From Ephemerizer to Timed-Ephemerizer - Achieve Assured Lifecycle Enforcement for Sensitive Data

From Ephemerizer to

Timed-Ephemerizer: Achieve Assured Lifecycle Enforcement

for Sensitive Data

Q iang T ang

APSIA group, SnT, University of Luxembourg. 6, rue Richard Coudenhove-Kalergi, L-1359 Luxembourg

Email: [email protected]

The concept of Ephemerizer, proposed by Perlman, is a cryptographic primitive for assured data deletion. With an Ephemerizer protocol, data in persistent storage devices will always be encrypted simultaneously using an ephemeral public key of the Ephemerizer (an entity which will publish a set of ephemeral public keys and periodically delete the expired ones) and the long-term public key of a user. An Ephemerizer protocol enables the user to securely decrypt the encrypted data without leaking any information to the Ephemerizer. So far, no security model has ever been proposed for this primitive and existing protocols have not been studied formally. Not surprisingly, we show that some existing Ephemerizer protocols possess security vulnerabilities. In this paper, we review the notion of Timed-Ephemerizer, which can be regarded as a hybrid primitive by combining Ephemerizer and Timed-Release Encryption. Compared with an Ephemerizer protocol, a Timed-Ephemerizer protocol further guarantees that data will only be released after a pre-defined disclosure time. Moreover, we revisit a security model for Timed-Ephemerizer and adapt it for Ephemerizer. We also revise a previous Timed-Ephemerizer protocol by Tang and prove its security in the security model.

Keywords: Ephemerizer; storage privacy; assured lifecycle Received x; revised y

1. INTRODUCTION

Rapid growth of information technology has greatly facilitated individuals and enterprizes to generate and store sensitive data (business transaction details, electronic health records, personal profiles, etc). It is common that backups of the same piece of data will be placed on many different persistent storage devices, such as hard disks, tapes, and USB tokens.

To protect the confidentiality, sensitive data are often firstly encrypted then stored on various devices, while the cryptographic keys also need to be stored and backed up on some persistent storage devices. With respect to storing data in persistent storage devices, there are two concerns.

1. It is relatively easy to recover data from persistent storage devices, even when the data has been deleted. As such, the US government specification has suggested to overwrite non- classified information three times [1]. In contrast to persistent storage devices, it is more difficult for an adversary to corrupt volatile storage devices (for example, most forms of modern random

access memory) because the data in such devices will disappear when the electricity/power is gone.

However, it is worth noting that this could be very subtle in the presence of side channel attacks, especially when considering the cold boot attacks [2].

2. Backups of encrypted sensitive data and crypto- graphic keys often reside in many devices. Conse- quently, it is difficult to guarantee that all relevant backups have been deleted.

The above observations imply that an adversary may simultaneously obtain a copy of encrypted data and relevant cryptographic keys due to the potential management carelessness. Especially, this may be fairly easy for a malicious insider in organizations. To reduce the potential risks facing sensitive data, it is crucial to define an expiration time and strictly enforce secure deletion afterwards. Subsequently, an effective cryptographic protocol is needed for the enforcement.

Ephemerizer, proposed by Perlman [3, 4] and further studied by Nair et al. [5], has shown a promising direction towards a practical solution to the above

problem. At the core of Ephemerizer is a key management service provided by an entity, referred to as the Ephemerizer, which will publish a set of ephemeral public keys and securely delete the expired ones periodically. With an Ephemerizer protocol, data in persistent storage devices will always be encrypted simultaneously using an ephemeral public key of the Ephemerizer and the long-term public key of a user.

The novelty of asecureEphemerizer protocol is that it enables the user to securely decrypt the encrypted data without leaking any information to the Ephemerizer. If we assume that the plaintext data only reside in volatile storage devices such as memory, then an Ephemerizer protocol guarantees that expired data will remain unrecoverable even if the user’s persistent storage, the user’s long-term private key, and the unexpired private keys of the Ephemerizer have been compromised.

1.1. Problem Statement

So far, no security model has ever been proposed for Ephemerizer and existing protocols have not been analyzed formally. As a result, even if an existing Ephemerizer protocol is employed, it is not clear what kind of security guarantee will be provided.

To gain confidence in these protocols, we need to propose a formal security model and conduct corresponding security analysis. The other concern is that an Ephemerizer protocol is only supposed to provide assured deletion but not assured initial disclosure, which however could be a very useful feature in some practical applications. In a security guideline published by the Cloud Security Alliance¹, thirteen domains of interest have been identified for applications in the cloud computing environment, one of which isinformation lifecycle management. As such, protocols providing assured lifecycle (marked by an assured initial disclosure and an assured deletion) will be more appealing than those providing only assured deletion. We illustrate this by an outsourcing data security example in Section 6.2.

It is worth noting that Ephemerizer and its variants only guarantee the lifecycle of data release through encryption. Once data is decrypted (e.g. residing in clear in memory), other complementary solutions are needed to securely delete the data (e.g. the state re- incarnation technique [6]). We do not consider such techniques in this work.

1.2. Our Contribution

This is an extended version of the conference paper [7], in which the author only introduced the concept of Timed-Ephemerizer and gave an instantiation. Our extentions fall into the following aspects.

Firstly, we show that some Ephemerizer protocols in [5, 3, 4] possess security vulnerabilities. Specifically,

1http://www.cloudsecurityalliance.org/

we show that the Ephemerizer protocol using blind decryption technique in [3, 4] is vulnerable to attacks from a curious Ephemerizer. More seriously, we show that the hybrid PKI-IBC Ephemerizer protocol in [5]

does not achieve assured deletion, i.e. an adversary can recover expired data.

Secondly, we provide a general overview of Timed- Ephemerizer. The workflow is illustrated in Fig.

