Proxy Re-Encryption: Analysis of constructions and its application to secure access delegation

https://doi.org/10.1016/j.jnca.2017.03.005Get rights and content

Highlights

  • Proxy re-encryption constitutes a suitable solution for secure access delegation.

  • We study the security and properties of the main proxy re-encryption schemes so far.

  • We compare the performance of several schemes, both theoretically and experimentally.

  • We review the state of research on applications of proxy re-encryption.

Abstract

This paper analyzes the secure access delegation problem, which occurs naturally in the cloud, and postulate that Proxy Re-Encryption is a feasible cryptographic solution, both from the functional and efficiency perspectives. Proxy re-encryption is a special type of public-key encryption that permits a proxy to transform ciphertexts from one public key to another, without the proxy being able to learn any information about the original message. Thus, it serves as a means for delegating decryption rights, opening up many possible applications that require of delegated access to encrypted data. In particular, sharing information in the cloud is a prime example. In this paper, we review the main proxy re-encryption schemes so far, and provide a detailed analysis of their characteristics. Additionally, we also study the efficiency of selected schemes, both theoretically and empirically, based on our own implementation. Finally, we discuss some applications of proxy re-encryption, with a focus on secure access delegation in the cloud.

Introduction

The materialization of the cloud computing paradigm has raised great expectations regarding performance, simplification of business processes, and, foremost, cost reduction. At the same time, these expectations come with new security and privacy risks. Threat scenarios radically change when moving from resources fully controlled by the data owner to resources administrated by third party entities like public clouds. Nowadays, the great majority of cloud systems base their security on preventing potential attackers from accessing internal servers and databases, where users’ data is stored. To this end, there is a great variety of measures, with access control systems and network defense techniques being the most prominent. However, the premise of this approach is that the attackers should not be able to break a predetermined security perimeter, where the protected assets (e.g., users’ data) reside. These types of measures, although crucial, are often not enough. In addition to external attackers, which may include not only “hackers” but also nation-scale adversaries, accidental data disclosures and insider attacks are also a menacing possibility.

Countermeasures to these threats include the establishment of internal security policies and governance rules, and the reinforcement of access control strategies, but these simply reduce the situation to a trust problem. That is, in the end, there are no actual mechanisms that prevent cloud providers from breaking these measures, either by accident or intentionally, and, in most cases, there is almost no risk of being discovered accessing users’ information without their consent. An interesting conflict appears in this scenario – users want to go to the cloud for its benefits, but at the same time, they are unwilling to provide their data to entities that they do not necessarily trust. The adoption of cloud services has been slowed by this dichotomy from the beginning. The introduction of more advanced security mechanisms that enable users to benefit from cloud services and still ensure the confidentiality of their information could help to reduce the trust assumptions in the cloud, and hence, to break the aforementioned dichotomy.

Therefore, it is necessary to depart from the traditional premise that shapes current cloud security and to assume that the measures defined above can be bypassed. A more realistic premise is to assume that the attackers have potential access to users’ data (Raluca Ada Popa, 2014). Under this assumption, the only plausible solution is the use of cryptography, so outsourced data is stored in encrypted form. Thus, when traditional security measures fail, attackers will only obtain encrypted data. In a way, the deployed encryption mechanisms become the ultimate safeguard of data confidentiality. A critical principle of this solution is to design the system in such a way that even the provider itself does not have access to the corresponding decryption key; not doing this would again imply a strong trust assumption on the provider. However, a naive combination of this principle with traditional encryption primitives, both symmetric and asymmetric, can hinder the proper processing and sharing of outsourced information and negatively impact the functionality of the system. Therefore, this requirement implies the use of cryptographic primitives that transcend traditional ones, so data confidentiality can be guaranteed, but functionality still remain unaffected.

In this paper we analyze the problem of secure access delegation in the cloud, which is one of the most basic functionalities in this environment, and justify why it cannot be solved by traditional encryption techniques without resorting to complex key management procedures. Different types of cryptosystems have been proposed as solutions, with Proxy Re-Encryption as the most prominent candidate. Proxy Re-Encryption (PRE) is a type of public-key encryption that allows a proxy entity to transform ciphertexts from one public key to another, without learning anything about the underlying data. Therefore, from a functional point of view, it can be seen as a means of sharing data securely. The core postulate of this paper is that proxy re-encryption is a prime candidate to construct cryptographically-enforced access control systems where the protected data is stored externally, since it enables dynamic delegation to encrypted information. In a PRE-based solution, private data can reside in the cloud in encrypted form and be shared to authorized users by means of re-encryption, while still remaining confidential with regard to unauthorized parties and the cloud provider itself. In addition, PRE allows the data owner to delegate the access after the data is encrypted, which is important since in a typical access delegation scenario it may not always be possible to identify beforehand the access conditions. The use of encryption to protect data at rest can decrease the risks associated to data disclosures in this kind of scenario, since outsourced information can only be effectively shared if access has been delegated by its owner.

