Constructing Certificateless Encryption with Keyword Search against Outside and Inside Keyword Guessing Attacks
|
摘要
Searchable public key encryption is a useful cryptographic paradigm that enables an untrustworthy server to retrieve the encrypted data without revealing the contents of the data. It offers a promising solution to encrypted data retrieval in cryptographic cloud storage. Certificateless public key cryptography(CLPKC) is a novel cryptographic primitive that has many merits. It overcomes the key escrow problem in identity-based cryptography(IBC) and the cumbersome certificate problem in conventional public key cryptography(PKC). Motivated by the appealing features of CLPKC, several certificateless encryption with keyword search(CLEKS) schemes have been presented in the literature. But, our cryptanalysis demonstrates that the previously proposed CLEKS frameworks suffer from the security vulnerability caused by the keyword guessing attack. To remedy the security weakness in the previous frameworks and provide resistance against both inside and outside keyword guessing attacks, we propose a new CLEKS framework. Under the new framework, we design a concrete CLEKS scheme and formally prove its security in the random oracle model. Compared with previous two CLEKS schemes, the proposed scheme has better overall performance while offering stronger security guarantee as it withstands the existing known types of keyword guessing attacks.
Searchable public key encryption is a useful cryptographic paradigm that enables an untrustworthy server to retrieve the encrypted data without revealing the contents of the data. It offers a promising solution to encrypted data retrieval in cryptographic cloud storage. Certificateless public key cryptography(CLPKC) is a novel cryptographic primitive that has many merits. It overcomes the key escrow problem in identity-based cryptography(IBC) and the cumbersome certificate problem in conventional public key cryptography(PKC). Motivated by the appealing features of CLPKC, several certificateless encryption with keyword search(CLEKS) schemes have been presented in the literature. But, our cryptanalysis demonstrates that the previously proposed CLEKS frameworks suffer from the security vulnerability caused by the keyword guessing attack. To remedy the security weakness in the previous frameworks and provide resistance against both inside and outside keyword guessing attacks, we propose a new CLEKS framework. Under the new framework, we design a concrete CLEKS scheme and formally prove its security in the random oracle model. Compared with previous two CLEKS schemes, the proposed scheme has better overall performance while offering stronger security guarantee as it withstands the existing known types of keyword guessing attacks.
Searchable public key encryption is a useful cryptographic paradigm that enables an untrustworthy server to retrieve the encrypted data without revealing the contents of the data. It offers a promising solution to encrypted data retrieval in cryptographic cloud storage. Certificateless public key cryptography(CLPKC) is a novel cryptographic primitive that has many merits. It overcomes the key escrow problem in identity-based cryptography(IBC) and the cumbersome certificate problem in conventional public key cryptography(PKC). Motivated by the appealing features of CLPKC, several certificateless encryption with keyword search(CLEKS) schemes have been presented in the literature. But, our cryptanalysis demonstrates that the previously proposed CLEKS frameworks suffer from the security vulnerability caused by the keyword guessing attack. To remedy the security weakness in the previous frameworks and provide resistance against both inside and outside keyword guessing attacks, we propose a new CLEKS framework. Under the new framework, we design a concrete CLEKS scheme and formally prove its security in the random oracle model. Compared with previous two CLEKS schemes, the proposed scheme has better overall performance while offering stronger security guarantee as it withstands the existing known types of keyword guessing attacks.
引文
[1]D.Song et al.,“Practical techniques for searching on encrypted data[C],”2000 31st IEEE symposium on Security and Privacy,IEEE,2000,pp.44-55.
[2]D.Boneh et al.,“Public key encryption with keyword search[C],”EUROCRYPT 2004,Springer,2004,pp.506-522.
[3]D.Park et al.,“Public key encryption with conjunctive field keyword search[C],”2004 5th International Workshop on Information Security Applications,Springer,2004,pp.73-86.
[4]J.Baek et al.,“Public key encryption with keyword search revisited[C],”2008 International Conference on Computational Science and Its Applications,Springer,2008,pp.1249-1259.
[5]H.Rhee et al.,“Improved searchable public key encryption with designated tester[C],”2009 4th ACM Symposium on Information,Computer and Communications Security,ACM,2009,pp.376-379.
[6]J.Shao et al.,“Proxy re-encryption with keyword search[J],”Information Sciences,vol.180,no.13,2010,pp.2576-2587.
[7]H.Rhee et al.,“Trapdoor security in a searchable public key encryption scheme with a designated tester[J],”Journal of System and Software,vol.83,no.5,2010,pp.763-771.
