Abstract
As one of the most important manners of personal and business communications, cloud emails have been widely employed due to its advantages of low-cost and convenience. However, with the occurrence of large-scale email leakage events and the revelation of long-term monitoring of personal communications, customers are increasingly worried about the security and privacy of their sensitive emails. In this paper, we first formalize a new cryptographic primitive named forward-secure puncturable identity-based encryption (fs-PIBE) for enhancing the security and privacy of cloud email systems. This primitive enables an email receiver to individually revoke the decryption capacity of a received email that was encrypted, while retaining the decryption capacity of those unreceived ones. Consequently, those received emails remain secure even if the secret key is comprised. Thus, it provides more practical forward secrecy than traditional forward-secure public key encryption, in which the decryption capacity of those received and unreceived emails is revoked simultaneously. Besides, we propose a concrete construction of fs-PIBE with constant size of ciphertext, and prove its security in the standard model. We present the performance analysis to demonstrate its merits.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
For a leaf node \(\eta _\tau \), we assume that \(\mathcal {R}(\eta _\tau )=\eta _\tau \).
- 2.
We exclude the FSPE scheme in [15] from comparisons since it is a generic one.
References
Abu-Salma, R., Sasse, M.A., Bonneau, J., Danilova, A., Naiakshina, A., Smith, M.: Obstacles to the adoption of secure communication tools. In: IEEE S&P 2017, pp. 137–153. IEEE (2017)
Boneh, D., Boyen, X., Goh, E.-J.: Hierarchical identity based encryption with constant size ciphertext. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 440–456. Springer, Heidelberg (2005). https://doi.org/10.1007/11426639_26
Boneh, D., Franklin, M.: Identity-based encryption from the weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44647-8_13
Boneh, D., Gentry, C., Waters, B.: Collusion resistant broadcast encryption with short ciphertexts and private keys. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 258–275. Springer, Heidelberg (2005). https://doi.org/10.1007/11535218_16
Brown, I., Back, A., Laurie, B.: Forward secrecy extensions for OpenPGP, April 2002. https://tools.ietf.org/html/draft-brown-pgp-pfs-03
Callas, J., Donnerhacke, L., Finney, H., Shaw, D., Thayer, R.: OpenPGP Message Format, November 2007, RFC 4880. https://tools.ietf.org/html/rfc4880
Canetti, R., Halevi, S., Katz, J.: A forward-secure public-key encryption scheme. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 255–271. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-39200-9_16
Chen, H.C.: Secure multicast key protocol for electronic mail systems with providing perfect forward secrecy. Secur. Commun. Netw. 6(1), 100–107 (2013)
DataMotion: DataMotion SecureMail (2013). https://www.proofpoint.com/us/products/email-protection. Accessed 18 April 2019
Dent, A.W.: Flaws in an e-mail protocol. IEEE Commun. Lett. 9(8), 718–719 (2005)
Derler, D., Jager, T., Slamanig, D., Striecks, C.: Bloom filter encryption and applications to efficient forward-secret 0-RTT key exchange. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10822, pp. 425–455. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78372-7_14
Derler, D., Krenn, S., Lorünser, T., Ramacher, S., Slamanig, D., Striecks, C.: Revisiting proxy re-encryption: forward secrecy, improved security, and applications. In: Abdalla, M., Dahab, R. (eds.) PKC 2018. LNCS, vol. 10769, pp. 219–250. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-76578-5_8
Garfinkel, S.L., Miller, R.C.: Johnny 2: a user test of key continuity management with S/MIME and outlook express. In: Proceedings of the 2005 Symposium on Usable Privacy and Security, pp. 13–24. ACM (2005)
Green, M., Miers, I.: Forward secure asynchronous messaging from puncturable encryption. In: 2015 IEEE Symposium on Security and Privacy-S&P 2015, pp. 305–320 (2015)
Günther, F., Hale, B., Jager, T., Lauer, S.: 0-RTT key exchange with full forward secrecy. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10212, pp. 519–548. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-56617-7_18
Hofheinz, D., Jia, D., Pan, J.: Identity-based encryption tightly secure under chosen-ciphertext attacks. In: Peyrin, T., Galbraith, S. (eds.) ASIACRYPT 2018. LNCS, vol. 11273, pp. 190–220. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03329-3_7
Huang, X., et al.: Cost-effective authentic and anonymous data sharing with forward security. IEEE Trans. Comput. 64(4), 971–983 (2015)
Kim, B.H., Koo, J.H., Lee, D.H.: Robust e-mail protocols with perfect forward secrecy. IEEE Commun. Lett. 10(6), 510–512 (2006)
Laurie, B., Langley, A., Kasper, E.: Certificate Transparency, June 2013, RFC 6962. http://www.rfc-editor.org/info/rfc6962
Li, H., Huang, Q., Shen, J., Yang, G., Susilo, W.: Designated-server identity-based authenticated encryption with keyword search for encrypted emails. Inf. Sci. 481, 330–343 (2019)
Ostrovsky, R., Sahai, A., Waters, B.: Attribute-based encryption with non-monotonic access structures. In: CCS 2007, pp. 195–203. ACM (2007)
Poddebniak, D., et al.: Efail: breaking S/MIME and OpenPGP email encryption using exfiltration channels. In: USENIX Security Symposium, pp. 549–566 (2018)
Proofpoint: Proofpoint Email Protection (2005). https://www.proofpoint.com/us/products/email-protection. Accessed 18 Apr 2019
Ramsdell, B., Turner, S.: Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.2 Message Specification, January 2010, RFC 5751 (Proposed Standard). https://tools.ietf.org/html/rfc5751
Ryan, M.D.: Enhanced certificate transparency and end-to-end encrypted mail. In: NDSS, pp. 1–14 (2014)
Schneier, B., Hall, C.: An improved e-mail security protocol. In: Proceedings 13th Annual Computer Security Applications Conference, pp. 227–230. IEEE (1997)
Shamir, A.: Identity-based cryptosystems and signature schemes. In: Blakley, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 47–53. Springer, Heidelberg (1985). https://doi.org/10.1007/3-540-39568-7_5
Sun, H.M., Hsieh, B.T., Hwang, H.J.: Secure e-mail protocols providing perfect forward secrecy. IEEE Commun. Lett. 9(1), 58–60 (2005)
The Radicati Group Inc.: Cloud Email and Collaboration-Market Quadrant 2019, March 2019. https://www.radicati.com/wp/wp-content/uploads/2019/03/Cloud-Email-and-Collaboration-Market-Quadrant-2019-Brochure.pdf. Accessed 8 Apr 2019
Unger, N., et al.: SoK: secure messaging. In: 2015 IEEE Symposium on Security and Privacy, pp. 232–249. IEEE (2015)
Waters, B.: Efficient identity-based encryption without random oracles. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 114–127. Springer, Heidelberg (2005). https://doi.org/10.1007/11426639_7
Wikileaks: Hillary Clinton Email Archive, March 2016. https://wikileaks.org/clinton-emails/. Accessed 8 Apr 2019
Wikileaks: The Podesta Emails, March 2016. https://wikileaks.org/podesta-emails/. Accessed 8 Apr 2019
Xu, P., Jiao, T., Wu, Q., Wang, W., Jin, H.: Conditional identity-based broadcast proxy re-encryption and its application to cloud email. IEEE Trans. Comput. 65(1), 66–79 (2016)
Yao, D., Fazio, N., Dodis, Y., Lysyanskaya, A.: ID-based encryption for complex hierarchies with applications to forward security and broadcast encryption. In: Proceedings of the 11th ACM Conference on Computer and Communications Security, pp. 354–363. ACM (2004)
Acknowledgement
This work is supported in part by the National Nature Science Foundation of China under Grants 61702549, 61572382 and 61702401, and in part by the National Cryptography Development Fund (No. MMJJ20180110), and in part by the Open Foundation of State Key Laboratory of Integrated Services Networks (Xidian University) under Grant ISN19-12.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Wei, J., Chen, X., Wang, J., Hu, X., Ma, J. (2019). Forward-Secure Puncturable Identity-Based Encryption for Securing Cloud Emails. In: Sako, K., Schneider, S., Ryan, P. (eds) Computer Security – ESORICS 2019. ESORICS 2019. Lecture Notes in Computer Science(), vol 11736. Springer, Cham. https://doi.org/10.1007/978-3-030-29962-0_7
Download citation
DOI: https://doi.org/10.1007/978-3-030-29962-0_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-29961-3
Online ISBN: 978-3-030-29962-0
eBook Packages: Computer ScienceComputer Science (R0)