Vipul Goyal
Brent Waters
ABSTRACT
As more sensitive data is shared and stored by third-party sites on the Internet, there will be a need to encrypt data stored at these sites. One drawback of encrypting data, is that it can be selectively shared only at a coarse-grained level (i.e., giving another party your private key). We develop a new cryptosystem for fine-grained sharing of encrypted data that we call Key-Policy Attribute-Based Encryption (KP-ABE). In our cryptosystem, ciphertexts are labeled with sets of attributes and private keys are associated with access structures that control which ciphertexts a user is able to decrypt. We demonstrate the applicability of our construction to sharing of audit-log information and broadcast encryption. Our construction supports delegation of private keys which subsumesHierarchical Identity-Based Encryption (HIBE).
- Michel Abdalla, Dario Catalano, Alexander W. Dent,John Malone-Lee,Gregory Neven, and Nigel P. Smart. Identity-based encryption gone wild. In Michele Bugliesi,Bart Preneel,Vladimiro Sassone,and Ingo Wegener, editors, ICALP (2)volume 4052 of Lecture Notes in Computer Science pages 300--311. Springer, 2006.]] Google Scholar
Digital Library
- S. G. Akl and P. D. Taylor. Cryptographic Solution to a Multi Level Security Problem.In Advances in Cryptology -- CRYPTO 1982.]]Google Scholar
- A. Beimel. Secure Schemes for Secret Sharing and Key Distribution PhD thesis, Israel Institute of Technology, Technion, Haifa, Israel, 1996.]]Google Scholar
- M. Bellare and P. Rogaway. Random oracles are practical: A paradigm for designing efficient protocols.In ACM conference on Computer and Communications Security (ACM CCS) pages 62--73, 1993.]] Google ScholarDigital Library
- J. Benaloh and Leichter J. Generalized Secret Sharing and Monotone Functions.In Advances in Cryptology -- CRYPTO volume 403 of LNCS pages 27--36. Springer, 1988.]] Google ScholarDigital Library
- G. R. Blakley. Safeguarding cryptographic keys.In National Computer Conference pages 313--317. American Federation of Information Processing Societies Proceedings, 1979.]]Google Scholar
- D. Boneh and X. Boyen. Efficient Selective-ID Secure Identity Based Encryption Without Random Oracles.In Advances in Cryptology -- Eurocrypt volume 3027 of LNCS pages 223--238. Springer, 2004.]]Google Scholar
- D. Boneh, G. D. Crescenzo, R. Ostrovsky, and G. Persiano. Public-Key Encryption with Keyword Search.In Advances in Cryptology -- Eurocrypt volume 3027 of LNCS pages 506--522. Springer, 2004.]]Google Scholar
- D. Boneh and M. Franklin. Identity Based Encryption from the Weil Pairing. In Advances in Cryptology -- CRYPTO volume 2139 of LNCS pages 213--229. Springer, 2001.]] Google ScholarDigital Library
- D. Boneh, C. Gentry, and B. Waters. Collusion Resistant Broadcast Encryption with Short Ciphertexts and Private Keys. In Advances in Cryptology -- CRYPTO volume 3621 of LNCS pages 258--275. Springer, 2005.]] Google ScholarDigital Library
- Dan Boneh and Jonathan Katz.Improved efficiency for cca-secure cryptosystems built using identity-based encryption. In CT-RSA pages 87--103, 2005.]] Google ScholarDigital Library
- Xavier Boyen, Qixiang Mei, and Brent Waters. Direct chosen ciphertext security from identity-based techniques. In ACM Conference on Computer and Communications Security pages 320--329, 2005.]] Google ScholarDigital Library
- Robert W. Bradshaw, Jason E. Holt, and Kent E. Seamons. Concealing complex policies with hidden credentials. In ACM Conference on Computer and Communications Security pages 146--157, 2004.]] Google ScholarDigital Library
- E.F.Brickell.Some ideal secret sharing schemes.Journal of Combinatorial Mathematics and Combinatorial Computing 6:105--113, 1989.]]Google Scholar
- R. Canetti, S. Halevi, and J. Katz. A Forward-Secure Public-Key Encryption Scheme.In Advances in Cryptology -- Eurocrypt volume 2656 of LNCS Springer, 2003.]]Google Scholar
- R. Canetti, S. Halevi, and J. Katz. Chosen Ciphertext Security from Identity Based Encryption.In Advances in Cryptology -- Eurocrypt volume 3027 of LNCS pages 207--222. Springer, 2004.]]Google Scholar
- Clifford Cocks. An identity based encryption scheme based on quadratic residues. In IMA Int. Conf. pages 360--363, 2001.]] Google ScholarDigital Library
- Y. Dodis, N. Fazio, A. Lysyanskaya, and D. F. Yao. ID-Based Encryption for Complex Hierarchies with Applications to Forward Security and Broadcast Encryption. In ACM conference on Computer and Communications Security (ACM CCS)pages 354--363, 2004.]] Google ScholarDigital Library
- Rita Gavriloaie, Wolfgang Nejdl, Daniel Olmedilla, Kent E. Seamons, and Marianne Winslett. No registration needed:How to use declarative policies and negotiation to access sensitive resources on the semantic web. In ESWS pages 342--356, 2004.]]Google Scholar
- Craig Gentry and Alice Silverberg. Hierarchical id-based cryptography. In ASIACRYPT pages 548--566, 2002.]] Google ScholarDigital Library
- V. Goyal, O. Pandey, A. Sahai, and B. Waters. Attribute Based Encryption for Fine-Grained Access Conrol of Encrypted Data. Avaialble at:http://eprint.iacr.org/2006/.]]Google Scholar
- D. Halevy and A. Shamir. The LSD Broadcast Encryption Scheme. In Advances in Cryptology -- CRYPTO volume 2442 of LNCS pages 47--60. Springer, 2002.]] Google ScholarDigital Library
- Hugh Harney, Andrea Colgrove, and Patrick Drew McDaniel. Principles of policy in secure groups.In NDSS 2001.]]Google Scholar
- Jeremy Horwitz and Ben Lynn. Toward hierarchical identity-based encryption. In Lars R.Knudsen, editor, EUROCRYPT volume 2332 of Lecture Notes in Computer Science pages 466--481. Springer, 2002.]] Google ScholarDigital Library
- M. Ito, A. Saito, and T. Nishizeki. Secret Sharing Scheme Realizing General Access Structure. In IEEE Globecom IEEE, 1987.]]Google Scholar
- Myong H. Kang, Joon S. Park, and Judith N. Froscher. Access control mechanisms for inter-organizational work flow. In SACMAT '01: Proceedings of the sixth ACM symposium on Access control models and technologies pages 66--74, New York, NY, USA, 2001. ACM Press.]] Google ScholarDigital Library
- Jiangtao Li, Ninghui Li, and William H. Winsborough. Automated trust negotiation using cryptographic credentials. In ACM Conference on Computer and Communications Security pages 46--57, 2005.]] Google ScholarDigital Library
- Patrick Drew McDaniel and Atul Prakash. Methods and limitations of security policy reconciliation. In IEEE Symposium on Security and Privacy pages 73--87, 2002.]] Google ScholarDigital Library
- Cisco Networks.http://netflow.cesnet.cz/n netflow.php]]Google Scholar
- M. Pirretti, P. Traynor, P. McDaniel, and B. Waters. Secure Atrribute-Based Systems. In ACM conference on Computer and Communications Security (ACM CCS) 2006. To appear.]] Google ScholarDigital Library
- A. Sahai. Non-malleable non-interactive zero knowledge and adaptive chosen-ciphertext security. In IEEE Symposium on Foundations of Computer Science 1999.]] Google ScholarDigital Library
- A. Sahai and B. Waters. Fuzzy Identity Based Encryption. In Advances in Cryptology -- Eurocrypt volume 3494 of LNCS pages 457--473. Springer, 2005.]] Google ScholarDigital Library
- A. Shamir. How to share a secret. Commun. ACM 22(11):612--613, 1979.]] Google ScholarDigital Library
- A. Shamir. Identity Based Cryptosystems and Signature Schemes. In Advances in Cryptology -- CRYPTO volume 196 of LNCS pages 37--53. Springer, 1984.]] Google ScholarDigital Library
- Nigel P. Smart. Access control using pairing based cryptography. In CT-RSA pages 111--121, 2003.]]Google Scholar
- Ting Yu and Marianne Winslett. A unified scheme for resource protection in automated trust negotiation. In IEEE Symposium on Security and Privacy pages 110--122, 2003.]] Google ScholarDigital Library
Index Terms
- Attribute-based encryption for fine-grained access control of encrypted data
Recommendations
Fine-grained access control system based on fully outsourced attribute-based encryption
First fully outsourced attributed-based encryption scheme.Lightweight operations for the private key generator and users.Imperceptible communication cost for the private key generator and users.Rigorous theoretical and detailed experimental analyses of ...
Fine-Grained Secure Attribute-Based Encryption
Advances in Cryptology – CRYPTO 2021AbstractFine-grained cryptography is constructing cryptosystems in a setting where an adversary’s resource is a-prior bounded and an honest party has less resource than an adversary. Currently, only simple form of encryption schemes, such as secret-key ...
Fine-grained user access control in ciphertext-policy attribute-based encryption
Key revocation is one of the most challenging and open issues in attribute-based encryption (ABE). The previous revocable ABE schemes feature a mechanism that revokes the attribute key periodically without any consideration of the user membership ...
Comments