• PDF / 463,977 Bytes
• 19 Pages / 439.37 x 666.142 pts Page_size
• 2 Downloads / 217 Views

DOWNLOAD

REPORT

3

School of Information Systems, Singapore Management University, Singapore 178902, Singapore {robertdeng,yjli,bdqin}@smu.edu.sg 2 Southwest University of Science and Technology, Mianyang 621010, China Department of Computer Science and Engineering, Shanghai Jiao Tong University, Shanghai 200240, China [email protected]

Abstract. Efficient user revocation in Identity-Based Encryption (IBE) has been a challenging problem and has been the subject of several research efforts in the literature. Among them, the tree-based revocation approach, due to Boldyreva, Goyal and Kumar, is probably the most efficient one. In this approach, a trusted Key Generation Center (KGC) periodically broadcasts a set of key updates to all (non-revoked) users through public channels, where the size of key updates is only O(r log Nr ), with N being the number of users and r the number of revoked users, respectively; however, every user needs to keep at least O(log N ) longterm secret keys and all non-revoked users are required to communicate with the KGC regularly. These two drawbacks pose challenges to users who have limited resources to store their secret keys or cannot receive key updates in real-time. To alleviate the above problems, we propose a novel system model called server-aided revocable IBE. In our model, almost all of the workloads on users are delegated to an untrusted server which manages users’ public keys and key updates sent by a KGC periodically. The server is untrusted in the sense that it does not possess any secret information. Our system model requires each user to keep just one short secret key and does not require users to communicate with either the KGC or the server during key updating. In addition, the system supports delegation of users’ decryption keys, namely it is secure against decryption key exposure attacks. We present a concrete construction of the system that is provably secure against adaptive-ID chosen plaintext attacks under the DBDH assumption in the standard model. One application of our server-aided revocable IBE is encrypted email supporting lightweight devices (e.g., mobile phones) in which an email server plays the role of the untrusted server so that only non-revoked users can read their email messages.

Keywords: IBE

· Revocation · Decryption key exposure

c Springer International Publishing Switzerland 2015  G. Pernul et al. (Eds.): ESORICS 2015, Part I, LNCS 9326, pp. 286–304, 2015. DOI: 10.1007/978-3-319-24174-6 15

Server-Aided Revocable Identity-Based Encryption

1

287

Introduction

Identity-Based Encryption (IBE) [26] eliminates the need for a Public Key Infrastructure (PKI) as in the traditional Public-Key Encryption (PKE) systems. In an IBE system, each user is allowed to use an arbitrary string (e.g., email address or phone number) as his/her public key. The corresponding decryption key is computed by a trusted authority, called Key Generation Center (KGC). Identity-based encryption has been thoroughly studied using pairing, e.g., [5,7,23] or other mathematical tools [6,8]. IBE has al

Recommend Documents

R-OO-KASE: Revocable Online/Offline Key Aggregate Searchable Encryption

157 51 4MB

Revocable Attribute-Based Encryption Scheme with Arithmetic Span Program for Cloud-Assisted IoT

135 13 67MB

Extended Proxy-Assisted Approach: Achieving Revocable Fine-Grained Encryption of Cloud Data

145 9 402KB

Revocable Access to Encrypted Message Boards

150 26 6MB

Encryption

152 32 2MB

ENCRYPTION

177 31 525KB

Group Encryption

161 27 489KB

Homomorphic Encryption

162 42 14MB

Multimedia Encryption

161 60 27MB

Asymmetric Encryption

178 50 5MB

Encryption, Biometric

159 49 2MB

Symmetric Encryption

176 18 2MB