Flexible multi-authority attribute-based signature schemes for expressive policy

Attribute-based signature ABS is a new cryptographic primitive, in which a signer can sign a message with his attributes, and the verifier can only known whether the signer owns attributes satisfying his policy. Moreover, the signature cannot be forged by any user not having attributes satisfying the policy. ABS has many applications, such as anonymous authentication, and attribute-based messaging systems. But many applications may require a user obtaining attributes from different authorities, which calls for multi-authority ABS schemes. In this paper, we first propose a multi-authority ABS scheme, called TR_MABS, adopting an attribute tree to support expressive policy consisting of AND, OR, threshold gates. As TR_MABS brings in expensive cost on adding or removing attribute authorities, we present another multi-authority ABS scheme, named DNF_MABS, which uses a disjunctive normal form DNF to express a policy, bringing in the capability of implementing NOT gate. To prevent collusion attack, we adopt a unique global identity GID for a user to combine his attribute keys and identity. Moreover, we use a central authority to assure the usability of attribute keys a user getting from different attribute authorities, make the verification independent of user's identity, and allow attribute authorities' dynamic change. Our schemes fit the requirements of applications, and also distribute the trust to authorities in the system. In addition, we prove the security of our schemes under computational Diffie-Hellman assumption.

[1]  Jin Li,et al.  Privacy-Aware Attribute-Based Encryption with User Accountability , 2009, ISC.

[2]  Rafail Ostrovsky,et al.  Attribute-based encryption with non-monotonic access structures , 2007, CCS '07.

[3]  Ilsun You,et al.  Enhancing SVO Logic for Mobile IPv6 Security Protocols , 2011, J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl..

[4]  Fang-Yie Leu,et al.  A handover security mechanism employing the Diffie-Hellman key exchange approach for the IEEE802.16e wireless networks , 2011, Mob. Inf. Syst..

[5]  Cong Wang,et al.  Enhancing attribute-based encryption with attribute hierarchy , 2009, ICC 2009.

[6]  Yi Qian,et al.  Strongly unforgeable attribute-based group signature in the standard model , 2010, 2010 IEEE International Conference on Intelligent Computing and Intelligent Systems.

[7]  Jin Li,et al.  Hidden attribute-based signatures without anonymity revocation , 2010, Inf. Sci..

[8]  Tatsuaki Okamoto,et al.  Efficient Attribute-Based Signatures for Non-Monotone Predicates in the Standard Model , 2014, IEEE Transactions on Cloud Computing.

[9]  Manoj Prabhakaran,et al.  Attribute-Based Signatures , 2011, CT-RSA.

[10]  David Chaum,et al.  Group Signatures , 1991, EUROCRYPT.

[11]  Paz Morillo,et al.  Revocable Attribute-Based Signatures with Adaptive Security in the Standard Model , 2011, AFRICACRYPT.

[12]  Stefan Katzenbeisser,et al.  Distributed Attribute-Based Encryption , 2009, ICISC.

[13]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[14]  Wang Wenqiang,et al.  An Efficient Attribute-Based Ring Signature Scheme , 2009, 2009 International Forum on Computer Science-Technology and Applications.

[15]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[16]  Minyi Guo,et al.  Balanced bipartite graph based register allocation for network processors in mobile and wireless networks , 2010 .

[17]  Dalia Khader Authenticating with Attributes , 2008, IACR Cryptol. ePrint Arch..

[18]  Xiaolei Dong,et al.  Fuzzy Identity Based Signature , 2008, IACR Cryptol. ePrint Arch..

[19]  Reihaneh Safavi-Naini,et al.  Threshold Attribute-Based Signatures and Their Application to Anonymous Credential Systems , 2009, AFRICACRYPT.

[20]  Manoj Prabhakaran,et al.  Attribute-Based Signatures: Achieving Attribute-Privacy and Collusion-Resistance , 2008, IACR Cryptol. ePrint Arch..

[21]  Bok-Min Goi,et al.  On the Security of an Attribute-Based Signature Scheme , 2009 .

[22]  Atsuko Miyaji,et al.  A Dynamic Attribute-Based Group Signature Scheme and its Application in an Anonymous Survey for the Collection of Attribute Statistics , 2009, 2009 International Conference on Availability, Reliability and Security.

[23]  Yael Tauman Kalai,et al.  How to Leak a Secret: Theory and Applications of Ring Signatures , 2001, Essays in Memory of Shimon Even.

[24]  Guo Shaniqng,et al.  Attribute-based Signature Scheme , 2008, 2008 International Conference on Information Security and Assurance (isa 2008).

[25]  Jinshu Su,et al.  Authenticating with Attributes in Online Social Networks , 2011, 2011 14th International Conference on Network-Based Information Systems.

[26]  Dalia Khader,et al.  Attribute Based Group Signature with Revocation , 2007, IACR Cryptol. ePrint Arch..

[27]  Sherman S. M. Chow,et al.  Improving privacy and security in multi-authority attribute-based encryption , 2009, CCS.

[28]  C. Pandu Rangan,et al.  Attribute Based Signatures for Bounded Multi-level Threshold Circuits , 2010, EuroPKI.

[29]  Melissa Chase,et al.  Multi-authority Attribute Based Encryption , 2007, TCC.

[30]  Dan Cao,et al.  An Expressive Attribute-based Signature Scheme without Random Oracles , 2011 .

[31]  S. Katzenbeisser,et al.  ON MULTI-AUTHORITY CIPHERTEXT-POLICY ATTRIBUTE-BASED ENCRYPTION , 2009 .

[32]  Wei Chen,et al.  A Fuzzy Identity Based Signature Scheme , 2009, 2009 International Conference on E-Business and Information System Security.

[33]  Jong-Hyouk Lee,et al.  Diffie-Hellman key based authentication in proxy mobile IPv6 , 2010 .

[34]  Xavier Boyen,et al.  Mesh Signatures , 2007, EUROCRYPT.

[35]  Jin Li,et al.  Attribute-Based Ring Signatures , 2008, IACR Cryptol. ePrint Arch..

[36]  W. Wenqiang,et al.  Attribute-based ring signature scheme with constant-size signature , 2010 .

[37]  Allison Bishop,et al.  Decentralizing Attribute-Based Encryption , 2011, IACR Cryptol. ePrint Arch..

[38]  Xiaohui Liang,et al.  Secure Threshold Multi Authority Attribute Based Encryption without a Central Authority , 2008, INDOCRYPT.

[39]  Ilsun You,et al.  Enhancing MISP with Fast Mobile IPv6 Security , 2011, Mob. Inf. Syst..

[40]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[41]  Dalia Khader,et al.  Attribute Based Group Signatures , 2007, IACR Cryptol. ePrint Arch..

[42]  Avi Wigderson,et al.  On span programs , 1993, [1993] Proceedings of the Eigth Annual Structure in Complexity Theory Conference.

[43]  Brent Waters,et al.  Dual System Encryption: Realizing Fully Secure IBE and HIBE under Simple Assumptions , 2009, IACR Cryptol. ePrint Arch..

[44]  Dongqing Xie,et al.  Attribute-based signature and its applications , 2010, ASIACCS '10.

[45]  Rainer Steinwandt,et al.  Multi-authority attribute-based encryption with honest-but-curious central authority , 2012, Int. J. Comput. Math..