[8]B.Zhang et al.,“An efficient public key encryption with conjunctive-subset keywords search[J],”Journal of Network and Computer Applications,vol.34,no.1,2011,pp.262-267.
[9]Z.Lv et al.,“Expressive and secure searchable encryption in the public key setting[C],”201417th International Conference on Information Security,Springer,2014,pp.364-376.
[10]L.Fang et al.,“Public key encryption with keyword search secure against keyword guessing attacks without random oracle[J],”Information Sciences,vol.238,no.7,2013,pp.221-241.
[11]Y.Chen,“SPEKS:secure server-designation public key encryption with keyword search against keyword guessing attacks[J],”The Computer Journal,vol.58,no.4,2014,pp.922-933.
[12]Z.Shao et al.,“On security against the server in designated tester public key encryption with keyword search[J],”Information Processing Letters,vol.115,no.12,2015,pp.957-961.
[13]R.Chen et al.,“Dual-server public-key encryption with keyword search for secure cloud storage[J],”IEEE Transactions on Information Forensics&Security,vol.11,no.4,2016,pp.789-798.
[14]M.Abdalla et al.,“Searchable encryption revisited:consistency properties,relation to anonymous IBE,and extensions[J],”Journal of Cryptology,vol.21,no.3,2008,pp.350-391.
[15]A.Shamir,“Identity-based cryptosystems and signature schemes[C],”CRYPTO 1984,Springer,1984,pp.47-53.
[16]X.Tian et al.,“ID-based encryption with keyword search scheme from bilinear pairings[C],”2018 4th International Conference on Wireless Communications,Networking and Mobile Computing,IEEE,2008,pp.1-4.
[17]A.Siad,“Anonymous identity-based encryption with distributed private-key generator and searchable encryption[C],”2012 5th International Conference on New Technologies,Mobility and Security,IEEE,2012,pp.1-8.
[18]T.Wu et al.,“Efficient searchable id-based encryption with a designated server[J],”Annals of Telecommunications,vol.69,no.7,2014,pp.391-402.
[19]T.Koji et al.,“Ciphertext divided anonymous HIBE and its transformation to identity-based encryption with keyword search[J],”Journal of Information Processing,vol.23,no.5,2015,pp.562-569.
[20]J.Liu et al.,“Dual trapdoor identity-based encryption with keyword search[J],”Journal of Soft Computing,vol.21,no.10,2015,pp.1-9.
[21]X.Wang et al.,“Secure channel free id-based searchable encr yption for a peer-to-peer group[J],”Journal of Computer Science and Technology,vol.31,no.5,2016,pp.1012-1027.
[22]Y.Lu et al.,“Efficient designated server identity-based encryption with conjunctive keywords search[J],”Annals of Telecommunications,vol.72,no.5-6,2017,pp.359-370.
[23]Q.Zheng et al.,“VABKS:verifiable attribute-based keyword search over outsourced encrypted data[C],”2014 33rd Annual IEEE International Conference on Computer Communications,IEEE,2014,pp.522-530.
[24]W.Sun et al.,“Protecting your right:attribute-based keyword search with fine-grained owner-enforced search authorization in the cloud[J],”IEEE Transactions on Parallel and Distributed Systems,vol.27,no.4,2016,pp.1187-1198.
[25]J.Li et al.,“KSF-OABE:outsourced attribute-based encryption with keyword search function for cloud storage[J],”IEEE Transactions on Services Computing,vol.10,no.5,2017,pp.715-725.
[26]J.Li et al.,“Searchable ciphertext-policy attribute-based encryption with revocation in cloud storage[J],”International Journal of Communication Systems,vol.30,no.1,2017,Art.no.e2942.
[27]Y.Peng et al.,“Certificateless public key encryption with keyword search[J],”China Communications,vol.11,no.11,2014,pp.100-113.
[28]S.Al-Riyami et al.,“Certificateless public key cryptography[C],”ASIACRYPT 2003,Springer,2003,pp.452-473.
[29]Q.Zheng et al.,“CLKS:certificateless keyword search on encrypted data[C],”2015 9th International Conference on Network and System Security,Springer,2015,pp.239-253.
[30]M.Ma et al.,“Certificateless searchable public key encryption scheme for mobile healthcare system[J],”Computers and Electrical Engineering,vol.65,2018,pp.413-424.
[31]M.Ma et al.,“Certificateless searchable public key encryption scheme for Industrial Internet of Things[J],”IEEE Transactions on Industrial Informatics,vol.14,no.2,2018,pp.759-767.