In this paper we analyze the research landscape on proxy re-encryption, and in particular, we make the following contributions:

  • We present a profound examination of the proxy re-encryption cryptosystem by reviewing its basic concepts (such as definitions, security models, and properties) and analyzing the main PRE schemes so far, in the light of the attained properties and security notions.

  • We provide a comparative analysis of the performance of selected PRE schemes, both from the theoretical and experimental points of view.

  • We review the state of research on applications of proxy re-encryption, in particular for the case of access delegation in the cloud. A central standpoint of this paper is that proxy re-encryption constitutes a feasible solution to this problem, and we support this claim by a thorough analysis that includes literature review and study of incentives and economic viability.

  • We identify several research directions that cover challenging areas with respect to the fundamentals, construction and application of proxy re-encryption schemes.

In order to perform a thorough review on PRE schemes and applications, we followed a methodology to identify and filter publications based on bibliometric criteria. A comprehensive bibliography on PRE schemes and applications, carefully maintained by Shao (2015), served as a first raw source of publications. On top of that, we manually added several relevant publications originated from our own study of the literature or from queries for relevant keywords to search engines. The result of this phase is two lists of publications, one focused on schemes (83 papers) and the other on applications (69 papers). Next, it was necessary to filter the list of PRE schemes, given the workload associated to their analysis. Although, in general, most of the papers were preliminarily studied, some of them were filtered out. We used the number of cites for each paper, as measured by Google Scholar, as a heuristic metric of the relevance of the paper. For instance, non-recent publications (e.g., before 2009) which have no cites yet, were marked as not relevant. However, manual verification of the discarded publications was required in order to discard false negatives. Note that we focused exclusively in standard PRE schemes, ruling out other variants (e.g., conditional, certificateless, broadcast, etc.) that imply strong changes to the syntax, security notions and properties, which makes comparisons less meaningful. The result of this phase is a collection of 58 publications (13 schemes and 45 applications).

The rest of this paper is organized as follows: Section 2 describes the secure access delegation problem and discuss the suitability of PRE. Section 3 introduces the basic definitions, properties and security models of PRE. In Section 4, we describe the main PRE schemes and analyze them according to their properties; we also perform a theoretical and experimental analysis of the efficiency of selected schemes. Section 5 discusses some possible applications of PRE, with a focus on secure access delegation in the cloud. Finally, Section 6 presents our conclusions and foreseeable research directions for PRE, regarding both constructions and applications.

Section snippets

The secure access delegation scenario

The need for weakening the traditional security assumptions that govern the current security architectures of cloud systems makes the encryption of data prior to outsourcing an essential requirement. At the same time, it is also necessary that the implemented encryption techniques allow to delegate access for sharing purposes, which is one of the most basic functionalities. We refer generically to this setting as the secure access delegation scenario. There are, in fact, more advanced

Basic definitions and concepts

In this section we provide the basic definitions and concepts that will serve as the basis of our analysis. This includes syntax definition, security models and relevant properties.

The basic idea of a proxy re-encryption scheme is embodied by the ability of a proxy to transform ciphertexts under the public key of Alice into ciphertexts decryptable by Bob; to do so, the proxy must be in possession of a re-encryption key that enables this process. In addition, the proxy cannot learn any

Analysis of Proxy Re-Encryption Schemes

In this section we review and analyze the main proxy re-encryption schemes, which result from the bibliometric process presented in the introduction. A total of 13 publications were selected, and since some of them proposed several schemes, the total number of analyzed schemes is 19. We only considered those proposed schemes which were accompanied by a proof of security. The goal of this analysis is to study the characteristics of each of these schemes, taking in consideration the concepts

Applications of Proxy Re-Encryption

The last part of this paper is devoted to the analysis of the applications of proxy re-encryption. As described in the introduction, we have performed a review of almost 70 papers regarding applications, of which 45 were finally analyzed in detail. We also followed a bibliometric approach for drawing conclusions on this part. In particular, we classified each of the reviewed application according to certain criteria: objective, scenario and functionality. The first criterion is related to the

Conclusions and research directions

In this paper we study the secure access delegation problem, which occurs naturally in the cloud setting, and postulate that proxy re-encryption is a feasible cryptographic solution to this problem, both from the functional and efficiency perspectives. Proxy re-encryption permits to delegate access to encrypted data, which is of special interest in scenarios where outsourced data must be protected (e.g., the cloud).

We review and analyze the current state of research on PRE, for both

Acknowledgements

This work was partly supported by the Junta de Andalucía through the project FISICCO (P11-TIC-07223) and by the Spanish Ministry of Economy and Competitiveness through the PERSIST project (TIN2013-41739-R).

David Nuñez is a postdoc researcher at University of Malaga. He belongs to the Network, Information and Computer Security Laboratory (NICS Lab) since 2010. He holds a Ph.D. in Computer Science (2016), a M.S. in Software Engineering and Artificial Intelligence (2011) and a B.S. in Computer Science (2009). His research is devoted to the topics of applied cryptography and cloud computing security, which has led to publications in international conferences and journals, as well as contributions to

References (97)

  • Guojun Wang et al.

    Hierarchical attribute-based encryption and scalable user revocation for sharing data in cloud servers

    Comput. Secur.

    (2011)
  • Jian Weng et al.

    Chosen-ciphertext secure bidirectional proxy re-encryption schemes without pairings

    Inf. Sci.

    (2010)
  • Jiang Zhang et al.

    PRE: Stronger security notions and efficient construction with non-interactive opening

    Theor. Comput. Sci.

    (2014)
  • Aono, Yoshinori, Boyen, Xavier, Phong, Le Trieu, Wang, Lihua, 2013. Key-private proxy re-encryption under LWE. In:...
  • G. Ateniese et al.

    Improved proxy re-encryption schemes with applications to secure distributed storage

    ACM Trans. Inf. Syst. Secur.

    (2006)
  • Ateniese, G., Benson, K., Hohenberger, S., 2009. Key-private proxy re-encryption. Topics in Cryptology–CT-RSA 2009, pp....
  • Barker, E., Chen, L., Roginsky, A., Smid, M., 2013. Recommendation for Pair-Wise Key Establishment Schemes Using...
  • Barker, Elaine, Barker, William, Burr, William, Polk, William, Smid, Miles, 2005. Recommendation for key management —...
  • Bellare, Mihir, Boldyreva, Alexandra, Desai, Anand, Pointcheval, David, 2001. Key-privacy in public-key encryption. In:...
  • Bellare, Mihir, Desai, Anand, Pointcheval, David, Rogaway, Phillip, 1998. Relations among notions of security for...
  • Biswas, D., 2014. Methods and apparatus for sharing real-time user context information, February 4, 2014. US Patent...
  • Blaze, M., Bleumer, G., Strauss, M., 1998. Divertible protocols and atomic proxy cryptography. Advances in...
  • Boneh, Dan, Franklin, Matt, 2001. Identity-based encryption from the weil pairing. In: Advances in Cryptology—CRYPTO...
  • Sébastien Canard et al.

    Improving the security of an efficient unidirectional proxy re-encryption scheme

    Jounal Internet Serv. Inf. Secur.

    (2011)
  • Canetti, R., Hohenberger, S., 2007. Chosen-ciphertext secure proxy re-encryption. In: Proceedings of the 14th ACM...
  • Canetti, Ran, Halevi, Shai, Katz, Jonathan, 2004. Chosen-ciphertext security from identity-based encryption. In:...
  • Chen, Y., Sion, R., 2010. On securing untrusted clouds with cryptography. In: Proceedings of the 9th annual ACM...
  • Chiu, Yun-Peng, Lei, Chin-Laung, Huang, Chun-Ying, 2005. Secure multicast using proxy encryption. In: Information and...
  • C.K. Chu et al.

    Identity-based proxy re-encryption without random oracles

    Inf. Secur.

    (2007)
  • De Caro, Angelo, Iovino, Vincenzo, 2011. jPBC: Java pairing based cryptography. In: Proceedings of the 16th IEEE...
  • Deng, R.H., Weng, J., Liu, S., Chen, K., 2008. Chosen-ciphertext secure proxy re-encryption without pairings. In:...
  • Changyu Dong et al.

