Browse > Article
http://dx.doi.org/10.3837/tiis.2021.09.011

Fine-Grained and Traceable Key Delegation for Ciphertext-Policy Attribute-Based Encryption  

Du, Jiajie (College of Mathematics and System Science, Xinjiang University)
HelIl, Nurmamat (College of Mathematics and System Science, Xinjiang University)
Publication Information
KSII Transactions on Internet and Information Systems (TIIS) / v.15, no.9, 2021 , pp. 3274-3297 More about this Journal
Abstract
Permission delegation is an important research issue in access control. It allows a user to delegate some of his permissions to others to reduce his workload, or enables others to complete some tasks on his behalf when he is unavailable to do so. As an ideal solution for controlling read access on outsourced data objects on the cloud, Ciphertext-Policy Attribute-Based Encryption (CP-ABE) has attracted much attention. Some existing CP-ABE schemes handle the read permission delegation through the delegation of the user's private key to others. Still, these schemes lack the further consideration of granularity and traceability of the permission delegation. To this end, this article proposes a flexible and fine-grained CP-ABE key delegation approach that supports white-box traceability. In this approach, the key delegator first examines the relations between the data objects, read permission thereof that he intends to delegate, and the attributes associated with the access policies of these data objects. Then he chooses a minimal attribute set from his attributes according to the principle of least privilege. He constructs the delegation key with the minimal attribute set. Thus, we can achieve the shortest delegation key and minimize the time of key delegation under the premise of guaranteeing the delegator's access control requirement. The Key Generation Center (KGC) then embeds the delegatee's identity into the key to trace the route of the delegation key. Our approach prevents the delegatee from combining his existing key with the new delegation key to access unauthorized data objects. Theoretical analysis and test results show that our approach helps the KGC transfer some of its burdensome key generation tasks to regular users (delegators) to accommodate more users.
Keywords
CP-ABE; permission delegation; key delegation; minimal attribute set; white-box traceability;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Liu Z, Cao Z, Wong D S, "White-Box Traceable Ciphertext-Policy Attribute-Based Encryption Supporting Any Monotone Access Structures," IEEE Transactions on Information Forensics & Security, vol. 1, no. 8, pp. 76-88, Jan. 2013.
2 Wei Z, Jian S, Feng-Yu Y, et al., "Delegation Model Based on Delegation Depth and Role Range," Computer Engineering, vol. 36, no. 1, pp. 136-138, Jan. 2010.   DOI
3 Park S Y, Lee S H., "ID-Based Access Control and Authority Delegations," in Proc. of Embedded and Ubiquitous Computing - EUC 2005 Workshops, EUC 2005 Workshops: UISW, NCUS, SecUbiq, USN, and TAUES, Nagasaki, Japan, pp. 6-9, Dec. 2005.
4 Ben-Ghorbel-Talbi M, Frederic Cuppens, Cuppens-Boulahia N, et al., "A delegation model for extended RBAC," International Journal of Information Security, vol. 9, pp. 209-236, May. 2010.   DOI
5 Yu G, Wang Y, Cao Z, Lin J, & Wang X, "Traceable and undeniable ciphertext-policy attribute-based encryption for cloud storage service," International Journal of Distributed Sensor Networks, vol. 15, no. 4, pp. 1-10, April. 2019.
6 Chunxiao Y E, Yunqing F U, et al., "Study on Delegation Revocation in Attribute Supported Delegation Model," Computer Science, vol. 6, no. 37, pp. 217-219, 2010.   DOI
7 Ning J, Cao Z, Dong X, Wei L, Lin X, "Large Universe Ciphertext-Policy Attribute-Based Encryption with White-Box Traceability," Lecture Notes in Computer Science, vol. 8713, pp.55-72, 2014.
8 Ning J, Cao Z, Dong X, et al., "White-Box Traceable CP-ABE for Cloud Storage Service: How to Catch People Leaking Their Access Credentials Effectively," IEEE Transactions on Dependable and Secure Computing, vol. 15, no. 5, pp. 883-897, Sept. 2018..   DOI
9 Jiang Y, Susilo W, Mu Y, et al., "Ciphertext-policy attribute-based encryption against key-delegation abuse in fog computing," Future Generation Computer Systems, vol. 78, no. PT.2, pp. 720-729, Jan. 2018.   DOI
10 Alibakhshikenari M, Babaeian F, Virdee B S, et al., "A Comprehensive Survey on 'Various Decoupling Mechanisms with Focus on Metamaterial and Metasurface Principles Applicable to SAR and MIMO Antenna Systems'," IEEE Access, vol. 8, pp. 192965-193004, Oct. 2020.   DOI
11 Alibakhshikenari, M., Virdee, B., Shukla, P., See, C., Abd-Alhameed, R., Khalily, M., Limiti, E., "Antenna Mutual Coupling Suppression Over Wideband Using Embedded Periphery Slot for Antenna Arrays," Electronics, vol. 7, no. 9, pp. 198-209, Sept. 2018.   DOI
12 Bethencourt J, Sahai A, Waters B., "Ciphertext-Policy Attribute-Based Encryption," in Proc. of IEEE Symposium on Security & Privacy, IEEE, pp.321-334.
13 Liu Z, Wong D.S., "Traceable CP-ABE on Prime Order Groups: Fully Secure and Fully Collusion-Resistant Blackbox Traceable," Qing S, Okamoto E, Kim K, Liu D. (eds) Information and Communications Security. ICICS 2015. Lecture Notes in Computer Science, vol. 9543, pp. 109-124, March. 2016.
14 Shamir A, "Identity-Based Cryptosystems and Signature Schemes," Crypto'84, Berlin, Heidelberg, Springer, vol.196, pp. 47-53, 1984.
15 Alibakhshikenari, M, Virdee, B. S, & Limiti, E, "Compact Single-Layer Traveling-Wave Antenna DesignUsing Metamaterial Transmission Lines," Radio Science, vol. 52, no. 12, pp. 1510-1521, Dec. 2017.   DOI
16 Liang X, Cao Z, Lin H, & Shao J, "Attribute based proxy re-encryption with delegating capabilities," in Proc. of International Symposium on Information, Computer, and Communications Security, Shanghai Jiao Tong University, pp. 276-286, 2009.
17 Zhang, X., Oh, S., & Sandhu, R. S., "PBDM: a flexible delegation model in RBAC," in Proc. of Symposium on Sacmat, DBLP, June, pp. 149-157, 2003.
18 Chunxiao Y, Zhongfu W, Yunqing F, et al., "An Attribute-Based Extended Delegation Model," Journal of Computer Research and Development, vol. 6, no. 43, pp. 1050-1057, 2006.
19 Yan Xixi, He Xu, Liu Tao, Ye Qing, Yu Jinxia, Tang Yongli, "Traceable attribute-based encryption scheme to resist key delegation abuse," Journal of Communications, vol. 41, no. 4, pp. 150-161, 2020.
20 Sahai A., Waters B., "Fuzzy Identity-Based Encryption," in Proc. of Cramer R. (eds) Advances in Cryptology - EUROCRYPT 2005. EUROCRYPT 2005. Lecture Notes in Computer Science, Springer, Berlin, Heidelberg, vol. 3494, no. pp. 457-473, 2005.
21 L. Zhang, G. J. Ahn, B. T. Chu, "A Rule-Based Framework for Role-Based Delegation and Revocation," ACM Transactions on Information and System Security, vol. 6, no. 3, pp.404-441, August 2003.   DOI
22 Qiao H, Ba H, Zhou H, et al., "Practical, Provably Secure, and Black-Box Traceable CP-ABE for Cryptographic Cloud Storage," Symmetry, vol. 10, no. 10, pp. 482-499, Oct. 2018.   DOI
23 Wang S, Guo K, Zhang Y, "Traceable ciphertext-policy attribute-based encryption scheme with attribute level user revocation for cloud storage," PLoS ONE, vol. 13, no. 10, pp.1-23, Sept. 2018.
24 Alibakhshikenari, Virdee, See, Abd-Alhameed, Falcone, and Limiti, "High-Isolation Leaky-Wave Array Antenna Based on CRLH-Metamaterial Implemented on SIW with ±30o Frequency Beam-Scanning Capability at Millimetre-Waves," Electronics, vol. 8, no. 6, pp. 642-657, Jun. 2019.   DOI
25 Guan Z, Li J, Zhang Y, et al., "An efficient Traceable Access Control Scheme with Reliable Key Delegation in Mobile Cloud Computing," EURASIP Journal on Wireless Communications and Networking, vol. 2016, pp. 208, Sept. 2016.   DOI
26 Zhang, W, Wu, Y, Zhang, Z, Xiong, H, & Qin, Z, "Multi-Authority Ciphertext-Policy Attribute Based Encryption with Accountability," ArXiv, vol. abs/2009.04748, Sept. 2020.
27 Li, H, Deng, L, Yang, C, & Liu, J, "An enhanced media ciphertext-policy attribute-based encryption algorithm on media cloud," International Journal of Distributed Sensor Networks, vol. 16, no. 2,pp. 1-15, Feb. 2020
28 Y.-H. Wei, C.-E. Wang, M.-X. Ma, "Delegation authorization mechanism for workflow system," Computer Integrated Manufacturing Systems, vol. 1, no. 15, pp. 160-159, March. 2009.
29 Alibakhshikenari M, Virdee, B. S, Ali A, and Limiti E., "Extended Aperture Miniature Antenna Based on CRLH Metamaterials for Wireless Communication Systems Operating Over UHF to C-Band," Radio Science, vol. 53, no. 2, pp.154-165, Jan. 2018.   DOI
30 Chun Ruan, Vijay Varadharajan, "Dynamic Delegation Framework for Role Based Access Control in Distributed Data Management Systems," Distributed & Parallel Databases, vol. 32, pp. 245-269, 2014.   DOI
31 Alibakhshi-Kenari M, Naser-Moghadasi M, Sadeghzadeh R. A, Virdee B. S, and Limiti E, "A new planar broadband antenna based on meandered line loops for portable wireless communication devices," Radio Science, vol. 51, no. 7, pp.1109-1117, Jul. 2016.   DOI
32 Goyal, V., et al., "Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data," in Proc. of ACM Conference on Computer and Communications Security, pp.89-98. Oct. 2006.
33 Barka E, Sandhu R., "Role-Based Delegation Model/ Hierarchical Roles (RBDM1)," in Proc. of Computer Security Applications Conference, IEEE, 2010.
34 Schaad, A., "Detecting conflicts in a role-based delegation model," Computer Security Applications Conference, IEEE, 2001.
35 Crampton J, Khambhammettu H, "Delegation in role-based access control," International Journal of Information Security, vol. 7, pp. 123-136, 2008.   DOI
36 Yan H, "A new role-to-role delegation model," in Proc. of The 2nd International Conference on Information Science and Engineering, pp. 1-4, Dec. 2010.
37 Sandhu R, Coyne E, Feinstein H, et al., "Role-Based Access Control Models," IEEE Computer, vol. 2, no. 29, pp.38-47, 1996.
38 Ghorbel-Talbi M B, Cuppens F, Cuppens-Boulahia N, et al., "Managing Delegation in Access Control Models," in Proc. of 15th International Conference on Advanced Computing and Communications, pp. 744-751, Dec. 2007.