Abstract
Public-key encryption is an important security mechanism used in cloud environment. To ensure the confidentiality of data encrypted using public-key encryption, countermeasures against cryptographic key leakage by side-channel attacks should be applied to the encryption scheme implemented both in locality and in cloud server. Traditional public-key encryption does not capture side-channel attacks. Moreover, the adversary can inject fault to tamper with the secret key and observe the output of the public-key encryption scheme under this modified key which is called “tampering attack”. In this paper, we present two continuous leakage and tampering resilient CCA secure public-key encryption schemes. For implementations of our schemes during the key update, bounded number of tampering queries for arbitrary key relations and bounded leakage is allowed. By updating the secret key, our schemes are secure against continuous leakage and tampering attacks.
Similar content being viewed by others
References
Fortis T, Munteanu V, Negru V (2015) A taxonomic view of cloud computing services. Int J Comput Sci Eng 11(1):17–28
Gao C, Cheng Q, Li X, Xia S (2018) Cloud-assisted privacy-preserving profile-matching scheme under multiple keys in mobile social network. Clust Comput. https://doi.org/10.1007/s10,586-017-1649-y
Shen J, Gui Z, Ji S, Shen J, Tan H (2018) Cloud-aided lightweight certificateless authentication protocol with anonymity for wireless body area networks. J Netw Comput Appl. https://doi.org/10.1016/j.jnca.2018.01.003
Gai K, Liu M, Hassan H (2017) Secure cyber incident analytics framework using monte carlo simulations for financial cybersecurity insurance in cloud computing. Concurr Comput Pract Exp 29(7):e3856
Bertino E, Paci F, Ferrini R, Shang N (2009) Privacy-preserving digital identity management for cloud computing. IEEE Data Eng Bull 32:21–27
Xu J, Wei L, Zhang Y, Wang A, Zhou F, Cz Gao (2018) Dynamic fully homomorphic encryption-based merkle tree for lightweight streaming authenticated data structures. J Netw Comput Appl 107:113–124
Joshi J, Bhatti R, Bertino E, Ghafoor A (2004) Access control language for multidomain environments. IEEE Internet Comput 8(6):40–50
Zhong H, Zhu W, Xu Y, Cui J (2018) Multi-authority attribute-based encryption access control scheme with policy hidden for cloud storage. Soft Comput 22:243–251
Hesamifard E, Takabi H, Ghasemi M, Jones C (2017) Privacy-preserving machine learning in cloud. In: CCSW 2017, pp 39–43
Li P, Li J, Huang Z, Gao C, Chen W, Chen K (2017) Privacy-preserving outsourced classification in cloud computing. Clust Comput. https://doi.org/10.1007/s10,586-017-0849-9
Ding W, Yan Z, Deng R (2017) Secure encrypted data deduplication with ownership proof and user revocation. In: ICA3PP 2017, pp 297–312
Li J, Li Y, Chen X, Lee P, Lou W (2015) A hybrid cloud approach for secure authorized deduplication. IEEE Trans Parallel Distrib Syst 26(5):1206–1216
Boneh D, Di Crescenzo G, Ostrovsky R, Persiano G (2004) Public key encryption with keyword search. In: Eurocrypt 2004, pp 506–522
Cui J, Zhou H, Zhong H, Xu Y (2018) Akser: attribute-based keyword search with efficient revocation in cloud computing. Inf Sci 423:343–352
Lai J, Zhou X, Deng RH, Li Y, Chen K (2013) Expressive search on encrypted data. In: AisaCCS 2013, pp 243–252
Xu Y, Wang M, Zhong H, Cui J, Liu L, Franqueira V (2017) Verifiable public key encryption scheme with equality test in 5g networks. IEEE Access 5:12,702–12,713
Yang L, Han Z, Huang Z, Ma J (2018) A remotely keyed file encryption scheme under mobile cloud computing. J Netw Comput Appl 106:90–99
