Identity based encryption with outsourced revocation in cloud computing
Download as DOCX, PDF0 likes137 views
The document proposes a new approach to identity-based encryption with outsourced revocation. It introduces a key update cloud service provider that handles most key generation operations, leaving only simple tasks for the private key generator and users. This offloads computation costs. A hybrid private key combines identity and time components, allowing efficient key updates to revoke users. The scheme achieves constant efficiency while removing the need for users to directly interact with the private key generator during key updates. An advanced construction based on the refereed delegation of computation model provides additional security.
Identity based encryption with outsourced revocation in cloud computing
- 1. 1. #13/ 19, 1st Floor, Municipal Colony, Kangayanellore Road, Gandhi Nagar, vellore – 6. Off:0416-2247353 / 6066663 Mo: +91 9500218218 /8870603602, Project Titles: http://shakastech.weebly.com/2015-2016-titles Website: www.shakastech.com, Email - id: shakastech@gmail.com, info@shakastech.com IDENTITY-BASED ENCRYPTION WITH OUTSOURCED REVOCATION IN CLOUD COMPUTING ABSTRACT Identity-Based Encryption (IBE) which simplifies the public key and certificate management at Public Key Infrastructure (PKI) is an important alternative to public key encryption. However, one of the main efficiency drawbacks of IBE is the overhead computation at Private Key Generator (PKG) during user revocation. Efficient revocation has been well studied in traditional PKI setting, but the cumbersome management of certificates is precisely the burden that IBE strives to alleviate. In this paper, aiming at tackling the critical issue of identity revocation, we introduce outsourcing computation into IBE for the first time and propose a revocable IBE scheme in the server-aided setting. Our scheme offloads most of the key generation related operations during key-issuing and key-update processes to a Key Update Cloud Service Provider, leaving only a constant number of simple operations for PKG and users to perform locally. This goal is achieved by utilizing a novel collusion-resistant technique: we employ a hybrid private key for each user, in which an AND gate is involved to connect and bound the identity component and the time component. Furthermore, we propose another construction which is provable secure under the recently formulized Refereed Delegation of Computation model. Finally, we provide extensive experimental results to demonstrate the efficiency of our proposed construction.
- 2. 1. #13/ 19, 1st Floor, Municipal Colony, Kangayanellore Road, Gandhi Nagar, vellore – 6. Off:0416-2247353 / 6066663 Mo: +91 9500218218 /8870603602, Project Titles: http://shakastech.weebly.com/2015-2016-titles Website: www.shakastech.com, Email - id: shakastech@gmail.com, info@shakastech.com EXISTING SYSTEM: Introduced and firstly implemented by Boneh and Franklin as well , IBE has been researched intensively in cryptographic community. On the aspect of construction, these first schemes were proven secure in random oracle. Some subsequent systems achieved provable secure in standard model under selective-ID security or adaptive-ID security. Recently, there have been multiple lattice-based constructions for IBE systems. Nevertheless, concerning on revocable IBE, there is little work presented. As mentioned before, Boneh and Franklin’s suggestion is more a viable solution but impractical. Hanaoka et al proposed a way for users to periodically renew their private keys without interacting with PKG. However, the assumption required in their work is that each user needs to possess a tamper-resistant hardware device. Another solution is mediator-aided revocation: In this setting there is a special semi-trusted third party called a mediator who helps users to decrypt each ciphertext. If an identity is revoked then the mediator is instructed to stop helping the user. Obviously, it is impractical since all users are unable to decrypt on their own and they need to communicate with mediator for each decryption. Recently, Lin et alproposed a space efficient revocable IBE mechanism from non-monotonic Attribute-Based Encryption (ABE), but their construction requires times bilinear pairing operations for a single decryption where is the number of revoked users. As far as we know, the revocable IBE scheme presented by Boldyreva et al. remains the most effective solution right now. Libert and Vergnaud improved Boldyreva’s construction to achieve adaptive-ID security. Their work focused on security enhanced, but inherits the similar disadvantage as Boldyreva’s original construction. As we mentioned before, they are short in storage for both private key at user and binary tree structure at PKG.
- 3. 1. #13/ 19, 1st Floor, Municipal Colony, Kangayanellore Road, Gandhi Nagar, vellore – 6. Off:0416-2247353 / 6066663 Mo: +91 9500218218 /8870603602, Project Titles: http://shakastech.weebly.com/2015-2016-titles Website: www.shakastech.com, Email - id: shakastech@gmail.com, info@shakastech.com PROPOSED SYSTEM: In this paper, we introduce outsourcing computation into IBE revocation, and formalize the security definition of outsourced revocable IBE for the first time to the best of our knowledge. We propose a scheme to offload all the keygeneration related operations during key- issuing and keyupdate, leaving only a constant number of simple operations for PKG and eligible users to perform locally. In our scheme, as with the suggestion, we realize revocation through updating the private keys of the unrevoked users. But unlike that work which trivially concatenates time period with identity for key generation/update and requires to re-issue the whole private key for unrevoked users, we propose a novel collusion-resistant key issuing technique: we employ a hybrid private key for each user, in which an AND gate is involved to connect and bound two sub-components, namely the identity component and the time component. At first, user is able to obtain the identity component and a default time component (i.e., for current time period) from PKG as his/her private key in key-issuing. Afterwards, in order to maintain decryptability, unrevoked users needs to periodically request on keyupdate for time component to a newly introduced entity named Key Update Cloud Service Provider (KU- CSP). Compared with the previous work , our scheme does not have to re-issue the whole private keys, but just need to update a lightweight component of it at a specialized entity KU-CSP. We also specify that 1) with the aid of KU-CSP, user needs not to contact with PKG in key-update, in other words, PKGis allowed to be offline after sending the revocation list to KU-CSP. 2) No secure channel or user authentication is required during key-update between user and KU-CSP. Module 1 Identity-Based Encryption
- 4. 1. #13/ 19, 1st Floor, Municipal Colony, Kangayanellore Road, Gandhi Nagar, vellore – 6. Off:0416-2247353 / 6066663 Mo: +91 9500218218 /8870603602, Project Titles: http://shakastech.weebly.com/2015-2016-titles Website: www.shakastech.com, Email - id: shakastech@gmail.com, info@shakastech.com An IBE scheme which typically involves two entities, PKG and users (including sender and receiver) is consisted of the following four algorithms. Setup : The setup algorithm takes as input a security parameter and outputs the public key and the master key . Note that the master key is kept secret at PKG. KeyGen : The private key generation algorithm is run by PKG, which takes as input the master key and user’s identity . It returns a private key corresponding to the identity . Encrypt : The encryption algorithm is run by sender, which takes as input the receiver’s identity and a message to be encrypted. It outputs the ciphertext . Decrypt : The decryption algorithm is run by receiver, which takes as input the ciphertext and his/her private key . It returns a message or an error . An IBE scheme must satisfy the definition of consistency. Specifically, when the private key generated by algorithm KeyGen when it is given as the input, then Decrypt where Encrypt . The motivation of IBE is to simplify certificate management. For example, when Alice sends an email to Bob at bob@company com, she simply encrypts her message using Bob’s email address “bob@company com”, but does not need to obtain Bob’s public key certificate. When Bob receives the encrypted email he authenticate himself at PKG to obtain his private key, and read his email with such a private key. Module 2 Efficient ibe with outsourced revocation Intuition In order to achieve efficient revocation, we introduce the idea of “partial private key update” into the proposed construction, which operates on two sides: 1) We utilize a “hybrid private key” for each user in our system, which employs an AND gate connecting two sub- components namely the identity component and the time component respectively. is generated by PKG in key-issuing but is updated by the newly introduced KU-CSP in keyupdate; 2) In encryption, we take as input user’s identity as well as the time period to restrict decryption, more precisely, a user is allowed to perform successful decryption if and only if the identity and time period embedded in his/her private key are identical to that associated with the ciphertext. Using such skill, we are able to revoke user’s decryptability through updating the time component for
- 5. 1. #13/ 19, 1st Floor, Municipal Colony, Kangayanellore Road, Gandhi Nagar, vellore – 6. Off:0416-2247353 / 6066663 Mo: +91 9500218218 /8870603602, Project Titles: http://shakastech.weebly.com/2015-2016-titles Website: www.shakastech.com, Email - id: shakastech@gmail.com, info@shakastech.com private key by KU-CSP. Moreover, we remark that it cannot trivially utilize an identical updated time component for all users because revoked user is able to re-construct his/her ability through colluding with unrevoked users. To eliminate such collusion, we randomly generate an outsourcing key for each identity , which essentially decides a “matching relationship” for the two sub-components. Furthermore, we let KU-CSP maintain a list to record user’s identity and its corresponding outsourcing key. In key-update, we can use to update the time component for identity. Suppose a user with identity is revoked at . Even if he/she is able to obtain for identity , the revoked user still cannot decrypt ciphertext encrypted under . Module 3 Key Service Procedures Based on our algorithm construction, as shown in Fig. 4, the key service procedures including key-issuing, key-update and revocation in proposed IBE scheme with outsourced revocation work as follows. Key-issuing. We require that PKG maintains a revocation list and a time list locally. Upon receiving a private key request on , PKG runs KeyGen to obtain private key and outsourcing key . Finally, it sends to user and ( ) to KUCSP respectively. As described in intuition, for each entry ( ) sent from PKG, KU-CSP should add it into a locally maintained user list . Key-update. If some users have been revoked at time period , each unrevoked user needs to send key-update request to KU-CSP to maintain decryptability. Upon receiving the request on identity , KU-CSP runs KeyUpdate to obtain . Finally, it sends such time component back to user who is able to update his/her private key as Revocation. Similar to key-update, if a revoked user sends a key-update request on identity , KU-CSP runs KeyUpdate as well. Nevertheless, since , KU-CSP will return . Therefore, such key-update request is aborted. Module 4 Advanced Construction
- 6. 1. #13/ 19, 1st Floor, Municipal Colony, Kangayanellore Road, Gandhi Nagar, vellore – 6. Off:0416-2247353 / 6066663 Mo: +91 9500218218 /8870603602, Project Titles: http://shakastech.weebly.com/2015-2016-titles Website: www.shakastech.com, Email - id: shakastech@gmail.com, info@shakastech.com RDoC model originates from the model of refereed games , and is later formalized. In RDoC model, the client is able to interact with multiple servers and it has a right output as long as there exists one server that follows the proposed protocol. One of the most advantages of RDoC over traditional model with single server is that the security risk on the single server is reduced to multiple servers involved in. As the result of both the practicality and utility, RDoC model recently has been widely utilized in the literature of outsourced computation. In order to apply RDoC to our setting, we introduce another independent KU-CSPs. Furthermore, we have three requirements in such model: 1) At least one of the KU-CSPs is honest. 2) Computational complexity at the honest KU-CSP is not much more than the other required to perform revocation. 3) PKG’s running time would be much smaller than required to directly perform revocation. CONCLUSION In this paper, focusing on the critical issue of identity revocation, we introduce outsourcing computation into IBE and propose a revocable scheme in which the revocation operations are delegated to CSP. With the aid of KU-CSP, the proposed scheme is full-featured: 1) It achieves constant efficiency for both computation at PKG and private key size at user; 2) User needs not to contact with PKG during keyupdate, in other words, PKG is allowed to be offline after sending the revocation list to KU-CSP; 3)Nosecure channel or user authentication is required during key-update between user and KU-CSP. Furthermore, we consider to realize revocable IBE under a stronger adversary model. We present an advanced construction and show it is secure underRDoCmodel, in which at least one of the KU-CSPs is assumed to be honest. Therefore, even if a revoked user and either of the KU-CSPs collude, it is unable to help such user re-obtain his/her decryptability. Finally, we provide extensive experimental results to demonstrate the efficiency of our proposed construction.