Cryptology ePrint Archive: Report 2011/255

Hiding the Policy in Cryptographic Access Control

Sascha Müller and Stefan Katzenbeisser

Abstract: Recently, cryptographic access control has received a lot of attention, mainly due to the availability of efficient \emph{Attribute-Based Encryption (ABE)} schemes. ABE allows to get rid of a trusted reference monitor by enforcing access rules in a cryptographic way. However, ABE has a privacy problem: The access policies are sent in clear along with the ciphertexts. Further generalizing the idea of policy-hiding in cryptographic access control, we introduce \emph{policy anonymity} where -- similar to the well-understood concept of $k$-anonymity -- the attacker can only see a large set of possible policies that might have been used to encrypt, but is not able to identify the one that was actually used. We show that using a concept from graph theory we can extend a known ABE construction to achieve the desired privacy property.

Category / Keywords: cryptographic protocols / access control, privacy, tree majors, abe, anonymity, hidden policies

Publication Info: This is the full version of the eponymous paper published at the 7th International Workshop on Security and Trust Management (STM '11)

Date: received 24 May 2011, last revised 24 May 2011

Contact author: mueller at seceng informatik tu-darmstadt de

Available format(s): PDF | BibTeX Citation

Version: 20110525:063141 (All versions of this report)

Short URL: ia.cr/2011/255