Abstract
The Snowden revelations show that powerful attackers can compromise user’s machines to steal users’ private information. At the same time, many of the encryption schemes that are proven to be secure in Random Oracle Model (ROM) may present undetectable vulnerabilities when implemented, and these vulnerabilities may reveal a users’ secrets, e.g., the machine hides some backdoors without the user’s awareness, and an attacker can steal the user’s private information through these backdoors. Recently, Mironov and Stephens-Davidowitz proposed cryptographic reverse firewall (CRF) to solve this problem. However, there is no CRF for identity-based encryption (IBE) has been proposed. In this paper, we propose two CRF protocols for IBE. One is a one-round encryption protocol with CRF used on the receiver, and the other is a two-round encryption protocol with CRFs deployed on both sender and receiver. We prove that these two protocols can resist the exfiltration of secret information and one is only secure against a chosen plaintext attack (CPA), the other is semantically secure against an adaptive chosen ciphertext attack (IND-ID-CCA). Moreover, we use JPBC to implement our protocols. The experimental results indicate that our protocols have some advantages in communication cost. Under certain computation cost conditions, our protocols are efficient and practical.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Fang, X., Misra, S., Xue, G., Yang, D.: Smart grid-the new and improved power grid: a survey. IEEE Commun. Surv. Tutorials 14(4), 944–980 (2011)
Perlroth, N., Larson, J., Shane, S.: N.S.A. Able to Foil Basic Safeguards of Privacy on Web. The New York Times, New York (2013)
Greenwald, G.: No Place to Hide: Edward Snowden, the NSA, and the U.S. Surveillance State. Metropolitan Books, New York (2014)
Vulnerability summary for CVE-2014-1260(‘Heartbleed’), April 2014. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1260
Vulnerability summary for CVE-2014-1266 (‘goto fail’), February 2014. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1266
Vulnerability summary for CVE-2014-6271(‘Shellshock’), September 2014. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
Tang, D.Q.: Cliptography: post-snowden cryptography. In: Proceedings of the ACM SIGSAC Conference on Computer & Communications Security 2017, pp. 2615–2616. ACM, Dallas, TX, USA (2017)
Mironov, I., Stephens-Davidowitz, N.: Cryptographic reverse firewalls. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 657–686. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46803-6_22
Young, A., Yung, M.: The dark side of “Black-Box” cryptography or: should we trust capstone? In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 89–103. Springer, Heidelberg (1996). https://doi.org/10.1007/3-540-68697-5_8
Blaze, M., Bleumer, G., Strauss, M.: Divertible protocols and atomic proxy cryptography. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 127–144. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0054122
Cocks, C.: An identity based encryption scheme based on quadratic residues. In: Honary, B. (ed.) Cryptography and Coding 2001. LNCS, vol. 2260, pp. 360–363. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-45325-3_32
Boneh, D., Franklin, M.: Identity-based encryption from the weil pairing. SIAM J. Comput. 32(3), 586–615 (2003)
Boyen, X., Waters, B.: Anonymous hierarchical identity-based encryption (Without Random Oracles). In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 290–307. Springer, Heidelberg (2006). https://doi.org/10.1007/11818175_17
Hess, F.: Efficient identity based signature schemes based on pairings. In: Nyberg, K., Heys, H. (eds.) SAC 2002. LNCS, vol. 2595, pp. 310–324. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36492-7_20
Choon, J.C., Hee Cheon, J.: An identity-based signature from gap diffie-hellman groups. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 18–30. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36288-6_2
Shamir, A.: Indentity-based crytosystems and signature schemes. LNCS 21(2), 47–53 (1984)
Dodis, Y., Mironov, I., Stephens-Davidowitz, N.: Message transmission with reverse firewalls—secure communication on corrupted machines. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9814, pp. 341–372. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53018-4_13
Chen, R., Mu, Y., Yang, G., Susilo, W., Guo, F., Zhang, M.: Cryptographic reverse firewall via malleable smooth projective hash functions. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10031, pp. 844–876. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53887-6_31
Ma, H., Zhang, R., Yang, G., Song, Z., Sun, S., Xiao, Y.: Concessive online/offline attribute based encryption with cryptographic reverse firewalls—secure and efficient fine-grained access control on corrupted machines. In: Lopez, J., Zhou, J., Soriano, M. (eds.) ESORICS 2018. LNCS, vol. 11099, pp. 507–526. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-98989-1_25
Acknowledgement
This work is supported by the National Natural Science Foundation of China (grant no. 61872058 ).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Zhou, Y., Guan, Y., Zhang, Z., Li, F. (2019). Cryptographic Reverse Firewalls for Identity-Based Encryption. In: Shen, B., Wang, B., Han, J., Yu, Y. (eds) Frontiers in Cyber Security. FCS 2019. Communications in Computer and Information Science, vol 1105. Springer, Singapore. https://doi.org/10.1007/978-981-15-0818-9_3
Download citation
DOI: https://doi.org/10.1007/978-981-15-0818-9_3
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-15-0817-2
Online ISBN: 978-981-15-0818-9
eBook Packages: Computer ScienceComputer Science (R0)