CCA security for self-updatable encryption:Protecting cloud data when clients read/write ciphertexts

Kwangsu Lee, Dong Hoon Lee, Jong Hwan Park, Moti Yung

Research output: Contribution to journalArticle

Abstract

Self-updatable encryption (SUE) is a new kind of public-key encryption, motivated by cloud computing, which enables anyone (i.e. cloud server with no access to private keys) to update a past ciphertext to a future ciphertext by using a public key. The main applications of SUE are revocable-storage attribute-based encryption (RS-ABE) that provides an efficient and secure access control to encrypted data stored in cloud storage. In this setting, there is a new threat such that a revoked user still can access past ciphertexts given to him by a storage server. RS-ABE solves this problem by combining user revocation and ciphertext updating functionalities. We propose the first SUE and RS-ABE schemes secure against a relevant form of chosen-ciphertext security (CCA). Due to the fact that some ciphertexts are easily derived from others, we employ a different notion of CCA that avoids easy challenge related messages. Specifically, we define "time extended challenge" CCA security for SUE which excludes ciphertexts that are easily derived from the challenge (over time periods) from being queried on. We then propose an efficient SUE scheme with such CCA security, and we also present an RS-ABE scheme with this CCA security.

Original languageEnglish
Pages (from-to)545-562
Number of pages18
JournalComputer Journal
Volume62
Issue number4
DOIs
Publication statusPublished - 2019 Apr 1

Fingerprint

Cryptography
Servers
Cloud computing
Access control

Keywords

  • Chosen-ciphertext security
  • Cloud storage
  • Public-key encryption
  • Self-updatable encryption

ASJC Scopus subject areas

  • Computer Science(all)

Cite this

CCA security for self-updatable encryption:Protecting cloud data when clients read/write ciphertexts. / Lee, Kwangsu; Lee, Dong Hoon; Park, Jong Hwan; Yung, Moti.

In: Computer Journal, Vol. 62, No. 4, 01.04.2019, p. 545-562.

Research output: Contribution to journalArticle

Lee, Kwangsu ; Lee, Dong Hoon ; Park, Jong Hwan ; Yung, Moti. / CCA security for self-updatable encryption:Protecting cloud data when clients read/write ciphertexts. In: Computer Journal. 2019 ; Vol. 62, No. 4. pp. 545-562.
@article{b5576f8ce2f343a2ad9395853e827a5f,
title = "CCA security for self-updatable encryption:Protecting cloud data when clients read/write ciphertexts",
abstract = "Self-updatable encryption (SUE) is a new kind of public-key encryption, motivated by cloud computing, which enables anyone (i.e. cloud server with no access to private keys) to update a past ciphertext to a future ciphertext by using a public key. The main applications of SUE are revocable-storage attribute-based encryption (RS-ABE) that provides an efficient and secure access control to encrypted data stored in cloud storage. In this setting, there is a new threat such that a revoked user still can access past ciphertexts given to him by a storage server. RS-ABE solves this problem by combining user revocation and ciphertext updating functionalities. We propose the first SUE and RS-ABE schemes secure against a relevant form of chosen-ciphertext security (CCA). Due to the fact that some ciphertexts are easily derived from others, we employ a different notion of CCA that avoids easy challenge related messages. Specifically, we define {"}time extended challenge{"} CCA security for SUE which excludes ciphertexts that are easily derived from the challenge (over time periods) from being queried on. We then propose an efficient SUE scheme with such CCA security, and we also present an RS-ABE scheme with this CCA security.",
keywords = "Chosen-ciphertext security, Cloud storage, Public-key encryption, Self-updatable encryption",
author = "Kwangsu Lee and Lee, {Dong Hoon} and Park, {Jong Hwan} and Moti Yung",
year = "2019",
month = "4",
day = "1",
doi = "10.1093/comjnl/bxy122",
language = "English",
volume = "62",
pages = "545--562",
journal = "Computer Journal",
issn = "0010-4620",
publisher = "Oxford University Press",
number = "4",

}

TY - JOUR

T1 - CCA security for self-updatable encryption:Protecting cloud data when clients read/write ciphertexts

AU - Lee, Kwangsu

AU - Lee, Dong Hoon

AU - Park, Jong Hwan

AU - Yung, Moti

PY - 2019/4/1

Y1 - 2019/4/1

N2 - Self-updatable encryption (SUE) is a new kind of public-key encryption, motivated by cloud computing, which enables anyone (i.e. cloud server with no access to private keys) to update a past ciphertext to a future ciphertext by using a public key. The main applications of SUE are revocable-storage attribute-based encryption (RS-ABE) that provides an efficient and secure access control to encrypted data stored in cloud storage. In this setting, there is a new threat such that a revoked user still can access past ciphertexts given to him by a storage server. RS-ABE solves this problem by combining user revocation and ciphertext updating functionalities. We propose the first SUE and RS-ABE schemes secure against a relevant form of chosen-ciphertext security (CCA). Due to the fact that some ciphertexts are easily derived from others, we employ a different notion of CCA that avoids easy challenge related messages. Specifically, we define "time extended challenge" CCA security for SUE which excludes ciphertexts that are easily derived from the challenge (over time periods) from being queried on. We then propose an efficient SUE scheme with such CCA security, and we also present an RS-ABE scheme with this CCA security.

AB - Self-updatable encryption (SUE) is a new kind of public-key encryption, motivated by cloud computing, which enables anyone (i.e. cloud server with no access to private keys) to update a past ciphertext to a future ciphertext by using a public key. The main applications of SUE are revocable-storage attribute-based encryption (RS-ABE) that provides an efficient and secure access control to encrypted data stored in cloud storage. In this setting, there is a new threat such that a revoked user still can access past ciphertexts given to him by a storage server. RS-ABE solves this problem by combining user revocation and ciphertext updating functionalities. We propose the first SUE and RS-ABE schemes secure against a relevant form of chosen-ciphertext security (CCA). Due to the fact that some ciphertexts are easily derived from others, we employ a different notion of CCA that avoids easy challenge related messages. Specifically, we define "time extended challenge" CCA security for SUE which excludes ciphertexts that are easily derived from the challenge (over time periods) from being queried on. We then propose an efficient SUE scheme with such CCA security, and we also present an RS-ABE scheme with this CCA security.

KW - Chosen-ciphertext security

KW - Cloud storage

KW - Public-key encryption

KW - Self-updatable encryption

UR - http://www.scopus.com/inward/record.url?scp=85064177339&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85064177339&partnerID=8YFLogxK

U2 - 10.1093/comjnl/bxy122

DO - 10.1093/comjnl/bxy122

M3 - Article

VL - 62

SP - 545

EP - 562

JO - Computer Journal

JF - Computer Journal

SN - 0010-4620

IS - 4

ER -