高昂,李增智

DOI: https://doi.org/10.15961/j.jsuese.2012.05.018

2012-01-01

Abstract:In order to solve the problem that multi-authority attribute-based encryption(ABE) is vulnerable to collusion attack,firstly,user behaviours of making request for key were formulized into legality and collusion according to the relationship between user's attribute and decryption threshold.Furthermore,a free Global ID(GID) ABE algorithm was proposed,where each attribute authority is required to run a security check for users'requests with the help of a trusted central authority,so that only legal user has power to decrypt message instead of colluders.The results of security analysis and performance evaluation showed that the proposed algorithm not only improves user's privacy,but also doesn't evidently increase communication overhead incurred by the node and the delay of transmitting node in wireless sensor networks(WSNs),and it is suitable for WSNs.

Ehsan Meamari,Hao Guo,Chien-Chung Shen,Junbeom Hur

DOI: https://doi.org/10.48550/arXiv.2002.07811

2020-02-18

Abstract:Attribute-based Encryption (ABE) is an information centric security solution that moves beyond traditional restrictions of point-to-point encryption by allowing for flexible, fine-grain policy-based and content-based access control that is cryptographically enforced. As the original ABE systems are managed by a single authority, several efforts have decentralized different ABE schemes to address the key escrow problem, where the authority can issue secret keys to itself to decrypt all the ciphertext. However, decentralized ABE (DABE) schemes raise the issue of collusion attacks. In this paper, we review two existing types of collusion attacks on DABE systems, and introduce a new type of collusion among authorities and data users. We show that six existing DABE systems are vulnerable to the newly introduced collusion and propose a model to secure one of the DABE schemes.

Cryptography and Security

Yan Yang,Xingyuan Chen,Hao Chen,Xuehui Du

DOI: https://doi.org/10.1109/ACCESS.2018.2820182

IF: 3.9

2018-01-01

IEEE Access

Abstract:Decentralizing multi-authority attribute-based encryption (ABE) has been adopted for solving problems arising from sharing confidential corporate data in cloud computing. For decentralizing multi authority ABE systems that do not rely on a central authority, collusion resistance can be achieved using a global identifier. Therefore, identity needs to be managed globally, which results in the crucial problems of privacy and security. A scheme is developed that does not use a central authority to manage users and keys, and only simple trust relations need to be formed by sharing the public key between each attribute authority (AA). User identities are unique by combining a user's identity with the identity of the AA where the user is located. Once a key request needs to be made to an authority outside the domain, the request needs to be performed by the authority in the current domain rather than by the users, so, user identities remain private to the AA outside the domain, which will enhance privacy and security. In addition, the key issuing protocol between AA is simple as the result of the trust relationship of AA. Moreover, extensibility for authorities is also supported by the scheme presented in this paper. The scheme is based on composite order bilinear groups. A proof of security is presented that uses the dual system encryption methodology.

Jin Li,Qiong Huang,Xiaofeng Chen,Sherman S. M. Chow,Duncan S. Wong,Dongqing Xie

DOI: https://doi.org/10.1145/1966913.1966964

2011-01-01

Abstract:Attribute-based encryption (ABE) is a promising tool for implementing fine-grained cryptographic access control. Very recently, motivated by reducing the trust assumption on the authority, and enhancing the privacy of users, a multiple-authority key-policy ABE system, together with a semi-generic anonymous key-issuing protocol, have been proposed by Chase and Chow in CCS 2009. Since ABE allows encryption for multiple users with attributes satisfying the same policy, it may not be always possible to associate a decryption key to a particular individual. A misbehaving user could abuse the anonymity by leaking the key to someone else, without worrying of being traced. In this paper, we propose a multi-authority ciphertext-policy (AND gates with wildcard) ABE scheme with accountability , which allows tracing the identity of a misbehaving user who leaked the decryption key to others, and thus reduces the trust assumptions not only on the authorities but also the users. The tracing process is efficient and its computational overhead is only proportional to the length of the identity.

Xing Zhang,Cancan Jin,Cong Li,Zilong Wen,Qingni Shen,Yuejian Fang,Zhonghai Wu

DOI: https://doi.org/10.1007/978-3-319-28865-9_27

2015-01-01

Abstract:To ensure the security of sensitive data, people need to encrypt them before uploading them to the public storage. Attribute-based encryption (ABE) is a promising cryptographic primitive for fine-grained sharing of encrypted data. However, ABE lacks user and authority accountability. The user can share his/her secret key without being identified, while key generation center (KGC) can generate any user’s secret key. In this paper, we propose a practical large universe ciphertext-policy ABE (CP-ABE) with user and authority accountability in the white-box model. As embedding the user’s identity information into this user’s secret key directly, the trace stage has only O(1) time overhead. The property of accountability is proved against the dishonest user and KGC in the standard model. We implement our scheme in Charm. Experiments show that CP-ABE of Rouselakis and Waters in CCS 2013 is enhanced in user and authority accountability by our method with small computational cost.

Yongtao Wang,Kefei Chen,Yu Long

DOI: https://doi.org/10.3772/j.issn.1006-6748.2013.01.015

2013-01-01

Abstract:An accountable authority attribute-based encryption (A-ABE) scheme is presented in this paper. The notion of accountable authority identity-based encryption (A-IBE) was first introduced by Goyal at Crypto'07. It is a novel approach to mitigate the (inherent) key escrow problem in identity-based cryptosystems. In this work, the concept of accountable authority to attribute-based encryption (ABE) setting is generalized for the first time, and then a construction is given. The scheme non-trivially integrates an A-IBE scheme proposed by Libert et al. with an ABE scheme. In our construction, a user will be identified by a pair (id, ω), where id denotes the user's identity and ω denotes the set of attributes associated to the user. In addition, our construction is shown to be secure under some reasonable assumptions. © by HIGH TECHNOLOGY LETTERS PRESS.

J. Li,X. Chen,H. Tian,C. Gao

DOI: https://doi.org/10.1504/ijahuc.2014.065156

2014-01-01

International Journal of Ad Hoc and Ubiquitous Computing

Abstract:Since the notion of attribute-based encryption (ABE) was proposed, it has been found a lot of important applications such as fine-grained access control. However, the issue of key exposure problem in ABE has been solved completely. This problem is formally addressed and formulated in this paper. More specifically, we propose a new key-insulated ABE (KI-ABE) scheme as a solution to the key exposure problem. The definition and security model of KI-ABE is proposed. Then, a KI-ABE scheme is presented, which is provably secure under the proposed model. The scheme is secure in the remaining time periods against an adversary who compromises the insecure device and obtains secret keys for the periods of its choice. Finally, we show that the scheme also supports user delegation, which is critical when one wants to delegate part of attributes (privileges) to others.

Gang Yu,Xiaoxiao Ma,Zhenfu Cao,Weihua Zhu,Junjie Zeng

DOI: https://doi.org/10.1007/978-3-319-69471-9_25

2017-01-01

Abstract:Ciphertext-policy attribute-based encryption (CP-ABE) is a promising public key encryption primitive enabling fine-grained access control on shared data in public cloud. However, two quite challenging issues, the prevention of key escrow and key abuse, still exist in CP-ABE system. In this paper, we propose a multi-authority CP-ABE scheme without key escrow and key abuse. To prevent key escrow, multiple authorities are employed to perform the same procedure of key generation for an attribute. Thus, no individual authority or colluded authorities that manage no common attribute can decrypt any ciphertext, and it can also resist collusion attack from curious authority with the help of dishonest users. To prevent key abuse of dishonest users, user’s global identifier along with a signature is embedded into the secret key. Thus, any third party can learn the identity from a shared secret key and publicly verify its validity. An advantage of simultaneously preventing key escrow and key abuse is that the proposed scheme can achieve accountability, i.e. an auditor can publicly audit a user or authorities abuse the secret key. At last, the proposed scheme is fully secure in the random oracle model, and due to a key aggregate algorithm its efficiency is comparable to the decentralizing CP-ABE scheme [18] on which it is based.

Liangxuan Zhang,Hui Li,Yinghui Zhang,Fawad Khan

DOI: https://doi.org/10.1109/infcomw.2017.8116436

2017-01-01

Abstract:Decentralized multi-authority attribute-based encryption (ABE) has been adopted to protect outsourced data. However, there are some security issues. Firstly, the user's attributes information is leaked to the authorities and secondly, the access structure being sent along with ciphertext violates its privacy. To address these issues, an efficient decentralized attribute-based encryption scheme with features of privacy preservation and expressive access structures is proposed. The proposed scheme cannot only prevent user's attributes information leakage, but it also provides a hidden, flexible and expressive structure realizable by Linear Secret Sharing Scheme (LSSS). Moreover, we prove the proposed scheme to be secure against Chosen-Ciphertexts Attacks (CCA) under the standard Decisional Bilinear Diffie-Hellman (DBDH) assumption. In addition, proposed scheme performs efficiently in comparison to existing schemes shown by theoretical and experimental analysis.

Miao Wang,Zhenfu Cao,Xiaolei Dong,Runmeng Du,Jiasheng Chen

DOI: https://doi.org/10.1109/jiot.2024.3470322

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:In the distributed computing environment, it is important to efficiently achieve secure access to data. One of the widely applied encryption mechanisms is the multi-authority attribute-based encryption. However, most existing multi-authority setting schemes were relied on bilinear pairings, which causes the system to bear a relatively large burden in computation overhead. In this paper, we proposes a decentralized multi-authority key-policy attribute-based encryption scheme without bilinear pairings, its security is relied solely on the decisional Diffie-Hellman assumption. It removes the trusted central authority and prevents user collusion attacks. Except for the global coordination between the attribute authorities, any party can simply play the part of a standard attribute authority by generating public keys and issuing corresponding decryption key components for users. The proposed scheme provides heightened security and efficiency compared to the current pairing-free multi-authority ABE scheme, as well as superior computational efficiency when compared to those utilizing bilinear pairings.

Ang Gao,Zeng-zhi Li

DOI: https://doi.org/10.1587/transfun.E96.A.724

2013-01-01

IEICE Transactions on Fundamentals of Electronics Communications and Computer Sciences

Abstract:In order to improve user's privacy in multi-authority Attribute-Based Encryption (ABE), we propose a solution which hides user's attributes by privacy homomorphism, such that not only the "external" adversary fails to access the private attribute of one user by eavesdropping on communications, but also the "internal" Attribute Authorities (AA), who are responsible for issuing attribute keys, are unable to build a full profile with all of the user's attributes by pooling their information on the user's ID. Meanwhile, the use of ID is essential to defend against collusion attack on ABE. Benefiting from privacy homomorphism, by which we distribute the part of the interpolation for the shares abstracted by the hidden attributes into each AA, the performance of the proposed scheme is higher than those of existing ABE schemes.

Huang Lin,Zhenfu Cao,Xiaohui Liang,Jun Shao

DOI: https://doi.org/10.1007/978-3-540-89754-5_33

IF: 8.1

2010-01-01

Information Sciences

Abstract:An attribute based encryption scheme (ABE) is a cryptographic primitive in which every user is identified by a set of attributes, and some function of these attributes is used to determine the ability to decrypt each ciphertext. Chase proposed the first multi authority ABE scheme which requires a fully trusted central authority who has the ability to decrypt each ciphertext in the system. This central authority would endanger the whole system if it is corrupted. This paper provides a threshold multi authority fuzzy identity based encryption (MA-FIBE) scheme without a central authority for the first time. An encrypter can encrypt a message such that a user could only decrypt if he has at least dk of the given attributes about the message for at least t+1,t⩽n/2 honest authorities of all the n attribute authorities in the proposed scheme. This paper considers a stronger adversary model in the sense that the corrupted authorities are allowed to distribute incorrect secret keys to the users. The security proof is based on the secrecy of the underlying distributed key generation protocol and joint zero secret sharing protocol and the standard decisional bilinear Diffie–Hellman assumption. The proposed MA-FIBE could be extended to the threshold multi authority attribute based encryption (MA-ABE) scheme, and both key policy based and ciphertext policy based MA-ABE schemes without a central authority are presented in this paper. Moreover, several other extensions, such as a proactive large universe MA-ABE scheme, are also provided in this paper.

Jin Li,Kui Ren,Bo Zhu,Zhiguo Wan

DOI: https://doi.org/10.1007/978-3-642-04474-8_28

2009-01-01

Abstract:As a new public key primitive, attribute-based encryption (ABE) is envisioned to be a promising tool for implementing fine-grained access control. To further address the concern of user access privacy, privacy-aware ABE schemes are being developed to achieve hidden access policy recently. For the purpose of secure access control, there is, how- ever, still one critical functionality missing in the existing ABE schemes, which is user accountability. Currently, no ABE scheme can completely prevent the problem of illegal key sharing among users. In this paper, we tackle this problem by firstly proposing the notion of accountable, anony- mous, and ciphertext-policy ABE (CP-A 3 BE, in short) and then giving out a concrete construction. We start by improving the state-of-the-art of anonymous CP-ABE to obtain shorter public parameters and ciphertext length. In the proposed CP-A 3 BE construction, user accountability can be achieved in black-box model by embedding additional user-specific information into the attribute private key issued to that user, while still maintaining hidden access policy. The proposed constructions are prov- ably secure.

