ADR-lrABE : New Mechanism of Direct-revocable Attribute-Based Encryption with Continual-leakage Tolerances

Zhang, M.

doi:10.3233/FI-2018-1615

Artykuł - szczegóły

Tytuł artykułu

ADR-lrABE : New Mechanism of Direct-revocable Attribute-Based Encryption with Continual-leakage Tolerances

Autorzy

Zhang M.

Wybrane pełne teksty z tego czasopisma

https://fi.episciences.org/

Identyfikatory

DOI

10.3233/FI-2018-1615

Warianty tytułu

Języki publikacji

Abstrakty

In order to provide a flexible access control in a secure manner in open networks, Attribute-Based Encryption (ABE) implements a fine-grained decentralized access control that is based on properties or attributes a user/node owns, which has paid more attention to the applications in large-scale and dynamic networks such as Mesh network, Wireless Body Area Networks (WBAN), and Internet of Things etc. However, as the openness and exposure in such networks, an attacker (e.g., virus, eavesdropper or sniffer) can blow the concrete implementation of cryptosystems, for example side channel attacks, and then obtains some sensitive and secret states in the system by monitoring pseudo-random numbers, internal results and secret keys and thus breaks the provable security of the systems. In this paper, in order to tolerate the possible key leakage, we model a fine-grained attribute revocable attribute-based encryption, namely ADR-lrABE, and then give the concrete construction, security analysis and resilient-leakage performance. The scheme tolerates the key of matching the challenge ciphertext to be partially revealed (i.e., key leakage resilience), and it provides a update mechanism to tolerate continual leakage that allows the attacker gains the leakage beyond the bound in the lifetime of the system (i.e., continual leakage tolerance). Also, it supports the properties of attribute direct revocation that the revocation procedure does not affect any other user’s secret key. That is, the proposed scheme is proven to be semantically secure even the decryption key is partially leaked to the attacker. We analyze the leakage-resilient performance of our scheme, and indicate that the scheme achieves approximate (82 + o(1)) fraction of the bits of a decryption key being leaked. We also provide a mechanism to transform the scheme into a prime-order group. To the best of our knowledge, our schemes are the first ABE that support attribute direct revocation mechanism in the presence of key leakage in noise channel or memory leakage environments.

Słowa kluczowe

attribute revocation attribute-based encryption key refresh leakage rate leakage resilience side channel attack

Wydawca

IOS Press

Czasopismo

Fundamenta Informaticae

Rocznik

2018

Tom

Vol. 157, nr 1/2

Strony

1--27

Opis fizyczny

Bibliogr. 39 poz., rys., tab.

Twórcy

autor

Zhang M.

