Ciphertext-Policy Attribute-Based Encryption

In several distributed systems a user should only be able to access data if a user posses a certain set of credentials or attributes. Currently, the only method for enforcing such policies is to employ a trusted server to store the data and mediate access control. However, if any server storing the data is compromised, then the confidentiality of the data will be compromised. In this paper we present a system for realizing complex access control on encrypted data that we call ciphertext-policy attribute-based encryption. By using our techniques encrypted data can be kept confidential even if the storage server is untrusted; moreover, our methods are secure against collusion attacks. Previous attribute-based encryption systems used attributes to describe the encrypted data and built policies into user's keys; while in our system attributes are used to describe a user's credentials, and a party encrypting data determines a policy for who can decrypt. Thus, our methods are conceptually closer to traditional access control methods such as role-based access control (RBAC). In addition, we provide an implementation of our system and give performance measurements.

[1]  Rafail Ostrovsky,et al.  Attribute-based encryption with non-monotonic access structures , 2007, CCS '07.

[2]  Clifford C. Cocks An Identity Based Encryption Scheme Based on Quadratic Residues , 2001, IMACC.

[3]  Brent Waters,et al.  Secure attribute-based systems , 2006, CCS '06.

[4]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[5]  Sean W. Smith,et al.  Attribute-Based Publishing with Hidden Credentials and Hidden Policies , 2007, NDSS.

[6]  Kent E. Seamons,et al.  Concealing complex policies with hidden credentials , 2004, CCS '04.

[7]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[8]  Josh Benaloh,et al.  Generalized Secret Sharing and Monotone Functions , 1990, CRYPTO.

[9]  Victor Shoup,et al.  Lower Bounds for Discrete Logarithms and Related Problems , 1997, EUROCRYPT.

[10]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[11]  Ernest F. Brickell,et al.  Some Ideal Secret Sharing Schemes , 1990, EUROCRYPT.

[12]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[13]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[14]  Ninghui Li,et al.  Automated trust negotiation using cryptographic credentials , 2005, CCS '05.

[15]  Joon S. Park,et al.  Access control mechanisms for inter-organizational workflow , 2001, SACMAT '01.

[16]  G. R. Blakley,et al.  Safeguarding cryptographic keys , 1899, 1979 International Workshop on Managing Requirements Knowledge (MARK).

[17]  Dan Boneh,et al.  Hierarchical Identity Based Encryption with Constant Size Ciphertext , 2005, EUROCRYPT.

[18]  Richard Zippel,et al.  Probabilistic algorithms for sparse polynomials , 1979, EUROSAM.

[19]  Jonathan Katz,et al.  Chosen-Ciphertext Security from Identity-Based Encryption , 2004, SIAM J. Comput..

[20]  Nigel P. Smart Access Control Using Pairing Based Cryptography , 2003, CT-RSA.

[21]  Melissa Chase,et al.  Multi-authority Attribute Based Encryption , 2007, TCC.

[22]  Atul Prakash,et al.  Methods and limitations of security policy reconciliation , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[23]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[24]  Marianne Winslett,et al.  No Registration Needed: How to Use Declarative Policies and Negotiation to Access Sensitive Resources on the Semantic Web , 2004, ESWS.

[25]  Atul Prakash,et al.  Methods and limitations of security policy reconciliation , 2006, TSEC.

[26]  Patrick D. McDaniel,et al.  Principles of Policy in Secure Groups , 2001, NDSS.

[27]  Marianne Winslett,et al.  A unified scheme for resource protection in automated trust negotiation , 2003, 2003 Symposium on Security and Privacy, 2003..

[28]  Jacob T. Schwartz,et al.  Fast Probabilistic Algorithms for Verification of Polynomial Identities , 1980, J. ACM.

[29]  Mitsuru Ito,et al.  Secret sharing scheme realizing general access structure , 1989 .

[30]  Ivan Damgård,et al.  Linear Integer Secret Sharing and Distributed Exponentiation , 2006, IACR Cryptol. ePrint Arch..