TY - GEN
T1 - Secure Proxy-Reencryption-Based Inter-Network Key Exchange
AU - Greenwald, Lloyd
AU - Rohloff, Kurt
AU - Stott, David
N1 - Publisher Copyright:
© 2018 IEEE.
PY - 2018/7/2
Y1 - 2018/7/2
N2 - In this paper we present a novel approach to distribute session keys securely across administrative boundaries where participants may be unable to interact directly. The basis of our approach is the use of Proxy ReEncryption (PRE) to encrypt session keys (e.g., AES keys), publish the session keys to a proxy server, and then distribute the session keys to session participants who reencrypt, decrypt and access the session keys. Our approach, Secure Proxy-Reencryption-based Inter-network Key Exchange (SPIKE), applies to several realworld use cases, including coalition data sharing, sensor network data sharing and large-scale video distribution. SPIKE enables these use cases without requiring coordination between publishers and subscribers. We address an honest-but-curious adversary model where any data sent over a network link or stored at a proxy can be leaked. Our design of SPIKE is independent of the specific PRE scheme used. For implementation and experimentation purposes we implement and use, PALISADE, a general post-quantum lattice-based encryption library that provides a unidirectional PRE scheme with collusion resistance, supports multi-hop reencryption, and admits more general homomorphic encryption properties than other schemes. We present our design and implementation in experimental settings to evaluate realworld performance. We discuss generalization of our approach to increase scalability and address broader security concerns.
AB - In this paper we present a novel approach to distribute session keys securely across administrative boundaries where participants may be unable to interact directly. The basis of our approach is the use of Proxy ReEncryption (PRE) to encrypt session keys (e.g., AES keys), publish the session keys to a proxy server, and then distribute the session keys to session participants who reencrypt, decrypt and access the session keys. Our approach, Secure Proxy-Reencryption-based Inter-network Key Exchange (SPIKE), applies to several realworld use cases, including coalition data sharing, sensor network data sharing and large-scale video distribution. SPIKE enables these use cases without requiring coordination between publishers and subscribers. We address an honest-but-curious adversary model where any data sent over a network link or stored at a proxy can be leaked. Our design of SPIKE is independent of the specific PRE scheme used. For implementation and experimentation purposes we implement and use, PALISADE, a general post-quantum lattice-based encryption library that provides a unidirectional PRE scheme with collusion resistance, supports multi-hop reencryption, and admits more general homomorphic encryption properties than other schemes. We present our design and implementation in experimental settings to evaluate realworld performance. We discuss generalization of our approach to increase scalability and address broader security concerns.
UR - http://www.scopus.com/inward/record.url?scp=85061443749&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85061443749&partnerID=8YFLogxK
U2 - 10.1109/MILCOM.2018.8599794
DO - 10.1109/MILCOM.2018.8599794
M3 - Conference contribution
AN - SCOPUS:85061443749
T3 - Proceedings - IEEE Military Communications Conference MILCOM
SP - 780
EP - 785
BT - 2018 IEEE Military Communications Conference, MILCOM 2018
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2018 IEEE Military Communications Conference, MILCOM 2018
Y2 - 29 October 2018 through 31 October 2018
ER -