csmwzhang@gmail.com

School of Computers, Hubei University of Technology, Wuhan, 430068, China

Bibliografia

[1] Agrawal S, Dodis Y, Vaikuntanathan V, and Wichs D. On continual leakage of discrete log representations. Proc. ASIACRYPT’13, LNCS 8269, pp.401-420, Springer-Verlag, Berlin, 2013. URL https://doi.org/10.1007/978-3-642-42045-0_21.
[2] Akavia A, Goldwasser S, and Vaikuntanathan V. Simultaneous hardcore bits and cryptography against memory attacks. Proc. TCC’09, LNCS 5444, pp. 474-495, Berlin: Springer-Verlag, 2009. URL https://doi.org/10.1007/978-3-642-00457-5_28.
[3] Ananth P, Goyal V, and Pandey O. Interactive proofs under continual memory leakage. Proc. CRYPTO’14, LNCS 8617, pp. 164-182. Berlin: Springer-Verlag, 2014. URL https://doi.org/10.1007/978-3-662-44381-1_10.
[4] Andrychowicz M, Damgard I, Dziembowski S, Faust S, and Polychroniadou A. Efficient leakage resilient circuit compilers. Proc. CT-RSA’15, LNCS 9048, pp. 311-329, Springer-Verlag, Berlin, 2015. URL https://doi.org/10.1007/978-3-319-16715-2_17.
[5] Attrapadung N., Herranz J., Laguillaumie F., Libert B., et al.: Attribute-based encryption schemes with constant-size ciphertexts. Theoretical Computer Sciences, 422, 2012, 15-38.
[6] Attrapadung N, and Imai H. Conjunctive broadcast and attribute-based encryption. Proc. Pairing’09, LNCS 5671, pp. 248-265, Springer-Verlag, Berlin, 2009. URL https://doi.org/10.1007/978-3-642-03298-1_16.
[7] Attrapadung N, and Imai H. Attribute-based encryption supporting direct/indirect revocation modes. Proc. Cryptography and Coding’09, LNCS 5921, pp. 278-300, Springer-Verlag, Berlin, 2009. URL https://doi.org/10.1007/978-3-642-10868-6_17.
[8] Boldyreva A, Goyal V, and Kumar V. Identity-based encryption with efficient revocation. Proc. ACMCCS’08, pp. 417-426, ACM, 2008. doi:10.1145/1455770.1455823.
[9] Brakerski Z, Kalai YT, Katz J, and Vaikuntanathan V. Overcoming the hole in the bucket: Publickey cryptography resilient to continual memory leakage. Proc. FOCS’10, pp. 501-510, 2010. doi:10.1109/FOCS.2010.55.
[10] Chow S, Dodis Y, Rouselakis Y, and Waters B. Practical leakage-resilient identity-based encryption from simple assumptions. Proc. ACM-CCS’10, pp.152-161, ACM, 2010. doi:10.1145/1866307.1866325.
[11] Dodis Y, Goldwasser S, Kalai YT, Peikert C, and Vaikuntanathan V. Public-key encryption schemes with auxiliary inputs. Proc. TCC’10, LNCS 5987, pp. 361-381, Berlin: Springer-Verlag, 2010. URL https://doi.org/10.1007/978-3-642-11799-2_22.
[12] Dodis Y, Haralambiev K, López-Alt A, and Wichs D. Efficient public-key cryptography in the presence of key leakage. Proc. ASIACRYPT’10, pp. 613-631, Berlin: Springer-Verlag, 2010. URL https://doi.org/10.1007/978-3-642-17373-8_35.
[13] Freeman DM. Converting pairing-based cryptosystems from composite-order groups to prime-order groups. Proc. EUROCRYPT’10. LNCS 6110, pp. 44-61, Springer-Verlag, Berlin, 2010. URL https://doi.org/10.1007/978-3-642-13190-5_3.
[14] Fu Z, Wu X, Guan C, Sun X, and Ren K. Towards efficient multi-keyword fuzzy search over encrypted outsourced data with accuracy improvement, IEEE Transactions on Information Forensics and Security, 2016;11(12):2706-2716. doi:10.1109/TIFS.2016.2596138.
[15] Fu Z., Sun X., Liu Q., Zhou L., Shu J.: Achieving Efficient Cloud Search Services: Multi-keyword ranked search over encrypted cloud data supporting parallel computing. IEICE Transactions on Communications, E98-B(1), 2015, 190-200.
[16] Garg S, Gentry C, Halevi S, Sahai A, and Waters B. Attribute-based encryption for circuits from multilinear maps. Proc. CRYPTO’13, LNCS 8043, pp. 479-499, Springer-Verlag, Berlin, 2013. URL https://doi.org/10.1007/978-3-642-40084-1_27.
[17] Goyal V, Pandey O, Sahai A, Waters B. Attribute-based encryption for fine-grained access control of encrypted data. Proc. ACM-CCS’06, pp. 89-98, ACM, 2006. doi:10.1145/1180405.1180418.
[18] Guo P, Wang J, Li B, and Lee S. A variable threshold-value authentication architecture for wireless mesh networks. Journal of Internet Technology, 2014;15(6):929-936.
[19] Han J, Susilo W, Mu Y, Yan J. Attribute-based oblivious access control. Computer Journal, 2012;55(10):1202-1215. URL http://dx.doi.org/10.1093/comjnl/bxs061.
[20] Juan MG, Manulis M, and Sun D. Fully private revocable predicate encryption. Proc. ACISP’12, LNCS 7372, pp. 350-363, Springer-Verlag, Berlin, 2012. URL https://doi.org/10.1007/978-3-642-31448-3_26.
