Efficient Revocable ID-Based Encryption with a Public Channel
TL;DR: An efficient RIBE with a public channel is presented, which provides a practical alternative to the previously proposed revocation solutions, while it remains efficient for encryption and decryption.
Abstract: Over the last few years, identity (ID)-based encryption (IBE) without requiring certificate management offers a practical alternative to public key encryption. However, how to revoke misbehaving/compromised identities in ID-based public key setting becomes a new and critical issue. In the past, there was little work on studying this revocation problem. In 2008, Boldyreva et al. proposed a revocable IBE (RIBE) and its associated revocation solution that used a binary tree structure to reduce the authority's periodic workload in Boneh and Franklin's IBE. However, Boldyreva et al.'s RIBE raised enormous computation costs for encryption and decryption procedures. Both IBEs require a secure channel between each user and the authority to transmit user's periodic private keys, thus the authority and each user need to encrypt and decrypt the private keys for each period. In this article, we present an efficient RIBE with a public channel, which provides a practical alternative to the previously proposed revocation solutions, while it remains efficient for encryption and decryption. Under the bilinear Diffie–Hellman assumption, we demonstrate that our RIBE with a public channel is semantically secure against adaptive chosen plaintext attacks and adaptive chosen ciphertext attacks.
Citations
More filters
TL;DR: This protocol is the first list-free ID-MAKA protocol with an efficient revocation mechanism for multiserver architectures and provides a simple revocation mechanism to solve the management problem of both compromised clients and servers.
Abstract: A multiserver architecture consisting of multiple servers provides resources and services for clients by way of open channels. Thus, a cryptographic protocol should be offered to ensure the legitimacy of both clients and servers, and to provide communication confidentiality. In the past, a large number of ID-based mutual authentication and key agreement (ID-MAKA) protocols have been proposed regarding this issue. Several circumstances require a revocation mechanism to revoke misbehaving/compromised clients and servers before their intended expiration dates. To do so, the existing ID-MAKA protocols generally adopt a black/white list to revoke/permit clients for access authorization. So far, no work addresses the revocation problem on servers in the sense that clients should be notified to avoid malicious services or applications provided by revoked servers. In this letter, we propose the first list-free ID-MAKA protocol with an efficient revocation mechanism for multiserver architectures. Compared with previously proposed protocols, our protocol possesses three main merits. First, it provides a simple revocation mechanism to solve the management problem of both compromised clients and servers. Second, neither clients nor servers need to keep any black/white list. Finally, it is well suitable for mobile clients by performance analysis and experimental data.
48 citations
TL;DR: Security analysis is made to demonstrate that the proposed RID-AGKE protocol is a provably secure AGKE protocol and can resist malicious participants.
45 citations
TL;DR: The first dIBEKS scheme is proposed that possesses the advantage (removing certificate management) of ID-based systems and can resist off-line keyword guessing attacks and has better performance in terms of computational time.
Abstract: Public key encryption with keyword search (PEKS) is a mechanism that allows one to extract e-mails containing a particular keyword by providing a trapdoor corresponding to the keyword. And parties without the trapdoor are unable to learn any information about the extracted e-mails. Meanwhile, a PEKS scheme is also suitable to provide a secure storage system in cloud computing environment. However, in a PEKS scheme, a secure channel must be established to transmit trapdoors. A PEKS scheme with a designated server, termed dPEKS, removes the requirement of the secure channel while retaining the same functionality of PEKS. Up to date, the related studies on dPEKS are all based on the pairing-based public key system. No work focuses on dPEKS based on ID-based systems, termed dIBEKS. In this article, we propose the first dIBEKS scheme that possesses the advantage (removing certificate management) of ID-based systems. Security analysis is given to demonstrate that our scheme is provably secure and can resist off-line keyword guessing attacks. When compared with previously proposed dPEKS schemes, our scheme has better performance in terms of computational time.
45 citations
Cites background or methods from "Efficient Revocable ID-Based Encryp..."
