Skip to main content
placeholder image

Concessive online/offline attribute based encryption with cryptographic reverse firewalls—secure and efficient fine-grained access control on corrupted machines

Journal Article


Abstract


  • Attribute based encryption (ABE) has potential to be applied in various cloud computing applications. However, the Snowden revelations show that powerful adversaries can corrupt users’ machines to compromise the security, and many implementations of provably secure encryption schemes may present undetectable vulnerabilities that can expose secret, e.g., the scheme still works properly even some backdoors have been stealthily engineered on users’ machines. Undoubtedly, ABE is also facing the above security threats. Recently, Mironov and Stephens-Davidowitz proposed cryptographic reverse firewall (CRF) to solve the problem. Unfortunately, no CRF-based protection for ABE has been proposed so far due to the complex system model and the extra access structure component. Besides, the encryption scheme in the CRF framework will suffer double computation latency, which is worse for ABE that has already yielded expensive operations. In this paper, we propose a concessive online/offline ciphertext-policy attribute based encryption with cryptographic reverse firewalls (COO-CP-ABE-CRF), which can resist the exfiltration of secret information and achieve selective CPA security. Furthermore, compared with the original scheme without CRF, our scheme reduces the total computation cost by half. Moreover, we develop an extensible library called libabe that is compatible with Android devices, and we implement the prototype on a laptop and a mobile phone. The experimental results indicate that the scheme is efficient and practical.

Authors


  •   Ma, Hui (external author)
  •   Zhang, Rui (external author)
  •   Yang, Guomin
  •   Song, Zishuai (external author)
  •   Sun, Shuzhou (external author)
  •   Xiao, Yuting (external author)

Publication Date


  • 2018

Citation


  • Ma, H., Zhang, R., Yang, G., Song, Z., Sun, S. & Xiao, Y. (2018). Concessive online/offline attribute based encryption with cryptographic reverse firewalls—secure and efficient fine-grained access control on corrupted machines. Lecture Notes in Computer Science, 11099 507-526. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Scopus Eid


  • 2-s2.0-85051847757

Number Of Pages


  • 19

Start Page


  • 507

End Page


  • 526

Volume


  • 11099

Place Of Publication


  • Germany

Abstract


  • Attribute based encryption (ABE) has potential to be applied in various cloud computing applications. However, the Snowden revelations show that powerful adversaries can corrupt users’ machines to compromise the security, and many implementations of provably secure encryption schemes may present undetectable vulnerabilities that can expose secret, e.g., the scheme still works properly even some backdoors have been stealthily engineered on users’ machines. Undoubtedly, ABE is also facing the above security threats. Recently, Mironov and Stephens-Davidowitz proposed cryptographic reverse firewall (CRF) to solve the problem. Unfortunately, no CRF-based protection for ABE has been proposed so far due to the complex system model and the extra access structure component. Besides, the encryption scheme in the CRF framework will suffer double computation latency, which is worse for ABE that has already yielded expensive operations. In this paper, we propose a concessive online/offline ciphertext-policy attribute based encryption with cryptographic reverse firewalls (COO-CP-ABE-CRF), which can resist the exfiltration of secret information and achieve selective CPA security. Furthermore, compared with the original scheme without CRF, our scheme reduces the total computation cost by half. Moreover, we develop an extensible library called libabe that is compatible with Android devices, and we implement the prototype on a laptop and a mobile phone. The experimental results indicate that the scheme is efficient and practical.

Authors


  •   Ma, Hui (external author)
  •   Zhang, Rui (external author)
  •   Yang, Guomin
  •   Song, Zishuai (external author)
  •   Sun, Shuzhou (external author)
  •   Xiao, Yuting (external author)

Publication Date


  • 2018

Citation


  • Ma, H., Zhang, R., Yang, G., Song, Z., Sun, S. & Xiao, Y. (2018). Concessive online/offline attribute based encryption with cryptographic reverse firewalls—secure and efficient fine-grained access control on corrupted machines. Lecture Notes in Computer Science, 11099 507-526. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Scopus Eid


  • 2-s2.0-85051847757

Number Of Pages


  • 19

Start Page


  • 507

End Page


  • 526

Volume


  • 11099

Place Of Publication


  • Germany