Article

Attribute-based encryption for fine-grained access control of encrypted data

Authors:

Brent WatersAuthors Info & Claims

CCS '06: Proceedings of the 13th ACM conference on Computer and communications security

Pages 89 - 98

https://doi.org/10.1145/1180405.1180418

Published: 30 October 2006 Publication History

Abstract

As more sensitive data is shared and stored by third-party sites on the Internet, there will be a need to encrypt data stored at these sites. One drawback of encrypting data, is that it can be selectively shared only at a coarse-grained level (i.e., giving another party your private key). We develop a new cryptosystem for fine-grained sharing of encrypted data that we call Key-Policy Attribute-Based Encryption (KP-ABE). In our cryptosystem, ciphertexts are labeled with sets of attributes and private keys are associated with access structures that control which ciphertexts a user is able to decrypt. We demonstrate the applicability of our construction to sharing of audit-log information and broadcast encryption. Our construction supports delegation of private keys which subsumesHierarchical Identity-Based Encryption (HIBE).

References

[1]

Michel Abdalla, Dario Catalano, Alexander W. Dent,John Malone-Lee,Gregory Neven, and Nigel P. Smart. Identity-based encryption gone wild. In Michele Bugliesi,Bart Preneel,Vladimiro Sassone,and Ingo Wegener, editors, ICALP (2)volume 4052 of Lecture Notes in Computer Science pages 300--311. Springer, 2006.]]

Digital Library

[2]

S. G. Akl and P. D. Taylor. Cryptographic Solution to a Multi Level Security Problem.In Advances in Cryptology -- CRYPTO 1982.]]

[3]

A. Beimel. Secure Schemes for Secret Sharing and Key Distribution PhD thesis, Israel Institute of Technology, Technion, Haifa, Israel, 1996.]]

[4]

M. Bellare and P. Rogaway. Random oracles are practical: A paradigm for designing efficient protocols.In ACM conference on Computer and Communications Security (ACM CCS) pages 62--73, 1993.]]

Digital Library

[5]

J. Benaloh and Leichter J. Generalized Secret Sharing and Monotone Functions.In Advances in Cryptology -- CRYPTO volume 403 of LNCS pages 27--36. Springer, 1988.]]

Digital Library

[6]

G. R. Blakley. Safeguarding cryptographic keys.In National Computer Conference pages 313--317. American Federation of Information Processing Societies Proceedings, 1979.]]

[7]

D. Boneh and X. Boyen. Efficient Selective-ID Secure Identity Based Encryption Without Random Oracles.In Advances in Cryptology -- Eurocrypt volume 3027 of LNCS pages 223--238. Springer, 2004.]]

[8]

D. Boneh, G. D. Crescenzo, R. Ostrovsky, and G. Persiano. Public-Key Encryption with Keyword Search.In Advances in Cryptology -- Eurocrypt volume 3027 of LNCS pages 506--522. Springer, 2004.]]

[9]

D. Boneh and M. Franklin. Identity Based Encryption from the Weil Pairing. In Advances in Cryptology -- CRYPTO volume 2139 of LNCS pages 213--229. Springer, 2001.]]

Digital Library

[10]

D. Boneh, C. Gentry, and B. Waters. Collusion Resistant Broadcast Encryption with Short Ciphertexts and Private Keys. In Advances in Cryptology -- CRYPTO volume 3621 of LNCS pages 258--275. Springer, 2005.]]

Digital Library

[11]

Dan Boneh and Jonathan Katz.Improved efficiency for cca-secure cryptosystems built using identity-based encryption. In CT-RSA pages 87--103, 2005.]]

Digital Library

[12]

Xavier Boyen, Qixiang Mei, and Brent Waters. Direct chosen ciphertext security from identity-based techniques. In ACM Conference on Computer and Communications Security pages 320--329, 2005.]]

Digital Library

[13]

Robert W. Bradshaw, Jason E. Holt, and Kent E. Seamons. Concealing complex policies with hidden credentials. In ACM Conference on Computer and Communications Security pages 146--157, 2004.]]

Digital Library

[14]

E.F.Brickell.Some ideal secret sharing schemes.Journal of Combinatorial Mathematics and Combinatorial Computing 6:105--113, 1989.]]

[15]

R. Canetti, S. Halevi, and J. Katz. A Forward-Secure Public-Key Encryption Scheme.In Advances in Cryptology -- Eurocrypt volume 2656 of LNCS Springer, 2003.]]

[16]

R. Canetti, S. Halevi, and J. Katz. Chosen Ciphertext Security from Identity Based Encryption.In Advances in Cryptology -- Eurocrypt volume 3027 of LNCS pages 207--222. Springer, 2004.]]

[17]

Clifford Cocks. An identity based encryption scheme based on quadratic residues. In IMA Int. Conf. pages 360--363, 2001.]]

