Abstract
Ciphertext-policy attribute-based encryption (CP-ABE) is a promising cryptographic primitive for fine-grained access control on data outsourced to clouds. However, there still exists one critical functionality missing in existing CP-ABE schemes, which is the prevention of key abuse. Specifically, two kinds of key abuse problems are considered in this paper: malicious key sharing among colluding users, and key escrow problem of the semi-trusted authority. For a user, any malicious behavior including illegal key sharing should be traced. For the semi-trusted authority, it should be accountable for its misbehavior including illegal key re-distribution. For better performance and security, it is also indispensable to support large universe and full security in CP-ABE. To the best of our knowledge, none of the existing traceable CP-ABE schemes simultaneously supports large universe and full security. In this paper, we construct a white-box traceable CP-ABE scheme with weak public user traceability, weak public authority accountability and weak public auditing in the sense that no additional secret keys are needed. The scheme supports large universe, and attributes do not need to be pre-specified during the system setup phase. Our scheme is proven fully-secure in the random oracle model and it can take any monotonic access structures as ciphertext policies.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
The expression “weak public” is similar to the term “partial public” in [20], in which only private user traceability is realized.
References
Balu, A., Kuppusamy, K.: An expressive and provably secure ciphertext-policy attribute-based encryption. Inf. Sci. 276, 354–362 (2014)
Beimel, A.: Secure schemes for secret sharing and key distribution. Ph.D. thesis, Technion-Israel Institute of technology, Faculty of computer science (1996)
Bellare, M., Goldreich, O.: On defining proofs of knowledge. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 390–420. Springer, Heidelberg (1993)
Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: IEEE Symposium on Security and Privacy, SP 2007, pp. 321–334. IEEE, Los Alamitos (2007)
Boneh, D., Goh, E.-J., Nissim, K.: Evaluating 2-DNF formulas on ciphertexts. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 325–341. Springer, Heidelberg (2005)
Cheung, L., Newport, C.: Provably secure ciphertext policy ABE. In: CCS 2007, pp. 456–465. ACM, New York (2007)
Deng, H., Wu, Q., Qin, B., Mao, J., Liu, X., Zhang, L., Shi, W.: Who Is touching my cloud. In: Kutyłowski, M., Vaidya, J. (eds.) ICAIS 2014, Part I. LNCS, vol. 8712, pp. 362–379. Springer, Heidelberg (2014)
Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: CCS 2006, pp. 89–98. ACM, New York (2006)
Lai, J., Deng, R.H., Li, Y.: Expressive CP-ABE with partially hidden access structures. In: ASIACCS 2012, pp. 18–19. ACM, New York (2012)
Lewko, A., Okamoto, T., Sahai, A., Takashima, K., Waters, B.: Fully secure functional encryption: attribute-based encryption and (hierarchical) inner product encryption. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 62–91. Springer, Heidelberg (2010)
Lewko, A., Waters, B.: Unbounded HIBE and attribute-based encryption. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 547–567. Springer, Heidelberg (2011)
Li, J., Huang, Q., Chen, X., Chow, S.S.M., Wong, D.S., Xie, D.: Multi-authority ciphertext-policy attribute-based encryption with accountability. In: ASIACCS 2011, pp. 386–390. ACM, New York (2011)
Li, J., Ren, K., Kim, K.: A2be: Accountable attribute-based encryption for abuse free access control. Cryptology ePrint Archive, Report 2009/118 (2009)
Li, J., Ren, K., Zhu, B., Wan, Z.: Privacy-aware attribute-based encryption with user accountability. In: Samarati, P., Yung, M., Martinelli, F., Ardagna, C.A. (eds.) ISC 2009. LNCS, vol. 5735, pp. 347–362. Springer, Heidelberg (2009)
Liu, Z., Cao, Z., Wong, D.S.: White-box traceable ciphertext-policy attribute-based encryption supporting any monotone access structures. IEEE Trans. Inf. Forensics Secur. 8(1), 76–88 (2013)
Liu, Z., Cao, Z., Wong, D.S.: Blackbox traceable CP-ABE: how to catch people leaking their keys by selling decryption devices on ebay. In: CCS 2013, pp. 475–486. ACM, New York (2013)
Liu, Z., Cao, Z., Wong, D.S.: Traceable CP-ABE: how to trace decryption devices found in the wild. IEEE Trans. Inf. Forensics Secur. 10(1), 55–68 (2015)
Liu, Z., Wong, D.S.: Traceable CP-ABE on prime order groups: Fully secure and fully collusion-resistant blackbox traceable. Cryptology ePrint Archive, Report 2015/850 (2015)
Liu, Z., Wong, D.S.: Practical ciphertext-policy attribute-based encryption: traitor tracing, revocation, and large universe. In: Malkin, T., Kolesnikov, V., Lewko, A.B., Polychronakis, M. (eds.) Applied Cryptography and Network Security. LNCS, vol. 9092, pp. 127–146. Springer, Switzerland (2015)
Ning, J., Cao, Z., Dong, X., Wei, L., Lin, X.: Large universe ciphertext-policy attribute-based encryption with white-box traceability. In: Kutyłowski, M., Vaidya, J. (eds.) ICAIS 2014, Part II. LNCS, vol. 8713, pp. 55–72. Springer, Heidelberg (2014)
Ning, J., Dong, X., Cao, Z., Wei, L.: Accountable Authority Ciphertext-policy attribute-based encryption with white-box traceability and public auditing in the cloud. In: Pernul, G., Ryan, P.Y.A., Weippl, E. (eds.) ESORICS 2015, Part II. LNCS, vol. 9327, pp. 270–289. Springer, Switzerland (2015)
Nishide, T., Yoneyama, K., Ohta, K.: Attribute-based encryption with partially hidden encryptor-specified access structures. In: Bellovin, S.M., Gennaro, R., Keromytis, A., Yung, M. (eds.) Applied Cryptography and Network Security. LNCS, vol. 5037, pp. 111–129. Springer, Heidelberg (2008)
Okamoto, T., Takashima, K.: Fully secure functional encryption with general relations from the decisional linear assumption. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 191–208. Springer, Heidelberg (2010)
Rouselakis, Y., Waters, B.: Practical constructions and new proof methods for large universe attribute-based encryption. In: CCS 2013, pp. 463–474. ACM, New York (2013)
Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 457–473. Springer, Heidelberg (2005)
Schnorr, C.-P.: Efficient identification and signatures for smart cards. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 239–252. Springer, Heidelberg (1990)
Shi, Y., Zheng, Q., Liu, J., Han, Z.: Directly revocable key-policy attribute-based encryption with verifiable ciphertext delegation. Inf. Sci. 295, 221–231 (2015)
Yu, S., Ren, K., Lou, W., Li, J.: Defending against key abuse attacks in KP-ABE enabled broadcast systems. In: Chen, Y., Dimitriou, T.D., Zhou, J. (eds.) SecureComm 2009. LNICST, vol. 19, pp. 311–329. Springer, Heidelberg (2009)
Yu, S., Wang, C., Ren, K., Lou, W.: Attribute based data sharing with attribute revocation. In: ASIACCS 2010, pp. 261–270. ACM, New York (2010)
Zhang, X., Jin, C., Li, C., Wen, Z., Shen, Q., Fang, Y., Wu, Z.: Ciphertext-policy attribute-based encryption with user and authority accountability. In: Thuraisingham, B., et al. (eds.) SecureComm 2015. LNICST, vol. 164, pp. 500–518. Springer, Heidelberg (2015). doi:10.1007/978-3-319-28865-9_27
Zhang, Y., Chen, X., Li, J., Li, H., Li, F.: Fdr-abe: Attribute-based encryption with flexible and direct revocation. In: INCoS 2013, pp. 38–45. IEEE, Los Alamitos (2013)
Zhang, Y., Chen, X., Li, J., Li, H., Li, F.: Attribute-based data sharing with flexible and direct revocation in cloud computing. KSII Transactions on Internet&. Inf. Syst. 8(11), 4028–4049 (2014)
Zhang, Y., Chen, X., Li, J., Wong, D.S., Li, H.: Anonymous attribute-based encryption supporting efficient decryption test. In: ASIACCS 2013, pp. 511–516. ACM, New York (2013)
Zhang, Y., Zheng, D., Chen, X., Li, J., Li, H.: Computationally efficient ciphertext-policy attribute-based encryption with constant-size ciphertexts. In: Chow, S.S.M., Liu, J.K., Hui, L.C.K., Yiu, S.M. (eds.) ProvSec 2014. LNCS, vol. 8782, pp. 259–273. Springer, Heidelberg (2014)
Acknowledgements
We are grateful to the anonymous reviewers for their invaluable suggestions. This work is supported by National Natural Science Foundation of China (No. 61402366, 61472091, 61272037, 61472472, and 61272457), Program for New Century Excellent Talents in University (No. NCET-13-0946), Distinguished Young Scholars Fund of Department of Education, Guangdong Province (No. Yq2013126), Natural Science Basic Research Plan in Shaanxi Province (No. 2015JQ6236), and Scientific Research Program Funded by Shaanxi Provincial Education Department (No. 15JK1686).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Zhang, Y., Li, J., Zheng, D., Chen, X., Li, H. (2016). Accountable Large-Universe Attribute-Based Encryption Supporting Any Monotone Access Structures. In: Liu, J., Steinfeld, R. (eds) Information Security and Privacy. ACISP 2016. Lecture Notes in Computer Science(), vol 9722. Springer, Cham. https://doi.org/10.1007/978-3-319-40253-6_31
Download citation
DOI: https://doi.org/10.1007/978-3-319-40253-6_31
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-40252-9
Online ISBN: 978-3-319-40253-6
eBook Packages: Computer ScienceComputer Science (R0)