Fully Collusion-Resistant Traceable Key-Policy Attribute-Based Encryption with Sub-linear Size Ciphertexts

Recently a series of expressive, secure and efficient Attribute-Based Encryption (ABE) schemes, both in key-policy flavor and ciphertext-policy flavor, have been proposed. However, before being applied into practice, these systems have to attain traceability of malicious users. As the decryption privilege of a decryption key in Key-Policy ABE (resp. Ciphertext-Policy ABE) may be shared by multiple users who own the same access policy (resp. attribute set), malicious users might tempt to leak their decryption privileges to third parties, for financial gain as an example, if there is no tracing mechanism for tracking them down. In this work we study the traceability notion in the setting of Key-Policy ABE, and formalize Key-Policy ABE supporting fully collusion-resistant blackbox traceability. An adversary is allowed to access an arbitrary number of keys of its own choice when building a decryption-device, and given such a decryption-device while the underlying decryption algorithm or key may not be given, a Blackbox tracing algorithm can find out at least one of the malicious users whose keys have been used for building the decryption-device. We propose a construction, which supports both fully collusion-resistant blackbox traceability and high expressiveness (i.e. supporting any monotonic access structures). The construction is fully secure in the standard model (i.e. it achieves the best security level that the conventional non-traceable ABE systems do to date), and is efficient that the fully collusion-resistant blackbox traceability is attained at the price of making ciphertexts grow only sub-linearly in the number of users in the system, which is the most efficient level to date

On Enabling Attribute-Based Encryption to Be Traceable against Traitors

Attribute-Based Encryption (ABE) is a versatile one-to-many encryption primitive, which enables fine-grained access control over encrypted data. Due to its promising applications in practice, ABE schemes with high efficiency, security and expressivity have been continuously emerging. On the other hand, due to the nature of ABE, a malicious user may abuse its decryption privilege. Therefore, being able to identify such a malicious user is crucial towards the practicality of ABE. Although some specific ABE schemes in the literature enjoys the tracing function, they are only proceeded case by case. Most of the ABE schemes do not support traceability. It is thus meaningful and important to have \emph{a generic way of equipping any ABE scheme with traceability}. In this work we partially solve the aforementioned problem. Namely, we propose a way of transforming (non-traceable) ABE schemes satisfying certain requirements to \emph{fully collusion-resistant black-box traceable} ABE schemes, which adds only $O(\sqrt{\cal K})$ elements to the ciphertext where ${\cal K}$ is the number of users in the system. And to demonstrate the practicability of our transformation, we show how to convert a couple of existing non-traceable ABE schemes to support traceability

Cryptographic Enforcement of Attribute-based Authentication

Doktorgradsavhandling,This dissertation investigates on the cryptographic enforcement about attributebased authentication (ABA) schemes. ABA is an approach to authenticate users via attributes, which are properties of users to be authenticated, environment conditions such as time and locations. By using attributes in place of users’ identity information, ABA can provide anonymous authentication, or more specifically, ABA enables to keep users anonymous from their authenticators. In addition, the property of least information leakage provides better protection for users’ privacy compared with public key based authentication approaches. These properties make it possible to apply ABA schemes in privacy preserving scenarios, for instance, cloud-based applications. The most important security requirements of ABA schemes consist of anonymity, traceability, unforgeability, unlinkability and collision resistance. In this dissertation, we combine these security requirements with other properties such as hierarchy to divide ABA schemes into different categories, based on which we use examples to demonstrate how to construct these schemes cryptographically. The main contributions of this dissertation include the following aspects: We categorize ABA schemes into different types and describe their structures as well as workflows, such that readers can gain a big picture and a clear view of different ABA schemes and their relations. This categorization serves as a guideline how to design and construct ABA schemes. We provide two examples to demonstrate how to construct ciphertext-policy attribute-based authentication (CP-ABA) schemes via two different approaches. Different from key-policy attribute-based authentication (KP-ABA) schemes, attribute keys generated in CP-ABA schemes are comparatively independent of relations among attributes. Thus compared with KP-ABA, CP-ABA extends the flexibility and usage scope of ABA schemes. We extend the core ABA schemes to hierarchical ABA (HABA) schemes by adding the property of hierarchy. Then we propose two different types of hierarchical structures, i.e., user related hierarchical ABA (U-HABA) and attribute related hierarchical ABA (A-HABA). According to these two hierarchical structures, an example is provided for each type to show how to use cryptographic primitives to build HABA schemes. All ABA schemes discussed above and proposed in this dissertation can be implemented to assist users to achieve anonymous authentication from their authenticators. Therefore, these schemes can offer more opportunities to protect users’ privacy, for example, in attribute-based access control (ABAC) and cloud-based services