An efficient cloud-based revocable identity-based proxy re-encryption scheme for public clouds data sharing

Kaitai Alexander Liang, Joseph K. Liu, Duncan S. Wong, Willy Susilo

Research output: Chapter in Book/Report/Conference proceedingConference PaperResearchpeer-review

Abstract

Identity-based encryption (IBE) eliminates the necessity of having a costly certificate verification process. However, revocation remains as a daunting task in terms of ciphertext update and key update phases. In this paper, we provide an affirmative solution to solve the efficiency problem incurred by revocation. We propose the first cloud-based revocable identity-based proxy re-encryption (CR-IB-PRE) scheme that supports user revocation but also delegation of decryption rights. No matter a user is revoked or not, at the end of a given time period the cloud acting as a proxy will re-encrypt all ciphertexts of the user under the current time period to the next time period. If the user is revoked in the forthcoming time period, he cannot decrypt the ciphertexts by using the expired private key anymore. comparing to some naive solutions which require a private key generator (PKG) to interact with non-revoked users in each time period, the new scheme provides definite advantages in terms of communication and computation efficiency.
Original languageEnglish
Title of host publicationComputer Security - ESORICS 2014
Subtitle of host publication19th European Symposium on Research in Computer Security Wroclaw, Poland, September 7-11, 2014 - Proceedings, Part II
EditorsMiroslaw Kutylowski, Jaideep Vaidya
Place of PublicationHeidelberg Germany
PublisherSpringer
Pages257-272
Number of pages16
ISBN (Electronic)9783319112039
ISBN (Print)9783319112022
DOIs
Publication statusPublished - 2014
Externally publishedYes
EventEuropean Symposium On Research In Computer Security 2014 - Wroclaw University of Technology, Wroclaw, Poland
Duration: 7 Sep 201411 Sep 2014
Conference number: 19th
https://esorics2014.pwr.wroc.pl/

Publication series

NameLecture Notes in Computer Science
PublisherSpringer
Volume8712
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

ConferenceEuropean Symposium On Research In Computer Security 2014
Abbreviated titleESORICS 2014
CountryPoland
CityWroclaw
Period7/09/1411/09/14
Internet address

Keywords

  • Revocable identity-based encryption
  • cloud-based revocable identity-based proxy re-encryption
  • standard model

Cite this

Liang, K. A., Liu, J. K., Wong, D. S., & Susilo, W. (2014). An efficient cloud-based revocable identity-based proxy re-encryption scheme for public clouds data sharing. In M. Kutylowski, & J. Vaidya (Eds.), Computer Security - ESORICS 2014: 19th European Symposium on Research in Computer Security Wroclaw, Poland, September 7-11, 2014 - Proceedings, Part II (pp. 257-272). (Lecture Notes in Computer Science; Vol. 8712). Heidelberg Germany: Springer. https://doi.org/10.1007/978-3-319-11203-9_15
Liang, Kaitai Alexander ; Liu, Joseph K. ; Wong, Duncan S. ; Susilo, Willy. / An efficient cloud-based revocable identity-based proxy re-encryption scheme for public clouds data sharing. Computer Security - ESORICS 2014: 19th European Symposium on Research in Computer Security Wroclaw, Poland, September 7-11, 2014 - Proceedings, Part II. editor / Miroslaw Kutylowski ; Jaideep Vaidya. Heidelberg Germany : Springer, 2014. pp. 257-272 (Lecture Notes in Computer Science).
@inproceedings{dcdd20ecc8d04869835bc75ca7c9b753,
title = "An efficient cloud-based revocable identity-based proxy re-encryption scheme for public clouds data sharing",
abstract = "Identity-based encryption (IBE) eliminates the necessity of having a costly certificate verification process. However, revocation remains as a daunting task in terms of ciphertext update and key update phases. In this paper, we provide an affirmative solution to solve the efficiency problem incurred by revocation. We propose the first cloud-based revocable identity-based proxy re-encryption (CR-IB-PRE) scheme that supports user revocation but also delegation of decryption rights. No matter a user is revoked or not, at the end of a given time period the cloud acting as a proxy will re-encrypt all ciphertexts of the user under the current time period to the next time period. If the user is revoked in the forthcoming time period, he cannot decrypt the ciphertexts by using the expired private key anymore. comparing to some naive solutions which require a private key generator (PKG) to interact with non-revoked users in each time period, the new scheme provides definite advantages in terms of communication and computation efficiency.",
keywords = "Revocable identity-based encryption, cloud-based revocable identity-based proxy re-encryption, standard model",
author = "Liang, {Kaitai Alexander} and Liu, {Joseph K.} and Wong, {Duncan S.} and Willy Susilo",
year = "2014",
doi = "10.1007/978-3-319-11203-9_15",
language = "English",
isbn = "9783319112022",
series = "Lecture Notes in Computer Science",
publisher = "Springer",
pages = "257--272",
editor = "Miroslaw Kutylowski and Jaideep Vaidya",
booktitle = "Computer Security - ESORICS 2014",

