Sharing your privileges securely: a key-insulated attribute based proxy re-encryption scheme for IoT
Attribute based proxy re-encryption (ABPRE) combines the merits of proxy re-encryption and attribute based encryption, which allows a delegator to re-encrypt the ciphertext according to the delegatees’ attributes. The theoretical foundations of ABPRE has been well studied, yet to date there are still issues in schemes of ABPRE, among which time-bounded security and key exposure protection for the re-encryption keys are the most concerning ones. Within the current ABPRE framework, the re-encryption keys are generated independently of the system time segments and the forward security protection is not guaranteed when the users’ access privileges are altered. In this paper, we present a key-insulated ABPRE scheme for IoT scenario. We realize secure and fine-grained data sharing by utilizing attribute based encryption over the encrypted data, as well as adopting key-insulation mechanism to provide forward security for re-encryption keys and private keys of users. In particular, the lifetime of the system is divided into several time slices, and when system enters into a new slice, the user’s private keys need are required to be refreshed. Therefore, the users’ access privileges in our system are time-bounded, and both re-encryption keys and private keys can be protected, which will enhance the security level during data re-encryption, especially in situations when key exposure or privilege alternation happens. Our scheme is proved to be secure under MDBDH hardness assumptions as well as against collusion attack. In addition, the public parameters do not have to be changed during the evolution of users’ private keys, which will require less computation resources brought by parameter synchronization in IoT.
KeywordsAttribute based encryption Proxy re-encryption Key exposure protection Key insulation
This research is supported by the National Natural Science Foundation of China (61373135, 61672299).
Compliance with ethical standards
The authors declare that they have no competing financial interests.
- 1.Ateniese, G., Fu, K., Green, M., et al.: Improved proxy re-encryption schemes with applications to secure distributed storage. In: Proceedings of NDSS05. The Internet Society, pp. 1–30. San Diego: ACM (2006)Google Scholar
- 3.Blaze, M., Bleumer, G., Strauss, M.: Divertible protocols and atomic proxy cryptography. In: Proceedings of Eurocrypt ‘98, vol. 1403, pp. 127–144. (1998)Google Scholar
- 4.Chu, C., Tzeng, W.: Identity-based proxy re-encryption without random oracles. In: Proceedings of ISC 2007. LNCS, vol. 4779, pp. 189–202. Springer, Heidelberg (2007)Google Scholar
- 5.Goyal, V., Pandey, O., Sahai, A. et al.: Attribute Based Encryption for Fine-Grained Access Control of Encrypted Data. In: Proceedings of ACM 13th conference on Computer and Communications Security, pp. 89–98. Alexandria, USA (2006)Google Scholar
- 8.Hong, H.S., Sun, Z.X., Xi, M.L.: A key-insulated CP-ABE with key exposure accountability for secure data sharing in the cloud. KSII T Internet Info. 5, 2394–2406 (2016)Google Scholar
- 9.Liang, X.H., Cao, Z.F., Lin, H., et al.: Attribute based proxy re-encryption with delegating capabilities. In: Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, pp. 276–286. New York (2009)Google Scholar
- 10.Liang, K.T., Fang, L.M., Susilo, W. et al.: A Ciphertext-Policy Attribute-Based Proxy Re-Encryption with Chosen-Ciphertext Security. 5th International Conference on Intelligent Networking and Collaborative Systems, pp. 552–559. Xi’an (2013)Google Scholar
- 11.Luo, S., Hu, J.B., Chen, Z.: Ciphertext policy attribute-based proxy re-encryption. Information and Communications Security. 401–415 (2010)Google Scholar
- 12.Mambo, M., Okamoto, E.: Proxy cryptosystems: delegation of the power to Decrypt Ciphertexts. IEICE Trans. Fundam. Electron. Commun. Comput. Sci. 80, 54–63 (1997)Google Scholar
- 13.Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Proceedings of 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, pp. 457–473. Aarhus (2005)Google Scholar
- 20.Weng, J., Yang, Y., Tang, Q., et al.: Efficient conditional proxy re-encryption with chosen-ciphertext security. In: Proceedings of the 12th International Conference on Information Security (ISC 2009), pp. 151–166. Springer Verlag, Heidelberg (2009)Google Scholar
- 22.Weng, J., Zhao, Y.L., Hanaoka, G.: On the security of a bidirectional proxy re-encryption scheme from PKC 2010. In: Proceedings of PKC 2011, pp. 284–295. Springer Verlag, Berlin (2011)Google Scholar