ADR-lrABE: New Mechanism of Direct-revocable Attribute-Based Encryption with Continual-leakage Tolerances
Issue title: Special Issue on Advanced Cryptographic Techniques for Cloud and Big Data Computation
Guest editors: Fatos Xhafa and Zhenfu Cao
Article type: Research Article
Authors: Zhang, Mingwu; †; *
Affiliations: School of Computers, Hubei University of Technology, Wuhan, 430068, China. csmwzhang@gmail.com
Correspondence: [†] Address for correspondence: School of Computer Science, Hubei University of Technology, Wuhan, 430068, China.
Note: [*] This work is supported by the National Natural Science Foundation of China under Grant 61370224 and 61672010, and the CICAEET fund and the PAPD fund, and the Key Laboratory of Mathematics and Interdisciplinary Sciences of Guangdong Higher Education Institutes, Guangzhou University. This is an extensional and improved version of [35] that presented in 19th Australasian Conference on Information Security and Privacy. Also affiliated at: School of Computer and Software, Nanjing University of Information Science and Technology and Key Laboratory of Mathematics and Interdisciplinary Sciences of Guangdong Higher Education Institutes, Guangzhou University.
Abstract: In order to provide a flexible access control in a secure manner in open networks, Attribute-Based Encryption (ABE) implements a fine-grained decentralized access control that is based on properties or attributes a user/node owns, which has paid more attention to the applications in large-scale and dynamic networks such as Mesh network, Wireless Body Area Networks (WBAN), and Internet of Things etc. However, as the openness and exposure in such networks, an attacker (e.g., virus, eavesdropper or sniffer) can blow the concrete implementation of cryptosystems, for example side channel attacks, and then obtains some sensitive and secret states in the system by monitoring pseudo-random numbers, internal results and secret keys and thus breaks the provable security of the systems. In this paper, in order to tolerate the possible key leakage, we model a fine-grained attribute revocable attribute-based encryption, namely ADR-lrABE, and then give the concrete construction, security analysis and resilient-leakage performance. The scheme tolerates the key of matching the challenge ciphertext to be partially revealed (i.e., key leakage resilience), and it provides a update mechanism to tolerate continual leakage that allows the attacker gains the leakage beyond the bound in the lifetime of the system (i.e., continual leakage tolerance). Also, it supports the properties of attribute direct revocation that the revocation procedure does not affect any other user’s secret key. That is, the proposed scheme is proven to be semantically secure even the decryption key is partially leaked to the attacker. We analyze the leakage-resilient performance of our scheme, and indicate that the scheme achieves approximate (82 + o(1)) fraction of the bits of a decryption key being leaked. We also provide a mechanism to transform the scheme into a prime-order group. To the best of our knowledge, our schemes are the first ABE that support attribute direct revocation mechanism in the presence of key leakage in noise channel or memory leakage environments.
Keywords: Attribute-based encryption, Leakage resilience, Attribute revocation, Key refresh, Leakage rate, Side-channel attack
DOI: 10.3233/FI-2018-1615
Journal: Fundamenta Informaticae, vol. 157, no. 1-2, pp. 1-27, 2018