Digital Library

[18]

Y. Dodis, N. Fazio, A. Lysyanskaya, and D. F. Yao. ID-Based Encryption for Complex Hierarchies with Applications to Forward Security and Broadcast Encryption. In ACM conference on Computer and Communications Security (ACM CCS)pages 354--363, 2004.]]

Digital Library

[19]

Rita Gavriloaie, Wolfgang Nejdl, Daniel Olmedilla, Kent E. Seamons, and Marianne Winslett. No registration needed:How to use declarative policies and negotiation to access sensitive resources on the semantic web. In ESWS pages 342--356, 2004.]]

[20]

Craig Gentry and Alice Silverberg. Hierarchical id-based cryptography. In ASIACRYPT pages 548--566, 2002.]]

Digital Library

[21]

V. Goyal, O. Pandey, A. Sahai, and B. Waters. Attribute Based Encryption for Fine-Grained Access Conrol of Encrypted Data. Avaialble at:http://eprint.iacr.org/2006/.]]

[22]

D. Halevy and A. Shamir. The LSD Broadcast Encryption Scheme. In Advances in Cryptology -- CRYPTO volume 2442 of LNCS pages 47--60. Springer, 2002.]]

Digital Library

[23]

Hugh Harney, Andrea Colgrove, and Patrick Drew McDaniel. Principles of policy in secure groups.In NDSS 2001.]]

[24]

Jeremy Horwitz and Ben Lynn. Toward hierarchical identity-based encryption. In Lars R.Knudsen, editor, EUROCRYPT volume 2332 of Lecture Notes in Computer Science pages 466--481. Springer, 2002.]]

Digital Library

[25]

M. Ito, A. Saito, and T. Nishizeki. Secret Sharing Scheme Realizing General Access Structure. In IEEE Globecom IEEE, 1987.]]

[26]

Myong H. Kang, Joon S. Park, and Judith N. Froscher. Access control mechanisms for inter-organizational work flow. In SACMAT '01: Proceedings of the sixth ACM symposium on Access control models and technologies pages 66--74, New York, NY, USA, 2001. ACM Press.]]

Digital Library

[27]

Jiangtao Li, Ninghui Li, and William H. Winsborough. Automated trust negotiation using cryptographic credentials. In ACM Conference on Computer and Communications Security pages 46--57, 2005.]]

Digital Library

[28]

Patrick Drew McDaniel and Atul Prakash. Methods and limitations of security policy reconciliation. In IEEE Symposium on Security and Privacy pages 73--87, 2002.]]

Digital Library

[29]

Cisco Networks.http://netflow.cesnet.cz/n netflow.php]]

[30]

M. Pirretti, P. Traynor, P. McDaniel, and B. Waters. Secure Atrribute-Based Systems. In ACM conference on Computer and Communications Security (ACM CCS) 2006. To appear.]]

Digital Library

[31]

A. Sahai. Non-malleable non-interactive zero knowledge and adaptive chosen-ciphertext security. In IEEE Symposium on Foundations of Computer Science 1999.]]

Digital Library

[32]

A. Sahai and B. Waters. Fuzzy Identity Based Encryption. In Advances in Cryptology -- Eurocrypt volume 3494 of LNCS pages 457--473. Springer, 2005.]]

Digital Library

[33]

A. Shamir. How to share a secret. Commun. ACM 22(11):612--613, 1979.]]

Digital Library

[34]

A. Shamir. Identity Based Cryptosystems and Signature Schemes. In Advances in Cryptology -- CRYPTO volume 196 of LNCS pages 37--53. Springer, 1984.]]

Digital Library

[35]

Nigel P. Smart. Access control using pairing based cryptography. In CT-RSA pages 111--121, 2003.]]

[36]

Ting Yu and Marianne Winslett. A unified scheme for resource protection in automated trust negotiation. In IEEE Symposium on Security and Privacy pages 110--122, 2003.]]

Digital Library

Cited By

Nguyen KPointcheval DSchädlich R(2024)Decentralized Multi-Client Functional Encryption with Strong SecurityIACR Communications in Cryptology10.62056/andkp2fgxOnline publication date: 8-Jul-2024
https://doi.org/10.62056/andkp2fgx
Venema MBotros L(2024)Using Predicate Extension for Predicate Encryption to Generically Obtain Chosen-Ciphertext Security and SignaturesIACR Communications in Cryptology10.62056/a3c3wa3y6Online publication date: 9-Apr-2024
https://doi.org/10.62056/a3c3wa3y6
Luo J(2024)Ad Hoc Broadcast, Trace, and RevokeIACR Communications in Cryptology10.62056/a39qxrxqiOnline publication date: 8-Jul-2024
https://doi.org/10.62056/a39qxrxqi
Show More Cited By

Index Terms

Attribute-based encryption for fine-grained access control of encrypted data
1. Security and privacy
  1. Cryptography
    1. Public key (asymmetric) techniques
      1. Public key encryption

Recommendations

Fine-grained access control system based on fully outsourced attribute-based encryption

First fully outsourced attributed-based encryption scheme.Lightweight operations for the private key generator and users.Imperceptible communication cost for the private key generator and users.Rigorous theoretical and detailed experimental analyses of ...
Fine-Grained Secure Attribute-Based Encryption
Advances in Cryptology – CRYPTO 2021
Abstract
Fine-grained cryptography is constructing cryptosystems in a setting where an adversary’s resource is a-prior bounded and an honest party has less resource than an adversary. Currently, only simple form of encryption schemes, such as secret-key ...
$^{}$
Fine-grained user access control in ciphertext-policy attribute-based encryption

Key revocation is one of the most challenging and open issues in attribute-based encryption (ABE). The previous revocable ABE schemes feature a mechanism that revokes the attribute key periodically without any consideration of the user membership ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '06: Proceedings of the 13th ACM conference on Computer and communications security

October 2006

434 pages

ISBN:1595935185

DOI:10.1145/1180405

General Chair:
Ari Juels
RSA Laboratories
,
Program Chairs:
Rebecca Wright
Stevens Institute of Technology
,
Sabrina De Capitani di Vimercati
University of Milan, Italy

Copyright © 2006 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 30 October 2006

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

CCS06

Sponsor:

CCS06: 13th ACM Conference on Computer and Communications Security 2006

October 30 - November 3, 2006

Virginia, Alexandria, USA

Acceptance Rates

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '24

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3,232
Total Citations
View Citations
11,169
Total Downloads

Downloads (Last 12 months)649
Downloads (Last 6 weeks)50

Reflects downloads up to 11 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Nguyen KPointcheval DSchädlich R(2024)Decentralized Multi-Client Functional Encryption with Strong SecurityIACR Communications in Cryptology10.62056/andkp2fgxOnline publication date: 8-Jul-2024
https://doi.org/10.62056/andkp2fgx
Venema MBotros L(2024)Using Predicate Extension for Predicate Encryption to Generically Obtain Chosen-Ciphertext Security and SignaturesIACR Communications in Cryptology10.62056/a3c3wa3y6Online publication date: 9-Apr-2024
https://doi.org/10.62056/a3c3wa3y6
Luo J(2024)Ad Hoc Broadcast, Trace, and RevokeIACR Communications in Cryptology10.62056/a39qxrxqiOnline publication date: 8-Jul-2024
https://doi.org/10.62056/a39qxrxqi
Chrisel Goveas Gaanashree S Indushree M (2024)Advanced Access Controls and Deduplication for Privacy in Multimedia Cloud ComputingInternational Journal of Advanced Research in Science, Communication and Technology10.48175/IJARSCT-15326(168-179)Online publication date: 6-Feb-2024
https://doi.org/10.48175/IJARSCT-15326
Godse Shubham Gite Rahul Ekhande Nilesh Akolkar Aditya Prof. Mundhe Bhalchandra (2024)Supply Chain Management in Agriculture using BlockchainInternational Journal of Advanced Research in Science, Communication and Technology10.48175/IJARSCT-15306(29-32)Online publication date: 4-Feb-2024
https://doi.org/10.48175/IJARSCT-15306
Wen JLi HLiu LLan C(2024)Enhancing Security and Efficiency: A Fine-Grained Searchable Scheme for Encryption of Big Data in Cloud-Based Smart GridsMathematics10.3390/math1210151212:10(1512)Online publication date: 13-May-2024
https://doi.org/10.3390/math12101512
Gope PLin ZYang YNing J(2024)E-Tenon: An efficient privacy-preserving secure open data sharing scheme for EHR systemJournal of Computer Security10.3233/JCS-220097(1-30)Online publication date: 29-Jan-2024
https://doi.org/10.3233/JCS-220097
Cianfriglia MOnofri EPedicini M(2024) mR LWE -CP-ABE: A revocable CP-ABE for post-quantum cryptography Journal of Mathematical Cryptology10.1515/jmc-2023-002618:1Online publication date: 14-Feb-2024
https://doi.org/10.1515/jmc-2023-0026
Otoom MJemmali MSarhan AAchour IAlsaduni IOmri M(2024)An enhanced multilevel secure data dissemination approximate solution for future networksPLOS ONE10.1371/journal.pone.029643319:2(e0296433)Online publication date: 8-Feb-2024
https://doi.org/10.1371/journal.pone.0296433
Li XWang HMa SXiao MHuang Q(2024)Revocable and verifiable weighted attribute-based encryption with collaborative access for electronic health record in cloudCybersecurity10.1186/s42400-024-00211-17:1Online publication date: 3-Mar-2024
https://doi.org/10.1186/s42400-024-00211-1
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents