Tracing Insider Attacks in the Context of Predicate Encryption Schemes

In a predicate encryption scheme an authority generates master public and secret keys, and uses the master secret key to derive personal secret keys for authorized use rs. Each user’s personal secret keySKf corresponds to apredicate f defining the access rights of that user, and each ciphertext i s associated (by the sender) with anattribute. The security provided is that a ciphertext associated with attributeI can be decrypted only using a personal secret keySKf for which f(I) = 1, i.e., for which the given access rightsf allow decryption of ciphertexts having attribute I . Predicate encryption generalizes identity-based encryption, broadcast encryption, attribute-based encryption, and more, and has been suggested as a mechanism for implementing secure information flow and distributed access control in scenarios involving multiple security domains. In this work, we introduce and study the notion of traceability for predicate encryption schemes, thus generalizing the an alogous notion that has been defined in the specific context of broadca st encryption. Traceability allows a group manager to apprehend malicious insiders who leak their personal secret keys to anadversary, or to determine which authorized users’ keys have b een compromised. In addition to defining the notion, we show how to add traceability to the most expressive predicate encryp tion scheme currently known.

[1]  Moni Naor,et al.  Efficient trace and revoke schemes , 2000, International Journal of Information Security.

[2]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[3]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[4]  Moni Naor,et al.  Revocation and Tracing Schemes for Stateless Receivers , 2001, CRYPTO.

[5]  Matthew K. Franklin,et al.  An Efficient Public Key Traitor Tracing Scheme , 1999, CRYPTO.

[6]  Brent Waters,et al.  A fully collusion resistant broadcast, trace, and revoke system , 2006, CCS '06.

[7]  Amos Fiat,et al.  Broadcast Encryption , 1993, CRYPTO.

[8]  Jessica Staddon,et al.  Efficient Methods for Integrating Traceability and Broadcast Encryption , 1999, CRYPTO.

[9]  Rafail Ostrovsky,et al.  Attribute-based encryption with non-monotonic access structures , 2007, CCS '07.

[10]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[11]  Jonathan Katz,et al.  Predicate Encryption Supporting Disjunctions, Polynomial Equations, and Inner Products , 2008, Journal of Cryptology.

[12]  Brent Waters,et al.  Functional Encryption: Definitions and Challenges , 2011, TCC.

[13]  Ran Canetti,et al.  A Forward-Secure Public-Key Encryption Scheme , 2003, Journal of Cryptology.

[14]  Amos Fiat,et al.  Tracing Traitors , 1994, CRYPTO.

[15]  Brent Waters,et al.  Fully Collusion Resistant Traitor Tracing with Short Ciphertexts and Private Keys , 2006, EUROCRYPT.

[16]  Mihir Bellare,et al.  Searchable Encryption Revisited: Consistency Properties, Relation to Anonymous IBE, and Extensions , 2005, Journal of Cryptology.

[17]  Jonathan Katz,et al.  A Forward-Secure Public-Key Encryption Scheme , 2003, Journal of Cryptology.

[18]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[19]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[20]  Rafail Ostrovsky,et al.  Public Key Encryption with Keyword Search , 2004, EUROCRYPT.

[21]  Brent Waters,et al.  Conjunctive, Subset, and Range Queries on Encrypted Data , 2007, TCC.

[22]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[23]  Elaine Shi,et al.  Multi-Dimensional Range Query over Encrypted Data , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).