Ciphertext-policy attribute-based encryption against key-delegation abuse in fog computing

Yinhao Jiang, Willy Susilo, Yi Mu, Fuchun Guo

Research output: Contribution to journalArticlepeer-review

100 Citations (Scopus)


In Fog Computing, fragile connection between Fog and Cloud causes problems of the authentication and authorization. Recently, Stojmenovic, Wen, Huang and Luan introduced a potential solution by adopting the concept of Stand-Alone Authentication (SAA) and equipped it with Attribute-based encryption (ABE)for its security in a large and dynamic information system. In such a system, a user’s access right can be described as a set of attributes linking to his/her private key. In this paper, we note that if a user can generate a new private key for a portion of his/her access right, this could potentially lead to some undesirable situations, which violates the access control policy. Interestingly, to date, there is no work that looks into this matter in detail nor addresses it. We point out that this is a ‘‘property’’ that exists in ABE systems, which we refer to ‘‘key-delegation abuse’’. ABE systems that suffer from key-delegation abuse will hinder the adoption of these systems in practice. In this work, for the first time in the literature,we address the ‘‘key-delegation abuse’’ problem in Ciphertext-policy Attribute-based Encryption (CP-ABE) systems. We introduce a new mechanism to enhance CP-ABE schemes that provide protections against this key-delegation abuse issue. We formalize the security requirements for such a property, and subsequently construct a CP-ABE scheme that satisfies the new security requirements. We also present an application of our scheme to a traceable CP-ABE, where the ‘‘traitors’’, i.e. the users who have leaked their keys, can be traced.
Original languageEnglish
Pages (from-to)720-729
Number of pages10
JournalFuture Generation Computer Systems
Early online date31 Jan 2017
Publication statusPublished - Jan 2018


Dive into the research topics of 'Ciphertext-policy attribute-based encryption against key-delegation abuse in fog computing'. Together they form a unique fingerprint.

Cite this