1. Data in persistent storage devices will always be encrypted using an ephemeral public key of the Ephemerizer, the public key of the user, and the long- term public key of the time server (which will publish timestamps periodically). As a security guarantee, a Timed-Ephemerizer protocol enables the user to securely decrypt the encrypted data only during a pre- defined time slot, namely before the expiration of the ephemeral private key and the after the release of the timestamp from the time server, yet without leaking any information to the Ephemerizer or the time server.

If the time server’s private key is made public (or, the assured initial disclosure property is disabled), then Timed-Ephemerizer becomes Ephemerizer. Based on the security model for Timed-Ephemerizer, we present a security model for Ephemerizer.

FIGURE 1.An Illustration of Timed-Ephemerizer

Thirdly, we revise the Timed-Ephemerizer protocol [7] with hash function usage and prove its security in the proposed security model.

Fourthly, we compare Timed-Ephemerizer with other solutions such as Vanish [8]. As an application, we show that Timed-Ephemerizer is a useful tool for users to enforce information lifecycle management in outsourcing activities.

1.3. Organization

The rest of the paper is organized as follows. In Section 2 we briefly present some notations and

basics about pairing. In Section 3 we show that some existing Ephemerizer protocols possess security vulnerabilities. In Section 4 we review the concept of Timed-Ephemerizer and its security properties. In Section 5 we revise the Timed-Ephemerizer protocol [7]

and prove its security. In Section 6, we present some further remarks on Timed-Ephemerizer. In Section 7 we briefly review the relevant works on Ephemerizer and Timed-Release Encryption. In Section 8 we conclude the paper.

2. PRELIMINARY

Throughout the paper, we use`to denote the security parameter. The notation u ∈_R S means u is chosen from the set S uniformly at random. If A is a probabilistic algorithm, then v ← A^{$ (f1},f2,···)(x,y,· · ·) means thatv is the result of running A, which takes x,y,· · · as input and has any polynomial number of oracle queries to the functionsf₁,f₂,· · ·. As a standard practice, the security of a protocol is evaluated by an experiment between an attacker and a challenger, where the challenger simulates the protocol executions and answers the attacker’s oracle queries. Without specification, algorithms are always assumed to be polynomial-time.

We now review some basics about pairing and the related assumptions. More detailed information can be found in the seminal paper [9]. A pairing (or, bilinear map) satisfies the following properties:

1. GandG1 are two multiplicative groups of prime orderp;

2. gis a generator ofG;

3. eˆ:G×G→G1is an efficiently-computable bilinear map with the following properties:

• Bilinear: for allu,v ∈ G and a,b ∈ Zp, we have ˆe(u^a,v^b)=e(u,ˆ v)^ab.

• Non-degenerate: ˆe(g,g),1.

The Bilinear Diffie-Hellman (BDH) problem inGis as follows: given a tupleg,g^a,g^b,g^c ∈Gas input, output e(g,ˆ g)^abc ∈ G1. An algorithm A has advantage in solving BDH inGif

Pr[A(g,g^a,g^b,g^c)=e(g,ˆ g)^abc]≥.

Similarly, we say that an algorithmAhas advantage in solving the decision BDH problem inGif

|Pr[A(g,g^a,g^b,g^c,e(g,ˆ g)^abc)=0]−Pr[A(g,g^a,g^b,g^c,T)=0]| ≥ where the probability is over the random choice of a,b,c ∈ Zp, the random choice of T ∈ G1, and the random bits ofA.

Definition 2.1.We say that the (decision) BDH assumption holds inGif no polynomial-time algorithm has a non-negligible advantage in solving the (decision) BDH problem.

Besides these computational/decisional assump- tions, the Knowledge of Exponent (KE) assumption is also used in a number of papers (e.g. [10, 11]). The KE assumption is defined as follows.

Definition2.2.For any adversaryA, which takes a KE challenge(g,g^a)as input and returns(C,Y)where Y=C^a, there exists an extractorA⁰, which takes the same input as Areturns c such that g^c =C.

3. REVIEW OF EXISTING EPHEMERIZER PRO- TOCOLS

An Ephemerizer protocol involves two types of entities:

users and an Ephemerizer. The idea behind of this primitive is quite simple. The Ephemerizer chooses a set of time timestamps, saytephj (1≤ j ≤ N) whereN is an integer, and correspondingly generates a set of ephemeral key pairs (PKt_{eph j},SKt_{eph j}). For 1 ≤ j,k≤ N, it is assumed that if j < k then tephj < tephk (i.e.

tephk is later than tephj). Data is encrypted using a symmetric key, which will be double-encrypted using one ephemeral public key of the Ephemerizer and the public key of the user. The decryption is an interactive algorithm between the user and the Emphemerizer.

It is required that, at time tephj, the Ephemerizer will deleteSKt_{eph j}, so that any ciphertext generated under the ephemeral public keyPKt_{eph j}will become unrecoverable afterwards.

In this section, we point out some vulnerabilities of the Ephemerizer protocol which uses the blind decryption technique in [3, 4] and the hybrid PKI-IBC Ephemerizer protocol in [5].

3.1. Ephemerizer Protocol using Blind Decryption 3.1.1. Description of the Protocol

The Ephemerizer protocol using blind de- cryption [3, 4] consists of algorithms (Setup_E,Setup_U,Encrypt,Decrypt), which are de- fined as follows.

• Setup_E(`): The Ephemerizer generates a set of tuples

(KeyIDt_{eph j},PKt_{eph j},SKt_{eph j},tephj),

where 1 ≤ j ≤ N, KeyIDt_{eph j} is the identifier of this tuple, (PKt_{eph j},SKt_{eph j}) is a key pair of a public key encryption scheme E₁ with the algorithms (Encrypt₁,Decrypt₁), andtephjis the expiration time of the key pair.

• Setup_U(`): A user generates a key pair (PKU,SKU) for a public key encryption scheme E₂ with the algorithms (Encrypt₂,Decrypt₂). The user also selects a symmetric key encryption scheme

E₀=(Encrypt₀,Decrypt₀),

which has the key space K and will be used to encrypt data in the system.

