Author : Kangeri Swetha 1
Date of Publication :10th January 2018
Abstract: Identity-based encryption (IBE) is a public key cryptosystem [3] and eliminates the demands of public key infrastructure (PKI) and certificate administration in conventional public key settings. Due to the absence of PKI, the revocation problem is a critical issue in IBE settings. Several revocable IBE schemes have been proposed regarding this issue. Quite recently, by embedding an outsourcing computation technique into IBE, Li ET AL. proposed a revocable IBE scheme with a key-update cloud service provider (KU-CSP). However, their scheme has two shortcomings. One is that the computation and communication costs are higher than previous revocable IBE schemes. The other shortcoming is lack of scalability in the sense that the KU-CSP must keep a secret value for each user. In the article, we propose a new revocable IBE scheme with a cloud revocation authority (CRA) to solve the two shortcomings, namely, the performance is significantly improved and the CRA holds only a system secret for all the users. For security analysis, we demonstrate that the proposed scheme is semantically secure under the decisional bilinear Diffie-Hellman (DBDH) assumption. Finally, we extend the proposed revocable IBE scheme to present a CRA-aided authentication scheme with period-limited privileges for managing a large number of various cloud services
Reference :
-
- A. Shamir, “Identity-based cryptosystems and signature schemes,” Proc. Crypto’84, LNCS, vol. 196, pp. 47-53, 1984.
- M. Franklin, and D. Boneh “Identity-based encryption from the Weil pairing,” Proc. Crypto’01, LNCS, vol. 2139, pp. 213-229, 2001.
- R. Housley, W. Ford, and W. Polk, “Internet X.509 public key infrastructure certificate and certificate revocation list (CRL) profile,” IETF, RFC 3280, 2002.
- S. Lodha, and W. Aiello, “Fast digital identity revocation,” Proc. Crypto’98, LNCS, vol. 1462, pp. 137- 152, 1998.
- M. Naor and K. Nissim, “Certificate revocation and certificate update,” IEEE Journal on Selected Areas in Communications, vol. 18 , no. 4, pp. 561 - 570, 2000.
- S. Micali, “Novomodo: Scalable certificate validation and simplified PKI management,”Proc. 1st Annual PKI Research Workshop, pp. 15-25, 2002.
- Z. Ramzan, F. F. Elwailly, and C. Gentry, “QuasiModo: Efficient certificate validation and revocation,” Proc. PKC’04, LNCS, vol. 2947, pp. 375- 388, 2004.
- V. Goyal, “Certificate revocation using fine grained certificate space partitioning,” Proc. Financial Cryptography, LNCS, vol. 4886, pp. 247-259, 2007.
- G. Tsudik, X. Ding, and D. Boneh, “A Method for fast revocation of public key certificates and security capabilities,” Proc. 10th USENIX Security Symp., pp. 297-310. 2001.