    Longitude: a privacy-preserving location sharing protocol for mobile applications

  • Fan, Xiong, Liu, Feng-Hao, 2016. Various proxy re-encryption schemes from lattices. Cryptology ePrint Archive, Report...
  • Farrugia, A.J., Sullivan, N., Fasoli, G., Ciet, M., 2014. Encryption method and apparatus using composition of ciphers,...
  • Felix Hörandner, Stephan Krenn, Andrea Migliavacca, Florian Thiemer, Bernd Zwattendorfer, 2016. CREDENTIAL: A Framework...
  • Florian Kerschbaum, Alessandro Sorniotti, 2009. Rfid-based supply chain partner authentication and key agreement. In:...
  • Gentry, Craig, Silverberg, Alice, 2002. Hierarchical id-based cryptography. In: Advances in cryptology—ASIACRYPT 2002,...
  • Green, M., Ateniese, G., Fu, K., Hohenberger, S., 2007. The JHU-MIT Proxy Re-cryptography Library....
  • Green, M., Ateniese, G., 2007. Identity-based proxy re-encryption. In Applied Cryptography and Network Security,...
  • Thomas S. Heydt-Benjamin et al.

    Privacy for public transportation

  • Hoffstein, Jeffrey, Pipher, Jill, Silverman, Joseph H., 1998. NTRU: A ring-based public key cryptosystem. In:...
  • Hohenberger, S.R., Fu, K., Ateniese, G., Green, M., 2012. Unidirectional proxy re-encryption, January 10, 2012. US...
  • Hwajeong Seo, Howon Kim, 2011. Zigbee security for visitors in home automation using attribute based proxy...
  • Jia, Weiwei, Zhu, Haojin, Cao, Zhenfu, Wei, Lifei, Lin, Xiaodong, 2011. Sdsm: a secure data service mechanism in mobile...
  • Joshi, Nakul Petrlic, Ronald, 2013. Towards practical privacy-preserving digital rights management for cloud computing....
  • Jun Liu, Xiaoyan Hong, Qunwei Zheng, Lei Tang, 2006. Privacy-preserving quick authentication in fast roaming networks....
  • Hur Junbeom

    Improving security and efficiency in attribute-based data sharing

    IEEE Trans. Knowl. DataEngineering

    (2013)
  • Kirshanova, Elena, 2014. Proxy re-encryption from lattices. In Public-Key Cryptography–PKC 2014, Springer, pp....
  • Cited by (58)

    • A blockchain-based preserving and sharing system for medical data privacy

      2021, Future Generation Computer Systems
      Citation Excerpt :

      They had developed smart contracts for system access control and data management but had less research on data sharing. Proxy re-encryption algorithm had been applied to different scenarios to achieve secure data sharing on semi-trusted cloud servers [28], but its application in the medical system based on blockchain was relatively insufficient. The Internet of Things technology has been applied to improve the efficiency of medical data collection generated by the medical instruments or personal health monitoring sensors [29–34].

    • Ensuring accountability in digital forensics with proxy re-encryption based chain of custody

      2024, International Journal of Information Technology (Singapore)
    • Patient-Centric Health Data Sovereignty: An Approach Using Proxy Re-Encryption

      2024, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
    View all citing articles on Scopus

    David Nuñez is a postdoc researcher at University of Malaga. He belongs to the Network, Information and Computer Security Laboratory (NICS Lab) since 2010. He holds a Ph.D. in Computer Science (2016), a M.S. in Software Engineering and Artificial Intelligence (2011) and a B.S. in Computer Science (2009). His research is devoted to the topics of applied cryptography and cloud computing security, which has led to publications in international conferences and journals, as well as contributions to international standards and patents. He has been actively involved in European, national and regional research projects, and in consulting activities.

    Isaac Agudo is Associate Professor in the Computer Science Department at the University of Malaga. He has been involved in several European and National research projects and contracts 2002. He has been very active in technology transfer with international companies such as Alcatel Lucent, Telefonica, ATOS, HP Labs, Indra, Telvent, etc. Apart from the involvement in research projects and consulting contracts, he is and has been involved in the organization of scientific events in different positions. He is also member of the program committee of relevant conferences in information security and editor of different international journals. His main research interests are related with security and privacy in areas such as Cloud Computing, Social networks, Smart devices and Internet of Things. In particular, he is currently working on privacy preserving access control and information sharing.

    Javier Lopez is Full Professor at the University of Malaga and Head of the Network, Information and Computer Security Laboratory (NICS Lab). His research activities focus on network & information security and Critical Information Infrastructures. He is currently Editor-in-Chief of the International Journal of Information Security, and member of the editorial boards of the journals Computers & Security, IET Information Security, IEEE Wireless Communication, Journal of Computer Security, and IEEE Internet of Things Journal, amongst others. Prof. Lopez is the Spanish representative at IFIP Technical Committee 11 Security and Protection in Information Processing Systems, and has been former Chair of ERCIM WG on Security and Trust Management (2009–2012) and Chair of IFIP Trust Management WG (2006-09). He is Senior Member of IEEE and ACM.

    View full text