Article

Attribute-based encryption for fine-grained access control of encrypted data

Authors:

Brent WatersAuthors Info & Claims

CCS '06: Proceedings of the 13th ACM conference on Computer and communications security

Pages 89 - 98

https://doi.org/10.1145/1180405.1180418

Published: 30 October 2006 Publication History

Abstract

As more sensitive data is shared and stored by third-party sites on the Internet, there will be a need to encrypt data stored at these sites. One drawback of encrypting data, is that it can be selectively shared only at a coarse-grained level (i.e., giving another party your private key). We develop a new cryptosystem for fine-grained sharing of encrypted data that we call Key-Policy Attribute-Based Encryption (KP-ABE). In our cryptosystem, ciphertexts are labeled with sets of attributes and private keys are associated with access structures that control which ciphertexts a user is able to decrypt. We demonstrate the applicability of our construction to sharing of audit-log information and broadcast encryption. Our construction supports delegation of private keys which subsumesHierarchical Identity-Based Encryption (HIBE).

References

[1]

Michel Abdalla, Dario Catalano, Alexander W. Dent,John Malone-Lee,Gregory Neven, and Nigel P. Smart. Identity-based encryption gone wild. In Michele Bugliesi,Bart Preneel,Vladimiro Sassone,and Ingo Wegener, editors, ICALP (2)volume 4052 of Lecture Notes in Computer Science pages 300--311. Springer, 2006.]]

Digital Library

[2]

S. G. Akl and P. D. Taylor. Cryptographic Solution to a Multi Level Security Problem.In Advances in Cryptology -- CRYPTO 1982.]]

[3]

A. Beimel. Secure Schemes for Secret Sharing and Key Distribution PhD thesis, Israel Institute of Technology, Technion, Haifa, Israel, 1996.]]

[4]

M. Bellare and P. Rogaway. Random oracles are practical: A paradigm for designing efficient protocols.In ACM conference on Computer and Communications Security (ACM CCS) pages 62--73, 1993.]]

Digital Library

[5]

J. Benaloh and Leichter J. Generalized Secret Sharing and Monotone Functions.In Advances in Cryptology -- CRYPTO volume 403 of LNCS pages 27--36. Springer, 1988.]]

Digital Library

[6]

G. R. Blakley. Safeguarding cryptographic keys.In National Computer Conference pages 313--317. American Federation of Information Processing Societies Proceedings, 1979.]]

[7]

D. Boneh and X. Boyen. Efficient Selective-ID Secure Identity Based Encryption Without Random Oracles.In Advances in Cryptology -- Eurocrypt volume 3027 of LNCS pages 223--238. Springer, 2004.]]

[8]

D. Boneh, G. D. Crescenzo, R. Ostrovsky, and G. Persiano. Public-Key Encryption with Keyword Search.In Advances in Cryptology -- Eurocrypt volume 3027 of LNCS pages 506--522. Springer, 2004.]]

[9]

D. Boneh and M. Franklin. Identity Based Encryption from the Weil Pairing. In Advances in Cryptology -- CRYPTO volume 2139 of LNCS pages 213--229. Springer, 2001.]]

Digital Library

[10]

D. Boneh, C. Gentry, and B. Waters. Collusion Resistant Broadcast Encryption with Short Ciphertexts and Private Keys. In Advances in Cryptology -- CRYPTO volume 3621 of LNCS pages 258--275. Springer, 2005.]]

Digital Library

[11]

Dan Boneh and Jonathan Katz.Improved efficiency for cca-secure cryptosystems built using identity-based encryption. In CT-RSA pages 87--103, 2005.]]

Digital Library

[12]

Xavier Boyen, Qixiang Mei, and Brent Waters. Direct chosen ciphertext security from identity-based techniques. In ACM Conference on Computer and Communications Security pages 320--329, 2005.]]

Digital Library

[13]

Robert W. Bradshaw, Jason E. Holt, and Kent E. Seamons. Concealing complex policies with hidden credentials. In ACM Conference on Computer and Communications Security pages 146--157, 2004.]]

Digital Library

[14]

E.F.Brickell.Some ideal secret sharing schemes.Journal of Combinatorial Mathematics and Combinatorial Computing 6:105--113, 1989.]]

[15]

R. Canetti, S. Halevi, and J. Katz. A Forward-Secure Public-Key Encryption Scheme.In Advances in Cryptology -- Eurocrypt volume 2656 of LNCS Springer, 2003.]]

[16]

R. Canetti, S. Halevi, and J. Katz. Chosen Ciphertext Security from Identity Based Encryption.In Advances in Cryptology -- Eurocrypt volume 3027 of LNCS pages 207--222. Springer, 2004.]]

[17]

Clifford Cocks. An identity based encryption scheme based on quadratic residues. In IMA Int. Conf. pages 360--363, 2001.]]

Digital Library

[18]

Y. Dodis, N. Fazio, A. Lysyanskaya, and D. F. Yao. ID-Based Encryption for Complex Hierarchies with Applications to Forward Security and Broadcast Encryption. In ACM conference on Computer and Communications Security (ACM CCS)pages 354--363, 2004.]]

Digital Library

[19]

Rita Gavriloaie, Wolfgang Nejdl, Daniel Olmedilla, Kent E. Seamons, and Marianne Winslett. No registration needed:How to use declarative policies and negotiation to access sensitive resources on the semantic web. In ESWS pages 342--356, 2004.]]

[20]

Craig Gentry and Alice Silverberg. Hierarchical id-based cryptography. In ASIACRYPT pages 548--566, 2002.]]

Digital Library

[21]

V. Goyal, O. Pandey, A. Sahai, and B. Waters. Attribute Based Encryption for Fine-Grained Access Conrol of Encrypted Data. Avaialble at:http://eprint.iacr.org/2006/.]]

[22]

D. Halevy and A. Shamir. The LSD Broadcast Encryption Scheme. In Advances in Cryptology -- CRYPTO volume 2442 of LNCS pages 47--60. Springer, 2002.]]

Digital Library

[23]

Hugh Harney, Andrea Colgrove, and Patrick Drew McDaniel. Principles of policy in secure groups.In NDSS 2001.]]

[24]

Jeremy Horwitz and Ben Lynn. Toward hierarchical identity-based encryption. In Lars R.Knudsen, editor, EUROCRYPT volume 2332 of Lecture Notes in Computer Science pages 466--481. Springer, 2002.]]

Digital Library

[25]

M. Ito, A. Saito, and T. Nishizeki. Secret Sharing Scheme Realizing General Access Structure. In IEEE Globecom IEEE, 1987.]]

[26]

Myong H. Kang, Joon S. Park, and Judith N. Froscher. Access control mechanisms for inter-organizational work flow. In SACMAT '01: Proceedings of the sixth ACM symposium on Access control models and technologies pages 66--74, New York, NY, USA, 2001. ACM Press.]]

Digital Library

[27]

Jiangtao Li, Ninghui Li, and William H. Winsborough. Automated trust negotiation using cryptographic credentials. In ACM Conference on Computer and Communications Security pages 46--57, 2005.]]

Digital Library

[28]

Patrick Drew McDaniel and Atul Prakash. Methods and limitations of security policy reconciliation. In IEEE Symposium on Security and Privacy pages 73--87, 2002.]]

Digital Library

[29]

Cisco Networks.http://netflow.cesnet.cz/n netflow.php]]

[30]

M. Pirretti, P. Traynor, P. McDaniel, and B. Waters. Secure Atrribute-Based Systems. In ACM conference on Computer and Communications Security (ACM CCS) 2006. To appear.]]

Digital Library

[31]

A. Sahai. Non-malleable non-interactive zero knowledge and adaptive chosen-ciphertext security. In IEEE Symposium on Foundations of Computer Science 1999.]]

Digital Library

[32]

A. Sahai and B. Waters. Fuzzy Identity Based Encryption. In Advances in Cryptology -- Eurocrypt volume 3494 of LNCS pages 457--473. Springer, 2005.]]

Digital Library

[33]

A. Shamir. How to share a secret. Commun. ACM 22(11):612--613, 1979.]]

Digital Library

[34]

A. Shamir. Identity Based Cryptosystems and Signature Schemes. In Advances in Cryptology -- CRYPTO volume 196 of LNCS pages 37--53. Springer, 1984.]]

Digital Library

[35]

Nigel P. Smart. Access control using pairing based cryptography. In CT-RSA pages 111--121, 2003.]]

[36]

Ting Yu and Marianne Winslett. A unified scheme for resource protection in automated trust negotiation. In IEEE Symposium on Security and Privacy pages 110--122, 2003.]]

Digital Library

Cited By

Yang XTao Y(2025)FUR-HABEInternational Journal of Information Security and Privacy10.4018/IJISP.36560219:1(1-25)Online publication date: 9-Jan-2025
https://doi.org/10.4018/IJISP.365602
Wang XMa J(2025)Cloud-Network-End Collaborative Security for Wireless Networks: Architecture, Mechanisms, and ApplicationsTsinghua Science and Technology10.26599/TST.2023.901015830:1(18-33)Online publication date: Feb-2025
https://doi.org/10.26599/TST.2023.9010158
Routray KBera P(2025)Secure and Expressive Authorized Keyword Search in Cloud-Assisted Cyber-Physical SystemsProceedings of the 26th International Conference on Distributed Computing and Networking10.1145/3700838.3703669(390-395)Online publication date: 4-Jan-2025
https://dl.acm.org/doi/10.1145/3700838.3703669
Show More Cited By

Index Terms

Attribute-based encryption for fine-grained access control of encrypted data
1. Security and privacy
  1. Cryptography
    1. Public key (asymmetric) techniques
      1. Public key encryption

Recommendations

Fine-grained access control system based on fully outsourced attribute-based encryption

First fully outsourced attributed-based encryption scheme.Lightweight operations for the private key generator and users.Imperceptible communication cost for the private key generator and users.Rigorous theoretical and detailed experimental analyses of ...
Fine-grained user access control in ciphertext-policy attribute-based encryption

Key revocation is one of the most challenging and open issues in attribute-based encryption (ABE). The previous revocable ABE schemes feature a mechanism that revokes the attribute key periodically without any consideration of the user membership ...
Attribute-based encryption schemes with constant-size ciphertexts

Attribute-based encryption (ABE), as introduced by Sahai and Waters, allows for fine-grained access control on encrypted data. In its key-policy flavor (the dual ciphertext-policy scenario proceeds the other way around), the primitive enables senders to ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '06: Proceedings of the 13th ACM conference on Computer and communications security

October 2006

434 pages

ISBN:1595935185

DOI:10.1145/1180405

General Chair:
Ari Juels
RSA Laboratories
,
Program Chairs:
Rebecca Wright
Stevens Institute of Technology
,
Sabrina De Capitani di Vimercati
University of Milan, Italy

Copyright © 2006 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 30 October 2006

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

CCS06

Sponsor:

CCS06: 13th ACM Conference on Computer and Communications Security 2006

October 30 - November 3, 2006

Virginia, Alexandria, USA

Acceptance Rates

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3,324
Total Citations
View Citations
11,446
Total Downloads

Downloads (Last 12 months)605
Downloads (Last 6 weeks)46

Reflects downloads up to 08 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Yang XTao Y(2025)FUR-HABEInternational Journal of Information Security and Privacy10.4018/IJISP.36560219:1(1-25)Online publication date: 9-Jan-2025
https://doi.org/10.4018/IJISP.365602
Wang XMa J(2025)Cloud-Network-End Collaborative Security for Wireless Networks: Architecture, Mechanisms, and ApplicationsTsinghua Science and Technology10.26599/TST.2023.901015830:1(18-33)Online publication date: Feb-2025
https://doi.org/10.26599/TST.2023.9010158
Routray KBera P(2025)Secure and Expressive Authorized Keyword Search in Cloud-Assisted Cyber-Physical SystemsProceedings of the 26th International Conference on Distributed Computing and Networking10.1145/3700838.3703669(390-395)Online publication date: 4-Jan-2025
https://dl.acm.org/doi/10.1145/3700838.3703669
Wang HWang JGe CLi YZhou LLiu ZWu WCao M(2025)ADSS: An Available-but-invisible Data Service Scheme for Fine-grained Usage ControlIEEE Transactions on Services Computing10.1109/TSC.2024.3495498(1-14)Online publication date: 2025
https://doi.org/10.1109/TSC.2024.3495498
Huang WWu AXu SXu GWu W(2025)EASNs: Efficient Anonymous Social Networks With Enhanced Security and High ScalabilityIEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.351656820(796-806)Online publication date: 1-Jan-2025
https://dl.acm.org/doi/10.1109/TIFS.2024.3516568
Duan PMa ZGao HTian TZhang Y(2025)Multi-Authority Attribute-Based Encryption Scheme With Access Delegation for Cross Blockchain Data SharingIEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.351581220(323-337)Online publication date: 1-Jan-2025
https://dl.acm.org/doi/10.1109/TIFS.2024.3515812
Chen LXu SZhang HWeng J(2025)Fair-and-Exculpable-Attribute-Based Searchable Encryption With Revocation and Verifiable Outsourced Decryption Using Smart ContractIEEE Internet of Things Journal10.1109/JIOT.2024.348422712:4(4302-4317)Online publication date: 15-Feb-2025
https://doi.org/10.1109/JIOT.2024.3484227
Li JZhang EHan JZhang YShen J(2025)PH-MG-ABE: A Flexible Policy-Hidden Multigroup Attribute-Based Encryption Scheme for Secure Cloud StorageIEEE Internet of Things Journal10.1109/JIOT.2024.346801812:2(2146-2157)Online publication date: 15-Jan-2025
https://doi.org/10.1109/JIOT.2024.3468018
Yang XLuo XLiao ZWang WDu XLi S(2025)A CP-ABE-based access control scheme with cryptographic reverse firewall for IoVJournal of Systems Architecture10.1016/j.sysarc.2025.103331160(103331)Online publication date: Mar-2025
https://doi.org/10.1016/j.sysarc.2025.103331
Li SNiu KWu B(2025)A blockchain-based secure data sharing scheme with efficient attribute revocationJournal of Systems Architecture10.1016/j.sysarc.2024.103309159(103309)Online publication date: Feb-2025
https://doi.org/10.1016/j.sysarc.2024.103309
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten