Abstract: Cloud computing offers a flexible and convenient means of exchanging data, with several advantages for both society and individuals. With the widespread usage of cloud emails and frequent reports of large-scale email leakage occurrences, the security property known as forward secrecy has become desirable and necessary for both users and cloud email service providers to increase the security of cloud email systems. Typical techniques of attaining forward secrecy, such as Diffie-Hellman key exchange and forward-secure public-key encryption, have not been extensively authorized and used because they fail to meet the security and practicality requirements of email systems at the same time. We introduce a new cryptographic primitive called forward-secure puncturable identity-based encryption (fs-PIBE) in this paper to capture forward secrecy of encrypted cloud email systems without sacrificing practicability. It allows an email user to perform fine-grained decryption capacity revocation. In the standard model, we design a framework for encrypted cloud email systems and instantiate it with a concrete fs-PIBE structure that has constant ciphertext size and proved security. We enhance the proposed fs-PIBE scheme to provide end-to-end encryption and outsourced decryption, respectively, to improve the security and efficiency of the presented framework.
Read full abstract