Skip to main content
SpringerLink
Log in

A countermeasure against cryptographic key leakage in cloud: public-key encryption with continuous leakage and tampering resilience

  • Published:
The Journal of Supercomputing Aims and scope Submit manuscript

Abstract

Public-key encryption is an important security mechanism used in cloud environment. To ensure the confidentiality of data encrypted using public-key encryption, countermeasures against cryptographic key leakage by side-channel attacks should be applied to the encryption scheme implemented both in locality and in cloud server. Traditional public-key encryption does not capture side-channel attacks. Moreover, the adversary can inject fault to tamper with the secret key and observe the output of the public-key encryption scheme under this modified key which is called “tampering attack”. In this paper, we present two continuous leakage and tampering resilient CCA secure public-key encryption schemes. For implementations of our schemes during the key update, bounded number of tampering queries for arbitrary key relations and bounded leakage is allowed. By updating the secret key, our schemes are secure against continuous leakage and tampering attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Fortis T, Munteanu V, Negru V (2015) A taxonomic view of cloud computing services. Int J Comput Sci Eng 11(1):17–28

    Google Scholar 

  2. Gao C, Cheng Q, Li X, Xia S (2018) Cloud-assisted privacy-preserving profile-matching scheme under multiple keys in mobile social network. Clust Comput. https://doi.org/10.1007/s10,586-017-1649-y

  3. Shen J, Gui Z, Ji S, Shen J, Tan H (2018) Cloud-aided lightweight certificateless authentication protocol with anonymity for wireless body area networks. J Netw Comput Appl. https://doi.org/10.1016/j.jnca.2018.01.003

  4. Gai K, Liu M, Hassan H (2017) Secure cyber incident analytics framework using monte carlo simulations for financial cybersecurity insurance in cloud computing. Concurr Comput Pract Exp 29(7):e3856

    Article  Google Scholar 

  5. Bertino E, Paci F, Ferrini R, Shang N (2009) Privacy-preserving digital identity management for cloud computing. IEEE Data Eng Bull 32:21–27

    Google Scholar 

  6. Xu J, Wei L, Zhang Y, Wang A, Zhou F, Cz Gao (2018) Dynamic fully homomorphic encryption-based merkle tree for lightweight streaming authenticated data structures. J Netw Comput Appl 107:113–124

    Article  Google Scholar 

  7. Joshi J, Bhatti R, Bertino E, Ghafoor A (2004) Access control language for multidomain environments. IEEE Internet Comput 8(6):40–50

    Article  Google Scholar 

  8. Zhong H, Zhu W, Xu Y, Cui J (2018) Multi-authority attribute-based encryption access control scheme with policy hidden for cloud storage. Soft Comput 22:243–251

    Article  MATH  Google Scholar 

  9. Hesamifard E, Takabi H, Ghasemi M, Jones C (2017) Privacy-preserving machine learning in cloud. In: CCSW 2017, pp 39–43

  10. Li P, Li J, Huang Z, Gao C, Chen W, Chen K (2017) Privacy-preserving outsourced classification in cloud computing. Clust Comput. https://doi.org/10.1007/s10,586-017-0849-9

  11. Ding W, Yan Z, Deng R (2017) Secure encrypted data deduplication with ownership proof and user revocation. In: ICA3PP 2017, pp 297–312

  12. Li J, Li Y, Chen X, Lee P, Lou W (2015) A hybrid cloud approach for secure authorized deduplication. IEEE Trans Parallel Distrib Syst 26(5):1206–1216

    Article  Google Scholar 

  13. Boneh D, Di Crescenzo G, Ostrovsky R, Persiano G (2004) Public key encryption with keyword search. In: Eurocrypt 2004, pp 506–522

  14. Cui J, Zhou H, Zhong H, Xu Y (2018) Akser: attribute-based keyword search with efficient revocation in cloud computing. Inf Sci 423:343–352

    Article  Google Scholar 

  15. Lai J, Zhou X, Deng RH, Li Y, Chen K (2013) Expressive search on encrypted data. In: AisaCCS 2013, pp 243–252

  16. Xu Y, Wang M, Zhong H, Cui J, Liu L, Franqueira V (2017) Verifiable public key encryption scheme with equality test in 5g networks. IEEE Access 5:12,702–12,713

    Article  Google Scholar 

  17. Yang L, Han Z, Huang Z, Ma J (2018) A remotely keyed file encryption scheme under mobile cloud computing. J Netw Comput Appl 106:90–99

    Article  Google Scholar 

  18. Zhong H, Cui J, Shi R, Xia C (2016) Many-to-one homomorphic encryption scheme. Secur Commun Netw 9(10):1007–1015

    Article  Google Scholar 

  19. Li J, Huang X, Li J, Chen X, Xiang Y (2014) Securely outsourcing attribute-based encryption with checkability. IEEE Trans Parallel Distrib Syst 25(8):2201–2210

    Article  Google Scholar 

  20. Ateniese G, Burns R, Curtmola R, Herring J, Kissner L, Peterson Z, Song D (2007) Provable data possession at untrusted stores. In: CCS 2007. ACM, pp 598–609

  21. Li J, Liu Z, Chen X, Xhafa F, Tan X, Wong DS (2015) L-encdb: a lightweight framework for privacy-preserving data queries in cloud computing. Knowl Based Syst 79:18–26

    Article  Google Scholar 

  22. Li B, Huang Y, Liu Z, Li J, Tian Z, Yiu SM (2018) Hybridoram: practical oblivious cloud storage with constant bandwidth. Inf Sci. https://doi.org/10.1016/j.ins.2018.02.019

  23. Hohenberger S, Rothblum G, shelat A, Vaikuntanathan V (2011) Securely obfuscating re-encryption. Proceedings of the Theory of Cryptography Conference. J Cryptol 24(4):694–719

    Article  MATH  Google Scholar 

  24. Li J, Li J, Chen X, Jia C, Lou W (2015) Identity-based encryption with outsourced revocation in cloud computing. IEEE Trans Comput 64(2):425–437

    Article  MathSciNet  MATH  Google Scholar 

  25. Liu Q, Guo Y, Wu J, Wang G (2017) Effective query grouping strategy in clouds. J Comput Sci Technol 32(6):1231–1249

    Article  MathSciNet  Google Scholar 

  26. Biham E, Shamir A (1997) Differential fault analysis of secret key cryptosystems. In: Advances in Cryptology-CRYPTO 1997. Springer, pp 513–525

  27. Gandolff K, Mourtel C, Olivier F (2001) Electromagnetic analysis: concrete results. In: CHES 2001, pp 251–261

  28. Biham E, Carmeli Y, Shamir A (2008) Bug attacks. In: Advances in Cryptology-CRYPTO 2008. Springer, pp 221–240

  29. Halderman J, Schoen S, Nadia H, Clarkson W, Paul W, Calandrino J, Feldman A, Appelbaum J, Felten E (2008) Lest we remember: cold-boot attacks on encryption keys. In: USENIX Security Symposium 2008, pp 45–60

  30. Ristenpart T, Tromer E, Shacham H, Savage S (2009) Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In: CCS, pp 199–212 (2009)

  31. Zhang Y, Juels A, Reiter M, Ristenpart T (2012) Cross-vm side channels and their use to extract private keys. In: CCS, pp 305–316 (2012)

  32. Inci M, Gulmezoglu B, Irazoqui G, Eisenbarth T, Sunar B (2015) Seriously get off my cloud cross-vm rsa key recovery in a public cloud. Cryptology ePrint Archive 2015:898

  33. Bellare M, Cash D, Miller R (2011) Cryptography secure against related-key attacks and tampering. In: Advances in Cryptology-ASIACRYPT 2011. Springer, pp 486–503

  34. Gennaro R, Lysyanskaya A, Malkin T, Micali S, Rabin T (2004) Algorithmic tamper-proof (atp) security: theoretical foundations for security against hardware tampering. In: TCC 2004. Springer, pp 258–277

  35. Wee H (2012) Public key encryption against related key attacks. In: PKC 2012. Springer, pp 262–279

  36. Akkar ML, Giraud C (2001) An implementation of des and aes, secure against some attacks. In: CHES 2001, pp 309–318

  37. Trichina E, De Seta D, Germani L (2002) Simplified adaptive multiplicative masking for aes. In: CHES 2002, pp 187–197

  38. Dziembowski S, Pietrzak K (2008) Leakage-resilient cryptography. In: FOCS 2008, pp 293–302

  39. Juma A, Vahlis Y (2010) Protecting cryptographic keys against continual leakage. In: Advances in Cryptology-CRYPTO 2010. Springer, pp 41–58

  40. Chow S, Dodis Y, Rouselakis Y, Waters B (2010) Practical leakageresilient identity-based encryption from simple assumptions. In: CCS 2010, pp 152–161

  41. Boyle E, Segev G, Wichs D (2011) Fully leakage-resilient signatures. In: Advances in Cryptology-EUROCRYPT 2011. Springer, pp 89–108

  42. Halevi S, Lin H (2011) After-the-fact leakage in public-key encryption. In: TCC 2011, pp 474–495

  43. Zhang M, Yang B, Takagi T (2013) Bounded leakage-resilient functional encryption with hidden vector predicate. Comput J 56(4):464–477

    Article  Google Scholar 

  44. Huang Z, Liu S, Mao X, Chen K, Li J (2017) Insight of the protection for data security under selective opening attacks. Inf Sci 412:223–241

