Abstract
This survey focuses on the cryptographic access control technique, attribute-based encryption (ABE), its applications and future directions. Since its inception, there has been a tremendous interest in applying this technique to solve various problems related to access control. Significant research efforts have been devoted to design efficient constructions and operational parameters to suit various applications. The main functionality of ABE is to enforce cryptographic access control with help of policies specified over a set of system defined attributes. A key generator maps the attributes, in an access policy, into encryption and decryption keys for a resource access request. ABE is categorized into Key-Policy ABE (KP-ABE) and Cipher-text Policy ABE (CP-ABE), depending on the approach used to map the attributes to the encryption and decryption keys. Implementations of ABE have relied on mathematical primitives such as elliptic curves, pairing functions, generalized secret sharing notions and on the hardness of problems like computing discrete logarithm and computational Diffie-Hellman problem over elliptic curves. As they are essentially public-key systems, these schemes are usually proven secure under the semantically secure adaptive chosen cipher-text attack (IND-CCA). ABE has been utilized in solving a number of problems in different application domains including network privacy, broadcast encryption for on-demand television programming, health data access control, cloud security, and verifiable computation. In this survey, we discuss the evolution of ABE, covering significant developments in this area, the applications of ABE across various domains, and the future directions for ABE.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
The system administrator is used in the generic sense and covers other designations like “data owner”, “data base owner”, “system designer”, “reference monitor”, “key generator” and so on.
- 2.
As much as possible the original notation of these seminal papers has been retained as a mark of honor to the inventors of these techniques. Additional notes have been added to help a broader audience to appreciate the nuances of these techniques.
- 3.
Canetti et al. gave the first IBE construction in [10] with slightly weaker security.
- 4.
Private-key Generator as defined previously.
- 5.
Although most ABE techniques in literature primarily work with monotone access structures, as defined next, there are schemes [21] that support non-monotone access structures as well.
- 6.
The choice of random points is essential due to the condition on \(q_x (0)\). A randomly defined polynomial will not satisfy this property.
References
Agrawal, S., Chase, M.: FAME: fast attribute-based message encryption. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS 2017, Dallas, TX, USA, 30 October–03 November 2017, pp. 665–682 (2017). https://doi.org/10.1145/3133956.3134014
Agrawal, S., Chase, M.: Simplifying design and analysis of complex predicate encryption schemes. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10210, pp. 627–656. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-56620-7_22
Akinyele, J.A., Pagano, M.W., Green, M.D., Lehmann, C.U., Peterson, Z.N.J., Rubin, A.D.: Securing electronic medical records using attribute-based encryption on mobile devices. In: Proceedings of the 1st ACM Workshop Security and Privacy in Smartphones and Mobile Devices, Co-located with CCS, SPSM 2011, Chicago, IL, USA, 17 October, pp. 75–86 (2011). https://doi.org/10.1145/2046614.2046628
Attrapadung, N.: Dual system encryption via doubly selective security: framework, fully secure functional encryption for regular languages, and more. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 557–577. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-55220-5_31
Baden, R., Bender, A., Spring, N., Bhattacharjee, B., Starin, D.: Persona: an online social network with user-defined privacy. SIGCOMM Comput. Commun. Rev. 39(4), 135–146 (2009). https://doi.org/10.1145/1594977.1592585
Beimel, A.: Secret-sharing schemes: a survey. In: Chee, Y.W., et al. (eds.) IWCC 2011. LNCS, vol. 6639, pp. 11–46. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-20901-7_2
Bellare, M., Desai, A., Pointcheval, D., Rogaway, P.: Relations among notions of security for public-key encryption schemes. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 26–45. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0055718
Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: IEEE Symposium on Security and Privacy, S&P 2007, Oakland, California, USA, 20–23 May 2007, pp. 321–334 (2007). https://doi.org/10.1109/SP.2007.11
Boneh, D., Franklin, M.: Identity-based encryption from the weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44647-8_13
Canetti, R., Halevi, S., Katz, J.: A forward-secure public-key encryption scheme. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 255–271. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-39200-9_16
Chen, J., Gay, R., Wee, H.: Improved dual system ABE in prime-order groups via predicate encodings. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 595–624. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46803-6_20
Crampton, J., Pinto, A.: Attribute-based encryption for access control using elementary operations. In: 2014 IEEE 27th Computer Security Foundations Symposium, pp. 125–139, July 2014
Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, CCS, Alexandria, VA, USA, 30 October–3 November 2006, pp. 89–98 (2006). https://doi.org/10.1145/1180405.1180418
Green, M.D., Miers, I.: Forward secure asynchronous messaging from puncturable encryption. In: IEEE Symposium on Security and Privacy, SP, San Jose, CA, USA, 17–21 May, pp. 305–320 (2015). https://doi.org/10.1109/SP.2015.26
Joux, A.: The weil and tate pairings as building blocks for public key cryptosystems. In: Fieker, C., Kohel, D.R. (eds.) ANTS 2002. LNCS, vol. 2369, pp. 20–32. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45455-1_3
Joux, A., Nguyen, K.: Separating decision Diffie-Hellman from computational Diffie-Hellman in cryptographic groups. J. Cryptol. 16(4), 239–247 (2003)
Kim, J.Y., Hu, W., Sarkar, D., Jha, S.: ESIoT: Enabling secure management of the Internet of Things. In: Proceedings of the 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2017, pp. 219–229. ACM, New York (2017)
Lewko, A., Waters, B.: Unbounded HIBE and attribute-based encryption. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 547–567. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-20465-4_30
Liu, Z., Cao, Z., Wong, D.S.: Efficient generation of linear secret sharing scheme matrices from threshold access trees. Cryptology ePrint Archive: Listing (2010)
Zeutro LLC. http://www.zeutro.com/
Ostrovsky, R., Sahai, A., Waters, B.: Attribute-based encryption with non-monotonic access structures. In: Proceedings of the ACM Conference on Computer and Communications Security, CCS 2007, Alexandria, Virginia, USA, 28–31 October 2007, pp. 195–203 (2007). https://doi.org/10.1145/1315245.1315270
Rackoff, C., Simon, D.R.: Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 433–444. Springer, Heidelberg (1992). https://doi.org/10.1007/3-540-46766-1_35
Rouselakis, Y., Waters, B.: Practical constructions and new proof methods for large universe attribute-based encryption. In: 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS 2013, Berlin, Germany, 4–8 November 2013, pp. 463–474 (2013). https://doi.org/10.1145/2508859.2516672
Sahai, A., Waters, B.: Fuzzy identity based encryption. IACR Cryptology ePrint Archive 2004, 86 (2004). http://eprint.iacr.org/2004/086
Santos, N., Rodrigues, R., Gummadi, K.P., Saroiu, S.: Policy-sealed data: a new abstraction for building trusted cloud services. In: Proceedings of the 21st USENIX Security Symposium, Bellevue, WA, USA, 8–10 August, pp. 175–188 (2012). https://www.usenix.org/conference/usenixsecurity12/technical-sessions/presentation/santos
Shamir, A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979). https://doi.org/10.1145/359168.359176
Shamir, A.: Identity-based cryptosystems and signature schemes. In: Blakley, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 47–53. Springer, Heidelberg (1985). https://doi.org/10.1007/3-540-39568-7_5
Traynor, P., Butler, K.R.B., Enck, W., McDaniel, P.D.: Realizing massive-scale conditional access systems through attribute-based cryptosystems. In: Proceedings of the Network and Distributed System Security Symposium, NDSS, San Diego, California, USA, 10 February–13 February (2008). http://www.isoc.org/isoc/conferences/ndss/08/papers/06_realizing_massive-scale_conditional.pdf
Waters, B.: Ciphertext-policy attribute-based encryption: an expressive, efficient, and provably secure realization. In: Catalano, D., Fazio, N., Gennaro, R., Nicolosi, A. (eds.) PKC 2011. LNCS, vol. 6571, pp. 53–70. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-19379-8_4
Yao, D., Fazio, N., Dodis, Y., Lysyanskaya, A.: Id-based encryption for complex hierarchies with applications to forward security and broadcast encryption. In: Proceedings of the 11th ACM Conference on Computer and Communications Security, CCS 2004, Washington, DC, USA, 25–29 October 2004, pp. 354–363 (2004). https://doi.org/10.1145/1030083.1030130
Yu, S., Wang, C., Ren, K., Lou, W.: Achieving secure, scalable, and fine-grained data access control in cloud computing. In: INFOCOM 29th IEEE International Conference on Computer Communications, Joint Conference of the IEEE Computer and Communications Societies, San Diego, CA, USA, 15–19 March, pp. 534–542 (2010). https://doi.org/10.1109/INFCOM.2010.5462174
Zhou, Z., Huang, D.: On efficient ciphertext-policy attribute based encryption and broadcast encryption: extended abstract. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, CCS 2010, pp. 753–755. ACM, New York (2010). https://doi.org/10.1145/1866307.1866420
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Bezawada, B., Ray, I. (2018). Attribute-Based Encryption: Applications and Future Directions. In: Samarati, P., Ray, I., Ray, I. (eds) From Database to Cyber Security. Lecture Notes in Computer Science(), vol 11170. Springer, Cham. https://doi.org/10.1007/978-3-030-04834-1_18
Download citation
DOI: https://doi.org/10.1007/978-3-030-04834-1_18
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-04833-4
Online ISBN: 978-3-030-04834-1
eBook Packages: Computer ScienceComputer Science (R0)