Ciphertext-Policy Attribute-Based Encryption review

Muhannad Darnasser

1.

INTRODUCTION

The evolve of the cloud, the increase need to secure data, and the dynamic nature of applications made it hard for traditional encryption schemes to cover all those needs. Key management issues and large number of users who wants to decrypt the les also introduced extra overhead over those scheme. Therefore, there was a need to introduce a new scheme that aord better solutions for such issues. CiphertextPolict Attribute-Based Encryption (CP-ABE) is a public key scheme in which there is one encryption key and many decryption keys. The idea behind the scheme is to encrypt for users privileges not entities. In this way the user can encrypt les for users who do not exist yet in the system. The system uses a Bilinear Map system to achieve its goals.

While in DDHP ifw e have three numbers A = g a , B = g b , C = g c Z can we decide if c = ab. This can be solved easily using bilinear maps. Using bilinear maps we need only to show that e(g a , g b ) = e(g, g c ) (3)

3.

CP-ABE

2.

BILINEAR MAPS

A Bilinear map[1] e is a mapping function dened as e : G1 G2 G3 such that for all u G1 , v G2 , a, b Z, e(ua , v b ) = e(u, v )ab . (1)

CP-ABE [2] maintain a list of users U and a list of attributes A that denes those users. Each user will be assigned a subset of attributes that denes his privileges. When a manager wants to encrypt a le, he will rst construct the access policy as a tree where the leaves are the attributes that allows the users to access the le. The root will contain the secret key that can decrypt the le. So when a user tries to access a le, the system will match his attributes that associated with his key. If those attributes satises the access policy associated with the le, the system will decrypt the le, otherwise it will not be decrypted.

.
In order to achieve this, CP-ABE oers ve functions to be used by the users. First the data owner needs to use the Setup function that will choose a random bilinear group G0 of prime order p and generator g . It will return a Master key (, g ) and a public key P K = G0 , g, h = g , f = g 1/ , e(g, g ) .

Where G1 , G2 , and G3 are cyclic groups of the same order. We are going to use a special kind of Bilinear Maps called Admissible in which case e(g1 , g2 ) is a generator in G3 where g1 , g2 are generators for groups G1 , G2 respectively. Also in our case G1 = G2 = G.

.
Bilinear maps has many applications in modern cryptography, taking two cases intro consideration which are Computational Die-Hellman problem (CDHP)[1, 3] and Decisional Die-Hellman problem (DDHP)[1, 3]. In CDHP, if we have two numbers A = g a , B = g b Zp , can we nd a third number C such that C = g c where c = ab. We can use bilinear maps to move this problem from G domain to G3 domain and instead of solving two discrete logarithm problems, we can solve one. e(g a , g b ) = e(g, g )ab = e(g, g )c = e(g, g c ) (2)

.
Encrypt(PK,M, ) that takes the public key P K , the message M , and the access policy and generates an encrypted le with access policy associated with it.

.
KeyGen(MK,S ) is a function that takes the master key MK and an attribute list S to generate a user key with privileges S .

.
Decrypt(CT,SK,x) This function is a recursive function that is used to extract the secret key associated with the le CT to be able to decrypt it using the public key with the user private key.

.
Copyright 2010 ACM X-XXXXX-XX-X/XX/XX ...$10.00.

Delegate(SK,S) is a function that enables a user to generate another private key using his own private key but with privileges less than or equal to his own privileges. This func-

tion can be used to delegate some or all privileges to another user.

.
On the other hand, user revocation and key management is an issue in CP-ABE because removing a new user will force the data owner to regenerate and redistribute all keys and les. Therefore, an improvement was introduced in [?] ro improve user revocation and key management in ABE schemes.

4.

AFTER CP-ABE

CP-ABE [2] was introduced as an improvement over KPABE which associate the access policy with the private key and the attributes are associated with the les. But this scheme does not give control over who can see what because the data owner will not control the policy access. Therefore CP-ABE was introduced. But still CP-ABE is not a complete system, it lacks user and key revocation management. Also it needs a ne grain access control. In the introduced CP-ABE all the attributes associated with the user are at, there is no way to group some attributes and prevent collision between those attributes there for a scheme in [?] was introduced to provide a Hierarchical access policy tree to improve CP-ABE.

5.

REFERENCES

[1] J. Bethencourt. Intro to bilinear maps, 2012. [2] J. Bethencourt, A. Sahai, and B. Waters. Ciphertext-policy attribute-based encryption. In Proceedings of the 2007 IEEE Symposium on Security and Privacy, SP 07, pages 321334, Washington, DC, USA, 2007. IEEE Computer Society. [3] Stanford. The pairing-based crypto lounge, 2012.