Secure Proxy-Reencryption-Based Inter-Network Key Exchange
| Autor: | Lloyd Greenwald, Kurt Rohloff, David Thomas Stott |
|---|---|
| Rok vydání: | 2018 |
| Předmět: |
021110 strategic
defence & security studies Computer science business.industry 0211 other engineering and technologies Homomorphic encryption 02 engineering and technology computer.software_genre Encryption Proxy server 0202 electrical engineering electronic engineering information engineering 020201 artificial intelligence & image processing business computer Wireless sensor network Key exchange Adversary model Computer network |
| Zdroj: | MILCOM |
| Popis: | In this paper we present a novel approach to distribute session keys securely across administrative boundaries where participants may be unable to interact directly. The basis of our approach is the use of Proxy ReEncryption (PRE) to encrypt session keys (e.g., AES keys), publish the session keys to a proxy server, and then distribute the session keys to session participants who reencrypt, decrypt and access the session keys. Our approach, Secure Proxy-Reencryption-based Inter-network Key Exchange (SPIKE), applies to several realworld use cases, including coalition data sharing, sensor network data sharing and large-scale video distribution. SPIKE enables these use cases without requiring coordination between publishers and subscribers. We address an honest-but-curious adversary model where any data sent over a network link or stored at a proxy can be leaked. Our design of SPIKE is independent of the specific PRE scheme used. For implementation and experimentation purposes we implement and use, PALISADE, a general post-quantum lattice-based encryption library that provides a unidirectional PRE scheme with collusion resistance, supports multi-hop reencryption, and admits more general homomorphic encryption properties than other schemes. We present our design and implementation in experimental settings to evaluate realworld performance. We discuss generalization of our approach to increase scalability and address broader security concerns. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|