The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.11 - Nov. (2012 vol.23)
pp: 2150-2162
Jinguang Han , University of Wollongong, Wollongong and Hohai University, Nanjing
Willy Susilo , University of Wollongong, Wollongong
Yi Mu , University of Wollongong, Wollongong
Jun Yan , University of Wollongong, Wollongong
ABSTRACT
Decentralized attribute-based encryption (ABE) is a variant of a multiauthority ABE scheme where each authority can issue secret keys to the user independently without any cooperation and a central authority. This is in contrast to the previous constructions, where multiple authorities must be online and setup the system interactively, which is impractical. Hence, it is clear that a decentralized ABE scheme eliminates the heavy communication cost and the need for collaborative computation in the setup stage. Furthermore, every authority can join or leave the system freely without the necessity of reinitializing the system. In contemporary multiauthority ABE schemes, a user's secret keys from different authorities must be tied to his global identifier (GID) to resist the collusion attack. However, this will compromise the user's privacy. Multiple authorities can collaborate to trace the user by his GID, collect his attributes, then impersonate him. Therefore, constructing a decentralized ABE scheme with privacy-preserving remains a challenging research problem. In this paper, we propose a privacy-preserving decentralized key-policy ABE scheme where each authority can issue secret keys to a user independently without knowing anything about his GID. Therefore, even if multiple authorities are corrupted, they cannot collect the user's attributes by tracing his GID. Notably, our scheme only requires standard complexity assumptions (e.g., decisional bilinear Diffie-Hellman) and does not require any cooperation between the multiple authorities, in contrast to the previous comparable scheme that requires nonstandard complexity assumptions (e.g., q-decisional Diffie-Hellman inversion) and interactions among multiple authorities. To the best of our knowledge, it is the first decentralized ABE scheme with privacy-preserving based on standard complexity assumptions.
INDEX TERMS
Encryption, Protocols, Access control, Polynomials, Educational institutions, privacy, Attribute-based encryption, multiauthority, privacy-preserving extract protocol, access control
CITATION
Jinguang Han, Willy Susilo, Yi Mu, Jun Yan, "Privacy-Preserving Decentralized Key-Policy Attribute-Based Encryption", IEEE Transactions on Parallel & Distributed Systems, vol.23, no. 11, pp. 2150-2162, Nov. 2012, doi:10.1109/TPDS.2012.50
REFERENCES
[1] B.C. Neuman and T. Ts'o, "Kerberos: An Authentication Sewice for Computer Networks," IEEE Comm. Magazine, vol. 32, no. 9, pp. 33-38, Sept. 1994.
[2] N.P. Smart, "Access Control Using Pairing Based Cryptography," CT-RSA '03: Proc. RSA Conf. The Cryptographers' Track, pp. 111-121, 2003.
[3] J. Bethencourt, A. Sahai, and B. Waters, "Ciphertext-Policy Attribute-Based Encryption," Proc. IEEE Symp. Security and Privacy (S&P '07), pp. 321-34, May 2007.
[4] A. Sahai and B. Waters, "Fuzzy Identity-Based Encryption," EUROCRYPT '05: Proc. Advances in Cryptology, R. Cramer, ed., pp. 457-473, May 2005.
[5] M. Chase, "Multi-Authority Attribute Based Encryption," Proc. Theory of Cryptography Conf. (TCC '07), S.P. Vadhan, ed., pp. 515-534, Feb. 2007.
[6] S. Müller, S. Katzenbeisser, and C. Eckert, "Distributed Attribute-Based Encryption," Proc. 11th Int'l Conf. Information Security and Cryptology (ICISC '08), P.J. Lee and J.H. Cheon, eds., pp. 20-36, Dec. 2008.
[7] H. Lin, Z. Cao, X. Liang, and J. Shao, "Secure Threshold Multi-Authority Attribute Based Encryption without a Central Authority," INDOCRYPT '08: Proc. Int'l Conf. Cryptology in India, D.R. Chowdhury, V. Rijmen, and A. Das, eds., pp. 426-436, Dec. 2008.
[8] A. Lewko and B. Waters, "Decentralizing Attribute - Based Encryption," EUROCRYPT '11: Proc. 30th Ann. Int'l Conf. Theory and Applications of Cryptographic Techniques: Advances in Cryptology, K.G. Paterson, ed., pp. 568-588, May 2011.
