TY - GEN
T1 - Accountable multi-authority ciphertext-policy attribute-based encryption without key escrow and key abuse
AU - Yu, Gang
AU - Ma, Xiaoxiao
AU - Cao, Zhenfu
AU - Zhu, Weihua
AU - Zeng, Junjie
N1 - Publisher Copyright:
© 2017, Springer International Publishing AG.
PY - 2017
Y1 - 2017
N2 - Ciphertext-policy attribute-based encryption (CP-ABE) is a promising public key encryption primitive enabling fine-grained access control on shared data in public cloud. However, two quite challenging issues, the prevention of key escrow and key abuse, still exist in CP-ABE system. In this paper, we propose a multi-authority CP-ABE scheme without key escrow and key abuse. To prevent key escrow, multiple authorities are employed to perform the same procedure of key generation for an attribute. Thus, no individual authority or colluded authorities that manage no common attribute can decrypt any ciphertext, and it can also resist collusion attack from curious authority with the help of dishonest users. To prevent key abuse of dishonest users, user’s global identifier along with a signature is embedded into the secret key. Thus, any third party can learn the identity from a shared secret key and publicly verify its validity. An advantage of simultaneously preventing key escrow and key abuse is that the proposed scheme can achieve accountability, i.e. an auditor can publicly audit a user or authorities abuse the secret key. At last, the proposed scheme is fully secure in the random oracle model, and due to a key aggregate algorithm its efficiency is comparable to the decentralizing CP-ABE scheme [18] on which it is based.
AB - Ciphertext-policy attribute-based encryption (CP-ABE) is a promising public key encryption primitive enabling fine-grained access control on shared data in public cloud. However, two quite challenging issues, the prevention of key escrow and key abuse, still exist in CP-ABE system. In this paper, we propose a multi-authority CP-ABE scheme without key escrow and key abuse. To prevent key escrow, multiple authorities are employed to perform the same procedure of key generation for an attribute. Thus, no individual authority or colluded authorities that manage no common attribute can decrypt any ciphertext, and it can also resist collusion attack from curious authority with the help of dishonest users. To prevent key abuse of dishonest users, user’s global identifier along with a signature is embedded into the secret key. Thus, any third party can learn the identity from a shared secret key and publicly verify its validity. An advantage of simultaneously preventing key escrow and key abuse is that the proposed scheme can achieve accountability, i.e. an auditor can publicly audit a user or authorities abuse the secret key. At last, the proposed scheme is fully secure in the random oracle model, and due to a key aggregate algorithm its efficiency is comparable to the decentralizing CP-ABE scheme [18] on which it is based.
KW - Accountability
KW - Attribute-based encryption
KW - Key abuse
KW - Key escrow
KW - Multi-authority
KW - Traceability
UR - https://www.scopus.com/pages/publications/85034227184
U2 - 10.1007/978-3-319-69471-9_25
DO - 10.1007/978-3-319-69471-9_25
M3 - 会议稿件
AN - SCOPUS:85034227184
SN - 9783319694702
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 337
EP - 351
BT - Cyberspace Safety and Security - 9th International Symposium, CSS 2017, Proceedings
A2 - Wu, Wei
A2 - Castiglione, Aniello
A2 - Wen, Sheng
PB - Springer Verlag
T2 - 9th International Symposium on Cyberspace Safety and Security, CSS 2017
Y2 - 23 October 2017 through 25 October 2017
ER -