Proxy Re-Encryption: Analysis of constructions and its application to secure access delegation
Introduction
The materialization of the cloud computing paradigm has raised great expectations regarding performance, simplification of business processes, and, foremost, cost reduction. At the same time, these expectations come with new security and privacy risks. Threat scenarios radically change when moving from resources fully controlled by the data owner to resources administrated by third party entities like public clouds. Nowadays, the great majority of cloud systems base their security on preventing potential attackers from accessing internal servers and databases, where users’ data is stored. To this end, there is a great variety of measures, with access control systems and network defense techniques being the most prominent. However, the premise of this approach is that the attackers should not be able to break a predetermined security perimeter, where the protected assets (e.g., users’ data) reside. These types of measures, although crucial, are often not enough. In addition to external attackers, which may include not only “hackers” but also nation-scale adversaries, accidental data disclosures and insider attacks are also a menacing possibility.
Countermeasures to these threats include the establishment of internal security policies and governance rules, and the reinforcement of access control strategies, but these simply reduce the situation to a trust problem. That is, in the end, there are no actual mechanisms that prevent cloud providers from breaking these measures, either by accident or intentionally, and, in most cases, there is almost no risk of being discovered accessing users’ information without their consent. An interesting conflict appears in this scenario – users want to go to the cloud for its benefits, but at the same time, they are unwilling to provide their data to entities that they do not necessarily trust. The adoption of cloud services has been slowed by this dichotomy from the beginning. The introduction of more advanced security mechanisms that enable users to benefit from cloud services and still ensure the confidentiality of their information could help to reduce the trust assumptions in the cloud, and hence, to break the aforementioned dichotomy.
Therefore, it is necessary to depart from the traditional premise that shapes current cloud security and to assume that the measures defined above can be bypassed. A more realistic premise is to assume that the attackers have potential access to users’ data (Raluca Ada Popa, 2014). Under this assumption, the only plausible solution is the use of cryptography, so outsourced data is stored in encrypted form. Thus, when traditional security measures fail, attackers will only obtain encrypted data. In a way, the deployed encryption mechanisms become the ultimate safeguard of data confidentiality. A critical principle of this solution is to design the system in such a way that even the provider itself does not have access to the corresponding decryption key; not doing this would again imply a strong trust assumption on the provider. However, a naive combination of this principle with traditional encryption primitives, both symmetric and asymmetric, can hinder the proper processing and sharing of outsourced information and negatively impact the functionality of the system. Therefore, this requirement implies the use of cryptographic primitives that transcend traditional ones, so data confidentiality can be guaranteed, but functionality still remain unaffected.
In this paper we analyze the problem of secure access delegation in the cloud, which is one of the most basic functionalities in this environment, and justify why it cannot be solved by traditional encryption techniques without resorting to complex key management procedures. Different types of cryptosystems have been proposed as solutions, with Proxy Re-Encryption as the most prominent candidate. Proxy Re-Encryption (PRE) is a type of public-key encryption that allows a proxy entity to transform ciphertexts from one public key to another, without learning anything about the underlying data. Therefore, from a functional point of view, it can be seen as a means of sharing data securely. The core postulate of this paper is that proxy re-encryption is a prime candidate to construct cryptographically-enforced access control systems where the protected data is stored externally, since it enables dynamic delegation to encrypted information. In a PRE-based solution, private data can reside in the cloud in encrypted form and be shared to authorized users by means of re-encryption, while still remaining confidential with regard to unauthorized parties and the cloud provider itself. In addition, PRE allows the data owner to delegate the access after the data is encrypted, which is important since in a typical access delegation scenario it may not always be possible to identify beforehand the access conditions. The use of encryption to protect data at rest can decrease the risks associated to data disclosures in this kind of scenario, since outsourced information can only be effectively shared if access has been delegated by its owner.
In this paper we analyze the research landscape on proxy re-encryption, and in particular, we make the following contributions:
- •
We present a profound examination of the proxy re-encryption cryptosystem by reviewing its basic concepts (such as definitions, security models, and properties) and analyzing the main PRE schemes so far, in the light of the attained properties and security notions.
- •
We provide a comparative analysis of the performance of selected PRE schemes, both from the theoretical and experimental points of view.
- •
We review the state of research on applications of proxy re-encryption, in particular for the case of access delegation in the cloud. A central standpoint of this paper is that proxy re-encryption constitutes a feasible solution to this problem, and we support this claim by a thorough analysis that includes literature review and study of incentives and economic viability.