[21] Lewko A. Tools for simulating features of composite order bilinear groups in the prime order setting. Proc. EUROCRYPT’12, pp. 318-335, Berlin: Springer-Verlag, 2012.
[22] Lewko A, and Waters B. New proof methods for attribute-based encryption: achieving full security through selective techniques. Proc. CRYPTO’12, pp. 180-198, Berlin: Springer-Verlag, 2012. URL https://doi.org/10.1007/978-3-642-32009-5_12.
[23] Lewko A, Rouselakis Y, and Waters B. Achieving leakage resilience through dual system encryption. Proc.TCC’11, LNCS 6597, pp. 70-88, Berlin: Springer-Verlag, 2011. URL \https://doi.org/10.1007/978-3-642-19571-6_6.
[24] Lewko A, and Waters B. New techniques for dual system encryption and fully secure hibe with short ciphertexts. Proc. TCC’10, LNCS 5978, 2010, pp. 455-479, Berlin: Springer-Verlag, 2010. URL https://doi.org/10.1007/978-3-642-11799-2_27.
[25] Polk WT, Dodson DF, Burr WE, Ferraiolo H, and Cooper D. Cryptographic algorithms and key sizes for personal identity verification. NIST Special Publication 800-78-3, URL url:csrc.nist.gov/publications/nistpubs/800-78-3/sp800-78-3.pdf, Feb. 2010.
[26] Naor M, and Segev G. Public-key cryptosystems resilient to key leakage. Proc. CRYPTO’09, LNCS 5677, pp. 18-35, Springer-Verlag, Berlin, 2009. URL https://doi.org/10.1007/978-3-642-03356-8_2.
[27] Qin B, Liu S, and Chen K. Efficient chosen-ciphertext secure public-key encryption scheme with high leakage-resilience. IET Information Security, 2015;9(1):32-42. doi:10.1049/iet-ifs.2013.0173.
[28] Shen J, Tan H, Wang J, and Lee S. A novel routing protocol providing good transmission reliability in underwater sensor networks. Journal of Internet Technology, 2015;16(1):171-178. doi:10.6138/JIT.2014.16.1.20131203e.
[29] Wang G, Liu Q, Wu J, and Guo M.: Hierarchical attribute-based encryption with scalable user revocation for data sharing in cloud servers. Computer and Security, 2011;30:320-331. URL https://doi.org/10.1016/j.cose.2011.05.006.
[30] Waters B. Ciphertext-policy attribute-based encryption: an expressive, efficient, and provably secure realization. Proc. PKC’11, LNCS 6571, pp. 53-70, Springer-Verlag, Berlin, 2011. URL https://doi.org/10.1007/978-3-642-19379-8_4.
[31] Xia Z, Wang X, Sun X, Wang Q. A secure and dynamic multi-keyword ranked search scheme over encrypted cloud data. IEEE Transactions on Parallel and Distributed Systems, 2016;27(2):340-352. doi:10.1109/TPDS.2015.2401003.
[32] Xia Z, Wang X, Zhang L, Qin Z, Sun X, and Ren K. A Privacy-preserving and copy-deterrence content-based image retrieval sheme in cloud computing. IEEE Transactions on Information Forensics and Security, 2016;11(11):2594-2608. doi:10.1109/TIFS.2016.2590944.
[33] Yu Q, Li J, Zhang Y, Wu W, Huang X, and Xiang Y. Certificate-based encryption resilient to key leakage. Journal of Systems and Software, 2016;116:101-112. URL https://doi.org/10.1016/j.jss.2015.05.066.
[34] Yu S, Wang C, Ren K, and Lou W. Attribute based data sharing with attribute revocation. Proc. ASIACCS’10 of the 5th ACM Symposium on Information, Computer and Communications Security, pp. 261-270, ACM, 2010. doi:10.1145/1755688.1755720.
[35] Zhang M. New model and construction of ABE: Achieving key resilient-leakage and attribute directrevocation. Proc. ACISP’14, LNCS 8544, pp. 192-208, Springer-Verlag, 2014. URL https://doi.org/10.1007/978-3-319-08344-5_13.
[36] Zhang M, Shi W, Wang C, Chen Z, and Mu Y. Leakage-resilient attribute-based encryption with fast decryption: models, analysis and constructions. Proc. ISPEC’13, LNCS 7863, pp. 75-90, Springer-Verlag, Berlin, 2013. URL https://doi.org/10.1007/978-3-642-38033-4_6.
[37] Zhang M, Wang C, Takagi T, and Mu Y. Functional encryption resilient to hard-to-invert leakage. Computer Journal, 2015;58(4):735-749. URL https://doi.org/10.1093/comjnl/bxt105.
[38] Zhang M, Zhang Y, Su Y, Huang Q, and Mu Y. Attribute-based hash proof system under learning-with-errors assumption in obfuscator-free and leakage-resilient environments. IEEE System Journal, 2017;11(2):1018-1026. doi:10.1109/JSYST.2015.2435518.
[39] Zhang Y, Xue CJ, Wong DS, Mamoulis N, and Yiu SM. Acceleration of composite order bilinear pairing on graphics hardware. Proc. ICICS’12, LNCS 7618, pp. 341-348, Springer-Verlag, Berlin, 2012. URL https://doi.org/10.1007/978-3-642-34129-8_31.

Uwagi

Opracowanie rekordu w ramach umowy 509/P-DUN/2018 ze środków MNiSW przeznaczonych na działalność upowszechniającą naukę (2018).

Typ dokumentu

Bibliografia

Identyfikator YADDA

bwmeta1.element.baztech-232ab341-cdbb-483a-8529-5c39bfcb1a01