Secure Proxy-Reencryption-Based Inter-Network Key Exchange

Document Type

Conference Proceeding

Publication Date

7-2-2018

Abstract

In this paper we present a novel approach to distribute session keys securely across administrative boundaries where participants may be unable to interact directly. The basis of our approach is the use of Proxy ReEncryption (PRE) to encrypt session keys (e.g., AES keys), publish the session keys to a proxy server, and then distribute the session keys to session participants who reencrypt, decrypt and access the session keys. Our approach, Secure Proxy-Reencryption-based Inter-network Key Exchange (SPIKE), applies to several realworld use cases, including coalition data sharing, sensor network data sharing and large-scale video distribution. SPIKE enables these use cases without requiring coordination between publishers and subscribers. We address an honest-but-curious adversary model where any data sent over a network link or stored at a proxy can be leaked. Our design of SPIKE is independent of the specific PRE scheme used. For implementation and experimentation purposes we implement and use, PALISADE, a general post-quantum lattice-based encryption library that provides a unidirectional PRE scheme with collusion resistance, supports multi-hop reencryption, and admits more general homomorphic encryption properties than other schemes. We present our design and implementation in experimental settings to evaluate realworld performance. We discuss generalization of our approach to increase scalability and address broader security concerns.

Identifier

85061443749 (Scopus)

ISBN

[9781538671856]

Publication Title

Proceedings IEEE Military Communications Conference MILCOM

External Full Text Location

https://doi.org/10.1109/MILCOM.2018.8599794

First Page

780

Last Page

785

Volume

2019-October

Grant

H98230-15-1-0274

Fund Ref

National Security Agency

This document is currently not available here.

Share

COinS