Identity-based Key Insulated Technology With Proxy

Modern information security system often require different implementations of cryptography in various environments, since the exposure of secrect keys usually means the security is entirely lost, this problem is probably the greatest threat to security scheme in real world, and people come to realize that in some certain circumstances key exposure is inevitable. Then two methods left for the key exposure problem, one is to actively prevent key exposure, and the other is to seek practical way reducing the harm to whole system if key exposure occur.This paper focus on how to minimize the damage caused by secret key exposures. On the way of this idea, after Anderson's notes of forward security and a forward-secure signature scheme Bellare et al. proposed, Dodis et al. put forward a complete sets of concepts and basic model of key insulated cryptography scheme. Under DDH assumption, Dodis'scheme achieve (t, N)-insulate security, and with formal proof of it. In the model, user's secret keys are refreshed at discrete time periods with a helper and the public key remain unchanged, any adversary who compromises the insecure device and obtain up to t secret keys is unable to violate the security of the system for any of the remaining N-t periods, and it can be assumed that helper are untrusted.Our main contribution of this paper is to propose an identity based key insulated scheme with multi-user support based on the basic framework of Water-IBE. Key management in multi-user environment has always been a thorny issue. Since Boneh and Franklin proposed the first practical identity-based encryption scheme, and Brent Water's IBE scheme under the standard oracle model on DBDH assumption, identity based key management significantly reduces the overhead of key agreement. In our scheme, individual user achieve (??, ??)-key insulated security, PKG act as the secure key updating helper. New scheme with IB key management, has a way to efficiently make agreement on cryptography keys In this paper, the individual users'refreshing key does not involve the user identity-based private key, and will be generated at a lower cost.Then a modified scheme with proxy function is proposed based on above scheme, motivation of the proxy modification is to strengthen IB-KIE's flexibility. Considering the conventional scheme require secure channel for PKG to distribute the private key, and the real situation is that users might not stay in their office all the time, when he has a travel out to untrusted environment, it will need some kind of temperary decryption delegation than take his idendity based secret key around him. The delegation is a modified practice of the idea of proxy re-encryption from Ateniese et al. to achieve the secret commission, unprotected laptop or device as a delegatee can obtain temprary decryption delegations for using under the untrusted domain. The extended user device has no necessity to hold identity-based secret key, but to require a temprory re-encryption key each traveling time and then use its local key to finish decryption by itself. Once the time slice is over or exception occurs, ordinary user can revoke the leaked secret commission or discarded seccret message without changing or revocating the identity.