Enabling (End-to-End) Encrypted Cloud Emails With Practical Forward Secrecy

Abstract

With the widespread use of cloud emails and frequent reports on large-scale email leakage events, a security property so-called forward secrecy becomes desirable and indispensable for both individuals and cloud email service providers to strengthen the security of cloud email systems. Specifically, forward secrecy can guarantee the confidentiality of those previously encrypted emails even if the user’s secret key gets exposed. However, due to the failure to meet the security and practicality requirements of email systems simultaneously, typical methods of achieving forward secrecy, such as Diffie-Hellman key exchange and forward-secure public-key encryption, have not been widely approved and adopted. In this article, to capture forward secrecy of encrypted cloud email systems without sacrificing the practicability, we introduce a new cryptographic primitive named forward-secure puncturable identity-based encryption (fs-PIBE), which enables an email user to perform fine-grained revocation of decryption capacity. In more detail, the user is allowed to preserve the decryption capacity of unreceived encrypted emails, while abolishing that of those received ones. Thus, it provides more practical forward secrecy than typical manners, in which the decryption capacity of received and unreceived encrypted emails is revoked simultaneously. Based on such a primitive, we build a framework of encrypted cloud email systems, and instantiate it with a concrete fs-PIBE construction that has constant size of ciphertext and provable security in the standard model. Furthermore, to improve the security and efficiency of the presented framework, we extend the proposed fs-PIBE scheme to support end-to-end encryption and outsourced decryption, respectively. In addition, as a proof-of-concept of the proposed fs-PIBE scheme, we implement it and produce various experiments to demonstrate its practicability and correctness.