TY - GEN
T1 - Online/offline public-index predicate encryption for fine-grained mobile access control
AU - Liu, Weiran
AU - Liu, Jianwei
AU - Wu, Qianhong
AU - Qin, Bo
AU - Liang, Kaitai
PY - 2016/1/1
Y1 - 2016/1/1
N2 - Public-Index Predicate Encryption (PIPE) allows users to encrypt according to boolean predicates defined on arbitrary attributes. The expensive algebraic operations are the major efficiency obstacle for PIPE to be applied to mobile clouds. This paper proposes a general Online/Offline PIPE (OO-PIPE) framework to address this issue. First, we propose a generic transformation from a Large Universe PIPE (LUPIPE) secure against chosen plaintext attack (CPA) to OO-PIPE in the same security model. The challenge is to generate ciphertext without the knowledge of the associated ciphertext attributes in the offline phase. We address the challenge by identifying an interesting attribute-malleability property in many LU-PIPE schemes. The property allows an encryptor to efficiently malleate a ciphertext associated with one ciphertext attribute to any assigned ciphertext attribute. Second, we design a generic transformation from CPA-secure LU-PIPE to OO-PIPE secure against adaptively chosen ciphertext attack (CCA2), assuming the underlying LUPIPE has attribute-malleability and public-verifiability properties. The main obstacle here is that the online/offline mechanism endogenously implies forgery in the sense that a pre-computed ciphertext must be able to be efficiently malleated to the resulting ciphertext associated with a different ciphertext attribute and a plaintext, while any efficient valid ciphertext forgery is forbidden in CCA2 security. We circumvent this obstacle by employing a universally collision resistant Chameleon hash, namely, only the original encryptor can malleate the ciphertext to associate with different attributes and provide a hash collision of the ciphertext components.
AB - Public-Index Predicate Encryption (PIPE) allows users to encrypt according to boolean predicates defined on arbitrary attributes. The expensive algebraic operations are the major efficiency obstacle for PIPE to be applied to mobile clouds. This paper proposes a general Online/Offline PIPE (OO-PIPE) framework to address this issue. First, we propose a generic transformation from a Large Universe PIPE (LUPIPE) secure against chosen plaintext attack (CPA) to OO-PIPE in the same security model. The challenge is to generate ciphertext without the knowledge of the associated ciphertext attributes in the offline phase. We address the challenge by identifying an interesting attribute-malleability property in many LU-PIPE schemes. The property allows an encryptor to efficiently malleate a ciphertext associated with one ciphertext attribute to any assigned ciphertext attribute. Second, we design a generic transformation from CPA-secure LU-PIPE to OO-PIPE secure against adaptively chosen ciphertext attack (CCA2), assuming the underlying LUPIPE has attribute-malleability and public-verifiability properties. The main obstacle here is that the online/offline mechanism endogenously implies forgery in the sense that a pre-computed ciphertext must be able to be efficiently malleated to the resulting ciphertext associated with a different ciphertext attribute and a plaintext, while any efficient valid ciphertext forgery is forbidden in CCA2 security. We circumvent this obstacle by employing a universally collision resistant Chameleon hash, namely, only the original encryptor can malleate the ciphertext to associate with different attributes and provide a hash collision of the ciphertext components.
UR - http://www.scopus.com/inward/record.url?scp=84990857073&partnerID=8YFLogxK
U2 - 10.1007/978-3-319-45741-3_30
DO - 10.1007/978-3-319-45741-3_30
M3 - Conference contribution
AN - SCOPUS:84990857073
SN - 9783319457406
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 588
EP - 605
BT - Computer Security - 21st European Symposium on Research in Computer Security, ESORICS 2016, Proceedings
A2 - Katsikas, Sokratis
A2 - Meadows, Catherine
A2 - Askoxylakis, Ioannis
A2 - Ioannidis, Sotiris
PB - Springer
T2 - 21st European Symposium on Research in Computer Security, ESORICS 2016
Y2 - 26 September 2016 through 30 September 2016
ER -