• Encrypt(M,PKU,PKt_{eph j}): The ciphertext is (KeyIDt_{eph j},C,PKt_{eph j}), whereK∈_RK,

Cm=Encrypt₀(M,K), Ck=Encrypt₁(K,PKt_{eph j}),

Ct_{eph j} =Encrypt₂(Ck,PKU), C=(Cm,Ct_{eph j}).

• Decrypt(C,SKU;SKt_{eph j}):

1. The user generates an ephemeral function pair (Blind,Unblind) satisfying the following homomorphic property:

K=Unblind(Decrypt₁(Blind(Ck),SKt_{eph j})).

2. The user then decryptsCt_{eph j} to obtainCk, and then computes and sends (KeyIDt_{eph j},C⁰_t

eph j) to the Ephemerizer, where

C⁰_t

eph j = Blind(Ck).

3. If the ephemeral key SKt_{eph j} associated with KeyIDt_{eph j} has not expired, the Ephemerizer decrypts C⁰_t

eph j and sends C⁰⁰_t

eph j to the user,

where C⁰⁰_t

eph j = Decrypt₁(C⁰_t

eph j,SKt_{eph j})

= Decrypt₁(Blind(Ck),SKt_{eph j}).

4. The user obtainsMas follows K=Unblind(C⁰⁰_t

eph j), M=Decrypt₀(Cm,K).

With respect to the efficiency, this protocol may be quite inefficient in practice. The main reason is that the Ephemerizer potentially needs to publish and certify all the ephemeral public keys before data can be encrypted by the user. Considering the fact that the data may have a wide range of expiration time, the Ephemerizer may need to publish a large volume of key pairs.

3.1.2. Security Analysis of the Protocol

In [3, 4], the following assumptions are made on the validation of public keys.

1. The user should validate that the ephemeral public

keysPKt_{eph j} is certified by a long-term private key

of the Ephemerizer, where the corresponding long- term public key is certified by a Trusted Third Party (TTP).

2. There is no need for the Ephemerizer and the user to authenticate each other. There is no need to encrypt or protect the integrity of the ephemeral key sent to the user, i.e. there is no need for the user to check the validity ofPKt_{eph j} in any received message (KeyIDt_{eph j},C,PKt_{eph j}).

We show below that lacking of validation ofPKt_{eph j}by the user may lead to a potential security vulnerability if the Ephemerizer is curious. As one of the options suggested in [3, 4], we suppose that the public key encryption scheme E₁ is RSA [12]. Then, the above Ephemerizer protocol will be instantiated to be the following.

• Setup_E(`): The Ephemerizer generates

(PKt_{eph j},SKt_{eph j}) in the form ((ej,Nj),dj) where

ejdj≡1 (modϕ(Nj)).

• Setup_U(`): The algorithm is the same as in the above.

• Encrypt(M,PKU,PKt_{eph j}): The ciphertext is (KeyIDt_{eph j},C,(ej,Nj)), whereC=(Cm,Ct_{eph j}),

Cm=Encrypt₀(M,K),

Ck=K^ej modNj,Ct_{eph j} =Encrypt₂(Ck,PKU).

• Decrypt(C,SKU;SKt_{eph j}):

1. The user generatesR∈_RZ^∗_Nj

2. The user decrypts Ct_{eph j} to obtain Ck = K^ej modNj, and then computes and sends (KeyIDt_{eph j},C⁰_t

eph j) to the Ephemerizer, where

R∈_RZ^∗_N, C⁰_t

eph j =K^ejR^ej modNj. (1)

3. If the ephemeral key SKt_{eph j} associated with KeyIDt_{eph j} has not expired, the Ephemerizer decrypts C⁰_t

eph j and sends C⁰⁰_t

eph j to the user,

where C⁰⁰_t

eph j = (C⁰_t

eph j)^dj mod Nj

= (K^ejR^ej)^dj mod Nj

= KR modNj. 4. The user obtain K = C⁰⁰_t

eph jR⁻¹ modNj,

and then decrypts Cm to obtain M = Decrypt₀(Cm,K).

Suppose the Ephemerizer has obtained (KeyIDt_{eph j},C,(ej,Nj)) by eavesdropping on the user’s communications. In order to recover the key K, the Ephemerizer can send (KeyIDt_{eph j},C,(ϕ(Nj),Nj)) to the user. Note that the Ephemerizer knows ϕ(Nj). Ac- cording to the Decryptalgorithm, the user will send (KeyIDt_{eph j},C⁰_t

eph j), where

C⁰_t

eph j = K^ejR^ϕ(Nj) mod Nj

= K^ej modNj,

to the Ephemerizer for blind decryption. Clearly, the Ephemerizer can obtainK=(C⁰_t

eph j)^dj modNj.

Due to the fact that the ephemeral public keys are only required to be certified by the private key of the Ephemerizer, the presented security vulnerability will still remain even if the user validates the public keys in the ciphertext. One possible countermeasure is to let a TTP to certify that the ephemeral public keys of Ephemerizer are generated properly.

3.2. The Hybrid PKI-IBC Ephemerizer Protocol 3.2.1. Description of the Protocol

The Ephemerizer protocol [5] consists of algorithms (Setup_E,Setup_U,Encrypt,Decrypt), which are defined as follows.

• Setup_E(`): The Ephemerizer first generates a bilinear map ˆe:G×G→ G1, a generatorg∈_RG, whereGandG1are multiplicative groups of prime orderp. The Ephemerizer then generates a long- term private key SKE ∈_R Zp and the public key PKE=g^SKE, two hash functions

H1:{0,1}^∗→G, H2:G1→ {0,1}ⁿ,

and a set of ephemeral tuples

(KeyIDt_{eph j},PKt_{eph j},SKt_{eph j},texpj) where 1 ≤ j ≤ N, KeyIDt_{eph j} is the identifier of this tuple, and

PKt_{eph j} = g^SKtephj. Suppose also that the Ephemer-

izer possesses the identityIDE.

• Setup_U(`): The user generates a key pair (PKU,SKU) for a public key encryption scheme E₂with algorithms (Encrypt₂,Decrypt₂). The user also selects a symmetric key encryption scheme

E₁ =(Encrypt₁,Decrypt₁),

which has the key space K and will be used to encrypt data in the system.

• Encrypt(M,PKU,PKt_{eph j}): The ciphertext is (KeyIDt_{eph j},C), wherer∈_RZp,K∈_RK,

Cm=Encrypt₁(M,K), Ck=Encrypt₂(K,PKU), (2) IDt_{eph j} =IDE||Expiry:t⁰_expj,

Qt_{eph j} =e(Hˆ 1(IDt_{eph j}),PKt_{eph j}),

Ct_{eph j} =(g^r,Ck⊕H₂((Qt_{eph j})^r)), (3)

C^†_t

eph j =Encrypt₂(IDt_{eph j}||Ct_{eph j},PKU), (4)

C=(Cm,C^†_t

eph j)

It is requiredt⁰_expjshould be smaller thantexpjwhich is the expiration time of (PKt_{eph j},SKt_{eph j}).

• Decrypt(C,SKU;SKt_{eph j},SKE):

1. The user first decrypts C^†_t

eph j to obtain IDt_{eph j}

and Ct_{eph j}, and then computes and sends

(KeyIDt_{eph j},ID⁰_t

eph j,C⁰_t

eph j) to the Ephemerizer,

where ID⁰_t

eph j ∈_R{0,1}^∗,Q⁰_t

eph j =e(Hˆ 1(ID⁰_t

eph j),PKE), r⁰∈_RZp, K⁰∈_RK,

C⁰_t

eph j =(g^r0,(IDt_{eph j}||K⁰)⊕H₂((Q⁰_t

eph j)^r0)). (5)

2. If the ephemeral key SKt_{eph j} associated with KeyIDt_{eph j} has not expired, the Ephemerizer decrypts C⁰_t

eph j to obtain IDt_{eph j} and K⁰ as

follows

IDt_{eph j}||K⁰=(IDt_{eph j}||K⁰)⊕H2((Q⁰_t

eph j)^r0)⊕ H2(ˆe(H1(ID⁰_t

eph j),g^r0)^SKE). (6)

It then computes and sendsC⁰⁰_t

eph j to the user,

where C⁰⁰_t

eph j =Encrypt₁(H1(IDt_{eph j})^SKtephj,K⁰). (7)

3. The user decrypts C⁰⁰_t

eph j to obtain

H₁(IDt_{eph j})^SKtephj, and then decrypts Ct_{eph j}

to obtainCkas follows.

C_k=C_k⊕H₂((Qt_{eph j})^r)⊕H₂(ˆe(g^r,H₁(IDt_{eph j})^SKtephj)). (8)

The user then sequentially decryptsCk and Cmto obtainMas follows:

K=Decrypt₂(Ck,SKU), M=Decrypt₁(Cm,K). (9)

3.2.2. Security Analysis of the Protocol

On the exact expiration time. In the above protocol, when the entity, who runsEncrypt, constructsIDt_{eph j} = IDE||Expiry : t⁰_expj, it chooses an ephemeral public key

PKt_{eph j} wheret⁰_expj < texpj. This means that, at the time

between t⁰_expj and texpj, if an adversary compromises both the Ephemerizer and the user, then it is able to recoverM. This observation implies that the expiration time for the ciphertextCis in facttexpjinstead oft⁰_expj. On recovering expired data. In [5], no rigorous analysis has been done for this protocol. Next, we show that expired data can still be recovered by an adversary.

Suppose that, through eavesdropping, the adversary has obtained (C,C⁰_t

eph j,C⁰⁰_t

eph j), where

C=(Cm,C^†_t

eph j), Cm=Encrypt₁(M,K),

C^†_t

eph j =Encrypt₂(IDt_{eph j}||Ct_{eph j}, PKU), C⁰_t

eph j =(g^r0,(IDt_{eph j}||K⁰)⊕H₂((Q⁰_t

eph j)^r0)), C⁰⁰_t

eph j =Encrypt₁(H1(IDt_{eph j})^SKtephj,K⁰).

Suppose that, at the timetephj+1, wheretephj+1 >tephj, the adversary compromises the Ephemerizer and the user, and obtainsSKEandSKU. Note that, at the timetephj+1,

SKt_{eph j} has been securely deleted and any ciphertext

encrypted withPKt_{eph j} should be unrecoverable.

1. Based on the equation (5), usingSKE, the adversary can decryptC⁰_t

eph j and obtainIDt_{eph j}||K⁰.

2. Based on the equation (7), usingK⁰, the adversary can recoverH1(IDt_{eph j})^SKtephj by decryptingC⁰⁰_t

eph j. 3. Based on the equation (4), using SKU, the

adversary can recoverCt_{eph j} by decryptingC.

4. Based on the equation (3), using H1(IDt_{eph j})^SKtephj, the adversary can recoverCkby decryptingCt_{eph j}. 5. Based on the equations (2), using SKU, the

adversary can recover K by decrypting Ck, and then recoverMby decryptingCmusingK.

4. THE CONCEPT OF TIMED-EPHEMERIZER A Timed-Ephemerizer protocol guarantees that encrypted data will only be recoverable during a pre-defined lifecycle, beyond which no adversary can recover the data even if it has compromised all existing private keys in the system. Compared with Ephemerizer protocols [5, 3, 4], a Timed-Ephemerizer protocol explicitly provides the guarantee that data can only be available after the pre-defined initial disclosure time.

Generally, a Timed-Ephemerizer protocol involves the following types of entities: a time server, users, and an Ephemerizer. Compared with an Ephemerizer protocol, a Timed-Ephemerizer protocol has one additional entity, namely the time server. One may have the observation that the Ephemerizer can be required to release timestamps so that the time server can be eliminated. However, we argue that the separation of functionalities provides a higher level of security guarantee in general. First of all, the time server only needs to publish timestamps without any additional interaction with other entities. In practice, the risk that time server is compromised is less than that for the Ephemerizer. Secondly, the risk that both the Ephemerizer and the time server are compromised is less than that one of them is compromised.

The idea behind of this new primitive is similar to that of Ephemerizer. The Ephemerizer plays the same role as in the case of Ephemerizer and generates a set of ephemeral key pairs (PKt_{eph j},SKt_{eph j}) (1 ≤ j ≤ N).

The time server defines a time setT and sequentially

publishes a timestamp TSt at the time t ∈ T. Data is encrypted using a symmetric key, which will be encrypted using one ephemeral public key of the Ephemerizer and the public key of the user while taking into account an initial disclosure time tint ∈ T. The decryption is an interactive algorithm between the user and the Emphemerizer. The security is mainly based on two facts.

1. Only at time t ∈ T, the time server publishes a timestamp TSt, so that any ciphertext generated with timetwill only become recoverable aftert.

2. At the time tephj, the Ephemerizer will delete

SKt_{eph j}, so that any ciphertext generated under

the ephemeral public key PKt_{eph j} will become unrecoverable afterwards.

In the rest of this section, we define the algorithms of Timed-Ephemerizer and formalize its security properties.

4.1. The Algorithm Definitions

A Timed-Ephemerizer protocol consists of the following algorithms. Note that, compared with an Ephemerizer protocol, there are two additional algorithms, namelySetup_T andTimeExt.

• Setup_T(`): Run by the time server, this algorithm generates a public/private key pair (PKT,SKT). In addition, the time server also publishes a time set T.

• TimeExt(t,SKT): Run by the time server, this algorithm generates a timestamp TSt for t ∈ T. It is assumed that the time server publishesTStat the pointt.

• Setup_E(`): Run by the Ephemerizer, this algorithm generates a set of tuples (PKt_{eph j},SKt_{eph j},tephj), where 1 ≤ j ≤ N, (PKt_{eph j},SKt_{eph j}) is an ephemeral public/private key pair, andtephj is the expiration time. The Ephemerizer will securely deleteSKt_{eph j}

at the pointtephj. We assume that there is only one ephemeral key pair for any expiration timetephj.

• Setup_U(`): Run by a user, this algorithm generates a public/private key pair (PKU,SKU).

• Encrypt(M,tint,PKU,PKt_{eph j},PKT): This algorithm outputs a ciphertext C. For the message M, tint∈ T is the initial disclosure time andtephjis the expiration time. We explicitly assume that both (tint,tephj) andCshould be sent to the user.

• Decrypt(C,TStint,SKU;SKt_{eph j}): Run between the user and the Ephemerizer, this algorithm outputs a plaintextMor an error symbol for the user.

In the algorithm definitions, besides the explicitly specified parameters, other public parameters could

also be specified and be implicitly part of the input. We omit those parameters for the simplicity of description.

In the algorithm designs, we let the time server and the Ephemerizer choose T and tephj (1 ≤ j ≤ N) respectively. How to choose these timestamps is a practical issue, and may be subject to the application environment where a Timed-Ephemerizer protocol will be used. However, no matter how this will be done, it will not affect our security analysis.

Note that a Timed-Ephemerizer protocol can be employed by an entity, say Alice, to protect her own data in persistent storage devices or protect her data that she wants to share with another entity, say Bob. In the first situation, Alice encrypts her data Encrypt(M,tint,PKA,PKt_{eph j},PKT), wherePKA is Alice’s public key. In the second situation, Alice encrypts her dataEncrypt(M,tint,PKB,PKt_{eph j},PKT), wherePKBis Bob’s public key. The example in Section 6.2 is in the second situation.

Similar to other cryptographic primitives, the basic requirement to Timed-Ephemerizer is soundness.

Informally, this property means that the algorithms EncryptandDecryptwork properly with valid inputs.

Formally, it is defined as follows.

Definition4.1.A Timed-Ephemerizer protocol achieves (unconditional) soundness if the following equality always holds for any M,tint,j.

Decrypt(Encrypt(M,tint,PKU,PKt_{eph j},PKT),TStint,SKU;SKt_{eph j})=M.

4.2. The Security Definitions

With respect to the entities involved in a Timed- Ephemerizer protocol, we make the following trust assumptions.

• The time server publishesTStat the timet, where t ∈ T. Except for this, the time server may try to obtain some information about users’ plaintext data.

• A user is supposed to access the data during its lifecycle, but not beyond it. Furthermore, the user will not store plaintext data on persistent storage devices.

• The Ephemerizer publishes ephemeral pub- lic/private key pairs and revoke them periodically.

Except for this, the time server may try to obtain some information about users’ plaintext data.

A Timed-Ephemerizer protocol is aimed to guarantee that data will only be available during its lifecycle, while neither before the initial disclosure time nor after the expiration time. We assume that the validation of public keys in the protocol can be verified by all the participants. For example, the validation can be done with the help of a TTP. Note that the validation of keys are crucial to achieve the security properties against both Type-I and Type-II

adversaries. We generally assume that an outside adversary is active, which means that the adversary may compromise the protocol participants and fully control the communication channels (i.e. capable of deleting, relaying, and replacing the messages exchanged between the participants). Considering the threats against confidentiality of data, we identify three categories of adversaries.

• Type-I adversary: This type of adversary wants to access data before its initial disclosure time. Type- I adversary represents a curious user and also a malicious outside entity which has compromised the Ephemerizer and the user before the initial disclosure time of the data.

• Type-II adversary: This type of adversary wants to access data after its expiration time. Type-II adversary represents a malicious outside entity which has compromised the time server, the Ephemerizer, and the user after the expiration time of the data.

• Type-III adversary: This type of adversary represents a malicious time server and a malicious Ephemerizer, and also a malicious outside entity which has compromised the time server and the Ephemerizer.

The implications of a Type-I adversary and a Type-II adversary are clear for a Timed-Ephemerizer protocol.

Nonetheless, the existence of a Type-III adversary still makes sense even in the presence of these two types of adversary. Compared with a Type-I adversary, a Type-III adversary has the advantage of accessing the private key (and all timestamps) of the time server;

while compared with a Type-II adversary, a Type- III adversary has the advantage of accessing all the private keys of the Ephemerizer. However, a Type- III adversary does not have direct access to the user’s private key.

It is worth stressing that when the adversary com- promises an entity (the time server, the Ephemerizer, or the user) it will obtain the private keys possessed by that entity. For example, if the Ephemerizer is compro- mised at the pointt, then it will obtain all the private

keysSKt_{eph j} fortephj >t. However, we do not take into

account the compromise of ephemeral session secrets during the executions of algorithms.

Definition4.2.A Timed-Ephemerizer protocol achieves Type-I semantic security if any polynomial-time adversary has only a negligible advantage in the following semantic security game (as shown in Fig. 2), where the advantage is defined to be|Pr[b⁰=b]−¹

2|.

In the attack game, PK∗ means all available public keys. In more detail, the attack game between the challenger and the adversaryAperforms as follows.

In this game the challenger simulates the functionality of the time server.

1. (PK_T,SK_T)←^$ Setup_T(`);

(PKt_{eph j},SKt_{eph j}) for 1≤j≤ N ←^$ Setup_E(`);

(PK_U,SK_U)←^$ Setup_U(`) 2. (M₀,M₁,t^∗_int,PK_t

ephi)←A^{$ (TimeExt)}(SK_t

eph j (1 ≤ j ≤

N),SK_U,PK∗)

3. b← {^$ 0,1};C_b←^$ Encrypt(Mb,t^∗_int,PKU,PKt_ephi,PKT) 4. b⁰←A^{$ (TimeExt)}(C_b,SKt_{eph j} for 1≤j≤ N,SKU,PK^∗) FIGURE 2.Semantic Security against Type-I Adversary

1. The challenger runsSetup_Tto generate (PKT,SKT), runs Setup_E to generate (PKt_{eph j},SKt_{eph j}) for 1 ≤ j ≤ N, and runs Setup_U to generate (PKU,SKU).

Except for SKT, all private keys and all public parameters are given to the adversary.

2. The adversary can adaptively query theTimeExt oracle, for which the adversary provides a time t and gets a timestamp TSt from the challenger.

At some point, the adversary sends the challenger two equal-length plaintext M0,M1 on which it wishes to be challenged, and two timestamps (t^∗_int,tephi) wheret^∗_int ∈ T and 1 ≤i ≤ N. The only restriction is that theTimeExt oracle should not have been queried witht≥t^∗_int.

3. The challenger picks a random bitb ∈ {0,1}and gives the adversaryC_bas the challenge, where

C_b=Encrypt(Mb,t^∗_int,PKU,PKt_ephi,PKT).

4. The adversary can continue to query theTimeExt oracle with the same restriction as in Step 2.

5. Eventually, the adversary outputsb⁰.

In the above attack game, the adversary is Type- I because it has access to SKU and SKt_{eph j} for any 1 ≤ j ≤ N. The restriction in steps 2 and 4 of the above game, namely “the TimeExtoracle should not have been queried with t ≥ t^∗_int.”, implies that the adversary tries to recover a message before the initial disclosure time. This coincides with the definition of Type-I adversary.

Definition4.3.A Timed-Ephemerizer protocol achieves Type-II semantic security if any polynomial-time adversary has only a negligible advantage in the following semantic security game (as shown in Fig. 3), where the advantage is defined to be|Pr[b⁰=b]−¹

2|.

In the attack game, PK^∗ means all available public keys. In more detail, the attack game between the challenger and the adversaryAperforms as follows. In this game the challenger simulates the functionalities of both the Ephemerizer and the user.

1. The challenger runsSetup_Tto generate (PKT,SKT), runs Setup_E to generate (PKt_{eph j},SKt_{eph j}) for 1 ≤

1. (PK_T,SK_T)←^$ Setup_T(`); (PKt_{eph j},SK_t

eph j) for 1≤j≤

N←^$ Setup_E(`); (PKU,SKU)←<sup>$</sup> Setup<sub>U</sub>(`)

2. (M0,M1,t^∗_int,PKt_ephi)←A^{$ (Decrypt)}(SKT,SKt_{eph j} for 1 ≤ j≤ N,SKU,PK^∗)

3. b← {^$ 0,1};C_b←^$ Encrypt(Mb,t^∗_int,PKU,PKt_ephi,PKT) 4. b⁰←A^{$ (Decrypt)}(C_b,SK_T,SK_t

eph j for i < j ≤

N,SK_U,PK∗)

FIGURE 3.Semantic Security against Type-II Adversary

j ≤ N, and runs Setup_U to generate (PKU,SKU).

The private keySKTand all public parameters are given to the adversary.

2. The adversary can adaptively issue the following two types ofDecryptoracle queries.

(a) D-type Decrypt oracle query: In each oracle query, the adversary impersonates the Ephemerizer and provides (tint,tephj) andCto the challenger, which then uses (C,TStint,SKU) as input and runs the Decrypt algorithm with the adversary to decryptCby assuming that the initial disclosure time istint and the expiration time istephj.

(b) E-typeDecryptquery: In each oracle query, the adversary impersonates a user to the Ephemerizer and sendstephjto the challenger, which uses SKt_{eph j} as the input and runs the Decryptalgorithm with the adversary.

At some point, the adversary sends the challenger two equal-length plaintext M0,M1 on which it wishes to be challenged, and two timestamps (t^∗_int,tephi) where t^∗_int ∈ T and 1 ≤ i ≤ N. In this phase, the adversary can query forSKUandSKt_{eph j}

for anyi < j ≤ N with the following restriction:

ifSKUhas been queried, then anyE-typeDecrypt oracle query with the inputtephjfor any 1≤j≤iis forbidden.

3. The challenger picks a random bit b ∈ {0,1} and gives the adversaryC_bas the challenge, where

C_b=Encrypt(Mb,t^∗_int,PKU,PKt_ephi,PKT).

4. The adversary can continue to issue oracle queries as in Step 2 with the same restriction.

5. The adversaryAoutputsb⁰.

In the above attack game, the adversary is Type- II because it has access to the private keys SKT, SKU, and SKt_{eph j} for any i < j ≤ N. In the above game, the privilege, that the adversary can issue the two types of Decrypt oracle queries, reflects the fact that the adversary has complete control over the communication link between the user and the Ephemerizer. In practice, such an adversary can initiate

theDecryptalgorithm with both the Ephemerizer and the user. The first case is modeled by theE-typeDecrypt query, while the second case is modeled by the D- typeDecryptquery. The restriction in the above game, namely “ifSKUhas been queried, thenE-typeDecrypt oracle query with the input tephj for any 1 ≤ j ≤ i is forbidden.”, reflects the fact that the adversary tries to recover a message after its expiration timetephi (when the ephemeral keys SKt_{eph j} for any 1 ≤ j ≤ i should have been securely deleted by the Ephemerizer). This coincides with the definition of Type-II adversary.

Definition4.4.A Timed-Ephemerizer protocol achieves Type-III semantic security if any polynomial-time adversary has only a negligible advantage in the following semantic security game (as shown in Fig. 4), where the advantage is defined to be|Pr[b⁰=b]−¹

2|.

1. (PK_T,SK_T)← A^$ (`); (PKt_{eph j},SK_t

eph j)for1≤j≤ N←^$

A(`); (PKU,SKU)←<sup>$</sup> Setup<sub>U</sub>(`)

2. (M0,M1,t^∗_int,PKt_ephi)←A^{$ (Decrypt)}(SKT,SKt_{eph j} for 1≤ j≤ N,PK^∗)

3. b← {^$ 0,1};C_b←^$ Encrypt(Mb,t^∗_int,PKU,PKt_ephi,PKT) 4. b⁰←A^{$ (Decrypt)}(C_b,SK_T,SK_t

eph jfor 1≤j≤ N,PK∗)

FIGURE 4.Semantic Security against Type-III Adversary

In the attack game, PK^∗ means all available public keys. In more detail, the attack game between the challenger and the adversary Aperforms as the following. In this game the challenger simulates the functionality of the user.

1. The adversary A generates (PKT,SKT) and

(PKt_{eph j},SKt_{eph j}) for 1 ≤ j ≤ N. Note that

the adversary may not follow the protocol specification to generate these parameters. The challenger runs Setup_U to generate (PKU,SKU).

The public keyPKUis given to the adversary.

2. The adversary can adaptively issue the D-type Decryptoracle query (defined as above). At some point, the adversary sends the challenger two equal-length plaintextM0,M1 on which it wishes to be challenged, and two timestamps (t^∗_int,tephi) wheret^∗_int∈ T and 1≤i≤ N.

3. The challenger picks a random bitb ∈ {0,1}and gives the adversaryC_bas the challenge, where

C_b=Encrypt(Mb,t^∗_int,PKU,PKt_ephi,PKT).

4. The adversary can continue to query theDecrypt oracle as in Step 2.

5. The adversaryAoutputsb⁰.

In the above attack game, the adversary is Type-III because it has access to the private keysSKTandSKt_{eph j}

for any 1 ≤ j≤ N. In the above game, expect for the

user’s private key, the adversary is allowed to access all other secrets. In particular, this means that an outside adversary can compromise both the time server and the Ephemerizer at any time. This coincides with the definition of Type-III adversary.

5. A NEW TIMED-EPHEMERIZER PROTOCOL In this section, we propose revise the Timed- Ephemerizer protocol from [7] and prove its security.

The philosophy behind the proposed protocol is similar to the blind decryption technique [3, 4]. As in the case of the hybrid PKI-IBC protocol [5], the proposed protocol also adopts the concept of identity-based encryption [9, 13] to avoid publishing a large volume of ephemeral public keys. Here are some intuitions about the construction.

1. Encryption.Data is first encrypted jointly using the ephemeral public key of the Ephemerizer and the public key of the time server. This is illustrated in the generation of the elementC4in the ciphertext, referring to the equation (10). The ciphertext is then re-encrypted using the public key of the user. The ⊕ operation in generating C4 allows the re-randomization in the decryption, while the checksumC7 is important to achieve the security properties against Type-I and Type-II adversaries (technically, allowing us to answer the adversaries’

oracle queries in the proofs).

2. Decryption. In order to achieve the security property against Type-III adversary, the ciphertext need to be re-randomized in the decryption algorithm. As a result, in decryption, the ciphertext is firstly decrypted using the user’s private key, and then re-randomized using a random number. This is illustrated in the generation of the element C⁰₄ in the ciphertext, referring to the equation (12). The re-randomized data is then encrypted using an ephemeral public key of the Ephemerizer and sent to the the Ephemerizer. This additional encryption process is used to prevent replay attacks from Type-I and Type-II adversaries, due to the fact that the re- randomization is simply an XOR operation.

5.1. The Proposed Construction

Let {0,1}ⁿ be the message space of user, wheren is a polynomial in`. The polynomial-time algorithms are defined as follows.

• Setup_T(`): This algorithm generates the following parameters: a multiplicative group G of prime order p, a generator g ofG, and a multiplicative group G1 of the same order asG, a polynomial- time computable bilinear map ˆe :G×G →G1, a cryptographic hash functionH1, and a long-term

public/private key pair (PKT,SKT) where H1:{0,1}^∗→G,SKT ∈_RZp, PKT =g^SKT. The time server also publishes (G,G1,p,g,e,ˆH1).

Suppose that the time server possesses the identity IDT. In addition, the time server also publishes a time setT. Since the details how to defineT will not affect out analysis, we keep it at an abstract level.

• TimeExt(t,SKT): This algorithm returns TSt = H1(IDT||t)^SKT.

• Setup_E(`): Suppose that the Ephemerizer possesses the identityIDE. The Ephemerizer uses the same set of parameter (G,G1,p,g,e) as by theˆ time server and selects the supported expiration times tephj (1 ≤ j ≤ N) where N is an integer.

The Ephemerizer generates a master key pair (PK⁽⁰⁾_E ,SK⁽⁰⁾_E ) and a hash functionH2, where

SK⁽⁰⁾_E ∈_RZp,PK_E⁽⁰⁾=g^SKE(0), H₂:{0,1}^∗→ {0,1}ⁿ, and sets, for 1≤ j≤ N,

PK⁽⁰⁾_t

eph j =IDE||tephj, SK⁽⁰⁾_t

eph j =H1(IDE||tephj)^SK(0)E. The Ephemerizer generates another master key pair (PK⁽¹⁾_E ,SK_E⁽¹⁾) for an identity-based public key encryption scheme E₁ with the encryp- tion/decryption algorithms (Encrypt1,Decrypt₁), and, for 1 ≤ j ≤ N, generates the ephemeral key pairs

(PK⁽¹⁾_t

eph j,SK_t⁽¹⁾

eph j), wherePK_t⁽¹⁾

eph j =IDE||tephj. Suppose the message space and ciphertext space of the encryption scheme E₁ are Y and W, respectively. The Ephemerizer keeps a set of tuples

(PKt_{eph j},SKt_{eph j},tephj) for 1≤ j≤ N, where

PKt_{eph j} =(PK_t⁽⁰⁾

eph j,PK⁽¹⁾_t

eph j),SKt_{eph j} =(SK⁽⁰⁾_t

eph j,SK_t⁽¹⁾

eph j) In addition, the Ephemerizer deletes SK⁽⁰⁾_E ,SK_E⁽¹⁾ and publishes the long-term public keys PK⁽⁰⁾_E ,PK_E⁽¹⁾.

• Setup_U(`): This algorithm generates a pub- lic/private key pair (PKU,SKU) for a public key encryption scheme E₂ with the encryp- tion/decryption algorithms (Encrypt2,Decrypt₂).

Suppose the message space ofE₂ isXand the ci- phertext space isD. The user publishes the fol- lowing hash functions.

H₃:G×G→G,H₄:Y →G×G×G× {0,1}ⁿ, H₅:X →G×G×G× {0,1}ⁿ.

• Encrypt(M,tint,PKU,PKt_{eph j},PKT): This algorithm outputs a ciphertextC, where

r1,r2∈_RZp,X∈_RX,C1=g^r1,C2=g^r2,C3=H3(C1||C2)^r1,

C4 = M⊕H2(ˆe(H1(PK⁽⁰⁾

tephj

),PK⁽⁰⁾_E)^r1·e(Hˆ 1(IDT||tint),PKT)^r2) (10)

= M⊕H2(ˆe(H1(IDE||t_{eph j}),C1)^SK(0)E ·ˆe(H1(IDT||tint),C2)^SKT)(11)

C5=Encrypt₂(X,PKU),C6=H₅(X)⊕(C1||C2||C3||C4), C7=H2(X||C1||C2||C3||C4||C5||C6), C=(C5,C6,C7).

• Decrypt(C,TStint,SKU;SKt_{eph j}):

1. The user decryptsC5to obtainX, and aborts if the following inequality is true.

C7,H2(X||(C6⊕H5(X))||C5||C6) Otherwise it computes C1||C2||C3||C4 = H5(X)⊕C6. The user then retrievesTStintfrom the time server and checks that ˆe(TStint,g) = ˆ

e(H1(IDT||tint),PKT). If so, it computes and sends (C⁰,TStint) to the Ephemerizer, where M⁰∈_R{0,1}ⁿ,

C⁰₁=C1,C⁰₂=C2,C₃⁰ =C3,C⁰₄=M⁰⊕C4, (12) Y∈_RY,C⁰₅=Encrypt₁(Y,PK_t⁽¹⁾

eph j), C⁰₆=H4(Y)⊕(C⁰₁||C⁰₂||C⁰₃||C⁰₄), C⁰₇=H₂(Y||C⁰₁||C⁰₂||C⁰₃||C⁰₄||C⁰₅||C⁰₆),

C⁰=(C⁰₅,C⁰₆,C⁰₇).

2. If the ephemeral key SKt_{eph j} = (SK⁽⁰⁾_t

eph j,SK⁽¹⁾_t

eph j) has not expired, the Ephemerizer decryptsC⁰₅ to obtainY, and aborts if

C⁰₇,H₂(Y||(C⁰₆⊕H₄(Y))||C⁰₅||C⁰₆).

It then computesC⁰₁||C⁰₂||C⁰₃||C⁰₄ = H₄(Y)⊕C⁰₆, and aborts if

ˆ

e(C⁰₃,g),e(Cˆ ⁰₁,H₃(C⁰₁||C⁰₂)) Finally, it sendsC⁰⁰ to the user, where

C⁰⁰ = H2(Y||C₁⁰||C⁰₂||C⁰₃||C⁰₄)⊕C⁰₄⊕H2(ˆe(C⁰₁,SK⁽⁰⁾

tephj

)·e(TSˆ _tint,C⁰₂))

= H2(Y||C⁰₁||C⁰₂||C⁰₃||C⁰₄)⊕M⁰⊕M.

3. The user recoversM= H₂(Y||C⁰₁||C⁰₂||C⁰₃||C⁰₄)⊕ M⁰⊕C⁰⁰.

Since identity-based encryption is used, only the long-term public key PKE = (PK⁽⁰⁾_E ,PK_E⁽¹⁾) needs to be certified by a TTP. Instead of publishing and certifying all the ephemeral public keys, as in the case of [3, 4], the Ephemerizer only needs to publish tephj