Mediated Ciphertext-Policy Attribute-Based Encryption and its Application (extended version)

In Ciphertext-Policy Attribute-Based Encryption (CP-ABE), a user secret key is associated with a set of attributes, and the ciphertext is associated with an access policy over attributes. The user can decrypt the ciphertext if and only if the attribute set of his secret key satisfies the access policy specified in the ciphertext. Several CP-ABE schemes have been proposed, however, some practical problems, such as attribute revocation, still needs to be addressed. In this paper, we propose a mediated Ciphertext-Policy Attribute-Based Encryption (mCP-ABE) which extends CP-ABE with instantaneous attribute revocation. Furthermore, we demonstrate how to apply the proposed mCP-ABE scheme to securely manage Personal Health Records (PHRs)

An encryption scheme for a secure policy updating

Abstract: Ciphertext policy attribute based encryption is an encryption technique where the data is encrypted according to an access policy over attributes. Users who have a secret key associated with a set of attributes which satisfy the access policy can decrypt the encrypted data. However, one of the drawbacks of the CP-ABE is that it does not support updating access control policies without decrypting the encrypted data.We present a new variant of the CP-ABE scheme called ciphertext policy attribute based proxy re-encryption (CP-ABPRE). The proposed scheme allows to update the access control policy of the encrypted data without decrypting the ciphertext. The scheme uses a semitrusted entity called proxy to re-encrypt the encrypted data according to a new access control policy such that only users who satisfy the new policy can decrypt the data. The construction of our scheme is based on prime order bilinear groups. We give a formal definition for semantic security and provide a security proof in the generic group model

Cryptographically Enforced Distributed Data Access Control

Outsourcing data storage reduces the cost of ownership. However, once data is stored on a remote server, users lose control over their sensitive data. There are two approaches to control the access to outsourced data. The first approach assumes that the outsourcee is fully trusted. This approach is also referred to as server mediated access control and works as follows: whenever a user wants to access the stored data, the user has to provide credentials to the server. If the credentials are valid and satisfy the access control policy, the user is allowed to access the stored data. However, fully trusting the server can be dangerous since if the server gets hacked, all users data would be readable by hackers. The second approach reduces the trust on the server and assumes that the server is honest-but-curious: the server is honest in the sense that it stores the data correctly and makes the data available to users, and the server is curious in the sense that it attempts to extract knowledge from the stored data. This approach is also referred as cryptographically enforced access control because it relies on encryption techniques to enforce an access control policy. The main idea of this approach is to map an access control policy into an encryption key, and then to encrypt the data under the encryption key such that only authorized users who possess a decryption key can access the data in clear. Even if the server gets hacked, user data are secure since the data are encrypted. In this thesis we focus on the second approach and propose new encryption schemes for enforcing access control policies with significant advantages over existing ones. In particular, we push the limits of three cryptographic primitives: proxy re-encryption, attribute-based encryption and public-key encryption. Our contributions can be summarized as follows: 1.We propose a proxy re-encryption scheme which enables the delegator to provide a fine-grained access control policy. Proxy re-encryption is a cryptographic primitive developed to delegate the decryption right from one party (the delegator) to another (the delegatee). In our scheme, the delegator can categorize messages into different types and delegate the decryption right of each type to the delegatee through a proxy. 2.We propose two ciphertext-policy attribute-based encryption schemes which are more efficient and at least as expressive as the existing state-of-the-art schemes. In ciphertext-policy attribute-based encryption the data is encrypted under an access control policy defined over attributes. A user can decrypt the ciphertext only if the attribute set of her secret key satisfies the access control policy of the ciphertext. 3.We propose a ciphertext-policy attribute-based encryption scheme in which the secret keys of dishonest or compromised users are revoked. 4.We propose a ciphertext-policy attribute-based encryption scheme that allows users to update the access control policy of the ciphertext without decrypting it. 5.We propose a public-key encryption scheme that allows the secret key holder to delegate to the server the power to search her ciphertexts for possible malwar

Privacy and security in e-health applications

The introduction of e-Health and extramural applications in the personal healthcare domain has raised serious concerns about security and privacy of health data. Novel digital technologies require other security approaches in addition to the traditional "purely physical" approach. Furthermore, privacy is becoming an increasing concern in domains that deal with sensitive information such as healthcare, which cannot absorb the costs of security abuses in the system. Once sensitive information about an individual’s health is uncovered and social damage is done, there is no way to revoke the information or to restitute the individual. Therefore, in addition to legal means, it is very important to provide and enforce privacy and security in healthcare by technological means. In this chapter, the authors analyze privacy and security requirements in healthcare, explain their importance and review both classical and novel security technologies that could fulfill these requirements

Secure management of personal health records by applying attribute-based encryption

The confidentiality of personal health records is a major problem when patients use commercial Web-based systems to store their health data. Traditional access control mechanisms have several limitations with respect to enforcing access control policies and ensuring data confidentiality. In particular, the data has to be stored on a central server locked by the access control mechanism, and the data owner loses control on the data from the moment when the data is sent to the server. Therefore, these mechanisms do not fulfill the requirements of data outsourcing scenarios where the third party storing the data should not have access to the plain data, and it is not trusted to enforce access policies. In this paper, we present a new variant of ciphertext-policy attribute-based encryption (CP-ABE) scheme which is used to enforce patient/organizational access control policies. In CP-ABE, the data is encrypted according to an access policy over a set of attributes. The access policy specifies which attributes a user needs to have in order to decrypt the encrypted data. Once the data is encrypted, it can be safely stored in an untrusted server such that everyone can download the encrypted data but only authorized users who satisfy the access policy can decrypt. The novelty of our construction is that attributes can be from two security domains: social domain (e.g. family, friends, or fellow patients) and professional domain (e.g. doctors or nurses)

Privacy and security in e-health applications

The introduction of e-Health and extramural applications in the personal healthcare domain has raised serious concerns about security and privacy of health data. Novel digital technologies require other security approaches in addition to the traditional "purely physical" approach. Furthermore, privacy is becoming an increasing concern in domains that deal with sensitive information such as healthcare, which cannot absorb the costs of security abuses in the system. Once sensitive information about an individual’s health is uncovered and social damage is done, there is no way to revoke the information or to restitute the individual. Therefore, in addition to legal means, it is very important to provide and enforce privacy and security in healthcare by technological means. In this chapter, the authors analyze privacy and security requirements in healthcare, explain their importance and review both classical and novel security technologies that could fulfill these requirements

Attribute-Based Digital Signature System

An attribute-based digital signature system comprises a signature generation unit (1) for signing a message (m) by generating a signature (s) based on a user secret key (SK) associated with a set of user attributes, wherein the signature generation unit (1) is arranged for combining the user secret key (SK) with revocation data (R) to form at least part of the signature (s), wherein the revocation data (R) complements respective ones of a plurality of valid user secret keys and wherein the revocation data (R) prevents a revoked user secret key (SK) from being used to validly sign a message (m) with the set of user attributes. The system further comprises a revocation unit (2) for selectively removing at least part of the signing capability of a to-be-revoked user secret key (SK), by generating updated revocation data (R), wherein the updated revocation data (R) is based on at least part of the to-be-revoked user secret key (SK). A plurality of attribute authorities 301 may independently issue cryptographic keys

An encryption scheme for a secure policy updating

Ciphertext policy attribute based encryption is an encryption technique where the data is encrypted according to an access policy over attributes. Users who have a secret key associated with a set of attributes which satisfy the access policy can decrypt the encrypted data. However, one of the drawbacks of the CP-ABE is that it does not support updating access control policies without decrypting the encrypted data.We present a new variant of the CP-ABE scheme called ciphertext policy attribute based proxy re-encryption (CP-ABPRE). The proposed scheme allows to update the access control policy of the encrypted data without decrypting the ciphertext. The scheme uses a semitrusted entity called proxy to re-encrypt the encrypted data according to a new access control policy such that only users who satisfy the new policy can decrypt the data. The construction of our scheme is based on prime order bilinear groups. We give a formal definition for semantic security and provide a security proof in the generic group model

Ciphertext-policy attribute-based broadcast encryption scheme

In this work, we design a new attribute-based encryption scheme with the revocation capability. In the proposed schemes, the user (broadcaster) encrypts the data according to an access policy over the set of attributes, and a list of the identities of revoked users. Only recipients who have attributes which satisfy the access policy and whose identity is not in the list of revoked users will be able to decrypt the message.The proposed scheme can be used for revocation of up to t users. The complexity of proposed schemes is dependent on the number of revoked users r, rather than on the total number n of users in the system. The security of the scheme has been proved under the Decisional Bilinear Diffie-Hellman (DBDH) assumption

An encryption scheme for a secure policy updating

Ciphertext policy attribute based encryption is an encryption technique where the data is encrypted according to an access policy over attributes. Users who have a secret key associated with a set of attributes which satisfy the access policy can decrypt the encrypted data. However, one of the drawbacks of the CP-ABE is that it does not support updating access control policies without decrypting the encrypted data.We present a new variant of the CP-ABE scheme called ciphertext policy attribute based proxy re-encryption (CP-ABPRE). The proposed scheme allows to update the access control policy of the encrypted data without decrypting the ciphertext. The scheme uses a semitrusted entity called proxy to re-encrypt the encrypted data according to a new access control policy such that only users who satisfy the new policy can decrypt the data. The construction of our scheme is based on prime order bilinear groups. We give a formal definition for semantic security and provide a security proof in the generic group model