...Since then, some related literature has been presented, such as user authentication schemes [3, 24], encryption schemes [7, 15, 23, 26], signature schemes [3, 10, 25, 32], key agreement protocols [11, 27,...
[...]
...similar technique in [23] to calculate the probability....
[...]
TL;DR: This paper addresses the revocation problem and proposes the first revocable certificateless public-key encryption (RCL-PKE), which retains efficiency for encryption and decryption procedures while providing an efficient revocation alternative using a public channel.
Abstract: The concept of a certificateless public-key system (CL-PKS) was first introduced by Al-Riyami and Paterson. The CL-PKS not only solves the key escrow problem but also retains the merit of eliminating the required certificates in the identity-based PKS. Up to now, there was little work on studying the revocation problem in existing CL-PKS constructions. In this paper, we address the revocation problem and propose the first revocable certificateless public-key encryption (RCL-PKE). We define the new syntax and security notions of the RCL-PKE and propose a concrete RCL-PKE scheme. Compared with the previously proposed CL-PKE schemes, the proposed RCL-PKE scheme retains efficiency for encryption and decryption procedures while providing an efficient revocation alternative using a public channel. Under the computational and the bilinear Diffie–Hellman assumptions, we demonstrate that our RCL-PKE scheme is semantically secure against adaptive chosen-ciphertext attacks.
34 citations
Cites background or methods from "Efficient Revocable ID-Based Encryp..."
...Table I lists the comparisons among the traditional PKS [1], [2], ID-PKS [7], revocable ID-PKS (RID-PKS) [32], CB-PKS [12], CL-PKS [13], and our proposed RCL-PKS constructions in terms of averting the key escrow problem, the level of trust that is placed on the KGC, the computational cost for encryption/decryption, and the required certificates and revocable functionality....
[...]
...It is obvious that both the ID-PKS [7] and RID-PKS [32] constructions suffer from the key escrow problem....
[...]
...Tung-Tso Tsai received the B.S. degree from Chinese Culture University, Taipei, Taiwan, in 2006 and the M.S. degree from the National Hsinchu University of Education, Hsinchu, Taiwan, in 2009....
[...]
...In order to improve the aforementioned problems, Tseng and Tsai [32] presented another revocation solution using a public channel in the ID-PKS construction....
[...]
...It is obvious that both the ID-PKS [7] and RID-PKS [32]...
[...]
09 Nov 2016
TL;DR: A formal security analysis has been performed using AVISPA tool that confirms the security of the proposed scheme and proves that it is robust against all security attacks.
Abstract: Identity theft is the most recurrent twenty-first century cybercrime. Thus, authentication is of utmost significance as the number of hackers who seek to intrigue into legitimate user’s account to obtain sensitive information is increasing. Identity based authentication operates to corroborate the identity of the user so that only the legitimate user gets access to the service. This paper proposes a quantum identity based authentication and key agreement scheme for cloud server architecture. Quantum cryptography based on the laws of quantum physics is a vital technology for securing privacy and confidentiality in the field of network security. A formal security analysis has been performed using AVISPA tool that confirms the security of the proposed scheme. The security analysis of the proposed protocol proves that it is robust against all security attacks. To confirm applicability of quantum key distribution in cloud computing, a practical long-distance entanglement-based QKD experiment has been proposed. This experiment confirms successful generation of shifted keys over distance of 100 km of optical fiber with a key rate of 4.11 bit/s and an error rate of 9.21 %.
32 citations
References
More filters
19 Aug 2001
TL;DR: This work proposes a fully functional identity-based encryption scheme (IBE) based on the Weil pairing that has chosen ciphertext security in the random oracle model assuming an elliptic curve variant of the computational Diffie-Hellman problem.
Abstract: We propose a fully functional identity-based encryption scheme (IBE). The scheme has chosen ciphertext security in the random oracle model assuming an elliptic curve variant of the computational Diffie-Hellman problem. Our system is based on the Weil pairing. We give precise definitions for secure identity based encryption schemes and give several applications for such systems.