Zhong H, Cui J, Shi R, Xia C (2016) Many-to-one homomorphic encryption scheme. Secur Commun Netw 9(10):1007–1015
Li J, Huang X, Li J, Chen X, Xiang Y (2014) Securely outsourcing attribute-based encryption with checkability. IEEE Trans Parallel Distrib Syst 25(8):2201–2210
Ateniese G, Burns R, Curtmola R, Herring J, Kissner L, Peterson Z, Song D (2007) Provable data possession at untrusted stores. In: CCS 2007. ACM, pp 598–609
Li J, Liu Z, Chen X, Xhafa F, Tan X, Wong DS (2015) L-encdb: a lightweight framework for privacy-preserving data queries in cloud computing. Knowl Based Syst 79:18–26
Li B, Huang Y, Liu Z, Li J, Tian Z, Yiu SM (2018) Hybridoram: practical oblivious cloud storage with constant bandwidth. Inf Sci. https://doi.org/10.1016/j.ins.2018.02.019
Hohenberger S, Rothblum G, shelat A, Vaikuntanathan V (2011) Securely obfuscating re-encryption. Proceedings of the Theory of Cryptography Conference. J Cryptol 24(4):694–719
Li J, Li J, Chen X, Jia C, Lou W (2015) Identity-based encryption with outsourced revocation in cloud computing. IEEE Trans Comput 64(2):425–437
Liu Q, Guo Y, Wu J, Wang G (2017) Effective query grouping strategy in clouds. J Comput Sci Technol 32(6):1231–1249
Biham E, Shamir A (1997) Differential fault analysis of secret key cryptosystems. In: Advances in Cryptology-CRYPTO 1997. Springer, pp 513–525
Gandolff K, Mourtel C, Olivier F (2001) Electromagnetic analysis: concrete results. In: CHES 2001, pp 251–261
Biham E, Carmeli Y, Shamir A (2008) Bug attacks. In: Advances in Cryptology-CRYPTO 2008. Springer, pp 221–240
Halderman J, Schoen S, Nadia H, Clarkson W, Paul W, Calandrino J, Feldman A, Appelbaum J, Felten E (2008) Lest we remember: cold-boot attacks on encryption keys. In: USENIX Security Symposium 2008, pp 45–60
Ristenpart T, Tromer E, Shacham H, Savage S (2009) Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In: CCS, pp 199–212 (2009)
Zhang Y, Juels A, Reiter M, Ristenpart T (2012) Cross-vm side channels and their use to extract private keys. In: CCS, pp 305–316 (2012)
Inci M, Gulmezoglu B, Irazoqui G, Eisenbarth T, Sunar B (2015) Seriously get off my cloud cross-vm rsa key recovery in a public cloud. Cryptology ePrint Archive 2015:898
Bellare M, Cash D, Miller R (2011) Cryptography secure against related-key attacks and tampering. In: Advances in Cryptology-ASIACRYPT 2011. Springer, pp 486–503
Gennaro R, Lysyanskaya A, Malkin T, Micali S, Rabin T (2004) Algorithmic tamper-proof (atp) security: theoretical foundations for security against hardware tampering. In: TCC 2004. Springer, pp 258–277
Wee H (2012) Public key encryption against related key attacks. In: PKC 2012. Springer, pp 262–279
Akkar ML, Giraud C (2001) An implementation of des and aes, secure against some attacks. In: CHES 2001, pp 309–318
Trichina E, De Seta D, Germani L (2002) Simplified adaptive multiplicative masking for aes. In: CHES 2002, pp 187–197
Dziembowski S, Pietrzak K (2008) Leakage-resilient cryptography. In: FOCS 2008, pp 293–302
Juma A, Vahlis Y (2010) Protecting cryptographic keys against continual leakage. In: Advances in Cryptology-CRYPTO 2010. Springer, pp 41–58
Chow S, Dodis Y, Rouselakis Y, Waters B (2010) Practical leakageresilient identity-based encryption from simple assumptions. In: CCS 2010, pp 152–161
Boyle E, Segev G, Wichs D (2011) Fully leakage-resilient signatures. In: Advances in Cryptology-EUROCRYPT 2011. Springer, pp 89–108
Halevi S, Lin H (2011) After-the-fact leakage in public-key encryption. In: TCC 2011, pp 474–495
