请输入您要查询的百科知识:

 

词条 Attribute-based encryption
释义

  1. History

  2. Types of attribute-based encryption schemes

  3. Usage

     Challenges  Attribute revocation mechanism 

  4. Other concepts called 'attribute-based encryption'

  5. See also

  6. References

Attribute-based encryption is a type of public-key encryption in which the secret key of a user and the ciphertext are dependent upon attributes (e.g. the country in which he lives, or the kind of subscription he has). In such a system, the decryption of a ciphertext is possible only if the set of attributes of the user key matches the attributes of the ciphertext.[1]

A crucial security aspect of attribute-based encryption is collusion-resistance: An adversary that holds multiple keys should only be able to access data if at least one individual key grants access.

History

The concept of attribute-based encryption was first proposed by Amit Sahai and Brent Waters [2] and later by Vipul Goyal, Omkant Pandey, Amit Sahai and Brent Waters.[3] Recently, several researchers have further proposed Attribute-based encryption with multiple authorities who jointly generate users' private keys.[4][5][6][7][8][9]

Types of attribute-based encryption schemes

There are mainly two types of attribute-based encryption schemes: Key-policy attribute-based encryption (KP-ABE)[3] and ciphertext-policy attribute-based encryption (CP-ABE).[10]

In KP-ABE, users' secret keys are generated based on an access tree that defines the privileges scope of the concerned user, and data are encrypted over a set of attributes. However, CP-ABE uses access trees to encrypt data and users' secret keys are generated over a set of attributes.

Usage

Attribute-based encryption (ABE) can be used for log encryption.[11] Instead of encrypting each part of a log with the keys of all recipients, it is possible to encrypt the log only with attributes which match recipients' attributes. This primitive can also be used for broadcast encryption in order to decrease the number of keys used.[12]

Challenges

Although ABE concept is very powerful and a promising mechanism, ABE systems suffer mainly from two drawbacks: non-efficiency and non-existence of attribute revocation mechanism.

Other main challenges are:

  • Key coordination
  • Key escrow
  • Key revocation

Attribute revocation mechanism

Revocation of users in cryptosystems is a well-studied but nontrivial problem. Revocation is even more challenging in attribute-based systems, given that each attribute possibly belongs to multiple different users, whereas in traditional PKI systems public/private key pairs are uniquely associated with a single user. In principle, in an ABE system, attributes, not users or keys, are revoked. The following paragraph now discusses how the revocation feature can be incorporated.

A simple but constrained solution is to include a time attribute. This solution would require each message to be encrypted with a modified access tree T0, which is constructed by augmenting the original access tree T with an additional time attribute. The time attribute, ζ represents the current ‘time period’. Formally, the new access structure T0 is as follows: T0 = (T AND ζ). For example, ζ can be the ‘date’ attribute whose value changes once every day. It is assumed that each non-revoked user receives his fresh private keys corresponding to the ‘date’ attribute once each day directly from the mobile key server MKS (which is the central authority) or via the regional delegates. With a hierarchical access structure, the key delegation property of CP-ABE can be exploited to reduce the dependency on the central authority for issuing the new private keys to all users every time interval. There are significant trade-offs between the extra load incurred by the authority for generating and communicating the new keys to the users and the amount of time that can elapse before a revoked user can be effectively purged. This above solution has the following problems:

  1. Each user X needs to periodically receive from the central authority the fresh private key corresponding to the time attribute, otherwise X will not be able to decrypt any message.
  2. It is a lazy revocation technique the revoked user is not purged from the system until the current time period expires.
  3. This scheme requires an implicit time synchronization (a loose time synchronization may be sufficient) among the authority and the users.

Other concepts called 'attribute-based encryption'

A manuscript of Ari Juels and Michael Szydlo[13] dated 2004 proposed a different, non-collusion-resistant notion of attribute-based encryption.

See also

  • ID-based encryption

References

1. ^What is Attribute-Based Encryption, Cryptography Stack Exchange Crypto SE (2014)
2. ^Amit Sahai and Brent Waters, Fuzzy Identity-Based Encryption Cryptology ePrint Archive, Report 2004/086 (2004)
3. ^Vipul Goyal, Omkant Pandey, Amit Sahai and Brent Waters, Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data [https://gnunet.org/sites/default/files/CCS%2706%20-%20Attributed-based%20encryption%20for%20fine-grained%20access%20control%20of%20encrypted%20data.pdf ACM CCS (2006)]
4. ^Melissa Chase, Multi-authority Attribute-Based Encryption [https://link.springer.com/chapter/10.1007%2F978-3-540-70936-7_28 TCC (2007)]
5. ^Melissa Chase and Sherman S.M. Chow, Improving privacy and security in multi-authority attribute-based encryption ACM CCS (2009)
6. ^Taeho Jung, Xiang-Yang Li, Zhiguo Wan, and Meng Wan, Privacy preserving cloud data access with multi-authorities IEEE INFOCOM (2013)
7. ^Taeho Jung, Xiang-Yang Li, Zhiguo Wan, and Meng Wan, Control Cloud Data Access Privilege and Anonymity With Fully Anonymous Attribute-Based Encryption Transactions on Information Forensics and Security (2015)
8. ^Allisso Lewko and Brent Waters, Decentralizing Attribute-Based Encryption [https://link.springer.com/chapter/10.1007%2F978-3-642-20465-4_31 EUROCRYPT (2011)]
9. ^Sascha Muller, Stefan Katzenbeisser, and Claudia Eckert, On multi-authority ciphertext-policy attribute-based encryption Bull. Korean Math. Soc. 46 (2009)
10. ^{{Cite book|last=Bethencourt|first=J.|last2=Sahai|first2=A.|last3=Waters|first3=B.|date=2007-05-01|title=Ciphertext-Policy Attribute-Based Encryption|url=http://ieeexplore.ieee.org/lpdocs/epic03/wrapper.htm?arnumber=4223236|journal=2007 IEEE Symposium on Security and Privacy (SP '07)|pages=321–334|doi=10.1109/SP.2007.11|isbn=978-0-7695-2848-9|citeseerx=10.1.1.69.3744}}
11. ^Vipul Goyal, Omkant Pandey, Amit Sahai and Brent Waters, Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data Cryptology ePrint Archive, Report 2006/309 (2006)
12. ^David Lubicz and Thomas Sirvent, Attribute-Based Broadcast Encryption Scheme Made Efficient First International Conference on Cryptology in Africa (2008)
13. ^Ari Jules and Michael Szydlo, Attribute-Based Encryption: Using Identity-Based Encryption for Access Control Manuscript (2004) {{webarchive |url=https://web.archive.org/web/20140221101727/http://www.emc.com/emc-plus/rsa-labs/staff/bios/ajuels/publications/pdfs/abe5.pdf |date=February 21, 2014 }}

1 : Public-key cryptography

随便看

 

开放百科全书收录14589846条英语、德语、日语等多语种百科知识,基本涵盖了大多数领域的百科知识,是一部内容自由、开放的电子版国际百科全书。

 

Copyright © 2023 OENC.NET All Rights Reserved
京ICP备2021023879号 更新时间:2024/11/15 0:58:59