Skip to main content
SpringerLink
Log in

Forward-Secure Puncturable Identity-Based Encryption for Securing Cloud Emails

  • Conference paper
  • First Online:
Computer Security – ESORICS 2019 (ESORICS 2019)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11736))

Included in the following conference series:

Abstract

As one of the most important manners of personal and business communications, cloud emails have been widely employed due to its advantages of low-cost and convenience. However, with the occurrence of large-scale email leakage events and the revelation of long-term monitoring of personal communications, customers are increasingly worried about the security and privacy of their sensitive emails. In this paper, we first formalize a new cryptographic primitive named forward-secure puncturable identity-based encryption (fs-PIBE) for enhancing the security and privacy of cloud email systems. This primitive enables an email receiver to individually revoke the decryption capacity of a received email that was encrypted, while retaining the decryption capacity of those unreceived ones. Consequently, those received emails remain secure even if the secret key is comprised. Thus, it provides more practical forward secrecy than traditional forward-secure public key encryption, in which the decryption capacity of those received and unreceived emails is revoked simultaneously. Besides, we propose a concrete construction of fs-PIBE with constant size of ciphertext, and prove its security in the standard model. We present the performance analysis to demonstrate its merits.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    For a leaf node \(\eta _\tau \), we assume that \(\mathcal {R}(\eta _\tau )=\eta _\tau \).

  2. 2.

    We exclude the FSPE scheme in [15] from comparisons since it is a generic one.

References

  1. Abu-Salma, R., Sasse, M.A., Bonneau, J., Danilova, A., Naiakshina, A., Smith, M.: Obstacles to the adoption of secure communication tools. In: IEEE S&P 2017, pp. 137–153. IEEE (2017)

    Google Scholar 

  2. Boneh, D., Boyen, X., Goh, E.-J.: Hierarchical identity based encryption with constant size ciphertext. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 440–456. Springer, Heidelberg (2005). https://doi.org/10.1007/11426639_26

    Chapter  Google Scholar 

  3. Boneh, D., Franklin, M.: Identity-based encryption from the weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44647-8_13

    Chapter  Google Scholar 

  4. Boneh, D., Gentry, C., Waters, B.: Collusion resistant broadcast encryption with short ciphertexts and private keys. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 258–275. Springer, Heidelberg (2005). https://doi.org/10.1007/11535218_16

    Chapter  Google Scholar 

  5. Brown, I., Back, A., Laurie, B.: Forward secrecy extensions for OpenPGP, April 2002. https://tools.ietf.org/html/draft-brown-pgp-pfs-03

  6. Callas, J., Donnerhacke, L., Finney, H., Shaw, D., Thayer, R.: OpenPGP Message Format, November 2007, RFC 4880. https://tools.ietf.org/html/rfc4880

  7. Canetti, R., Halevi, S., Katz, J.: A forward-secure public-key encryption scheme. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 255–271. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-39200-9_16

    Chapter  Google Scholar 

  8. Chen, H.C.: Secure multicast key protocol for electronic mail systems with providing perfect forward secrecy. Secur. Commun. Netw. 6(1), 100–107 (2013)

    Article  MathSciNet  Google Scholar 

  9. DataMotion: DataMotion SecureMail (2013). https://www.proofpoint.com/us/products/email-protection. Accessed 18 April 2019

  10. Dent, A.W.: Flaws in an e-mail protocol. IEEE Commun. Lett. 9(8), 718–719 (2005)

    Article  Google Scholar 

  11. Derler, D., Jager, T., Slamanig, D., Striecks, C.: Bloom filter encryption and applications to efficient forward-secret 0-RTT key exchange. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10822, pp. 425–455. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78372-7_14

    Chapter  Google Scholar 

  12. Derler, D., Krenn, S., Lorünser, T., Ramacher, S., Slamanig, D., Striecks, C.: Revisiting proxy re-encryption: forward secrecy, improved security, and applications. In: Abdalla, M., Dahab, R. (eds.) PKC 2018. LNCS, vol. 10769, pp. 219–250. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-76578-5_8

    Chapter  Google Scholar 

  13. Garfinkel, S.L., Miller, R.C.: Johnny 2: a user test of key continuity management with S/MIME and outlook express. In: Proceedings of the 2005 Symposium on Usable Privacy and Security, pp. 13–24. ACM (2005)

    Google Scholar 

  14. Green, M., Miers, I.: Forward secure asynchronous messaging from puncturable encryption. In: 2015 IEEE Symposium on Security and Privacy-S&P 2015, pp. 305–320 (2015)

    Google Scholar 

  15. Günther, F., Hale, B., Jager, T., Lauer, S.: 0-RTT key exchange with full forward secrecy. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10212, pp. 519–548. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-56617-7_18

    Chapter  Google Scholar 

  16. Hofheinz, D., Jia, D., Pan, J.: Identity-based encryption tightly secure under chosen-ciphertext attacks. In: Peyrin, T., Galbraith, S. (eds.) ASIACRYPT 2018. LNCS, vol. 11273, pp. 190–220. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03329-3_7

    Chapter  Google Scholar 

  17. Huang, X., et al.: Cost-effective authentic and anonymous data sharing with forward security. IEEE Trans. Comput. 64(4), 971–983 (2015)

    Article  MathSciNet  Google Scholar 

  18. Kim, B.H., Koo, J.H., Lee, D.H.: Robust e-mail protocols with perfect forward secrecy. IEEE Commun. Lett. 10(6), 510–512 (2006)