}

Liang, KA, Liu, JK, Wong, DS & Susilo, W 2014, An efficient cloud-based revocable identity-based proxy re-encryption scheme for public clouds data sharing. in M Kutylowski & J Vaidya (eds), Computer Security - ESORICS 2014: 19th European Symposium on Research in Computer Security Wroclaw, Poland, September 7-11, 2014 - Proceedings, Part II. Lecture Notes in Computer Science, vol. 8712, Springer, Heidelberg Germany, pp. 257-272, European Symposium On Research In Computer Security 2014, Wroclaw, Poland, 7/09/14. https://doi.org/10.1007/978-3-319-11203-9_15

An efficient cloud-based revocable identity-based proxy re-encryption scheme for public clouds data sharing. / Liang, Kaitai Alexander; Liu, Joseph K.; Wong, Duncan S.; Susilo, Willy.

Computer Security - ESORICS 2014: 19th European Symposium on Research in Computer Security Wroclaw, Poland, September 7-11, 2014 - Proceedings, Part II. ed. / Miroslaw Kutylowski; Jaideep Vaidya. Heidelberg Germany : Springer, 2014. p. 257-272 (Lecture Notes in Computer Science; Vol. 8712).

Research output: Chapter in Book/Report/Conference proceedingConference PaperResearchpeer-review

TY - GEN

T1 - An efficient cloud-based revocable identity-based proxy re-encryption scheme for public clouds data sharing

AU - Liang, Kaitai Alexander

AU - Liu, Joseph K.

AU - Wong, Duncan S.

AU - Susilo, Willy

PY - 2014

Y1 - 2014

N2 - Identity-based encryption (IBE) eliminates the necessity of having a costly certificate verification process. However, revocation remains as a daunting task in terms of ciphertext update and key update phases. In this paper, we provide an affirmative solution to solve the efficiency problem incurred by revocation. We propose the first cloud-based revocable identity-based proxy re-encryption (CR-IB-PRE) scheme that supports user revocation but also delegation of decryption rights. No matter a user is revoked or not, at the end of a given time period the cloud acting as a proxy will re-encrypt all ciphertexts of the user under the current time period to the next time period. If the user is revoked in the forthcoming time period, he cannot decrypt the ciphertexts by using the expired private key anymore. comparing to some naive solutions which require a private key generator (PKG) to interact with non-revoked users in each time period, the new scheme provides definite advantages in terms of communication and computation efficiency.

AB - Identity-based encryption (IBE) eliminates the necessity of having a costly certificate verification process. However, revocation remains as a daunting task in terms of ciphertext update and key update phases. In this paper, we provide an affirmative solution to solve the efficiency problem incurred by revocation. We propose the first cloud-based revocable identity-based proxy re-encryption (CR-IB-PRE) scheme that supports user revocation but also delegation of decryption rights. No matter a user is revoked or not, at the end of a given time period the cloud acting as a proxy will re-encrypt all ciphertexts of the user under the current time period to the next time period. If the user is revoked in the forthcoming time period, he cannot decrypt the ciphertexts by using the expired private key anymore. comparing to some naive solutions which require a private key generator (PKG) to interact with non-revoked users in each time period, the new scheme provides definite advantages in terms of communication and computation efficiency.

KW - Revocable identity-based encryption

KW - cloud-based revocable identity-based proxy re-encryption

KW - standard model

U2 - 10.1007/978-3-319-11203-9_15

DO - 10.1007/978-3-319-11203-9_15

M3 - Conference Paper

SN - 9783319112022

T3 - Lecture Notes in Computer Science

SP - 257

EP - 272

BT - Computer Security - ESORICS 2014

A2 - Kutylowski, Miroslaw

A2 - Vaidya, Jaideep

PB - Springer

CY - Heidelberg Germany

ER -

Liang KA, Liu JK, Wong DS, Susilo W. An efficient cloud-based revocable identity-based proxy re-encryption scheme for public clouds data sharing. In Kutylowski M, Vaidya J, editors, Computer Security - ESORICS 2014: 19th European Symposium on Research in Computer Security Wroclaw, Poland, September 7-11, 2014 - Proceedings, Part II. Heidelberg Germany: Springer. 2014. p. 257-272. (Lecture Notes in Computer Science). https://doi.org/10.1007/978-3-319-11203-9_15