Skip to main content
SpringerLink
Log in
Book cover

From Database to Cyber Security pp 353–374Cite as

Attribute-Based Encryption: Applications and Future Directions

  • Chapter
  • First Online:

  • 1963 Accesses

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11170))

Abstract

This survey focuses on the cryptographic access control technique, attribute-based encryption (ABE), its applications and future directions. Since its inception, there has been a tremendous interest in applying this technique to solve various problems related to access control. Significant research efforts have been devoted to design efficient constructions and operational parameters to suit various applications. The main functionality of ABE is to enforce cryptographic access control with help of policies specified over a set of system defined attributes. A key generator maps the attributes, in an access policy, into encryption and decryption keys for a resource access request. ABE is categorized into Key-Policy ABE (KP-ABE) and Cipher-text Policy ABE (CP-ABE), depending on the approach used to map the attributes to the encryption and decryption keys. Implementations of ABE have relied on mathematical primitives such as elliptic curves, pairing functions, generalized secret sharing notions and on the hardness of problems like computing discrete logarithm and computational Diffie-Hellman problem over elliptic curves. As they are essentially public-key systems, these schemes are usually proven secure under the semantically secure adaptive chosen cipher-text attack (IND-CCA). ABE has been utilized in solving a number of problems in different application domains including network privacy, broadcast encryption for on-demand television programming, health data access control, cloud security, and verifiable computation. In this survey, we discuss the evolution of ABE, covering significant developments in this area, the applications of ABE across various domains, and the future directions for ABE.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    The system administrator is used in the generic sense and covers other designations like “data owner”, “data base owner”, “system designer”, “reference monitor”, “key generator” and so on.

  2. 2.

    As much as possible the original notation of these seminal papers has been retained as a mark of honor to the inventors of these techniques. Additional notes have been added to help a broader audience to appreciate the nuances of these techniques.

  3. 3.

    Canetti et al. gave the first IBE construction in [10] with slightly weaker security.

  4. 4.

    Private-key Generator as defined previously.

  5. 5.

    Although most ABE techniques in literature primarily work with monotone access structures, as defined next, there are schemes [21] that support non-monotone access structures as well.

  6. 6.

    The choice of random points is essential due to the condition on \(q_x (0)\). A randomly defined polynomial will not satisfy this property.

References

  1. Agrawal, S., Chase, M.: FAME: fast attribute-based message encryption. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS 2017, Dallas, TX, USA, 30 October–03 November 2017, pp. 665–682 (2017). https://doi.org/10.1145/3133956.3134014

  2. Agrawal, S., Chase, M.: Simplifying design and analysis of complex predicate encryption schemes. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10210, pp. 627–656. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-56620-7_22

    Chapter  Google Scholar 

  3. Akinyele, J.A., Pagano, M.W., Green, M.D., Lehmann, C.U., Peterson, Z.N.J., Rubin, A.D.: Securing electronic medical records using attribute-based encryption on mobile devices. In: Proceedings of the 1st ACM Workshop Security and Privacy in Smartphones and Mobile Devices, Co-located with CCS, SPSM 2011, Chicago, IL, USA, 17 October, pp. 75–86 (2011). https://doi.org/10.1145/2046614.2046628

  4. Attrapadung, N.: Dual system encryption via doubly selective security: framework, fully secure functional encryption for regular languages, and more. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 557–577. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-55220-5_31

    Chapter  Google Scholar 

  5. Baden, R., Bender, A., Spring, N., Bhattacharjee, B., Starin, D.: Persona: an online social network with user-defined privacy. SIGCOMM Comput. Commun. Rev. 39(4), 135–146 (2009). https://doi.org/10.1145/1594977.1592585

    Article  Google Scholar 

  6. Beimel, A.: Secret-sharing schemes: a survey. In: Chee, Y.W., et al. (eds.) IWCC 2011. LNCS, vol. 6639, pp. 11–46. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-20901-7_2

    Chapter  Google Scholar 

  7. Bellare, M., Desai, A., Pointcheval, D., Rogaway, P.: Relations among notions of security for public-key encryption schemes. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 26–45. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0055718

    Chapter  Google Scholar 

  8. Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: IEEE Symposium on Security and Privacy, S&P 2007, Oakland, California, USA, 20–23 May 2007, pp. 321–334 (2007). https://doi.org/10.1109/SP.2007.11

  9. Boneh, D., Franklin, M.: Identity-based encryption from the weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44647-8_13

    Chapter  Google Scholar 

  10. Canetti, R., Halevi, S., Katz, J.: A forward-secure public-key encryption scheme. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 255–271. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-39200-9_16

    Chapter  Google Scholar 

  11. Chen, J., Gay, R., Wee, H.: Improved dual system ABE in prime-order groups via predicate encodings. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 595–624. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46803-6_20

    Chapter  Google Scholar 

  12. Crampton, J., Pinto, A.: Attribute-based encryption for access control using elementary operations. In: 2014 IEEE 27th Computer Security Foundations Symposium, pp. 125–139, July 2014

    Google Scholar 

  13. Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, CCS, Alexandria, VA, USA, 30 October–3 November 2006, pp. 89–98 (2006). https://doi.org/10.1145/1180405.1180418

  14. Green, M.D., Miers, I.: Forward secure asynchronous messaging from puncturable encryption. In: IEEE Symposium on Security and Privacy, SP, San Jose, CA, USA, 17–21 May, pp. 305–320 (2015). https://doi.org/10.1109/SP.2015.26

  15. Joux, A.: The weil and tate pairings as building blocks for public key cryptosystems. In: Fieker, C., Kohel, D.R. (eds.) ANTS 2002. LNCS, vol. 2369, pp. 20–32. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45455-1_3

    Chapter  Google Scholar 

  16. Joux, A., Nguyen, K.: Separating decision Diffie-Hellman from computational Diffie-Hellman in cryptographic groups. J. Cryptol. 16(4), 239–247 (2003)

    Article  MathSciNet  Google Scholar 

  17. Kim, J.Y., Hu, W., Sarkar, D., Jha, S.: ESIoT: Enabling secure management of the Internet of Things. In: Proceedings of the 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2017, pp. 219–229. ACM, New York (2017)

    Google Scholar 

  18. Lewko, A., Waters, B.: Unbounded HIBE and attribute-based encryption. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 547–567. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-20465-4_30

    Chapter  Google Scholar 

  19. Liu, Z., Cao, Z., Wong, D.S.: Efficient generation of linear secret sharing scheme matrices from threshold access trees. Cryptology ePrint Archive: Listing (2010)

    Google Scholar 

  20. Zeutro LLC. http://www.zeutro.com/

  21. Ostrovsky, R., Sahai, A., Waters, B.: Attribute-based encryption with non-monotonic access structures. In: Proceedings of the ACM Conference on Computer and Communications Security, CCS 2007, Alexandria, Virginia, USA, 28–31 October 2007, pp. 195–203 (2007). https://doi.org/10.1145/1315245.1315270

  22. Rackoff, C., Simon, D.R.: Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 433–444. Springer, Heidelberg (1992). https://doi.org/10.1007/3-540-46766-1_35

    Chapter  Google Scholar 

  23. Rouselakis, Y., Waters, B.: Practical constructions and new proof methods for large universe attribute-based encryption. In: 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS 2013, Berlin, Germany, 4–8 November 2013, pp. 463–474 (2013). https://doi.org/10.1145/2508859.2516672

  24. Sahai, A., Waters, B.: Fuzzy identity based encryption. IACR Cryptology ePrint Archive 2004, 86 (2004). http://eprint.iacr.org/2004/086

  25. Santos, N., Rodrigues, R., Gummadi, K.P., Saroiu, S.: Policy-sealed data: a new abstraction for building trusted cloud services. In: Proceedings of the 21st USENIX Security Symposium, Bellevue, WA, USA, 8–10 August, pp. 175–188 (2012). https://www.usenix.org/conference/usenixsecurity12/technical-sessions/presentation/santos

  26. Shamir, A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979). https://doi.org/10.1145/359168.359176

    Article  MathSciNet  MATH  Google Scholar 

  27. Shamir, A.: Identity-based cryptosystems and signature schemes. In: Blakley, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 47–53. Springer, Heidelberg (1985). https://doi.org/10.1007/3-540-39568-7_5

    Chapter  Google Scholar 

  28. Traynor, P., Butler, K.R.B., Enck, W., McDaniel, P.D.: Realizing massive-scale conditional access systems through attribute-based cryptosystems. In: Proceedings of the Network and Distributed System Security Symposium, NDSS, San Diego, California, USA, 10 February–13 February (2008). http://www.isoc.org/isoc/conferences/ndss/08/papers/06_realizing_massive-scale_conditional.pdf

  29. Waters, B.: Ciphertext-policy attribute-based encryption: an expressive, efficient, and provably secure realization. In: Catalano, D., Fazio, N., Gennaro, R., Nicolosi, A. (eds.) PKC 2011. LNCS, vol. 6571, pp. 53–70. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-19379-8_4

    Chapter  Google Scholar 

  30. Yao, D., Fazio, N., Dodis, Y., Lysyanskaya, A.: Id-based encryption for complex hierarchies with applications to forward security and broadcast encryption. In: Proceedings of the 11th ACM Conference on Computer and Communications Security, CCS 2004, Washington, DC, USA, 25–29 October 2004, pp. 354–363 (2004). https://doi.org/10.1145/1030083.1030130

  31. Yu, S., Wang, C., Ren, K., Lou, W.: Achieving secure, scalable, and fine-grained data access control in cloud computing. In: INFOCOM 29th IEEE International Conference on Computer Communications, Joint Conference of the IEEE Computer and Communications Societies, San Diego, CA, USA, 15–19 March, pp. 534–542 (2010). https://doi.org/10.1109/INFCOM.2010.5462174

  32. Zhou, Z., Huang, D.: On efficient ciphertext-policy attribute based encryption and broadcast encryption: extended abstract. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, CCS 2010, pp. 753–755. ACM, New York (2010). https://doi.org/10.1145/1866307.1866420

Download references

Author information

Authors and Affiliations

  1. Computer Science Department, Colorado State University, Fort Collins, CO, 80523, USA

    Bruhadeshwar Bezawada & Indrakshi Ray

Authors
  1. Bruhadeshwar Bezawada
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Indrakshi Ray
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Bruhadeshwar Bezawada .

Editor information

Editors and Affiliations

  1. Università degli Studi di Milano, Milano, Italy

    Pierangela Samarati

  2. Colorado State University, Fort Collins, CO, USA

    Indrajit Ray

  3. Colorado State University, Fort Collins, CO, USA

    Indrakshi Ray

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Bezawada, B., Ray, I. (2018). Attribute-Based Encryption: Applications and Future Directions. In: Samarati, P., Ray, I., Ray, I. (eds) From Database to Cyber Security. Lecture Notes in Computer Science(), vol 11170. Springer, Cham. https://doi.org/10.1007/978-3-030-04834-1_18

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-04834-1_18

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-04833-4

  • Online ISBN: 978-3-030-04834-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation