Ciphertext-policy attribute-based encryption with key-delegation abuse resistance

Yinhao Jiang; Willy Susilo; Yi Mu; Fuchun Guo

doi:10.1007/978-3-319-40253-6_29

Ciphertext-policy attribute-based encryption with key-delegation abuse resistance

Yinhao Jiang, Willy Susilo, Yi Mu, Fuchun Guo

Research output: Book chapter/Published conference paper › Conference paper › peer-review

8 Citations (Scopus)

Abstract

Attribute-based encryption (ABE) is a promising cryptographic primitive that allows one-to-many encryption. In such a system, users’ private keys are linked to their access rights. We note that if a user can generate a new private key for a portion of his/her access right, this could potentially lead to some undesirable situations, which violate the access control policy. Interestingly, to date, there is no work that looks into this matter in detail nor addresses it. We point out that this is a “property” that exists in ABE systems, which we refer to “key-delegation abuse”. ABE systems that suffer from key-delegation abuse will hinder the adoption of these systems in practice. In this work, for the first time in the literature, we address the “key-delegation abuse” problem in Ciphertext-policy Attribute-based Encryption (CP-ABE) systems. We introduce a new mechanism to enhance CP-ABE schemes that provide protections against this key-delegation abuse issue. We formalize the security requirements for such a property, and subsequently construct a CP-ABE scheme that satisfies the new security requirements. We also present an application of our scheme to a traceable CP-ABE, where the “traitors”, i.e. the users who have leaked their keys, can be traced.

Original language	English
Title of host publication	Australasian Conference on Information Security and Privacy ACISP 2016
Subtitle of host publication	Lecture Notes in Computer Science
Publisher	Springer
Pages	477-494
Number of pages	17
Volume	9722
ISBN (Electronic)	9783319402536
ISBN (Print)	9783319402529
DOIs	https://doi.org/10.1007/978-3-319-40253-6_29
Publication status	Published - 30 Jul 2016
Event	21st Australasian Conference on Information Security and Privacy: ASCIP 2016 - Deakin University Melbourne City Centre, Melbourne , Australia Duration: 04 Jul 2016 → 06 Jul 2016 http://nsclab.org/acisp2016/ (Conference website) https://link.springer.com/content/pdf/bfm%3A978-3-319-40253-6%2F1.pdf (Front matter)

Conference

Conference	21st Australasian Conference on Information Security and Privacy
Country/Territory	Australia
City	Melbourne
Period	04/07/16 → 06/07/16
Other	The 21st Australasian Conference on Information Security and Privacy (ACISP) will be held in Melbourne on 4-6 July 2016, organised by Deakin University and Monash University. ACISP was established in 1996 in Wollongong. Now in its 21st year, the conference is a key forum for international researchers and industry experts to discuss the latest trends, breakthroughs and challenges in information security and privacy.
Internet address	http://nsclab.org/acisp2016/ (Conference website) https://link.springer.com/content/pdf/bfm%3A978-3-319-40253-6%2F1.pdf (Front matter)

Access to Document

10.1007/978-3-319-40253-6_29

Cite this

@inproceedings{08c467e3187744049f32a10f72e0321d,

title = "Ciphertext-policy attribute-based encryption with key-delegation abuse resistance",

abstract = "Attribute-based encryption (ABE) is a promising cryptographic primitive that allows one-to-many encryption. In such a system, users{\textquoteright} private keys are linked to their access rights. We note that if a user can generate a new private key for a portion of his/her access right, this could potentially lead to some undesirable situations, which violate the access control policy. Interestingly, to date, there is no work that looks into this matter in detail nor addresses it. We point out that this is a “property” that exists in ABE systems, which we refer to “key-delegation abuse”. ABE systems that suffer from key-delegation abuse will hinder the adoption of these systems in practice. In this work, for the first time in the literature, we address the “key-delegation abuse” problem in Ciphertext-policy Attribute-based Encryption (CP-ABE) systems. We introduce a new mechanism to enhance CP-ABE schemes that provide protections against this key-delegation abuse issue. We formalize the security requirements for such a property, and subsequently construct a CP-ABE scheme that satisfies the new security requirements. We also present an application of our scheme to a traceable CP-ABE, where the “traitors”, i.e. the users who have leaked their keys, can be traced.",

author = "Yinhao Jiang and Willy Susilo and Yi Mu and Fuchun Guo",

year = "2016",

month = jul,

day = "30",

doi = "10.1007/978-3-319-40253-6_29",

language = "English",

isbn = "9783319402529",

volume = "9722",

pages = "477--494",

booktitle = "Australasian Conference on Information Security and Privacy ACISP 2016",

publisher = "Springer",

address = "United States",

note = "21st Australasian Conference on Information Security and Privacy : ASCIP 2016 ; Conference date: 04-07-2016 Through 06-07-2016",

url = "http://nsclab.org/acisp2016/, https://link.springer.com/content/pdf/bfm%3A978-3-319-40253-6%2F1.pdf",

}

Jiang, Y, Susilo, W, Mu, Y & Guo, F 2016, Ciphertext-policy attribute-based encryption with key-delegation abuse resistance. in Australasian Conference on Information Security and Privacy ACISP 2016: Lecture Notes in Computer Science. vol. 9722, Springer, pp. 477-494, 21st Australasian Conference on Information Security and Privacy, Melbourne , Victoria, Australia, 04/07/16. https://doi.org/10.1007/978-3-319-40253-6_29

Ciphertext-policy attribute-based encryption with key-delegation abuse resistance. / Jiang, Yinhao; Susilo, Willy; Mu, Yi; Guo, Fuchun.

Australasian Conference on Information Security and Privacy ACISP 2016: Lecture Notes in Computer Science. Vol. 9722 Springer, 2016. p. 477-494.

Research output: Book chapter/Published conference paper › Conference paper › peer-review

TY - GEN

T1 - Ciphertext-policy attribute-based encryption with key-delegation abuse resistance

AU - Jiang, Yinhao

AU - Susilo, Willy

AU - Mu, Yi

AU - Guo, Fuchun

PY - 2016/7/30

Y1 - 2016/7/30

N2 - Attribute-based encryption (ABE) is a promising cryptographic primitive that allows one-to-many encryption. In such a system, users’ private keys are linked to their access rights. We note that if a user can generate a new private key for a portion of his/her access right, this could potentially lead to some undesirable situations, which violate the access control policy. Interestingly, to date, there is no work that looks into this matter in detail nor addresses it. We point out that this is a “property” that exists in ABE systems, which we refer to “key-delegation abuse”. ABE systems that suffer from key-delegation abuse will hinder the adoption of these systems in practice. In this work, for the first time in the literature, we address the “key-delegation abuse” problem in Ciphertext-policy Attribute-based Encryption (CP-ABE) systems. We introduce a new mechanism to enhance CP-ABE schemes that provide protections against this key-delegation abuse issue. We formalize the security requirements for such a property, and subsequently construct a CP-ABE scheme that satisfies the new security requirements. We also present an application of our scheme to a traceable CP-ABE, where the “traitors”, i.e. the users who have leaked their keys, can be traced.

AB - Attribute-based encryption (ABE) is a promising cryptographic primitive that allows one-to-many encryption. In such a system, users’ private keys are linked to their access rights. We note that if a user can generate a new private key for a portion of his/her access right, this could potentially lead to some undesirable situations, which violate the access control policy. Interestingly, to date, there is no work that looks into this matter in detail nor addresses it. We point out that this is a “property” that exists in ABE systems, which we refer to “key-delegation abuse”. ABE systems that suffer from key-delegation abuse will hinder the adoption of these systems in practice. In this work, for the first time in the literature, we address the “key-delegation abuse” problem in Ciphertext-policy Attribute-based Encryption (CP-ABE) systems. We introduce a new mechanism to enhance CP-ABE schemes that provide protections against this key-delegation abuse issue. We formalize the security requirements for such a property, and subsequently construct a CP-ABE scheme that satisfies the new security requirements. We also present an application of our scheme to a traceable CP-ABE, where the “traitors”, i.e. the users who have leaked their keys, can be traced.

U2 - 10.1007/978-3-319-40253-6_29

DO - 10.1007/978-3-319-40253-6_29

M3 - Conference paper

SN - 9783319402529

VL - 9722

SP - 477

EP - 494

BT - Australasian Conference on Information Security and Privacy ACISP 2016

PB - Springer

T2 - 21st Australasian Conference on Information Security and Privacy

Y2 - 4 July 2016 through 6 July 2016

ER -

Ciphertext-policy attribute-based encryption with key-delegation abuse resistance

Abstract

Conference

Access to Document

Fingerprint

Cite this