[9] J. Li, Q. Huang, X. Chen, S.S.M. Chow, D.S. Wong, and D. Xie, "Multi-Authority Ciphertext-Policy Attribute-Based Encryption with Accountability," Proc. ACM Symp. Information, Computer and Comm. Security (ASIACCS '11), pp. 386-390, 2011.
[10] D. Boneh and M.K. Franklin, "Identity-Based Encryption from the Weil Pairing," CRYPTO '01: Proc. Advances in Cryptology, J. Kilian, ed., pp. 213-229, Aug. 2001.
[11] A. Shamir, "Identity-Based Cryptosystems and Signature Schemes," CRYPTO '84: Proc. Advances in Cryptology, G.R. Blakley and D. Chaum, eds., pp. 47-53, Aug. 1985.
[12] C. Gentry, "Practical Identity-Based Encryption without Random Oracles," EUROCRYPT '06: Proc. Advances in Cryptology, S. Vaudenay, ed., pp. 445-464, May/June 2006.
[13] B. Waters, "Efficient Identity-Based Encryption without Random Oracles," EUROCRYPT '05: Proc. Advances in Cryptology, R. Cramer, ed., pp. 114-127, May 2005.
[14] D. Boneh and X. Boyen, "Efficient Selective-Id Secure Identity-Based Encryption without Random Oracles," EUROCRYP '04: Proc. Advances in Cryptology, C. Cachin and J. Camenisch, eds., pp. 223-238, May 2004.
[15] M. Chase and S.S. Chow, "Improving Privacy and Security in Multi-Authority Attribute-Based Encryption," Proc. ACM Conf. Computer and Comm. Security (CCS '09), E. Al-Shaer, S. Jha, and A.D. Keromytis, eds., pp. 121-130, Nov. 2009.
[16] V. Goyal, O. Pandey, A. Sahai, and B. Waters, "Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data," Proc. ACM Conf. Computer and Comm. Security (CCS '06), A. Juels, R.N. Wright, and S.D.C. di Vimercati, eds., pp. 89-98, Oct./Nov. 2006.
[17] R. Ostrovsky, A. Sahai, and B. Waters, "Attribute- Based Encryption with Non-Monotonic Access Structures," Proc. ACM Conf. Computer and Comm. Security (CCS '07), P. Ning, S.D.C. di Vimercati, and P.F. Syverson, eds., pp. 195-203, Oct. 2007.
[18] L. Cheung and C. Newport, "Provably Secure Ciphertext Policy Abe," Proc. ACM Conf. Computer and Comm. Security (CCS '07), P. Ning, S.D.C. di Vimercati, and P.F. Syverson, eds., pp. 456-465, Oct. 2007.
[19] J. Herranz, F. Laguillaumie, and C. Ráfols, "Constant Size Ciphertexts in Threshold Attribute-Based Encryption," Proc. Public Key Cryptography (PKC '10), P.Q. Nguyen and D. Pointcheval, eds., pp. 19-34, May 2010.
[20] A. Lewko, T. Okamoto, A. Sahai, K. Takashima, and B. Waters, "Fully Secure Functional Encryption: Attribute- Based Encryption and (Hierarchical) Inner Product Encryption," EUROCRYPT '10: Proc. Advances in Cryptology, H. Gilbert, ed., pp. 62-91, May/June 2010.
[21] B. Waters, "Ciphertext-Policy Attribute-Based Encryption: An Expressive, Efficient, and Provably Secure Realization," Proc. 14th Int'l Conf. Practice and Theory in Public Key Cryptography Conf. Public Key Cryptography (PKC '11), D. Catalano, N. Fazio, R. Gennaro, and A. Nicolosi, eds., pp. 53-70, Mar. 6-9 2011.
[22] A. Beimel, "Secure Schemes for Secret Sharing and Key Distribution," Phd thesis, Israel Inst. of Technology, Technion, Haifa, Israel, June 1996.
[23] N. Attrapadung and H. Imai, "Dual-Policy Attribute Based Encryption," Proc. Seventh Int'l Conf. Applied Cryptography and Network Security (ACNS '09), M. Abdalla, D. Pointcheval, P.-A. Fouque, and D. Vergnaud, eds., pp. 168-185, June 2009.
[24] A. Rial and B. Preneel, "Blind Attribute-Based Encryption and Oblivious Transfer with Fine-Grained Access Control," Proc. 2010th Benelux Workshop Information and System Security (WISSec '10), pp. 1-20, 2010.
