Identity-based encryption with cloud revocation authority and its applications

Yuh-Min Tseng, Tung Tso Tsai, Sen-Shan Huang, Chung Peng Huang

Research output: Contribution to journalArticle

5 Citations (Scopus)

Abstract

Identity-based encryption (IBE) is a public key cryptosystem and eliminates the demands of public key infrastructure (PKI) and certificate administration in conventional public key settings. Due to the absence of PKI, the revocation problem is a critical issue in IBE settings. Several revocable IBE schemes have been proposed regarding this issue. Quite recently, by embedding an outsourcing computation technique into IBE, Li et al. proposed a revocable IBE scheme with a key-update cloud service provider (KU-CSP). However, their scheme has two shortcomings. One is that the computation and communication costs are higher than previous revocable IBE schemes. The other shortcoming is lack of scalability in the sense that the KU-CSP must keep a secret value for each user. In the article, we propose a new revocable IBE scheme with a cloud revocation authority (CRA) to solve the two shortcomings, namely, the performance is significantly improved and the CRA holds only a system secret for all the users. For security analysis, we demonstrate that the proposed scheme is semantically secure under the decisional bilinear Diffie-Hellman (DBDH) assumption. Finally, we extend the proposed revocable IBE scheme to present a CRA-aided authentication scheme with period-limited privileges for managing a large number of various cloud services.

Original languageEnglish
Article number7430324
Pages (from-to)1041-1053
Number of pages13
JournalIEEE Transactions on Cloud Computing
Volume6
Issue number4
DOIs
Publication statusPublished - 2018 Oct 1

Fingerprint

Cryptography
Outsourcing
Authentication
Scalability
Communication
Costs

All Science Journal Classification (ASJC) codes

  • Software
  • Information Systems
  • Hardware and Architecture
  • Computer Science Applications
  • Computer Networks and Communications

Cite this

@article{773427e54f4e4443843f8023a2dfc32b,
title = "Identity-based encryption with cloud revocation authority and its applications",
abstract = "Identity-based encryption (IBE) is a public key cryptosystem and eliminates the demands of public key infrastructure (PKI) and certificate administration in conventional public key settings. Due to the absence of PKI, the revocation problem is a critical issue in IBE settings. Several revocable IBE schemes have been proposed regarding this issue. Quite recently, by embedding an outsourcing computation technique into IBE, Li et al. proposed a revocable IBE scheme with a key-update cloud service provider (KU-CSP). However, their scheme has two shortcomings. One is that the computation and communication costs are higher than previous revocable IBE schemes. The other shortcoming is lack of scalability in the sense that the KU-CSP must keep a secret value for each user. In the article, we propose a new revocable IBE scheme with a cloud revocation authority (CRA) to solve the two shortcomings, namely, the performance is significantly improved and the CRA holds only a system secret for all the users. For security analysis, we demonstrate that the proposed scheme is semantically secure under the decisional bilinear Diffie-Hellman (DBDH) assumption. Finally, we extend the proposed revocable IBE scheme to present a CRA-aided authentication scheme with period-limited privileges for managing a large number of various cloud services.",
author = "Yuh-Min Tseng and Tsai, {Tung Tso} and Sen-Shan Huang and Huang, {Chung Peng}",
year = "2018",
month = "10",
day = "1",
doi = "10.1109/TCC.2016.2541138",
language = "English",
volume = "6",
pages = "1041--1053",
journal = "IEEE Transactions on Cloud Computing",
issn = "2168-7161",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
number = "4",

}

Identity-based encryption with cloud revocation authority and its applications. / Tseng, Yuh-Min; Tsai, Tung Tso; Huang, Sen-Shan; Huang, Chung Peng.

In: IEEE Transactions on Cloud Computing, Vol. 6, No. 4, 7430324, 01.10.2018, p. 1041-1053.

Research output: Contribution to journalArticle

TY - JOUR

T1 - Identity-based encryption with cloud revocation authority and its applications

AU - Tseng, Yuh-Min

AU - Tsai, Tung Tso

AU - Huang, Sen-Shan

AU - Huang, Chung Peng

PY - 2018/10/1

Y1 - 2018/10/1

N2 - Identity-based encryption (IBE) is a public key cryptosystem and eliminates the demands of public key infrastructure (PKI) and certificate administration in conventional public key settings. Due to the absence of PKI, the revocation problem is a critical issue in IBE settings. Several revocable IBE schemes have been proposed regarding this issue. Quite recently, by embedding an outsourcing computation technique into IBE, Li et al. proposed a revocable IBE scheme with a key-update cloud service provider (KU-CSP). However, their scheme has two shortcomings. One is that the computation and communication costs are higher than previous revocable IBE schemes. The other shortcoming is lack of scalability in the sense that the KU-CSP must keep a secret value for each user. In the article, we propose a new revocable IBE scheme with a cloud revocation authority (CRA) to solve the two shortcomings, namely, the performance is significantly improved and the CRA holds only a system secret for all the users. For security analysis, we demonstrate that the proposed scheme is semantically secure under the decisional bilinear Diffie-Hellman (DBDH) assumption. Finally, we extend the proposed revocable IBE scheme to present a CRA-aided authentication scheme with period-limited privileges for managing a large number of various cloud services.

AB - Identity-based encryption (IBE) is a public key cryptosystem and eliminates the demands of public key infrastructure (PKI) and certificate administration in conventional public key settings. Due to the absence of PKI, the revocation problem is a critical issue in IBE settings. Several revocable IBE schemes have been proposed regarding this issue. Quite recently, by embedding an outsourcing computation technique into IBE, Li et al. proposed a revocable IBE scheme with a key-update cloud service provider (KU-CSP). However, their scheme has two shortcomings. One is that the computation and communication costs are higher than previous revocable IBE schemes. The other shortcoming is lack of scalability in the sense that the KU-CSP must keep a secret value for each user. In the article, we propose a new revocable IBE scheme with a cloud revocation authority (CRA) to solve the two shortcomings, namely, the performance is significantly improved and the CRA holds only a system secret for all the users. For security analysis, we demonstrate that the proposed scheme is semantically secure under the decisional bilinear Diffie-Hellman (DBDH) assumption. Finally, we extend the proposed revocable IBE scheme to present a CRA-aided authentication scheme with period-limited privileges for managing a large number of various cloud services.

UR - http://www.scopus.com/inward/record.url?scp=85055820655&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85055820655&partnerID=8YFLogxK

U2 - 10.1109/TCC.2016.2541138

DO - 10.1109/TCC.2016.2541138

M3 - Article

AN - SCOPUS:85055820655

VL - 6

SP - 1041

EP - 1053

JO - IEEE Transactions on Cloud Computing

JF - IEEE Transactions on Cloud Computing

SN - 2168-7161

IS - 4

M1 - 7430324

ER -