Identity-based encryption with post-challenge auxiliary inputs for secure cloud applications and sensor networks

Tsz Hon Yuen; Ye Zhang; Siu Ming Yiu; Joseph K. Liu

doi:10.1007/978-3-319-11203-9_8

Identity-based encryption with post-challenge auxiliary inputs for secure cloud applications and sensor networks

Tsz Hon Yuen, Ye Zhang, Siu Ming Yiu, Joseph K. Liu

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Research › peer-review

34 Citations (Scopus)

Abstract

Identity-based encryption (IBE) is useful for providing end-to-end access control and data protection in many scenarios such as cloud applications and wireless sensor networks However, there are some practical threats for the data owner or the sensor, who encrypts raw data; and the data user or the control centre, who decrypts the ciphertext and recovers the raw data. In this paper, we tackle the open problem of proposing a leakage-resilience encryption model that can capture leakage from both the secret key owner (the data user or control centre) and the encryptor (the data owner or sensor), in the auxiliary input model. Existing models only allow the leakage of the secret key and do not allow adversaries to query more leakage information after seeing the challenge ciphertext of the security games. We solve this problem by defining the post-challenge auxiliary input model in which the family of leakage functions must be defined before the adversary is given the public key. The post-challenge query will return the leakage of the encryption randomness used by the encryptor. This model is able to capture a wider class of real-world attacks. To realize our model, we propose a generic transformation from the auxiliary input model to our new post-challenge auxiliary input model for both public key encryption (PKE) and IBE. Furthermore, we extend Canetti et al. s technique, that converts CPA-secure IBE to CCA-secure PKE, into the leakage-resilient setting.

Original language	English
Title of host publication	Computer Security - ESORICS 2014
Subtitle of host publication	19th European Symposium on Research in Computer Security Wroclaw, Poland, September 7-11, 2014 - Proceedings, Part II
Editors	Miroslaw Kutylowski, Jaideep Vaidya
Place of Publication	Heidelberg Germany
Publisher	Springer
Pages	130-147
Number of pages	18
ISBN (Electronic)	9783319112039
ISBN (Print)	9783319112022
DOIs	https://doi.org/10.1007/978-3-319-11203-9_8
Publication status	Published - 2014
Externally published	Yes
Event	European Symposium On Research In Computer Security 2014 - Wroclaw University of Technology, Wroclaw, Poland Duration: 7 Sept 2014 → 11 Sept 2014 Conference number: 19th https://esorics2014.pwr.wroc.pl/ https://link.springer.com/book/10.1007/978-3-319-11203-9 (Proceedings)

Publication series

Name	Lecture Notes in Computer Science
Publisher	Springer
Volume	8712
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	European Symposium On Research In Computer Security 2014
Abbreviated title	ESORICS 2014
Country/Territory	Poland
City	Wroclaw
Period	7/09/14 → 11/09/14
Internet address	https://esorics2014.pwr.wroc.pl/ https://link.springer.com/book/10.1007/978-3-319-11203-9 (Proceedings)

Keywords

IBE
leakage-resilient
auxiliary inputs
randomness

Access to Document

10.1007/978-3-319-11203-9_8

Cite this

Yuen, T. H., Zhang, Y., Yiu, S. M., & Liu, J. K. (2014). Identity-based encryption with post-challenge auxiliary inputs for secure cloud applications and sensor networks. In M. Kutylowski, & J. Vaidya (Eds.), Computer Security - ESORICS 2014: 19th European Symposium on Research in Computer Security Wroclaw, Poland, September 7-11, 2014 - Proceedings, Part II (pp. 130-147). (Lecture Notes in Computer Science; Vol. 8712). Springer. https://doi.org/10.1007/978-3-319-11203-9_8

Yuen, Tsz Hon ; Zhang, Ye ; Yiu, Siu Ming et al. / Identity-based encryption with post-challenge auxiliary inputs for secure cloud applications and sensor networks. Computer Security - ESORICS 2014: 19th European Symposium on Research in Computer Security Wroclaw, Poland, September 7-11, 2014 - Proceedings, Part II. editor / Miroslaw Kutylowski ; Jaideep Vaidya. Heidelberg Germany : Springer, 2014. pp. 130-147 (Lecture Notes in Computer Science).

@inproceedings{057252bce6c946a48038a94ad3b77cea,

title = "Identity-based encryption with post-challenge auxiliary inputs for secure cloud applications and sensor networks",

abstract = "Identity-based encryption (IBE) is useful for providing end-to-end access control and data protection in many scenarios such as cloud applications and wireless sensor networks However, there are some practical threats for the data owner or the sensor, who encrypts raw data; and the data user or the control centre, who decrypts the ciphertext and recovers the raw data. In this paper, we tackle the open problem of proposing a leakage-resilience encryption model that can capture leakage from both the secret key owner (the data user or control centre) and the encryptor (the data owner or sensor), in the auxiliary input model. Existing models only allow the leakage of the secret key and do not allow adversaries to query more leakage information after seeing the challenge ciphertext of the security games. We solve this problem by defining the post-challenge auxiliary input model in which the family of leakage functions must be defined before the adversary is given the public key. The post-challenge query will return the leakage of the encryption randomness used by the encryptor. This model is able to capture a wider class of real-world attacks. To realize our model, we propose a generic transformation from the auxiliary input model to our new post-challenge auxiliary input model for both public key encryption (PKE) and IBE. Furthermore, we extend Canetti et al. s technique, that converts CPA-secure IBE to CCA-secure PKE, into the leakage-resilient setting.",

keywords = "IBE, leakage-resilient, auxiliary inputs, randomness",

author = "Yuen, {Tsz Hon} and Ye Zhang and Yiu, {Siu Ming} and Liu, {Joseph K.}",

year = "2014",

doi = "10.1007/978-3-319-11203-9_8",

language = "English",

isbn = "9783319112022",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

pages = "130--147",

editor = "Miroslaw Kutylowski and Vaidya, {Jaideep }",

booktitle = "Computer Security - ESORICS 2014",

note = "European Symposium On Research In Computer Security 2014, ESORICS 2014 ; Conference date: 07-09-2014 Through 11-09-2014",

url = "https://esorics2014.pwr.wroc.pl/, https://link.springer.com/book/10.1007/978-3-319-11203-9",

}

Yuen, TH, Zhang, Y, Yiu, SM & Liu, JK 2014, Identity-based encryption with post-challenge auxiliary inputs for secure cloud applications and sensor networks. in M Kutylowski & J Vaidya (eds), Computer Security - ESORICS 2014: 19th European Symposium on Research in Computer Security Wroclaw, Poland, September 7-11, 2014 - Proceedings, Part II. Lecture Notes in Computer Science, vol. 8712, Springer, Heidelberg Germany, pp. 130-147, European Symposium On Research In Computer Security 2014, Wroclaw, Poland, 7/09/14. https://doi.org/10.1007/978-3-319-11203-9_8

Identity-based encryption with post-challenge auxiliary inputs for secure cloud applications and sensor networks. / Yuen, Tsz Hon; Zhang, Ye; Yiu, Siu Ming et al.
Computer Security - ESORICS 2014: 19th European Symposium on Research in Computer Security Wroclaw, Poland, September 7-11, 2014 - Proceedings, Part II. ed. / Miroslaw Kutylowski; Jaideep Vaidya. Heidelberg Germany: Springer, 2014. p. 130-147 (Lecture Notes in Computer Science; Vol. 8712).

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Research › peer-review

TY - GEN

T1 - Identity-based encryption with post-challenge auxiliary inputs for secure cloud applications and sensor networks

AU - Yuen, Tsz Hon

AU - Zhang, Ye

AU - Yiu, Siu Ming

AU - Liu, Joseph K.

N1 - Conference code: 19th

PY - 2014

Y1 - 2014

N2 - Identity-based encryption (IBE) is useful for providing end-to-end access control and data protection in many scenarios such as cloud applications and wireless sensor networks However, there are some practical threats for the data owner or the sensor, who encrypts raw data; and the data user or the control centre, who decrypts the ciphertext and recovers the raw data. In this paper, we tackle the open problem of proposing a leakage-resilience encryption model that can capture leakage from both the secret key owner (the data user or control centre) and the encryptor (the data owner or sensor), in the auxiliary input model. Existing models only allow the leakage of the secret key and do not allow adversaries to query more leakage information after seeing the challenge ciphertext of the security games. We solve this problem by defining the post-challenge auxiliary input model in which the family of leakage functions must be defined before the adversary is given the public key. The post-challenge query will return the leakage of the encryption randomness used by the encryptor. This model is able to capture a wider class of real-world attacks. To realize our model, we propose a generic transformation from the auxiliary input model to our new post-challenge auxiliary input model for both public key encryption (PKE) and IBE. Furthermore, we extend Canetti et al. s technique, that converts CPA-secure IBE to CCA-secure PKE, into the leakage-resilient setting.

AB - Identity-based encryption (IBE) is useful for providing end-to-end access control and data protection in many scenarios such as cloud applications and wireless sensor networks However, there are some practical threats for the data owner or the sensor, who encrypts raw data; and the data user or the control centre, who decrypts the ciphertext and recovers the raw data. In this paper, we tackle the open problem of proposing a leakage-resilience encryption model that can capture leakage from both the secret key owner (the data user or control centre) and the encryptor (the data owner or sensor), in the auxiliary input model. Existing models only allow the leakage of the secret key and do not allow adversaries to query more leakage information after seeing the challenge ciphertext of the security games. We solve this problem by defining the post-challenge auxiliary input model in which the family of leakage functions must be defined before the adversary is given the public key. The post-challenge query will return the leakage of the encryption randomness used by the encryptor. This model is able to capture a wider class of real-world attacks. To realize our model, we propose a generic transformation from the auxiliary input model to our new post-challenge auxiliary input model for both public key encryption (PKE) and IBE. Furthermore, we extend Canetti et al. s technique, that converts CPA-secure IBE to CCA-secure PKE, into the leakage-resilient setting.

KW - IBE

KW - leakage-resilient

KW - auxiliary inputs

KW - randomness

U2 - 10.1007/978-3-319-11203-9_8

DO - 10.1007/978-3-319-11203-9_8

M3 - Conference Paper

SN - 9783319112022

T3 - Lecture Notes in Computer Science

SP - 130

EP - 147

BT - Computer Security - ESORICS 2014

A2 - Kutylowski, Miroslaw

A2 - Vaidya, Jaideep

PB - Springer

CY - Heidelberg Germany

T2 - European Symposium On Research In Computer Security 2014

Y2 - 7 September 2014 through 11 September 2014

ER -

Yuen TH, Zhang Y, Yiu SM, Liu JK. Identity-based encryption with post-challenge auxiliary inputs for secure cloud applications and sensor networks. In Kutylowski M, Vaidya J, editors, Computer Security - ESORICS 2014: 19th European Symposium on Research in Computer Security Wroclaw, Poland, September 7-11, 2014 - Proceedings, Part II. Heidelberg Germany: Springer. 2014. p. 130-147. (Lecture Notes in Computer Science). doi: 10.1007/978-3-319-11203-9_8