[25] S. Yu, K. Ren, and W. Lou, "FDAC: Toward Fine-Grained Data Access Control in Wireless Sensor Networks," IEEE Trans. Parallel and Distributed Systems, vol. 22, no. 4, pp. 673-686, Apr. 2011.
[26] J. Hur and D.K. Noh, "Attribute-Based Access Control with Efficient Revocation in Data Outsourcing Systems," IEEE Trans. Parallel and Distributed Systems, vol. 22, no. 7, pp. 1214-1221, July 2011.
[27] S. Yu, C. Wang, K. Ren, and W. Lou, "Achieving Secure, Scalable, and Fine-Grained Data Access Control in Cloud Computing," Proc. IEEE INFOCOM '10, pp. 534-542, Mar. 2010.
[28] R. Gennaro, S.law Jarecki, H. Krawczyk, and T. Rabin, "Secure Distributed Key Generation for Discrete-Log Based Cryptosystems," EUROCRYPT '99: Proc. 17th Int'l Conf. Theory and Application of Cryptographic Techniques, J. Stern, ed., pp. 295-310, May 1999.
[29] R. Gennaro, S. Jarecki, H. Krawczyk, and T. Rabin, "Robust Threshold DSS Signatures," Information and Computation, vol. 164, no. 1, pp. 54-84, 2001.
[30] M. Naor, B. Pinkas, and O. Reingold, "Distributed Pseudo -Random Functions and KDCs," EUROCRYPT '99: Proc. Advances in Cryptology, J. Stern, ed., pp. 327-346, May 1999.
[31] S. Müller, S. Katzenbeisser, and C. Eckert, "On Multi-Authority Ciphertext-Policy Attribute-Based Encryption," Bull. of the Korean Math. Soc., vol. 46, no. 4, pp. 803-819, 2009.
[32] Z. Liu, Z. Cao, Q. Huang, D.S. Wong, and T.H. Yuen, "Fully Secure Multi-Authority Ciphertext-Policy Attribute-Based Encryption without Random Oracles," Proc. 16th European Symp. Research in Computer Security (ESORICS '11), V. Atluri and C. Diaz, eds., pp. 278-297, Sept. 2011.
[33] T.P. Pedersen, "Non-Interactive and Information- Theoretic Secure Verifiable Secret Sharing," CRYPTO '91: Proc. 11th Ann. Int'l Cryptology Conf. Advances in Cryptology, J. Feigenbaum, ed., pp. 129-140, Aug. 1991.
[34] J. Camenisch and M. Stadler, "Efficient Group Signature Schemes for Large Groups," CRYPTO '97: Proc. 17th Ann. Int'l Cryptology Conf. Advances in Cryptology, B.S. Kaliski, Jr., ed., pp. 410-424, Aug. 1997.
[35] J. Camenisch, M. Kohlweiss, A. Rial, and C. Sheedy, "Blind and Anonymous Identity-Based Encryption and Authorised Private Searches on Public Key Encrypted Data," Proc. 12th Int'l Conf. Practice nad Theory in Public Key Cryptography (PKC '09), S. Jarecki and G. Tsudik, eds., pp. 196-214, Mar. 2009.
[36] M. Green and S. Hohenberger, "Blind Identity-Based Encryption and Simulatable Oblivious Transfer," ASIACRYPT '07: Proc. 13th Int'l Conf. Theory and Application of Cryptology and Information Security: Advances in Cryptology, K. Kurosawa, ed., pp. 265-282, Dec. 2007.
[37] D. Chaum, "Security without Identification: Transaction Systems to Make Big Brother Obsolete," Comm. ACM, vol. 28, no. 10, pp. 1030-1044, 1985.
[38] J. Camenisch and A. Lysyanskaya, "An Efficient System for Non-Transferable Anonymous Credentials with Optional Anonymity Revocation," EUROCRYPT '01: Proc. Int'l Conf. the Theory and Application of Cryptographic Techniques: Advances in Cryptology, B. Pfitzmann, ed., pp. 93-118, May 2001.
[39] A. Lysyanskaya, R.L. Rivest, A. Sahai, and S. Wolf, "Pseudonym Systems," Proc. Sixth Ann. Int'l Workshop Selected Areas in Cryptography (SAC '99), H.M. Heys and C. M. Adams, eds., pp. 184-199, Aug. 1999.
7 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool