Lime: Data Lineage in the Malicious Environment

Intentional or unintentional leakage of confidential data is undoubtedly one of the most severe security threats that organizations face in the digital era. The threat now extends to our personal lives: a plethora of personal information is available to social networks and smartphone providers and is indirectly transferred to untrustworthy third party and fourth party applications. In this work, we present a generic data lineage framework LIME for data flow across multiple entities that take two characteristic, principal roles (i.e., owner and consumer). We define the exact security guarantees required by such a data lineage mechanism toward identification of a guilty entity, and identify the simplifying non repudiation and honesty assumptions. We then develop and analyze a novel accountable data transfer protocol between two entities within a malicious environment by building upon oblivious transfer, robust watermarking, and signature primitives. Finally, we perform an experimental evaluation to demonstrate the practicality of our protocol

Efficient Construction for Full Black-Box Accountable Authority Identity-Based Encryption

Accountable authority identity-based encryption (A-IBE), as an attractive way to guarantee the user privacy security, enables a malicious private key generator (PKG) to be traced if it generates and re-distributes a user private key. Particularly, an A-IBE scheme achieves full black-box security if it can further trace a decoder box and is secure against a malicious PKG who can access the user decryption results. In PKC\u2711, Sahai and Seyalioglu presented a generic construction for full black-box A-IBE from a primitive called dummy identity-based encryption, which is a hybrid between IBE and attribute-based encryption (ABE). However, as the complexity of ABE, their construction is inefficient and the size of private keys and ciphertexts in their instantiation is linear in the length of user identity. In this paper, we present a new efficient generic construction for full black-box A-IBE from a new primitive called token-based identity-based encryption (TB-IBE), without using ABE. We first formalize the definition and security model for TB-IBE. Subsequently, we show that a TB-IBE scheme satisfying some properties can be converted to a full black-box A-IBE scheme, which is as efficient as the underlying TB-IBE scheme in terms of computational complexity and parameter sizes. Finally, we give an instantiation with the computational complexity as O(1) and the constant size master key pair, private keys, and ciphertexts

Report and Trace Ring Signatures

We introduce report and trace ring signature schemes, balancing the desire for signer anonymity with the ability to report malicious behaviour and subsequently revoke anonymity. We contribute a formal security model for report and trace ring signatures that incorporates established properties of anonymity, unforgeability and traceability, and captures a new notion of reporter anonymity. We present a construction of a report and trace ring signature scheme, proving its security and analysing its efficiency, comparing with the state of the art in the accountable ring signatures literature. Our analysis demonstrates that our report and trace scheme is efficient, particularly for the choice of cryptographic primitives that we use to instantiate our construction. We contextualise our new primitive with respect to related work, and highlight, in particular, that report and trace ring signature schemes protect the identity of the reporter even after tracing is complete

Attribute-based encryption for cloud computing access control: A survey

National Research Foundation (NRF) Singapore; AXA Research Fun

Decentralized Threshold Signatures with Dynamically Private Accountability

Threshold signatures are a fundamental cryptographic primitive used in many practical applications. As proposed by Boneh and Komlo (CRYPTO'22), TAPS is a threshold signature that is a hybrid of privacy and accountability. It enables a combiner to combine t signature shares while revealing nothing about the threshold t or signing quorum to the public and asks a tracer to track a signature to the quorum that generates it. However, TAPS has three disadvantages: it 1) structures upon a centralized model, 2) assumes that both combiner and tracer are honest, and 3) leaves the tracing unnotarized and static. In this work, we introduce Decentralized, Threshold, dynamically Accountable and Private Signature (DeTAPS) that provides decentralized combining and tracing, enhanced privacy against untrusted combiners (tracers), and notarized and dynamic tracing. Specifically, we adopt Dynamic Threshold Public-Key Encryption (DTPKE) to dynamically notarize the tracing process, design non-interactive zero knowledge proofs to achieve public verifiability of notaries, and utilize the Key-Aggregate Searchable Encryption to bridge TAPS and DTPKE so as to awaken the notaries securely and efficiently. In addition, we formalize the definitions and security requirements for DeTAPS. Then we present a generic construction and formally prove its security and privacy. To evaluate the performance, we build a prototype based on SGX2 and Ethereum

Pre-Constrained Encryption

In all existing encryption systems, the owner of the master secret key has the ability to decrypt all ciphertexts. In this work, we propose a new notion of pre-constrained encryption (PCE) where the owner of the master secret key does not have "full" decryption power. Instead, its decryption power is constrained in a pre-specified manner during the system setup. We present formal definitions and constructions of PCE, and discuss societal applications and implications to some well-studied cryptographic primitives

New Security Definitions, Constructions and Applications of Proxy Re-Encryption

La externalización de la gestión de la información es una práctica cada vez más común, siendo la computación en la nube (en inglés, cloud computing) el paradigma más representativo. Sin embargo, este enfoque genera también preocupación con respecto a la seguridad y privacidad debido a la inherente pérdida del control sobre los datos. Las soluciones tradicionales, principalmente basadas en la aplicación de políticas y estrategias de control de acceso, solo reducen el problema a una cuestión de confianza, que puede romperse fácilmente por los proveedores de servicio, tanto de forma accidental como intencionada. Por lo tanto, proteger la información externalizada, y al mismo tiempo, reducir la confianza que es necesario establecer con los proveedores de servicio, se convierte en un objetivo inmediato. Las soluciones basadas en criptografía son un mecanismo crucial de cara a este fin. Esta tesis está dedicada al estudio de un criptosistema llamado recifrado delegado (en inglés, proxy re-encryption), que constituye una solución práctica a este problema, tanto desde el punto de vista funcional como de eficiencia. El recifrado delegado es un tipo de cifrado de clave pública que permite delegar en una entidad la capacidad de transformar textos cifrados de una clave pública a otra, sin que pueda obtener ninguna información sobre el mensaje subyacente. Desde un punto de vista funcional, el recifrado delegado puede verse como un medio de delegación segura de acceso a información cifrada, por lo que representa un candidato natural para construir mecanismos de control de acceso criptográficos. Aparte de esto, este tipo de cifrado es, en sí mismo, de gran interés teórico, ya que sus definiciones de seguridad deben balancear al mismo tiempo la seguridad de los textos cifrados con la posibilidad de transformarlos mediante el recifrado, lo que supone una estimulante dicotomía. Las contribuciones de esta tesis siguen un enfoque transversal, ya que van desde las propias definiciones de seguridad del recifrado delegado, hasta los detalles específicos de potenciales aplicaciones, pasando por construcciones concretas

Accountable Metadata-Hiding Escrow: A Group Signature Case Study

Abstract A common approach to demands for lawful access to encrypted data is to allow a trusted third party (TTP) to gain access to private data. However, there is no way to verify that this trust is well placed as the TTP may open all messages indiscriminately. Moreover, existing approaches do not scale well when, in addition to the content of the conversation, one wishes to hide one’s identity. Given the importance of metadata this is a major problem. We propose a new approach in which users can retroactively verify cryptographically whether they were wiretapped. As a case study, we propose a new signature scheme that can act as an accountable replacement for group signatures, accountable forward and backward tracing signatures.</jats:p