Ciphertext-policy attribute-based encryption with key-delegation abuse resistance

Yinhao Jiang, Willy Susilo, Yi Mu, Fuchun Guo

Research output: Book chapter/Published conference paperConference paperpeer-review

8 Citations (Scopus)

Abstract

Attribute-based encryption (ABE) is a promising cryptographic primitive that allows one-to-many encryption. In such a system, users’ private keys are linked to their access rights. We note that if a user can generate a new private key for a portion of his/her access right, this could potentially lead to some undesirable situations, which violate the access control policy. Interestingly, to date, there is no work that looks into this matter in detail nor addresses it. We point out that this is a “property” that exists in ABE systems, which we refer to “key-delegation abuse”. ABE systems that suffer from key-delegation abuse will hinder the adoption of these systems in practice. In this work, for the first time in the literature, we address the “key-delegation abuse” problem in Ciphertext-policy Attribute-based Encryption (CP-ABE) systems. We introduce a new mechanism to enhance CP-ABE schemes that provide protections against this key-delegation abuse issue. We formalize the security requirements for such a property, and subsequently construct a CP-ABE scheme that satisfies the new security requirements. We also present an application of our scheme to a traceable CP-ABE, where the “traitors”, i.e. the users who have leaked their keys, can be traced.
Original languageEnglish
Title of host publicationAustralasian Conference on Information Security and Privacy ACISP 2016
Subtitle of host publicationLecture Notes in Computer Science
PublisherSpringer
Pages477-494
Number of pages17
Volume9722
ISBN (Electronic)9783319402536
ISBN (Print)9783319402529
DOIs
Publication statusPublished - 30 Jul 2016
Event21st Australasian Conference on Information Security and Privacy: ASCIP 2016 - Deakin University Melbourne City Centre, Melbourne , Australia
Duration: 04 Jul 201606 Jul 2016
http://nsclab.org/acisp2016/ (Conference website)
https://link.springer.com/content/pdf/bfm%3A978-3-319-40253-6%2F1.pdf (Front matter)

Conference

Conference21st Australasian Conference on Information Security and Privacy
Country/TerritoryAustralia
CityMelbourne
Period04/07/1606/07/16
OtherThe 21st Australasian Conference on Information Security and Privacy (ACISP) will be held in Melbourne on 4-6 July 2016, organised by Deakin University and Monash University. ACISP was established in 1996 in Wollongong. Now in its 21st year, the conference is a key forum for international researchers and industry experts to discuss the latest trends, breakthroughs and challenges in information security and privacy.
Internet address

Fingerprint

Dive into the research topics of 'Ciphertext-policy attribute-based encryption with key-delegation abuse resistance'. Together they form a unique fingerprint.

Cite this