority, called PKG, is required to generate secret keys for all users. The possibility of the corruption of this authority (or just her temporary misbehavior due to an insider c Springer International Publishing Switzerland 2015  G. Pernul et al. (Eds.): ESORICS 2015, Part I, LNCS 9326, pp. 326–346, 2015. DOI: 10.1007/978-3-319-24174-6 17

Making Any Identity-Based Encryption Accountable, Efficiently

327

attack) is considered one of the most important reasons hindering the deployment of IBE systems in practice [1,18,21]. The problem is inherent since there is no user-side secret that is used when generating the secret key corresponding to an arbitrarily formed identity; it follows that there is no built-in incentive for the PKG in a standard IBE system to protect the users’ secret information. Beyond the obvious privacy proble

Recommend Documents

Accountable Authority Ciphertext-Policy Attribute-Based Encryption with White-Box Traceability and Public Auditing in th

148 71 328KB

Any-Path Routing

153 114 49MB

Encryption

152 32 2MB

How To Be Accountable for AI?

176 53 4MB

A New Accountable Data Sharing Scheme

181 2 87MB

ENCRYPTION

177 31 525KB

Group Encryption

161 27 489KB

Homomorphic Encryption

162 42 14MB

Manage Storage Resources Efficiently Using Predictive Analytics

191 120 27MB

Virtual Assistance in Any Context

157 93 999KB

Multimedia Encryption

161 60 27MB

Asymmetric Encryption

178 50 5MB