Paper 2017/1102

ID-HABE: Incorporating ID-based Revocation, Delegation, and Authority Hierarchy into Attribute-Based Encryption

Qiuxiang Dong, Dijiang Huang, Jim Luo, and Myong Kang

Abstract

Ciphertext-Policy Attribute-Based Encryption (CP-ABE) has been proposed to implement fine-grained access control. Data owners encrypt data with a certain access policy so that only data users whose attributes satisfy the access policy can decrypt the ciphertext. A user can be automatically assigned an access privilege based on whether his/her attributes satisfying a given access policy described by attributes and their logical relations. In order to provide more flexible policy-based access control, attribute-based revocation approaches had been proposed to provide the NOT logic on attributes to allow attribute-based revocation. However, previous solutions increase the attribute management overhead when considering each user’s ID as an attribute for more precise revocations at the individual user-level. To address this issue, in this paper, an ID-ABE scheme is presented, where a user’s ID is incorporated into the key generation procedure allowing user-ID-based revocation. In addition to ID-based revocation, ID-ABE also presents a hierarchical identity structure to build a delegation framework to enable group-based revocation. In the end, we also evaluate the performance of the proposed scheme in terms of computation, storage and communication overhead, which shows the practical value of the solution for secure data sharing applications.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Preprint. MINOR revision.
Keywords
Identity-Based RevocationDelegationAttribute-Based Encryption
Contact author(s)
qiuxiang dong @ asu edu
History
2017-11-29: revised
2017-11-15: received
See all versions
Short URL
https://ia.cr/2017/1102
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2017/1102,
      author = {Qiuxiang Dong and Dijiang Huang and Jim Luo and Myong Kang},
      title = {{ID}-{HABE}: Incorporating {ID}-based Revocation, Delegation, and Authority Hierarchy into Attribute-Based Encryption},
      howpublished = {Cryptology {ePrint} Archive, Paper 2017/1102},
      year = {2017},
      url = {https://eprint.iacr.org/2017/1102}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.