Proxy re-encryption for fine-grained access control: Its applicability, security under stronger notions and performance. (October 2020)
- Record Type:
- Journal Article
- Title:
- Proxy re-encryption for fine-grained access control: Its applicability, security under stronger notions and performance. (October 2020)
- Main Title:
- Proxy re-encryption for fine-grained access control: Its applicability, security under stronger notions and performance
- Authors:
- Pareek, Gaurav
Purushothama, B R - Abstract:
- Abstract: Proxy Re-encryption (PRE) offers an efficient solution for enforcing access control on outsourced data through delegation of decryption rights of a delegator to a delegatee. However, to meet practical security requirements of an access control model, the delegator must control these delegations such that a re-encryption key enables the delegation of decryption rights of only a subset of the delegator's ciphertexts. In this paper, we focus on a category of PRE-based primitives, which we refer to as "PRE with controlled delegation". In these primitives, instead of the re-encryption key alone, the re-encryption key and authorization of the delegatee for a data item collectively determine whether the ciphertext transformation results in a valid re-encrypted ciphertext under the delegatee's public key. This paper provides an exhaustive functional, security and performance analysis of all the existing schemes for PRE with controlled delegation in a concrete fine-grained access control model. We show that the traditional PRE security notions are insufficient to address all the security aspects of the access control model. Motivated by our analysis, we formulate stronger security notions and state the desirable efficiency requirements for PRE schemes applicable in the concrete fine-grained access control model. We show the validity of the proposed security notions by formally proving the insecurity of a conventional PRE scheme and security of one of the PRE schemes withAbstract: Proxy Re-encryption (PRE) offers an efficient solution for enforcing access control on outsourced data through delegation of decryption rights of a delegator to a delegatee. However, to meet practical security requirements of an access control model, the delegator must control these delegations such that a re-encryption key enables the delegation of decryption rights of only a subset of the delegator's ciphertexts. In this paper, we focus on a category of PRE-based primitives, which we refer to as "PRE with controlled delegation". In these primitives, instead of the re-encryption key alone, the re-encryption key and authorization of the delegatee for a data item collectively determine whether the ciphertext transformation results in a valid re-encrypted ciphertext under the delegatee's public key. This paper provides an exhaustive functional, security and performance analysis of all the existing schemes for PRE with controlled delegation in a concrete fine-grained access control model. We show that the traditional PRE security notions are insufficient to address all the security aspects of the access control model. Motivated by our analysis, we formulate stronger security notions and state the desirable efficiency requirements for PRE schemes applicable in the concrete fine-grained access control model. We show the validity of the proposed security notions by formally proving the insecurity of a conventional PRE scheme and security of one of the PRE schemes with controlled delegation under the proposed stronger PRE security notions. We critically analyze all schemes for PRE with controlled delegation under the proposed stronger security notions and with respect to the efficiency requirements. We show that no scheme for PRE with controlled delegation simultaneously satisfies the efficiency and security requirements formulated in this paper. Finally, we present possible future research directions to obtain a PRE-based solution that is secure under the proposed stronger security notions and satisfies all desirable performance requirements in a fine-grained access control model. … (more)
- Is Part Of:
- Journal of information security and applications. Volume 54(2020)
- Journal:
- Journal of information security and applications
- Issue:
- Volume 54(2020)
- Issue Display:
- Volume 54, Issue 2020 (2020)
- Year:
- 2020
- Volume:
- 54
- Issue:
- 2020
- Issue Sort Value:
- 2020-0054-2020-0000
- Page Start:
- Page End:
- Publication Date:
- 2020-10
- Subjects:
- Access delegation -- Fine-grained access control -- Data outsourcing -- Public cloud computing -- Proxy re-encryption -- Forward and backward secrecy
Computer security -- Periodicals
Information technology -- Security measures -- Periodicals
005.805 - Journal URLs:
- http://www.sciencedirect.com/ ↗
- DOI:
- 10.1016/j.jisa.2020.102543 ↗
- Languages:
- English
- ISSNs:
- 2214-2126
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - BLDSS-3PM
British Library STI - ELD Digital store - Ingest File:
- 22441.xml