Leakage-Resilient Certificate-based Encryption Scheme for IoT Environments

摘要

Now, Internet of Things (IoT) brings people innovative experiences and applications through connectivity of numerous computing devices. In these applications, computing devices generate and exchange a large number of critical and sensitive data. Typically, these computing devices are putted on some unprotected environments that make them to be attractive attack targets while easily suffering from a new kind of threat, called "side-channel attacks". By side-channel attacks, an adversary could obtain partial information of secret values (or internal states) stored in these devices by observing execution timing or energy consumption. However, most adversary models of previous cryptographic schemes/protocols do not concern with such side-channel attacks. Indeed, leakage-resilient cryptography is a flexible solution for resisting to side-channel attacks. So far, little work focuses on the design of leakage-resilient certificate-based encryption (LR-CBE) schemes. In the article, we propose the first LR-CBE scheme resilient to continuous key leakage of user's private keys, system secret key and random values. In the generic bilinear group model, security analysis is given to show that the proposed LR-CBE scheme is provably secure against chosen cipher-text attacks under the continual leakage model. Performance evaluation is made to demonstrate that our scheme is suitable for embedded devices.