7,083 citations
"Efficient Revocable ID-Based Encryp..." refers background or methods or result in this paper
...In both IBEs [8, 20], a secure channel between each user and the PKG must be established to periodically transmit new private keys, thus the PKG and each user need to encrypt and decrypt the new private keys for each time period, respectively....
[...]
...In 2001, Boneh and Franklin [8] suggested a revocation solution, in which users can periodically receive new private keys from the private key generator (PKG)....
[...]
...Since a user’s ID in the IDPKS represents his/her public key, it is not desired to be changed [8]....
[...]
...Some research results for the relationship between security levels and speed of pairing computations on microprocessors were presented in [8, 30]....
[...]
...Such non-degenerate admissible bilinear maps can be obtained from the Weil, Tate or Ate pairings over supersingular elliptic curves or abelian varieties [8, 13, 29]....
[...]
23 Aug 1985
TL;DR: In this article, the authors introduce a novel type of cryptographic scheme, which enables any pair of users to communicate securely and to verify each other's signatures without exchanging private or public keys, without keeping key directories, and without using the services of a third party.
Abstract: In this paper we introduce a novel type of cryptographic scheme, which enables any pair of users to communicate securely and to verify each other’s signatures without exchanging private or public keys, without keeping key directories, and without using the services of a third party. The scheme assumes the existence of trusted key generation centers, whose sole purpose is to give each user a personalized smart card when he first joins the network. The information embedded in this card enables the user to sign and encrypt the messages he sends and to decrypt and verify the messages he receives in a totally independent way, regardless of the identity of the other party. Previously issued cards do not have to be updated when new users join the network, and the various centers do not have to coordinate their activities or even to keep a user list. The centers can be closed after all the cards are issued, and the network can continue to function in a completely decentralized way for an indefinite period.
6,902 citations
IBM1
TL;DR: It is argued that the random oracles model—where all parties have access to a public random oracle—provides a bridge between cryptographic theory and cryptographic practice, and yields protocols much more efficient than standard ones while retaining many of the advantages of provable security.
Abstract: We argue that the random oracle model—where all parties have access to a public random oracle—provides a bridge between cryptographic theory and cryptographic practice. In the paradigm we suggest, a practical protocol P is produced by first devising and proving correct a protocol PR for the random oracle model, and then replacing oracle accesses by the computation of an “appropriately chosen” function h. This paradigm yields protocols much more efficient than standard ones while retaining many of the advantages of provable security. We illustrate these gains for problems including encryption, signatures, and zero-knowledge proofs.
5,313 citations
"Efficient Revocable ID-Based Encryp..." refers methods in this paper
...We apply the work of Boneh and Franklin [8] to provide a tight security proof in the random model [31, 32]....
[...]
22 May 2005
TL;DR: This work first presents their IBE construction and reduces the security of the scheme to the decisional Bilinear Diffie-Hellman (BDH) problem, and shows that their techniques can be used to build a new signature scheme that is secure under the computational Diffie -Hellman assumption without random oracles.
Abstract: We present the first efficient Identity-Based Encryption (IBE) scheme that is fully secure without random oracles We first present our IBE construction and reduce the security of our scheme to the decisional Bilinear Diffie-Hellman (BDH) problem Additionally, we show that our techniques can be used to build a new signature scheme that is secure under the computational Diffie-Hellman assumption without random oracles
2,188 citations
01 Apr 2002
TL;DR: In this article, the X.509 v3 certificate format and its extensions are described in detail, with additional information regarding the format and semantics of Internet name forms, and a set of required certificate extensions is specified.
Abstract: This memo profiles the X.509 v3 certificate and X.509 v2 Certificate Revocation List (CRL) for use in the Internet. An overview of this approach and model are provided as an introduction. The X.509 v3 certificate format is described in detail, with additional information regarding the format and semantics of Internet name forms. Standard certificate extensions are described and two Internet-specific extensions are defined. A set of required certificate extensions is specified. The X.509 v2 CRL format is described in detail, and required extensions are defined. An algorithm for X.509 certification path validation is described. An ASN.1 module and examples are provided in the appendices.
1,233 citations