- •
We identify several research directions that cover challenging areas with respect to the fundamentals, construction and application of proxy re-encryption schemes.
In order to perform a thorough review on PRE schemes and applications, we followed a methodology to identify and filter publications based on bibliometric criteria. A comprehensive bibliography on PRE schemes and applications, carefully maintained by Shao (2015), served as a first raw source of publications. On top of that, we manually added several relevant publications originated from our own study of the literature or from queries for relevant keywords to search engines. The result of this phase is two lists of publications, one focused on schemes (83 papers) and the other on applications (69 papers). Next, it was necessary to filter the list of PRE schemes, given the workload associated to their analysis. Although, in general, most of the papers were preliminarily studied, some of them were filtered out. We used the number of cites for each paper, as measured by Google Scholar, as a heuristic metric of the relevance of the paper. For instance, non-recent publications (e.g., before 2009) which have no cites yet, were marked as not relevant. However, manual verification of the discarded publications was required in order to discard false negatives. Note that we focused exclusively in standard PRE schemes, ruling out other variants (e.g., conditional, certificateless, broadcast, etc.) that imply strong changes to the syntax, security notions and properties, which makes comparisons less meaningful. The result of this phase is a collection of 58 publications (13 schemes and 45 applications).
The rest of this paper is organized as follows: Section 2 describes the secure access delegation problem and discuss the suitability of PRE. Section 3 introduces the basic definitions, properties and security models of PRE. In Section 4, we describe the main PRE schemes and analyze them according to their properties; we also perform a theoretical and experimental analysis of the efficiency of selected schemes. Section 5 discusses some possible applications of PRE, with a focus on secure access delegation in the cloud. Finally, Section 6 presents our conclusions and foreseeable research directions for PRE, regarding both constructions and applications.
Section snippets
The secure access delegation scenario
The need for weakening the traditional security assumptions that govern the current security architectures of cloud systems makes the encryption of data prior to outsourcing an essential requirement. At the same time, it is also necessary that the implemented encryption techniques allow to delegate access for sharing purposes, which is one of the most basic functionalities. We refer generically to this setting as the secure access delegation scenario. There are, in fact, more advanced
Basic definitions and concepts
In this section we provide the basic definitions and concepts that will serve as the basis of our analysis. This includes syntax definition, security models and relevant properties.
The basic idea of a proxy re-encryption scheme is embodied by the ability of a proxy to transform ciphertexts under the public key of Alice into ciphertexts decryptable by Bob; to do so, the proxy must be in possession of a re-encryption key that enables this process. In addition, the proxy cannot learn any
Analysis of Proxy Re-Encryption Schemes
In this section we review and analyze the main proxy re-encryption schemes, which result from the bibliometric process presented in the introduction. A total of 13 publications were selected, and since some of them proposed several schemes, the total number of analyzed schemes is 19. We only considered those proposed schemes which were accompanied by a proof of security. The goal of this analysis is to study the characteristics of each of these schemes, taking in consideration the concepts
Applications of Proxy Re-Encryption
The last part of this paper is devoted to the analysis of the applications of proxy re-encryption. As described in the introduction, we have performed a review of almost 70 papers regarding applications, of which 45 were finally analyzed in detail. We also followed a bibliometric approach for drawing conclusions on this part. In particular, we classified each of the reviewed application according to certain criteria: objective, scenario and functionality. The first criterion is related to the
Conclusions and research directions
In this paper we study the secure access delegation problem, which occurs naturally in the cloud setting, and postulate that proxy re-encryption is a feasible cryptographic solution to this problem, both from the functional and efficiency perspectives. Proxy re-encryption permits to delegate access to encrypted data, which is of special interest in scenarios where outsourced data must be protected (e.g., the cloud).
We review and analyze the current state of research on PRE, for both
Acknowledgements
This work was partly supported by the Junta de Andalucía through the project FISICCO (P11-TIC-07223) and by the Spanish Ministry of Economy and Competitiveness through the PERSIST project (TIN2013-41739-R).
David Nuñez is a postdoc researcher at University of Malaga. He belongs to the Network, Information and Computer Security Laboratory (NICS Lab) since 2010. He holds a Ph.D. in Computer Science (2016), a M.S. in Software Engineering and Artificial Intelligence (2011) and a B.S. in Computer Science (2009). His research is devoted to the topics of applied cryptography and cloud computing security, which has led to publications in international conferences and journals, as well as contributions to
References (97)
- et al.
Mlas: multiple level authentication scheme for vanets
Ad Hoc Netw.