Zhang M, Yang B, Takagi T (2013) Bounded leakage-resilient functional encryption with hidden vector predicate. Comput J 56(4):464–477
Huang Z, Liu S, Mao X, Chen K, Li J (2017) Insight of the protection for data security under selective opening attacks. Inf Sci 412:223–241
Brakerski Z, Kalai Y, Katz J, Vaikuntanathan V (2010) Overcoming the hole in the bucket: public-key cryptography resilient to continual memory leakage. In: FOCS 2010, pp 501–510
Dodis Y, Haralambiev K, Lopez-Alt A, Wichs D (2010) Cryptography against continuous memory attacks. In: FOCS 2010, pp 511–520
Shen J, Wang C, Li T, Chen X, Huang X, Zhan ZH (2018) Secure data uploading scheme for a smart home system. Inf Sci. https://doi.org/10.1016/j.ins.2018.04.048
Chen X, Li J, Weng J, Ma J, Lou W (2016) Verifiable computation over large database with incremental updates. IEEE Trans Comput 65(10):3184–3195
Lewko A, Rouselakis Y, Waters B (2011) Achieving leakage resilience through dual system encryption. In: TCC 2011, pp 70–88
Lewko A, Lewko M, Waters B (2011) How to leak on key updates. In: STOC 2011, pp 725–734
Dodis Y, Lewko A, Waters B, Wichs D (2011) Storing secrets on continually leaky devices. In: FOCS 2011, pp 688–697
Kalai Y, Kanukurthi B, Sahai A (2011) Cryptography with tamperable and leaky memory. In: Advances in Cryptology-CRYPTO 2011. Springer, pp 373–390
Damgård I, Faust S, Mukherjee P, Venturi D (2013) Bounded tamper resilience: How to go beyond the algebraic barrier. In: Advances in Cryptology-ASIACRYPT 2013. Springer, pp 140–160
Li J, Chen X, Li M, Li J, Lee PP, Lou W (2014) Secure deduplication with efficient and reliable convergent key management. IEEE Trans Parallel Distrib Syst 25(6):1615–1625
Wichs D (2011) Cryptographic resilience to continual information leakage. PhD thesis, New York University
Naor M, Yung M (1990) Public-key cryptosystems provably secure against chosen ciphertext attacks. In: STOC 1990, pp 427–437
Qin B, Liu S (2013) Leakage-resilient chosen-ciphertext secure public-key encryption from hash proof system and one-time lossy filter. In: Advances in Cryptology-ASIACRYPT 2013. Springer, pp 381–400
Naor M, Segev G (2012) Public-key cryptosystems resilient to key leakage. SIAM J Comput 41(4):772–814
Cramer R, Shoup V (2002) Universal hash proofs and a paradigm for adaptive chosen ciphertext secure public-key encryption. In: Advances in Cryptology-EUROCRYPT 2002. Springer, pp 45–64
Dodis Y, Kalai Y, Lovett S (2009) On cryptography with auxiliary input. In: STOC 2009, pp 621–630
Chen J, Wei Lim H, Ling S, Wang H, Wee H (2012) Shorter ibe and signatures via asymmetric pairings. In: Pairing 2012, pp 122–140
Yang R, Xu Q, Zhou Y, Zhang R, Hu C, Yu Z (2015) Updatable hash proof system and its applications. In: ESORICS2015, pp 266–285
Shoup V (2004) Sequences of games: a tool for taming complexity in security proofs. Cryptology ePrint Archive 2004:332
Acknowledgements
This project is supported by National Natural Science Foundation of China (No. 61602275), the Open Project of Co-Innovation Center for Information Supply & Assurance Technology, Anhui University (No. ADXXBZ201702), and Shandong Province Higher Educational Science and Technology Program (No. J15LN01).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Hu, C., Yang, R., Liu, P. et al. A countermeasure against cryptographic key leakage in cloud: public-key encryption with continuous leakage and tampering resilience. J Supercomput 75, 3099–3122 (2019). https://doi.org/10.1007/s11227-018-2534-z
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11227-018-2534-z