Ciphertext Policy Attribute Based Encryption with Intel SGX

Vivek Suryawanshi,Shamik Sural
2024-09-11
Abstract:Modern computing environments demand robust security measures to protect sensitive data and resources. Ciphertext-Policy Attribute-Based Encryption (CP-ABE) is a well-established encryption technique known for its fine-grained access control capabilities. However, as the digital landscape evolves, there is a growing need to enhance the security of CP-ABE operations. We propose an approach that utilizes CP-ABE with Intel SGX. It allows data to be encrypted and decrypted securely within the SGX enclave based on the rules in policy by ensuring that only authorized users gain access. We evaluate its performance through different experiments by focusing on key parameters such as the number of rules, attributes and file size. Our results demonstrate the performance and scalability of integrating SGX with CP-ABE in enhancing data security with only minimal increase in execution time due to enclave overhead.
Cryptography and Security
What problem does this paper attempt to address?
The problem that this paper attempts to solve is: in the modern computing environment, how to enhance the access control and protection mechanism of sensitive data by combining Ciphertext - Policy Attribute - Based Encryption (CP - ABE) and Intel SGX. Specifically: 1. **Existing problems**: - Although the existing CP - ABE technology provides fine - grained access control capabilities, its security needs to be further improved in the context of the evolving digital environment. - Traditional CP - ABE encryption and decryption operations are vulnerable to external attacks or unauthorized access. 2. **Solutions**: - The paper proposes a method of combining CP - ABE with Intel SGX (Software Guard Extensions). Intel SGX is a hardware - level security extension that can create a secure execution environment (called enclave) in the processor, ensuring that sensitive operations are not interfered with by the operating system and other processes. - In this way, data can be encrypted and decrypted in the SGX enclave according to pre - defined policies, thus ensuring that only authorized users can access the data. 3. **Main objectives**: - Improve the security of CP - ABE operations and prevent sensitive data from being tampered with or leaked during the encryption and decryption processes. - Evaluate the performance of this integrated method, especially its performance under different parameters (such as the number of rules, the number of attributes, and the file size). - Prove that this method enhances data security while introducing only minimal execution time overhead. 4. **Experimental results**: - Experiments show that although the introduction of SGX will increase a certain amount of execution time overhead, it generally improves the confidentiality and integrity of data and has good scalability under different scales of policies, attributes, and file sizes. In summary, this paper aims to solve the current security challenges in data access control and protection mechanisms by combining CP - ABE and Intel SGX, providing a more secure and reliable solution.