    Article  Google Scholar 

  45. Brakerski Z, Kalai Y, Katz J, Vaikuntanathan V (2010) Overcoming the hole in the bucket: public-key cryptography resilient to continual memory leakage. In: FOCS 2010, pp 501–510

  46. Dodis Y, Haralambiev K, Lopez-Alt A, Wichs D (2010) Cryptography against continuous memory attacks. In: FOCS 2010, pp 511–520

  47. Shen J, Wang C, Li T, Chen X, Huang X, Zhan ZH (2018) Secure data uploading scheme for a smart home system. Inf Sci. https://doi.org/10.1016/j.ins.2018.04.048

  48. Chen X, Li J, Weng J, Ma J, Lou W (2016) Verifiable computation over large database with incremental updates. IEEE Trans Comput 65(10):3184–3195

    Article  MathSciNet  MATH  Google Scholar 

  49. Lewko A, Rouselakis Y, Waters B (2011) Achieving leakage resilience through dual system encryption. In: TCC 2011, pp 70–88

  50. Lewko A, Lewko M, Waters B (2011) How to leak on key updates. In: STOC 2011, pp 725–734

  51. Dodis Y, Lewko A, Waters B, Wichs D (2011) Storing secrets on continually leaky devices. In: FOCS 2011, pp 688–697

  52. Kalai Y, Kanukurthi B, Sahai A (2011) Cryptography with tamperable and leaky memory. In: Advances in Cryptology-CRYPTO 2011. Springer, pp 373–390

  53. Damgård I, Faust S, Mukherjee P, Venturi D (2013) Bounded tamper resilience: How to go beyond the algebraic barrier. In: Advances in Cryptology-ASIACRYPT 2013. Springer, pp 140–160

  54. Li J, Chen X, Li M, Li J, Lee PP, Lou W (2014) Secure deduplication with efficient and reliable convergent key management. IEEE Trans Parallel Distrib Syst 25(6):1615–1625

    Article  Google Scholar 

  55. Wichs D (2011) Cryptographic resilience to continual information leakage. PhD thesis, New York University

  56. Naor M, Yung M (1990) Public-key cryptosystems provably secure against chosen ciphertext attacks. In: STOC 1990, pp 427–437

  57. Qin B, Liu S (2013) Leakage-resilient chosen-ciphertext secure public-key encryption from hash proof system and one-time lossy filter. In: Advances in Cryptology-ASIACRYPT 2013. Springer, pp 381–400

  58. Naor M, Segev G (2012) Public-key cryptosystems resilient to key leakage. SIAM J Comput 41(4):772–814

    Article  MathSciNet  MATH  Google Scholar 

  59. Cramer R, Shoup V (2002) Universal hash proofs and a paradigm for adaptive chosen ciphertext secure public-key encryption. In: Advances in Cryptology-EUROCRYPT 2002. Springer, pp 45–64

  60. Dodis Y, Kalai Y, Lovett S (2009) On cryptography with auxiliary input. In: STOC 2009, pp 621–630

  61. Chen J, Wei Lim H, Ling S, Wang H, Wee H (2012) Shorter ibe and signatures via asymmetric pairings. In: Pairing 2012, pp 122–140

  62. Yang R, Xu Q, Zhou Y, Zhang R, Hu C, Yu Z (2015) Updatable hash proof system and its applications. In: ESORICS2015, pp 266–285

  63. Shoup V (2004) Sequences of games: a tool for taming complexity in security proofs. Cryptology ePrint Archive 2004:332

    Google Scholar 

Download references

Acknowledgements

This project is supported by National Natural Science Foundation of China (No. 61602275), the Open Project of Co-Innovation Center for Information Supply & Assurance Technology, Anhui University (No. ADXXBZ201702), and Shandong Province Higher Educational Science and Technology Program (No. J15LN01).

Author information

Authors and Affiliations

  1. Software College, Shandong University, Jinan, 250101, China

    Chengyu Hu

  2. Co-Innovation Center for Information Supply & Assurance Technology, Anhui University, Hefei, 230601, China

    Chengyu Hu

  3. School of Computer Science and Technology, Shandong University, Jinan, 250101, China

    Rupeng Yang

  4. School of Information, Shandong University of Political Science and Law, Jinan, 250014, China

    Pengtao Liu

  5. School of Computer Science, Guangzhou University, Guangzhou, 510006, China

    Tong Li

  6. Institute of Network Security, Shandong University, Jinan, 250100, China

    Fanyu Kong

Authors
  1. Chengyu Hu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Rupeng Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Pengtao Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Tong Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Fanyu Kong
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Tong Li.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Hu, C., Yang, R., Liu, P. et al. A countermeasure against cryptographic key leakage in cloud: public-key encryption with continuous leakage and tampering resilience. J Supercomput 75, 3099–3122 (2019). https://doi.org/10.1007/s11227-018-2534-z

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11227-018-2534-z

Keywords

Search

Navigation