Paper 2011/255

Hiding the Policy in Cryptographic Access Control

Sascha Müller and Stefan Katzenbeisser

Abstract

Recently, cryptographic access control has received a lot of attention, mainly due to the availability of efficient \emph{Attribute-Based Encryption (ABE)} schemes. ABE allows to get rid of a trusted reference monitor by enforcing access rules in a cryptographic way. However, ABE has a privacy problem: The access policies are sent in clear along with the ciphertexts. Further generalizing the idea of policy-hiding in cryptographic access control, we introduce \emph{policy anonymity} where -- similar to the well-understood concept of $k$-anonymity -- the attacker can only see a large set of possible policies that might have been used to encrypt, but is not able to identify the one that was actually used. We show that using a concept from graph theory we can extend a known ABE construction to achieve the desired privacy property.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. This is the full version of the eponymous paper published at the 7th International Workshop on Security and Trust Management (STM '11)
Keywords
access controlprivacytree majorsabeanonymityhidden policies
Contact author(s)
mueller @ seceng informatik tu-darmstadt de
History
2011-05-25: received
Short URL
https://ia.cr/2011/255
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2011/255,
      author = {Sascha Müller and Stefan Katzenbeisser},
      title = {Hiding the Policy in Cryptographic Access Control},
      howpublished = {Cryptology ePrint Archive, Paper 2011/255},
      year = {2011},
      note = {\url{https://eprint.iacr.org/2011/255}},
      url = {https://eprint.iacr.org/2011/255}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.