Distributed Attribute-based Private Access Control

In attribute-based access control, users with specific verified attributes will gain access to some particular data. Concerning the privacy of the users’ attributes, we study the problem of distributed attribute-based private access control (DAPAC) with multiple authorities. Each authority will learn and verify only one of the attributes.To investigate its fundamental limits, we introduce an information-theoretic DAPAC framework, with $N \in {\mathbb{N}},N \geq 2$, replicated non-colluding servers (authorities), and some users. Each user has an attribute vector ${{\mathbf{v}}^{\ast}} = \left( {v_1^{\ast}, \ldots,v_N^{\ast}} \right)$ of dimension N and is eligible to retrieve a message ${W^{{{\text{v}}^{\ast}}}}$, available on all servers. Each server n ∈ [N] can only observe and verify the n’th attribute of a user. In response, it sends a function of its authorized messages to the user. The system must satisfy the following conditions: (1) Correctness: the user with attribute vector v*can retrieve his intended message ${W^{{{\text{v}}^{\ast}}}}$ from the servers’ responses, (2) Data Secrecy: the user will not learn anything about the other messages, (3) Attribute Privacy: each Server n learns nothing beyond attribute n of the user. The capacity of the DAPAC is defined as the ratio of the file size and the aggregated size of the responses, maximized over all feasible schemes. We obtain a lower bound on the capacity of this problem by proposing an achievable algorithm with rate $\frac{1}{{2K}}$, where K is the size of the alphabet of each attribute.

[1]  Michael Gastpar,et al.  Private Retrieval, Computing, and Learning: Recent Progress and Future Challenges , 2021, IEEE Journal on Selected Areas in Communications.

[2]  Sennur Ulukus,et al.  The Capacity of Private Information Retrieval From Heterogeneous Uncoded Caching Databases , 2019, IEEE Transactions on Information Theory.

[3]  Hao Wang,et al.  Efficient Attribute-Based Encryption with Privacy-Preserving Key Generation and Its Application in Industrial Cloud , 2019, Secur. Commun. Networks.

[4]  Sennur Ulukus,et al.  Private Information Retrieval from Non-Replicated Databases , 2018, 2019 IEEE International Symposium on Information Theory (ISIT).

[5]  Yi Mu,et al.  Hidden Ciphertext Policy Attribute-Based Encryption With Fast Decryption for Personal Health Record System , 2019, IEEE Access.

[6]  Hua Sun,et al.  The Capacity of Symmetric Private Information Retrieval , 2016, 2016 IEEE Globecom Workshops (GC Wkshps).

[7]  Hua Sun,et al.  The Capacity of Private Information Retrieval , 2017, IEEE Transactions on Information Theory.

[8]  Jiguo Li,et al.  Privacy-preserving personal health record using multi-authority attribute-based encryption with revocation , 2015, International Journal of Information Security.

[9]  Xiang-Yang Li,et al.  Privacy preserving cloud data access with multi-authorities , 2012, 2013 Proceedings IEEE INFOCOM.

[10]  Jie Wu,et al.  Hierarchical attribute-based encryption and scalable user revocation for sharing data in cloud servers , 2011, Comput. Secur..

[11]  Melissa Chase,et al.  Multi-authority Attribute Based Encryption , 2007, TCC.

[12]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[13]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[14]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.