[32]J.Byun et al.,“Off-line keyword guessing attacks on recent keyword search schemes over encrypted data[C],”2006 3rd VLDB Workshop on Secure Data Management,Springer,2006,pp.75-83.
[33]W.Yau et al.,“Off-line keyword guessing attacks on recent public key encryption with keyword search schemes[C],”2008 International Conference on Autonomic and Trusted Computing,Springer,2008,pp.100-105.
[34]Y.Lu et al.,“Keyword guessing attacks on a public key encryption with keyword search scheme without random oracle and its improvement[J],”Information Sciences,vol.479,2019,pp.270-276.
[35]Y.Lu et al.,“Efficient searchable public key encryption against keyword guessing attacks for cloud-based EMR systems[J],”Cluster Computing,vol.22,no.1,2019,pp.285-299.
[36]M.Bellare et al.,“Random oracles are practical:a paradigm for designing efficient protocols[C],”1993 ACM Conference on Computer and Communications Security,ACM,1993,pp.62-73.
[37]D.Boneh et al.,“Identity-based encryption from the Weil pairing[C],”CRYPTO 2001,Springer,2001,pp.213-229.
[38]M.Abdalla et al.,“DHIES:an encryption scheme based on the Diffie-Hellman problem[C],”The Cryptographer’s Track at RSA Conference 2001,Springer,2001,pp.143-158.
[39]W.Yau et al.,“Keyword guessing attacks on secure searchable public key encryption schemes with a designated tester[J],”International Journal of Computer Mathematics,vol.90,no.12,2013,pp.2581-2587.
[40]B.Lynn,“PBC Library:The pairing-based cryptography library[R],”Available at http://crypto.stanford.edu/pbc/.
[2]D.Boneh et al.,“Public key encryption with keyword search[C],”EUROCRYPT 2004,Springer,2004,pp.506-522.
[3]D.Park et al.,“Public key encryption with conjunctive field keyword search[C],”2004 5th International Workshop on Information Security Applications,Springer,2004,pp.73-86.
[4]J.Baek et al.,“Public key encryption with keyword search revisited[C],”2008 International Conference on Computational Science and Its Applications,Springer,2008,pp.1249-1259.
[5]H.Rhee et al.,“Improved searchable public key encryption with designated tester[C],”2009 4th ACM Symposium on Information,Computer and Communications Security,ACM,2009,pp.376-379.
[6]J.Shao et al.,“Proxy re-encryption with keyword search[J],”Information Sciences,vol.180,no.13,2010,pp.2576-2587.
[7]H.Rhee et al.,“Trapdoor security in a searchable public key encryption scheme with a designated tester[J],”Journal of System and Software,vol.83,no.5,2010,pp.763-771.
[8]B.Zhang et al.,“An efficient public key encryption with conjunctive-subset keywords search[J],”Journal of Network and Computer Applications,vol.34,no.1,2011,pp.262-267.
[9]Z.Lv et al.,“Expressive and secure searchable encryption in the public key setting[C],”201417th International Conference on Information Security,Springer,2014,pp.364-376.
[10]L.Fang et al.,“Public key encryption with keyword search secure against keyword guessing attacks without random oracle[J],”Information Sciences,vol.238,no.7,2013,pp.221-241.
[11]Y.Chen,“SPEKS:secure server-designation public key encryption with keyword search against keyword guessing attacks[J],”The Computer Journal,vol.58,no.4,2014,pp.922-933.
[12]Z.Shao et al.,“On security against the server in designated tester public key encryption with keyword search[J],”Information Processing Letters,vol.115,no.12,2015,pp.957-961.
[13]R.Chen et al.,“Dual-server public-key encryption with keyword search for secure cloud storage[J],”IEEE Transactions on Information Forensics&Security,vol.11,no.4,2016,pp.789-798.
[14]M.Abdalla et al.,“Searchable encryption revisited:consistency properties,relation to anonymous IBE,and extensions[J],”Journal of Cryptology,vol.21,no.3,2008,pp.350-391.
[15]A.Shamir,“Identity-based cryptosystems and signature schemes[C],”CRYPTO 1984,Springer,1984,pp.47-53.
[16]X.Tian et al.,“ID-based encryption with keyword search scheme from bilinear pairings[C],”2018 4th International Conference on Wireless Communications,Networking and Mobile Computing,IEEE,2008,pp.1-4.
[17]A.Siad,“Anonymous identity-based encryption with distributed private-key generator and searchable encryption[C],”2012 5th International Conference on New Technologies,Mobility and Security,IEEE,2012,pp.1-8.
[18]T.Wu et al.,“Efficient searchable id-based encryption with a designated server[J],”Annals of Telecommunications,vol.69,no.7,2014,pp.391-402.
[19]T.Koji et al.,“Ciphertext divided anonymous HIBE and its transformation to identity-based encryption with keyword search[J],”Journal of Information Processing,vol.23,no.5,2015,pp.562-569.
[20]J.Liu et al.,“Dual trapdoor identity-based encryption with keyword search[J],”Journal of Soft Computing,vol.21,no.10,2015,pp.1-9.
[21]X.Wang et al.,“Secure channel free id-based searchable encr yption for a peer-to-peer group[J],”Journal of Computer Science and Technology,vol.31,no.5,2016,pp.1012-1027.
[22]Y.Lu et al.,“Efficient designated server identity-based encryption with conjunctive keywords search[J],”Annals of Telecommunications,vol.72,no.5-6,2017,pp.359-370.
[23]Q.Zheng et al.,“VABKS:verifiable attribute-based keyword search over outsourced encrypted data[C],”2014 33rd Annual IEEE International Conference on Computer Communications,IEEE,2014,pp.522-530.
[24]W.Sun et al.,“Protecting your right:attribute-based keyword search with fine-grained owner-enforced search authorization in the cloud[J],”IEEE Transactions on Parallel and Distributed Systems,vol.27,no.4,2016,pp.1187-1198.
[25]J.Li et al.,“KSF-OABE:outsourced attribute-based encryption with keyword search function for cloud storage[J],”IEEE Transactions on Services Computing,vol.10,no.5,2017,pp.715-725.
[26]J.Li et al.,“Searchable ciphertext-policy attribute-based encryption with revocation in cloud storage[J],”International Journal of Communication Systems,vol.30,no.1,2017,Art.no.e2942.
[27]Y.Peng et al.,“Certificateless public key encryption with keyword search[J],”China Communications,vol.11,no.11,2014,pp.100-113.
[28]S.Al-Riyami et al.,“Certificateless public key cryptography[C],”ASIACRYPT 2003,Springer,2003,pp.452-473.
[29]Q.Zheng et al.,“CLKS:certificateless keyword search on encrypted data[C],”2015 9th International Conference on Network and System Security,Springer,2015,pp.239-253.
[30]M.Ma et al.,“Certificateless searchable public key encryption scheme for mobile healthcare system[J],”Computers and Electrical Engineering,vol.65,2018,pp.413-424.
[31]M.Ma et al.,“Certificateless searchable public key encryption scheme for Industrial Internet of Things[J],”IEEE Transactions on Industrial Informatics,vol.14,no.2,2018,pp.759-767.
[32]J.Byun et al.,“Off-line keyword guessing attacks on recent keyword search schemes over encrypted data[C],”2006 3rd VLDB Workshop on Secure Data Management,Springer,2006,pp.75-83.
[33]W.Yau et al.,“Off-line keyword guessing attacks on recent public key encryption with keyword search schemes[C],”2008 International Conference on Autonomic and Trusted Computing,Springer,2008,pp.100-105.
[34]Y.Lu et al.,“Keyword guessing attacks on a public key encryption with keyword search scheme without random oracle and its improvement[J],”Information Sciences,vol.479,2019,pp.270-276.
[35]Y.Lu et al.,“Efficient searchable public key encryption against keyword guessing attacks for cloud-based EMR systems[J],”Cluster Computing,vol.22,no.1,2019,pp.285-299.
[36]M.Bellare et al.,“Random oracles are practical:a paradigm for designing efficient protocols[C],”1993 ACM Conference on Computer and Communications Security,ACM,1993,pp.62-73.
[37]D.Boneh et al.,“Identity-based encryption from the Weil pairing[C],”CRYPTO 2001,Springer,2001,pp.213-229.
[38]M.Abdalla et al.,“DHIES:an encryption scheme based on the Diffie-Hellman problem[C],”The Cryptographer’s Track at RSA Conference 2001,Springer,2001,pp.143-158.
[39]W.Yau et al.,“Keyword guessing attacks on secure searchable public key encryption schemes with a designated tester[J],”International Journal of Computer Mathematics,vol.90,no.12,2013,pp.2581-2587.
[40]B.Lynn,“PBC Library:The pairing-based cryptography library[R],”Available at http://crypto.stanford.edu/pbc/.