Abstract
A smart city can utilize information and communication technologies to minimize energy, waste, and resource consumption and attain high-efficiency services, so it directly improves the life quality of all residents. However, it also brings about some security and privacy challenges. For instance, once the ubiquitous network in the smart city is attacked, all of the sensitive information and residents’ identities will be revealed. In many application scenarios, the anonymity of residents is a desirable security property. After all, nobody wants to be traced for his daily activity or personal habits. In this paper, we propose a generic identity-based broadcast encryption scheme which can satisfy information’s confidentiality and users’ anonymity simultaneously under chosen-ciphertext attacks. What is different from our previous work which was published in ACISP 2016 is that we present the proof of confidentiality and focus on the application environment. The generic IBBE construction has a desirable property that its public parameter size and private key size are constant as well as its decryption cost is independent of the number of receivers. Thus, no matter from which point of views, the construction is very appropriate for smart city information system.
Similar content being viewed by others
References
Abdalla M, Bellare M, Catalano D, Kiltz E, Kohno T, Lange T, Malone-Lee J, Neven G, Paillier P, Shi H (2005) Searchable encryption revisited: Consistency properties, relation to anonymous ibe, and extensions. Cryptology ePrint Archive, Report 2005/254
Abdalla M, Bellare M, Neven G (2008) Robust encryption. IACR, Cryptology ePrint Archive 2008:440
Baek J, Safavi-Naini R, Susilo W (2005) Efficient multi-receiver identity-based encryption and its application to broadcast encryption. In: Public key cryptography - PKC 2005, 8th international workshop on theory and practice in public key cryptography, Les Diablerets, Switzerland, January 23-26, 2005, Proceedings, pp 380–397
Barbosa M, Farshim P (2005) Efficient identity-based key encapsulation to multiple parties. IACR, Cryptology ePrint Archive 2005:217
Barth A, Boneh D, Waters B (2006) Privacy in encrypted content distribution using private broadcast encryption. In: Financial cryptography and data security, 10th international conference, FC 2006, Anguilla, British West Indies, February 27-March 2, 2006, Revised Selected Papers, pp 52–64
Bellare M, Rogaway P (1995) Random oracles are practical: a paradigm for designing efficient protocols
Bellare M, Boldyreva A, Desai A, Pointcheval D (2001) Key-privacy in public-key encryption. In: Advances in cryptology - ASIACRYPT 2001, 7th international conference on the theory and application of cryptology and information security, Gold Coast, Australia, December 9-13, 2001, Proceedings, pp 566–582
Boneh D, Franklin MK (2001) Identity-based encryption from the weil pairing. In: Advances in cryptology - CRYPTO 2001, 21st annual international cryptology conference, Santa Barbara, California, USA, August 19-23, 2001, Proceedings, pp 213–229
Boneh D, Gentry C, Waters B (2005) Collusion resistant broadcast encryption with short ciphertexts and private keys. In: Advances in cryptology - CRYPTO 2005: 25th annual international cryptology conference, Santa Barbara, California, USA, August 14-18, 2005, Proceedings, pp 258–275
Canetti R, Halevi S, Katz J (2004) Chosen-ciphertext security from identity-based encryption. In: Advances in cryptology - EUROCRYPT 2004, international conference on the theory and applications of cryptographic techniques, Interlaken, Switzerland, May 2-6, 2004, Proceedings, pp 207–222
Cerrudo C (2015) Brief: Keeping smart cities smart: preempting emerging cyber attacks in us cities
Chatterjee S, Sarkar P (2006) Multi-receiver identity-based key encapsulation with shortened ciphertext. In: Progress in cryptology - INDOCRYPT 2006, 7th international conference on cryptology in india, Kolkata, India, December 11-13, 2006, Proceedings, pp 394–408
Chien H (2012) Improved anonymous multi-receiver identity-based encryption. Comput J 55(4):439–446
Delerablée C (2007) Identity-based broadcast encryption with constant size ciphertexts and private keys. In: Advances in cryptology - ASIACRYPT 2007, 13th international conference on the theory and application of cryptology and information security, Kuching, Malaysia, December 2-6, 2007, Proceedings, pp 200–215
Dodis Y, Fazio N (2002) Public key broadcast encryption for stateless receivers. In: Security and privacy in digital rights management, ACM CCS-9 workshop, DRM 2002, Washington, DC, USA, November 18, 2002, Revised Papers, pp 61–80
Fan C, Huang L, Ho P (2010) Anonymous multireceiver identity-based encryption. IEEE Trans Comput 59(9):1239–1249
Fazio N, Perera IM (2012) Outsider-anonymous broadcast encryption with sublinear ciphertexts. In: Public key cryptography - PKC 2012 - 15th international conference on practice and theory in public key cryptography, Darmstadt, Germany, May 21-23, 2012. Proceedings, pp 225–242
Ferraz FS, Ferraz CAG (2014) More than meets the eye in smart city information security: Exploring security issues far beyond privacy concerns. In: Ubiquitous intelligence and computing, 2014 IEEE 11th intl conf on and IEEE 11th intl conf on and autonomic and trusted computing, and IEEE 14th intl conf on scalable computing and communications and its associated workshops (UTC-ATC-ScalCom). IEEE, pp 677–685
Ferraz FS, Ferraz CAG (2014b) Smart city security issues: depicting information security issues in the role of an urban environment. In: 2014 IEEE/ACM 7th international conference on utility and cloud computing (UCC). IEEE, pp 842–847
Fiat A, Naor M (1993) Broadcast encryption. In: Advances in cryptology - CRYPTO ’93, 13th annual international cryptology conference, Santa Barbara, California, USA, August 22-26, 1993, Proceedings, pp 480–491
Gentry C, Waters B (2009) Adaptive security in broadcast encryption systems (with short ciphertexts). In: Advances in cryptology - EUROCRYPT 2009, 28th annual international conference on the theory and applications of cryptographic techniques, Cologne, Germany, April 26-30, 2009. Proceedings, pp 171–188
He K, Weng J, Au MH, Mao Y, Deng RH (2016a) Generic anonymous identity-based broadcast encryption with chosen-ciphertext security. In: Information security and privacy - 21st australasian conference, ACISP 2016, melbourne, VIC, Australia, July 4-6, 2016, Proceedings, Part II, pp 207–222
He K, Weng J, Liu J, Liu JK, Liu W, Deng RH (2016b) Anonymous identity-based broadcast encryption with chosen-ciphertext security. In: Proceedings of the 11th ACM on asia conference on computer and communications security, asia CCS 2016, xi’an, China, May 30 - June 3, 2016, pp 247–255
Hu L, Liu Z, Cheng X (2010) Efficient identity-based broadcast encryption without random oracles. JCP 5(3):331–336
Huang X, Liu JK, Tang S, Xiang Y, Liang K, Xu L, Zhou J (2015) Cost-effective authentic and anonymous data sharing with forward security. IEEE Trans Comput 64(4):971–983
Hur J, Park C, Hwang S (2012) Privacy-preserving identity-based broadcast encryption. Information Fusion 13(4):296–303
Khan Z, Pervez Z, Ghafoor A (2014) Towards cloud based smart cities data security and privacy management. In: 2014 IEEE/ACM 7th International conference on utility and cloud computing (UCC). IEEE, pp 806–811
Kim I, Hwang SO (2013) An optimal identity-based broadcast encryption scheme for wireless sensor networks. IEICE Trans 96-B(3):891–895
Li H, Pang L (2014) Cryptanalysis of wang others.’s improved anonymous multi-receiver identity-based encryption scheme. IET Inf Secur 8(1):8–11
Libert B, Paterson KG, Quaglia EA (2012) Anonymous broadcast encryption: Adaptive security and efficient constructions in the standard model. In: Public key cryptography - PKC 2012 - 15th international conference on practice and theory in public key cryptography, Darmstadt, Germany, May 21-23, 2012. Proceedings, pp 206–224
Liu JK, Chu C, Chow SSM, Huang X, Au MH, Zhou J (2015) Time-bound anonymous authentication for roaming networks. IEEE Trans Inf Forensics Secur 10(1):178–189
Liu W, Liu J, Wu Q, Qin B (2014) Hierarchical identity-based broadcast encryption. In: Information security and privacy - 19th australasian conference, ACISP 2014, Wollongong, NSW, Australia, July 7-9, 2014. Proceedings, pp 242–257
Panori A (2016) Report: Dubai c a new paradigm for smart cities
Ren Y, Gu D (2009) Fully CCA2 secure identity based broadcast encryption without random oracles. Inf Process Lett 109(11):527–533
Ren Y, Niu Z, Zhang X (2014) Fully anonymous identity-based broadcast encryption without random oracles. I J Network Security 16(4):256–264
Rompel J (1990) One-way functions are necessary and sufficient for secure signatures. In: Proceedings of the 22nd annual ACM symposium on theory of computing, May 13-17, 1990. Baltimore, Maryland, USA, pp 387–394
Sakai R, Furukawa J (2007) Identity-based broadcast encryption. Cryptology ePrint Archive, Report 2007/217
Wang H, Zhang Y, Xiong H, Qin B (2012) Cryptanalysis and improvements of an anonymous multi-receiver identity-based encryption scheme. IET Inf Secur 6(1):20–27
Wang J, Bi J (2010) Lattice-based identity-based broadcast encryption scheme. IACR, Cryptology ePrint Archive 2010:288
Wu Q, Wang W (2011) New identity-based broadcast encryption with constant ciphertexts in the standard model. JSW 6(10):1929–1936
Xie L, Ren Y (2014) Efficient anonymous identity-based broadcast encryption without random oracles. IJDCF 6(2):40–51
Yang C, Zheng S, Wang L, Lu X, Yang Y (2014) Hierarchical identity-based broadcast encryption scheme from LWE. J Commun Networks 16(3):258–263
Yuen TH, Zhang C, Chow SSM, Liu JK (2013) Towards anonymous ciphertext indistinguishability with identity leakage. In: Provable security - 7th international conference, ProvSec 2013, Melaka, Malaysia, October 23-25, 2013. Proceedings, pp 139–153
Yuen TH, Liu JK, Au MH, Huang X, Susilo W, Zhou J (2015) k-times attribute-based anonymous access control for cloud computing. IEEE Trans Comput 64(9):2595–2608
Zhang B, Xu Q (2008) Identity-based broadcast group-oriented encryption from pairings. In: The second international conference on future generation communication and networking, FGCN 2008, volume 1, main conference, hainan island, China, December 13-15, 2008, pp 407–410
Zhang J, Mao J (2015) An improved anonymous multi-receiver identity-based encryption scheme. Int J Commun Syst 28(4):645–658
Zhang JH, Cui YB (2012) Comment an anonymous multi-receiver identity-based encryption scheme. IACR, Cryptology ePrint Archive 2012:201
Zhang L, Hu Y, Mu N (2008) An identity-based broadcast encryption protocol for ad hoc networks. In: Proceedings of the 9th international conference for young computer scientists, ICYCS 2008, zhang jia jie, hunan, China, November 18-21, 2008, pp 1619– 1623
Zhang L, Wu Q, Mu Y (2013) Anonymous identity-based broadcast encryption with adaptive security. In: Cyberspace safety and security - 5th international symposium, CSS 2013, Zhangjiajie, China, November 13-15, 2013, Proceedings, pp 258–271
Zhang M, Takagi T (2013) Efficient constructions of anonymous multireceiver encryption protocol and their deployment in group e-mail systems with privacy preservation. IEEE Syst J 7(3):410–419
Zhao X, Zhang F (2012) Fully CCA2 secure identity-based broadcast encryption with black-box accountable authority. J Syst Softw 85(3):708–716
Acknowledgments
This work was supported by National Science Foundation of China (Grant Nos. 61272413, 61133014, 61272415, and 61472165), Research Fund for the Doctoral Program of Higher Education of China (Grant No. 2013440 1110011), the 2016 special fund for Applied Science & Technology Development and Transformation of Major Scientific and Technological Achievements, the fund for Zhuhai City Predominant Disciplines, and the Open Project Program of the Guangdong Provincial Big Data Collaborative Innovation Center.
Author information
Authors and Affiliations
Corresponding author
Appendix A: Concrete instantiation
Appendix A: Concrete instantiation
We shall present a concrete instantiation based on the generic IBBE construction, employing Boneh-Franklin IBE scheme [8], which is IND-CCA secure and ANO-CCA secure as noticed in [1] and WROB-CCA secure as noticed in [2] and a concrete signature scheme, e.g. [36] which is a strong one-time signature scheme Σ = (Gen, Sig, Ver).
-
Setup (1 λ ): On input of a security parameter λ, it first chooses a bilinear group \(\mathbb {G},\mathbb {G}_{T}\) of prime order p with bilinear map \(e:\mathbb {G}\times \mathbb {G}\rightarrow \mathbb {G}_{T}\) and a generator \(g {\leftarrow }_{R}\mathbb {G}\), and then picks \(\alpha ,\beta {\leftarrow }_{R}\mathbb {Z}_{p}\), computes g 1 = g α and g 2 = g β, chooses hash functions \(H_{1}:\{0,1\}^{*}\rightarrow \mathbb {G}\), \(H_{2}:\{0,1\}^{\ell }\times \{0,1\}^{n}\rightarrow \mathbb {Z}_{p}\), \(H_{3}:\mathbb {G}_{T} \rightarrow \{0,1\}^{\ell }\), \(H_{4}:\{0,1\}^{\ell }\rightarrow \{0,1\}^{(\lambda +\ell +n)}\), \(H_{5}:\{0,1\}^{\ell }\times \{0,1\}^{\lambda +\ell +n}\rightarrow \mathbb {Z}_{p}\) which are modeled as random oracles. The public parameters are \({params}=(\mathbb {G},\mathbb {G}_{T},\mathbb {Z}_{p},p,e,g,g_{1},g_{2},H_{1},H_{2},H_{3},H_{4}\), H 5) and the master secret key is msk = (α, β).
-
Extract ( m s k , I D ): On input of the master secret key msk and an identity ID, it computes \(sk^{0}_{ID}=H_{1}(ID)^{\alpha }\) and \(sk^{1}_{ID}=H_{1}(ID)^{\beta }\). The private key is \(sk_{ID}=(sk^{0}_{ID},sk^{1}_{ID})\).
-
Enc ( p a r a m s , S , M ): On input of the public parameters params, a receiver set S = {ID 1, ID 2,⋯ , ID t } and a message M ∈{0, 1}n, it first runs \((svk,ssk)\leftarrow \) Gen (1λ), chooses \(\delta _{1},\delta _{2}\leftarrow _{R}\{0,1\}^{\ell }\), lets r 1 = H 2(δ 1|| M) and \(r_{2}=H_{5}(\delta _{2}||svk||\delta _{1}||M)\), and then computes \(T_{1}=g^{r_{1}}\) and \(T_{2}=g^{r_{2}}\). For each ID ∈ S, computes \(c_{ID}^{0}=H_{3}(e(g_{1},H_{1}(ID))^{r_{1}})\) and \(c_{ID}^{1}=(c_{ID}^{10},c_{ID}^{11})=(H_{3}(e(g_{2},H_{1}(ID))^{r_{2}})\oplus {\delta _{2}},H_{4}(\delta _{2})\oplus (svk\) ||δ 1||M)). Let \(C_{1}=(c_{ID_{1}}^{0},c_{ID_{1}}^{1})||\cdots ||(c_{ID_{t}}^{0},c_{ID_{t}}^{1})\). The ciphertext is CT = (svk, T 1, T 2, C 1, σ), where σ = Sig (ssk, T 1||T 2||C 1).
-
Dec( s k I D , C T ): On input of a private key sk ID and a ciphertext CT, it parses CT as (svk, σ, T, C 1), where \(C_{1}=(c_{ID_{1}}^{0},c_{ID_{1}}^{1})||\cdots ||(c_{ID_{t}}^{0},c_{ID_{t}}^{1})\). If Ver (svk, T 1||T 2||C 1, σ)=0, returns ⊥; else computes \(c_{ID}^{0}\)= H 3 (e(T 1, \(sk^{0}_{ID}))\) and determines which ciphertext should be decrypted among \((c_{ID_{1}}^{0},c_{ID_{1}}^{1})||\cdots || (c_{ID_{t}}^{0},c_{ID_{t}}^{1})\). For each ID j ∈ S, if \(c_{ID}^{0}\neq c_{ID_{j}}^{0}\), returns ⊥; else chooses the smallest index j such that \(c_{ID}^{0}=c_{ID_{j}}^{0}\) and \(c_{ID}^{1}=c_{ID_{j}}^{1}\). It computes \(\delta _{2}^{\prime }=H_{3}(e(T_{2},sk^{1}_{ID}))\oplus {c_{ID}^{10}}\), \(svk||\delta _{1}||M=H_{4}(\delta _{2}^{\prime })\oplus {c_{ID}^{11}}\). If \(T_{1}\neq {g^{H_{2}(\delta _{1}||M)}}\) or \(T_{2}\neq {g^{H_{5}(\delta _{2}||svk||\delta _{1}||M)}}\), returns ⊥; else returns M.
Rights and permissions
About this article
Cite this article
He, K., Weng, J., Mao, Y. et al. Anonymous identity-based broadcast encryption technology for smart city information system. Pers Ubiquit Comput 21, 841–853 (2017). https://doi.org/10.1007/s00779-017-1053-x
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00779-017-1053-x