(2012) - et al.
Pairings for cryptographers
Discret. Appl. Math.
(2008) - et al.
Identity-based data storage in cloud computing
Future Gener. Comput. Syst.
(2013) - et al.
Proxy encryption based secure multicast in wireless mesh networks
J. Netw. Comput. Appl.
(2011) - et al.
Secure multicast in dynamic environments
Comput. Netw.
(2007) - et al.
Design and implementation of a confidentiality and access control solution for publish/subscribe systems
Comput. Netw.
(2012) - et al.
Security vulnerability in a non-interactive ID-based proxy re-encryption scheme
Inf. Process. Lett.
(2009) - et al.
Time-based proxy re-encryption scheme for secure data sharing in a cloud environment
Inf. Sci.
(2014) - et al.
Scalable solutions for secure group communications
Comput. Netw.
(2007) - et al.
Comments on unidirectional chosen-ciphertext secure proxy re-encryption
IEEE Trans. Inf. Theory
(2012)
Hierarchical attribute-based encryption and scalable user revocation for sharing data in cloud servers
Comput. Secur.
Chosen-ciphertext secure bidirectional proxy re-encryption schemes without pairings
Inf. Sci.
PRE: Stronger security notions and efficient construction with non-interactive opening
Theor. Comput. Sci.
Improved proxy re-encryption schemes with applications to secure distributed storage
ACM Trans. Inf. Syst. Secur.
Improving the security of an efficient unidirectional proxy re-encryption scheme
Jounal Internet Serv. Inf. Secur.
Identity-based proxy re-encryption without random oracles
Inf. Secur.
Longitude: a privacy-preserving location sharing protocol for mobile applications
Privacy for public transportation
Improving security and efficiency in attribute-based data sharing
IEEE Trans. Knowl. DataEngineering
Cited by (58)
Construction cost management using blockchain and encryption
2023, Automation in ConstructionA blockchain-based preserving and sharing system for medical data privacy
2021, Future Generation Computer SystemsCitation Excerpt :They had developed smart contracts for system access control and data management but had less research on data sharing. Proxy re-encryption algorithm had been applied to different scenarios to achieve secure data sharing on semi-trusted cloud servers [28], but its application in the medical system based on blockchain was relatively insufficient. The Internet of Things technology has been applied to improve the efficiency of medical data collection generated by the medical instruments or personal health monitoring sensors [29–34].
Ensuring accountability in digital forensics with proxy re-encryption based chain of custody
2024, International Journal of Information Technology (Singapore)Patient-Centric Health Data Sovereignty: An Approach Using Proxy Re-Encryption
2024, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
David Nuñez is a postdoc researcher at University of Malaga. He belongs to the Network, Information and Computer Security Laboratory (NICS Lab) since 2010. He holds a Ph.D. in Computer Science (2016), a M.S. in Software Engineering and Artificial Intelligence (2011) and a B.S. in Computer Science (2009). His research is devoted to the topics of applied cryptography and cloud computing security, which has led to publications in international conferences and journals, as well as contributions to international standards and patents. He has been actively involved in European, national and regional research projects, and in consulting activities.
Isaac Agudo is Associate Professor in the Computer Science Department at the University of Malaga. He has been involved in several European and National research projects and contracts 2002. He has been very active in technology transfer with international companies such as Alcatel Lucent, Telefonica, ATOS, HP Labs, Indra, Telvent, etc. Apart from the involvement in research projects and consulting contracts, he is and has been involved in the organization of scientific events in different positions. He is also member of the program committee of relevant conferences in information security and editor of different international journals. His main research interests are related with security and privacy in areas such as Cloud Computing, Social networks, Smart devices and Internet of Things. In particular, he is currently working on privacy preserving access control and information sharing.
Javier Lopez is Full Professor at the University of Malaga and Head of the Network, Information and Computer Security Laboratory (NICS Lab). His research activities focus on network & information security and Critical Information Infrastructures. He is currently Editor-in-Chief of the International Journal of Information Security, and member of the editorial boards of the journals Computers & Security, IET Information Security, IEEE Wireless Communication, Journal of Computer Security, and IEEE Internet of Things Journal, amongst others. Prof. Lopez is the Spanish representative at IFIP Technical Committee 11 Security and Protection in Information Processing Systems, and has been former Chair of ERCIM WG on Security and Trust Management (2009–2012) and Chair of IFIP Trust Management WG (2006-09). He is Senior Member of IEEE and ACM.