Jin Li,Xiaofeng Chen,Sherman S. M. Chow,Qiong Huang,Duncan S. Wong,Zheli Liu

DOI: https://doi.org/10.1016/j.jnca.2018.03.006

IF: 7.574

2018-01-01

Journal of Network and Computer Applications

Abstract:Attribute-based encryption (ABE) is one of critical primitives for the application of fine-grained access control. To reduce the trust assumption on the attribute authority and in the meanwhile enhancing the privacy of users and the security of the encryption scheme, the notion of multi-authority ABE with an anonymous key issuing protocol has been proposed. In an ABE scheme, it allows to encrypt data for a set of users satisfying some specified attribute policy and any leakage of a decryption key cannot be associated to a user. As a result, a misbehaving user could abuse the property of access anonymity by sharing its key other unauthorized users. On the other hand, the previous work mainly focus on the key-policy ABE, which cannot support ciphertext-policy access control. In this paper, we propose a privacy-aware multi-authority ciphertext-policy ABE scheme with accountability, which hides the attribute information in the ciphertext and allows to trace the dishonest user identity who shares the decryption key. The efficiency analysis demonstrates that the new scheme is efficient, and the computational overhead in the tracing algorithm is only proportional to the length of the identity. Finally, we also show how to apply it in cloud computing to achieve accountable fine-grained access control system.

XiaoFang Huang,Qi Tao,BaoDong Qin,ZhiQin Liu

DOI: https://doi.org/10.1109/icccn.2015.7288431

2015-01-01

Abstract:Attribute Based Encryption (ABE) scheme can achieve information sharing of one-to-many users, without considering the number of users and the users identity. But, the traditional single Attribute Authority (AA) ABE scheme can hardly meet requirements of different agencies in distributed application environment and it is easy to form the system performance bottlenecks. Based on ciphertext-policy ABE scheme, this paper proposes a multi-authority revocable ABE scheme, where the classification manages user attributes, effectively relieving the management burden of single organization. In addition, it can achieve fine grained access control of shared information by adopting tree access strategy and secret sharing scheme, and support system attribute revocation. Finally, we show that the scheme is secure against chosen plaintext attack under the Decisional Bilinear Diffie-Hellman (DBDH) assumption.

Zhiting Zhang,Peng Zeng,Bofeng Pan,Kim-Kwang Raymond Choo

DOI: https://doi.org/10.1109/jiot.2020.2986303

IF: 10.6

2020-01-01

IEEE Internet of Things Journal

Abstract:Attribute-based encryption (ABE) can be utilized to achieve both data security and fine-grained access control in a cloud computing environment. However, we need to consider the risks of key abuse and key escrow in such a setting. Specifically, the former risk category includes the illegal sharing of user’s keys (i.e., user key abuse) and illegal key distribution by an authority (i.e., authority key abuse), and the latter includes the scenario where some ciphertext is decrypted by the authority without the user’s approval. Hence, in this article, we seek to address both key abuse and key escrow concerns when deploying ABE in a cloud computing environment. In our construction, two authorities [i.e., a key generation center (KGC) and an attribute authority (AA)] participate in the generation of the user’s secret key. Both KGC and AA will not know the full decryption key or have the capability to forge one. As a result, neither KGC nor AA can illegally distribute the user’s private key to unauthorized users or decrypt user’s ciphertexts without the user’s approval. In addition, in our scheme, any private keys modified by malicious users cannot be successfully used for decryption. In the event that some user illegally shares his/her original private key, the scheme has in place a mechanism to trace the abused private key (since the user’s identity information is embedded in the private key). Hence, our scheme supports public traceability, key abuse, and key escrow. In addition, our scheme is based on prime order bilinear groups, and is shown to be selectively secure in the standard model.

Zhen Liu,Zhenfu Cao,Duncan S. Wong

DOI: https://doi.org/10.1007/978-3-319-16745-9_22

2015-01-01

Abstract:Recently a series of expressive, secure and efficient Attribute-Based Encryption (ABE) schemes, both inkey-policy flavor and ciphertext-policy flavor, have been proposed. However, before being applied into practice, these systems have to attain traceability of malicious users. As the decryption privilege of a decryption key in Key-Policy ABE (resp. Ciphertext-Policy ABE) may be shared by multiple users who own the same access policy (resp. attribute set), malicious users might tempt to leak their decryption privileges to third parties, for financial gain as an example, if there is no tracing mechanism for tracking them down. In this work we study the traceability notion in the setting of Key-Policy ABE, and formalize Key-Policy ABE supporting fully collusion-resistant blackbox traceability. An adversary is allowed to access an arbitrary number of keys of its own choice when building a decryption-device, and given such a decryption-device while the underlying decryption algorithm or key may not be given, a blackbox tracing algorithm can find out at least one of the malicious users whose keys have been used for building the decryption-device. We propose a construction, which supports both fully collusion-resistant blackbox traceability and high expressivity (i.e. supporting any monotonic access structures). The construction is fully secure in the standard model (i.e. it achieves the best security level that the conventional non-traceable ABE systems do to date), and is efficient that the fully collusion-resistant blackbox traceability is attained at the price of making ciphertexts grow only sub-linearly in the number of users in the system, which is the most efficient level to date.

Zhen Liu,Duncan S. Wong

DOI: https://doi.org/10.1007/978-3-319-28166-7_7

2015-01-01

Abstract:In Ciphertext-Policy Attribute-Based Encryption (CP-ABE), a user’s decryption key is associated with attributes which in general are not related to the user’s identity, and the same set of attributes could be shared between multiple users. From the decryption key, if the user created a decryption blackbox for sale, this malicious user could be difficult to identify from the blackbox. Hence in practice, a useful CP-ABE scheme should have some tracing mechanism to identify this ‘traitor’ from the blackbox. In addition, being able to revoke compromised keys is also an important step towards practicality, and for scalability, the scheme should support an exponentially large number of attributes. However, none of the existing traceable CP-ABE schemes simultaneously supports revocation and large attribute universe. In this paper, we construct the first practical CP-ABE which possesses these three important properties: (1) blackbox traceability, (2) revocation, and (3) supporting large universe. This new scheme achieves the fully collusion-resistant blackbox traceability, and when compared with the latest fully collusion-resistant blackbox traceable CP-ABE schemes, this new scheme achieves the same efficiency level, enjoying the sub-linear overhead of (O(sqrt{N})), where N is the number of users in the system, and attains the same security level, namely, the fully collusion-resistant traceability against policy-specific decryption blackbox, which is proven in the standard model with selective adversaries. The scheme supports large attribute universe, and attributes do not need to be pre-specified during the system setup. In addition, the scheme supports revocation while keeping the appealing capability of conventional CP-ABE, i.e. it is highly expressive and can take any monotonic access structures as ciphertext policies.

Zhen Liu,Qiong Huang,Duncan S. Wong

DOI: https://doi.org/10.1093/comjnl/bxaa082

2020-01-01

The Computer Journal

Abstract:Attribute-based encryption (ABE) is a versatile one-to-many encryption primitive, which enables fine-grained access control over encrypted data. Due to its promising applications in practice, ABE schemes with high efficiency, security and expressivity have been continuously emerging. On the other hand, due to the nature of ABE, a malicious user may abuse its decryption privilege. Therefore, being able to identify such a malicious user is crucial towards the practicality of ABE. Although some specific ABE schemes in the literature enjoys the tracing function, they are only proceeded case by case. Most of the ABE schemes do not support traceability. It is thus meaningful and important to have a generic way of equipping any ABE scheme with traceability. In this work, we partially solve the aforementioned problem. Namely, we propose a way of transforming (non-traceable) ABE schemes satisfying certain requirements to fully collusion-resistant black-box traceable ABE schemes, which adds only $O(\sqrt{\mathcal{K}})$ elements to the ciphertext where ${\mathcal{K}}$ is the number of users in the system. And to demonstrate the practicability of our transformation, we show how to convert a couple of existing non-traceable ABE schemes to support traceability.

Yinghui Zhang,Xiaofeng Chen,Jin Li,Duncan S. Wong,Hui Li

DOI: https://doi.org/10.1145/2484313.2484381

2013-01-01

Abstract:ABSTRACTAttribute-based encryption (ABE) has been widely studied recently to support fine-grained access control of shared data. Anonymous ABE, which is a relevant notion to ABE, further hides the receivers' attribute information in ciphertexts because many attributes are sensitive and related to the identity of eligible users. However, in existing anonymous ABE work, a user knows whether the attributes and the policy match or not only after repeating decryption attempts. And, the computation overhead of each decryption is high as the computational cost grows with the complexity of the access formula, which usually requires many pairings in most of the existing ABE schemes. As a result, this direct decryption method in anonymous ABE will suffer a severe efficiency drawback. Aiming at tackling the challenge above, we propose a novel technique called match-then-decrypt, in which a matching phase is additionally introduced before the decryption phase. This technique works by computing special components in ciphertexts, which are used to perform the test that if the attribute private key matches the hidden attributes policy in ciphertexts without decryption. In our proposed construction, the computation cost of such a test is much less than one decryption operation. The proposed construction is proven to be secure. In addition, the results in simulation experiments indicate that the proposed solution is efficient and practical, which greatly improves the efficiency of decryption in anonymous ABE.