    Article  Google Scholar 

  19. Laurie, B., Langley, A., Kasper, E.: Certificate Transparency, June 2013, RFC 6962. http://www.rfc-editor.org/info/rfc6962

  20. Li, H., Huang, Q., Shen, J., Yang, G., Susilo, W.: Designated-server identity-based authenticated encryption with keyword search for encrypted emails. Inf. Sci. 481, 330–343 (2019)

    Article  Google Scholar 

  21. Ostrovsky, R., Sahai, A., Waters, B.: Attribute-based encryption with non-monotonic access structures. In: CCS 2007, pp. 195–203. ACM (2007)

    Google Scholar 

  22. Poddebniak, D., et al.: Efail: breaking S/MIME and OpenPGP email encryption using exfiltration channels. In: USENIX Security Symposium, pp. 549–566 (2018)

    Google Scholar 

  23. Proofpoint: Proofpoint Email Protection (2005). https://www.proofpoint.com/us/products/email-protection. Accessed 18 Apr 2019

  24. Ramsdell, B., Turner, S.: Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.2 Message Specification, January 2010, RFC 5751 (Proposed Standard). https://tools.ietf.org/html/rfc5751

  25. Ryan, M.D.: Enhanced certificate transparency and end-to-end encrypted mail. In: NDSS, pp. 1–14 (2014)

    Google Scholar 

  26. Schneier, B., Hall, C.: An improved e-mail security protocol. In: Proceedings 13th Annual Computer Security Applications Conference, pp. 227–230. IEEE (1997)

    Google Scholar 

  27. Shamir, A.: Identity-based cryptosystems and signature schemes. In: Blakley, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 47–53. Springer, Heidelberg (1985). https://doi.org/10.1007/3-540-39568-7_5

    Chapter  Google Scholar 

  28. Sun, H.M., Hsieh, B.T., Hwang, H.J.: Secure e-mail protocols providing perfect forward secrecy. IEEE Commun. Lett. 9(1), 58–60 (2005)

    Article  Google Scholar 

  29. The Radicati Group Inc.: Cloud Email and Collaboration-Market Quadrant 2019, March 2019. https://www.radicati.com/wp/wp-content/uploads/2019/03/Cloud-Email-and-Collaboration-Market-Quadrant-2019-Brochure.pdf. Accessed 8 Apr 2019

  30. Unger, N., et al.: SoK: secure messaging. In: 2015 IEEE Symposium on Security and Privacy, pp. 232–249. IEEE (2015)

    Google Scholar 

  31. Waters, B.: Efficient identity-based encryption without random oracles. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 114–127. Springer, Heidelberg (2005). https://doi.org/10.1007/11426639_7

    Chapter  Google Scholar 

  32. Wikileaks: Hillary Clinton Email Archive, March 2016. https://wikileaks.org/clinton-emails/. Accessed 8 Apr 2019

  33. Wikileaks: The Podesta Emails, March 2016. https://wikileaks.org/podesta-emails/. Accessed 8 Apr 2019

  34. Xu, P., Jiao, T., Wu, Q., Wang, W., Jin, H.: Conditional identity-based broadcast proxy re-encryption and its application to cloud email. IEEE Trans. Comput. 65(1), 66–79 (2016)

    Article  MathSciNet  Google Scholar 

  35. Yao, D., Fazio, N., Dodis, Y., Lysyanskaya, A.: ID-based encryption for complex hierarchies with applications to forward security and broadcast encryption. In: Proceedings of the 11th ACM Conference on Computer and Communications Security, pp. 354–363. ACM (2004)

    Google Scholar 

Download references

Acknowledgement

This work is supported in part by the National Nature Science Foundation of China under Grants 61702549, 61572382 and 61702401, and in part by the National Cryptography Development Fund (No. MMJJ20180110), and in part by the Open Foundation of State Key Laboratory of Integrated Services Networks (Xidian University) under Grant ISN19-12.

Author information

Authors and Affiliations

  1. State Key Laboratory of Integrated Service Networks, Xidian University, Xi’an, China

    Jianghong Wei, Xiaofeng Chen, Jianfeng Wang & Jianfeng Ma

  2. State Key Laboratory of Cryptology, P. O. Box 5159, Beijing, 100878, China

    Jianghong Wei, Xiaofeng Chen & Jianfeng Wang

  3. State Key Laboratory of Mathematical Engineering and Advanced Computing, PLA Strategic Force Information Engineering University, Zhengzhou, China

    Jianghong Wei & Xuexian Hu

Authors
  1. Jianghong Wei
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Xiaofeng Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jianfeng Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Xuexian Hu
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Jianfeng Ma
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Xiaofeng Chen .

Editor information

Editors and Affiliations

  1. NEC Corporation, Kawasaki, Japan

    Kazue Sako

  2. University of Surrey, Guildford, UK

    Steve Schneider

  3. University of Luxembourg, Esch-sur-Alzette, Luxembourg

    Peter Y. A. Ryan

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Wei, J., Chen, X., Wang, J., Hu, X., Ma, J. (2019). Forward-Secure Puncturable Identity-Based Encryption for Securing Cloud Emails. In: Sako, K., Schneider, S., Ryan, P. (eds) Computer Security – ESORICS 2019. ESORICS 2019. Lecture Notes in Computer Science(), vol 11736. Springer, Cham. https://doi.org/10.1007/978-3-030-29962-0_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-29962-0_7

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-29961-3

  • Online ISBN: 978-3-030-29962-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation