Security Analysis for a Revocable Multi-Authority ABE-Attribute-Based Mechanism

International Journal of Electronics and Communication Engineering
© 2024 by SSRG - IJECE Journal
Volume 11 Issue 3
Year of Publication : 2024
Authors : Addapalli V.N. Krishna, P.R. Ancy
pdf
How to Cite?

Addapalli V.N. Krishna, P.R. Ancy, "Security Analysis for a Revocable Multi-Authority ABE-Attribute-Based Mechanism," SSRG International Journal of Electronics and Communication Engineering, vol. 11,  no. 3, pp. 24-30, 2024. Crossref, https://doi.org/10.14445/23488549/IJECE-V11I3P103

Abstract:

Due to the tremendous increase in data, groups or even organizations are storing data with third-party providers to solve storage problems. Ciphertext policy attribute based encryption helps to outsource data, which means encrypt the data at the data owner’s end and uploading it to third-party storage with some access policy. In normal Identity-based encryption, if a data owner wants to send information to a data user, it will be sent with some identity of the data user, such as mail id, so that only that particular user can read the message. The main problem is that the data owner should know each user’s identity. For instance, in some organizations where a data owner wants to send a message to a group of people with an identical designation, it can be sent with the help of the user’s attribute using attribute-based encryption. Here, the data owner does not need to know the specific details of each user; instead, with the help of attributes and the provided access policy, they can access this message. This research mainly focuses on three aspects of CP-ABE: access policy, number of attribute authorities, and revocation. When it comes to access policy, the currently existing access policies are not secure due to their linearity in nature because shares are always calculated using the same linear equation. So, for this problem, this work has developed a non-linear SS- secret-sharing model that increases the confidentiality of the model.

Keywords:

MA-ABE, Elliptic Curve Cryptography (ECC), Access policy, Revocation, Lagrange interpolation.

References:

[1] Amit Sahai, and Brent Waters, “Fuzzy Identity-Based Encryption,” Advances in Cryptology–EUROCRYPT 2005: 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, pp. 457-473, 2005.
[CrossRef] [Google Scholar] [Publisher Link]
[2] Melissa Chase, “Multi-Authority Attribute-Based Encryption,” Theory of Cryptography: 4th Theory of Cryptography Conference, pp. 515- 534, 2007.
[CrossRef] [Google Scholar] [Publisher Link]
[3] Jianghong Wei, Wenfen Liu, and Xuexian Hu, “Secure and Efficient Attribute-Based Access Control for Multiauthority Cloud Storage,” IEEE Systems Journal, vol. 12, no. 2, pp. 1731-1742, 2018.
[CrossRef] [Google Scholar] [Publisher Link]
[4] John Bethencourt, Amit Sahai, and Brent Waters, “Ciphertext-Policy Attribute-Based Encryption,” 2007 IEEE Symposium on Security and Privacy (SP’07), Berkeley, USA, pp. 321-334, 2007.
[CrossRef] [Google Scholar] [Publisher Link]
[5] Mohammad Ali et al., “A Fully Distributed Hierarchical Attribute-Based Encryption Scheme,” Theoretical Computer Science, vol. 815, pp. 25-46, 2020.
[CrossRef] [Google Scholar] [Publisher Link]
[6] Jin Li et al., “Secure Attribute-Based Data Sharing for Resource-Limited Users in Cloud Computing,” Computers & Security, vol. 72, pp. 1-12, 2018.
[CrossRef] [Google Scholar] [Publisher Link]
[7] Caimei Wang et al., “A Personal Privacy Data Protection Scheme for Encryption and Revocation of High-Dimensional Attribute Domains,” IEEE Access, vol. 11, pp. 82989-83003, 2023.
[CrossRef] [Google Scholar] [Publisher Link]
[8] Alex Chiquito, Ulf Bodin, and Olov Schelén, “Attribute-Based Approaches for Secure Data Sharing in Industrial Contexts,” IEEE Access, vol. 11, pp. 10180-10195, 2023.
[CrossRef] [Google Scholar] [Publisher Link]
[9] Hua Shen et al., “Multi-Keywords Searchable Attribute-Based Encryption with Verification and Attribute Revocation over Cloud Data,” IEEE Access, vol. 11, pp. 139715-139727, 2023.
[CrossRef] [Google Scholar] [Publisher Link]
[10] Suryakanta Panda et al., “Secure Access Privilege Delegation Using Attribute-Based Encryption,” International Journal of Information Security, vol. 22, no. 5, pp. 1261-1276, 2023.
[CrossRef] [Google Scholar] [Publisher Link]
[11] Chunpeng Ge et al., “Revocable Attribute-Based Encryption with Data Integrity in Clouds,” IEEE Transactions on Dependable and Secure Computing, vol. 19, no. 5, pp. 2864-2872, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[12] Yi Wu et al., “Efficient Access Control with Traceability and User Revocation in IoT,” Multimedia Tools and Applications, vol. 80, no. 20, pp. 31487-31508, 2021.
[CrossRef] [Google Scholar] [Publisher Link]
[13] A. Beimel, and Y. Ishai, “On the Power of Nonlinear Secret-Sharing,” Proceedings 16th Annual IEEE Conference on Computational Complexity, Chicago, USA, pp. 188-202, 2001.
[CrossRef] [Google Scholar] [Publisher Link]
[14] Nishant Doshi, and Reema Patel, “An Improved Approach in CP-ABE with Proxy Re-Encryption,” e-Prime - Advances in Electrical Engineering, Electronics and Energy, vol. 2, pp. 1-5, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[15] Zechao Liu et al., “Practical Attribute-Based Encryption: Outsourcing Decryption, Attribute Revocation and Policy Updating,” Journal of Network and Computer Applications, vol. 108, pp. 112-123, 2018.
[CrossRef] [Google Scholar] [Publisher Link]
[16] Kamalakanta Sethi, Ankit Pradhan, and Padmalochan Bera, “Practical Traceable Multi-Authority CP-ABE with Outsourcing Decryption and Access Policy Updation,” Journal of Information Security and Applications, vol. 51, 2020.
[CrossRef] [Google Scholar] [Publisher Link]
[17] Kan Yang et al., “DAC-MACS: Effective Data Access Control for Multi-Authority Cloud Storage Systems,” 2013 Proceedings IEEE INFOCOM, Turin, Italy, pp. 2895-2903, 2013.
[CrossRef] [Google Scholar] [Publisher Link]
[18] Melissa Chase, and Sherman S.M. Chow, “Improving Privacy and Security in Multi-Authority Attribute-Based Encryption,” Proceedings of the 16th ACM Conference on Computer and Communications Security, pp. 121-130, 2009.
[CrossRef] [Google Scholar] [Publisher Link]