Keywords

1 Introduction

In the last decade, the use of cloud-based services gained an expanding interest. For the general public, the cloud is materialized using storage solutions for storing, sharing and massive computation of data. Outsourcing sensitive data to a Cloud Service Provider (CSP) removes the burden of maintaining internal infrastructures. Customers only need to pay the allocated resources.

Therefore, outsourcing sensitive data storage to a third party manager raises many security issues [1,2,3]. It is commonly agreed that client-side cryptography is a good alternative to reduce the risk of data confidentiality leakage [1, 4, 10, 14]. However, it is the client who must securely manage the security decryption key. Therefore, when data need to be shared with a group of users, maintaining the security of decryption keys become more difficult even if a key manager system (KMS) is set up [12].

Using ID-based cryptography (IBE) leverage this issue since the Private Key Generator (PKG) compute the corresponding private key (d\(_{ID}\)) each time the user needs it for decryption process [1, 8]. As, the PKG knows all privates keys it may allow a global key escrow if it is compromised. Thus, this requires more trust to the PKG since the confidentiality of data is based on the secret of the master secret (msk) key used to compute the d\(_{ID}\).

In this paper, we describe a model based on the use of Trusted Platform Module (TPM) for improving the security of PKG and its msk. Our model relies on a decentralized PKG used in conjunction with TPM for managing the security of the msk.

The originality of our model is double benefits. First, it increases the confidentiality of the msk, since it remains encrypted when it is not used by the PKG. Second, processes that need to secure secrets, such as digital signing, can be made more secure with a TPM. For example, if at boot time it is determined that the server is not trustworthy because of unexpected changes in configuration, access to the msk can be blocked until the issue is remedied. Besides the prototype can work atop any cloud storage solution since no engineering changes are needed on the CSP side.

The reminder of this paper is as follow. The second section presents a background of key management security issues in cloud storage and IBE. The third section presents TPM. In the fourth section, we present our design, which will be discussed in the fifth section. Finally, we come-up with our conclusions and assumptions.

2 Background

Cloud storage confidentiality issues have been discussed in many research articles [1, 3, 4, 14], the problem is that when customers outsource their data they lose control over them. Many cryptographic solutions have been proposed to bypass this issue, most of them are client-side encryption based [1, 3, 4]. The aim is to encrypt data before outsourcing them and delegate the cryptographic keys to a trusted third party. Perlman [14] proposed the Ephemerizer that securely delete data after an expiration time through ephemeral key. Data are encrypted by an ephemeral key managed by the Ephemerizer which destroy it at time expiration, as a result data remain unreadable. Tang et al. [10] extend the Ephemerizer solution, in FADE each key corresponds to a combination, using logical OR/AND, of atomic policies that can be revoked.

However, FADE focused more on secure deletion operations on cloud and the PKG’s security has been almost not discussed. Ranjan et al. [5] proved that the PKG can present key escrow. A malicious user may intercept a policy P\(_i\) and its corresponding private key.

2.1 ID-Based Encryption

IBE is a public key cryptosystem that does not rely on a Certificate Authority (CA). The idea was first proposed by Adi Shamir in 1984 [6]. The system enables any pair of users to communicate securely with no need for certificates and CA deployment. This means that each entity, which has access to public parameters of the system, may generate a public key generated from publicly identifiable information denoted (ID) in order to simplify cryptographic key management. To get the d\(_{ID}\), the user must authenticates him self to PKG through his ID. In 2001, Boneh and Franklin [8] proposed a full scheme that achieve IBE based on bi-linear function defined in elliptic curves such as Weil and Tate Pairing [7].

The IBE scheme as proposed by Boneh and Franklin uses four algorithm:

  • Setup: Run once by the PKG to generate the whole system parameters (msk, the Master Public Key (mpk) and params). While params and mpk are made available for the public the msk is kept secret and used to compute d\(_{ID}\)

  • KeyGen: Used by the PKG in order to compute the d\(_{ID}\)

  • Encrypt: Used by the entity willing to encrypt data using its ID

  • Decrypt: Used by the entity willing to decrypt data using the d\(_{ID}\)

Boneh and Franklin scheme is based on a bilinear pairing \(\mathrm {e}\) on \(\mathrm {G_1,G_T}\) and two hash function \(\mathrm {H_1 : {0,1}^* \rightarrow G_1 \setminus \{\infty \}}\) and \(\mathrm {G_T \rightarrow \{0,1\}^l}\) where l is the bi-length of plain text. The PBC is a free portable C [9] library allowing the rapid prototyping of Pairing-Based Cryptosystems. It is designed to be the backbone of implementations of PBC providing elliptic curve generation, elliptic curve arithmetic and pairing computation.

Nowadays, IBE is widely implemented in different applications including emails, due to its simplified key management. A commercial implementation of IBE is published by Voltage Security to enable enterprises to send and receive secure communications.

2.2 Trsuted Platform Module

TPM is a cryptoprocessor promoted by the Trusted Computing Group (TCG) to promote Trusted Computing Platform (TCP). Computers that incorporate TPM can provide cryptographic-based function. TPM (Fig. 1) is a chip that contain a cryptographic co-processor, secure memory, I/O components and other components. It also implements a validated FIPS key size generation for computing digital signature key (512 to 2024 bits). The TPM chip becomes part of new released PC motherboard. The chip is able to store an Endorsement Key (EK) that identify the TPM (Thus device authentication). The chip is tamper resistant through its multiple physical security mechanism. Besides, the chip enables platform integrity, this is done during the boot process, the firmware and operating system components (integrity measurement) are measured and stored in the TPM \(\rightarrow \) BIOS \(\rightarrow \) BootLoader \(\rightarrow \) OS \(\rightarrow \) Application. The integrity measurements can be used as evidence for how a system started. Once we need to attest the platform, a trusted third party sends a token to the platform. The platform takes both the ML and token encrypted by the TPM’s EK and send the encrypted information to the third party which decrypt it using EK’s corresponding public key (thus ensuring authentication) and checks the integrity of data (ML and Token) to verify that the configuration it deems trusted.

Fig. 1.
figure 1

Components of a Trusted Platform Module complying with the TPM version 1.2 standard

Full size image

3 Proposed Design

In this section, we present our design for secure deletion and secure key management through IBE and TPM. To encrypt a file the user generates a data key (AES-256 CBC mode) and uses his ID as a public key to encrypt it. For the PKG, once the Setup algorithm executed, the msk is encrypted by the TPM and kept secret until a user ask for a d\(_{ID}\). The fully IBE client-side cryptography is described in [1]. In this paper we focus more on PKG security and its interaction with TPM (Fig. 3).

Fig. 2.
figure 2

File upload process

Full size image
Fig. 3.
figure 3

File download process

Full size image

We note that we are still developing the code based on TrouSerS’s C API [11]. In order to test our design, we have used an embedded Linux platform with TPM chip. We wrote small Bash files in order to enable the PKG interact with the TPM.

3.1 Architectural Solution

In this section, we present our secure deletion model based on IBE. Each file is associated to the ID of the user. The file is encrypted with a data key (256-bit AES key), and the data key is further encrypted by IBE mechanism. The components of our design are:

  • Cloud user: Generates the data key, performs cryptographic operations on data and the data key.

  • Cloud storage service: A non-trusted third party storage provider

  • PKG: A server with TPM integrated. It generates the d\(_{ID}\) and performs cryptographic operation through TPM for the msk

In the Upload (Fig. 2) process, the user does not need to interact with the PKG, he executes the POST function which generates the data key K and IBE public key D\(_{id}\). At a second stage, the function encrypts the file F with K (\(Enc\{F\}_K\)) then the K with D\(_{id}\) (\(Enc\{F\}D_{id}\)) and upload data to the cloud storage.

For the Download process (Fig. 3), the user get the data from the cloud storage, authenticates himself at the PKG and asks for the d\(_{ID}\). At this stage, the PKG will ask the TPM to unseal the msk in order to compute the d\(_{ID}\) then it will be resealed.

3.2 Securing the Msk

In upload process, the user does not need to interact with the PKG (Fig. 2). In Download process, the user authenticates him self at the PKG which verify the authorization and grant access to a computation of d\(_{ID}\). At this stage, PKG asks the TPM to unseal the msk then it will be resealed once the computation done:

figure a

Experiments has been conducted to measure the running time of plain upload/download and cryptographic operations between the TPM and the PKG. We dropped the overhead cost time of cryptographic operations between TPM and PKG since it was almost zero. The only overhead cost time is related to client-side cryptography using IBE mechanism.

4 Discussion

First, we talk about prerequisites that we have used to test our design. The tcsd daemon from the trouSerS API must be running and tpm-tools installed in Linux distribution. We used a well-known password (20 bytes of 0s) for owner and Storage Root Key (SRK) in order to facilitate the test environment (so that it can be non-interactive), for this purpose the command tpm_takeownership -y -z is used. However, other password should be used in production environment. For IBE client-side cryptography we used the same design as described in [1].

Tests are conducted using a computer with an i5 1.6 GHZ processor and 16 GB RAM. Experiments are performed on files of the following sizes: 10 KB, 1 MB, 5MB, 10 MB and 15 MB.

Once the Setup algorithm executed and global parameters generated the msk is sealed by TPM:

figure b

We measured the overhead cost time of our design for download (Table 1) operations on files of different sizes (Upload operation measurements have been dropped since they do not require interactions with TPM). The measurements concerns the cryptographic operations using IBE design and operations for unsealing the msk. For sealing operation we dropped the measurements since it does not affect our system.

The experiment have proved that the overhead cost time of our IBE design with TPM does not imply a remarkable overload time, and that the transfer of the plains files remains a dominant factor. Also, the design enable to reinforce the PKG security with a zero-time cost. Our model leverage the burden of key management infrastructure and reinforce the confidentiality of the IBE PKG. By using the TPM we add a new security layer with a zero overhead cost time. Also, the use of TPM enables more trust in the service of PKG and resists to software attacks.

Table 1. Proposed design download operation
Full size table

Security: Our model makes it possible to keep the confidentiality of the outsourced data, since they are encrypted on the client side. So, it is difficult for malicious users or the storage service provider to have access to these data even in case of a data leak or system disaster. The nature of hardware-based cryptography ensures that the information stored in hardware is better protected from external software attacks [13].

Besides, our model addresses the problem tied to Key Management by using the TPM to seal the msk, using hardware cryptography the performance is increased because the host system does not support encryption operations. Also, it protects against the most common risks, such as startup attacks, malicious code and force attacks. Unlike software security that shares host resources and it is vulnerable to force attack since malicious users can access the memory of the host and reset the counter of decryption attempts.

5 Conclusion and Perspectives

In this paper we surveyed the security concerns of PKG in IBE. We proposed a design for reinforcing the security of PKG. Compared to traditional PKI, the use of IBE does not imply a repository of public keys and simplify the key managements and there is no need to request certificate of the public key every time for an establishment of connection. Our solution takes benefits from the use of TPM that protect the msk from corruption and unauthorized access by sealing it when it is not used by the PKG, also it enables the authentication capabilities inherent to TPM, so only the PKG is able to get the unsealed msk.

As a perspective, we aim to continue the development of our design with TrouSerS’s C API. Also we aim to enable the integrity check function provided by the TPM through setting up a model for Root of Trust Reporting (RTR).