Attribute-based encryption (ABE) refers to a mode of data security where information is encoded for a particular user via various features like the country of residence of the user. Attribute-based encryption is secure because it is collusion-resistant. In attribute-based encryption, ciphertexts and user’s keys are tagged with diverse descriptive characteristics. For a key to decode a certain ciphertext, the features of the user’s key and ciphertext must correspond. This article will constitute a brief history of attribute-based encryption. The article will also discuss the various types of ABEs as well as the strengths and weaknesses of attribute-based encryption.
Attribute-based encryption is relatively a new mode of information safety. Brent Waters and Amit Sahai were the pioneers of this system of data encryption. Later, other computer scientists like Vipul Goyal built on what Sahai and Waters had established. Sahai and Waters developed an attribute-based encryption system that focused on articulation of access threshold guidelines. Afterwards, Goyal enhanced the effectiveness of the system by introducing a mechanism that made it possible for a private key to operate with diverse attributes.
Types of Attribute-Based Encryption
Attribute-based encryption (ABE) can either be key-policy (KP) or ciphertext-policy (CP). In key-policy attribute-based encryption (KP-ABE), the correspondent labels the ciphertexts with a collection of expressive attributes. Conversely, a dependable attribute authority generates the user key. This mode of data encryption is mostly used in structured institutions that wish to conceal information from some parties. KP-ABE is highly used in forensic investigations. The system helps to ensure that the forensic analysts have the right to use data that only concerns their areas of investigation. Below is a simple chart of KP-ABE system.
For ciphertext-policy ABE system, the sender sets the rules regarding the access of varied attributes included in the ciphertext. The sender determines the receivers who have the authority to decipher the ciphertext. In this system, the users have a collection of attributes and the attribute authority issues them with matching secret attribute keys. For one to decode a ciphertext, his/her attributes must correspond to the admission guidelines associated to the ciphertext. Below is a simple chart of CP-ABE system.
The difference between key-policy and ciphertext-policy encryption systems lies on the type of ciphertexts or secrete keys attributed to the access guidelines. For the key-policy ABE, the access policies are attributed to secrete attribute keys. For ciphertext-policy ABE, the admission policies are related to ciphertexts. For ciphertext-policy ABE, both the send and the recipient have a common secret key.
Strengths of Attribute-based Encryption
The first strength of attribute-based encryption is that it minimizes data loss in the event of an attack. The encryption system makes it hard for an attacker to compromise the stored information. Therefore, one is guaranteed that his/her data remains secure and accurate even after the attack. The second strength of attribute-based encryption is that it helps to establish the missing link. Whenever the duties of a user change, the ABE system changes his/her attributes. Therefore, attribute-based encryption system ensures that a user does not access unauthorized information. The system guarantees the consistency of information access and safety of data by matching user attributes with access policies.
Weaknesses of Attribute-based Encryption
In spite of the attribute-based encryption system being an authoritative and promising technique, it is associated with numerous shortcomings. The weaknesses include the lack of attribute revocation methods, inefficiency, key revocation challenges and key coordination difficulties among others. The opponents of attribute-based encryption system claim that the method is not efficient due to the nature of the decryption algorithm. The decryption process demands “double pairings for each leaf of the access tree that is matched by a private key attribute and at most one exponentiation for each node along a path from such a leaf to the root.” Besides inefficiency in decryption algorithm, attribute-based encryption system does not have attribute revocation techniques. There are no mechanisms to determine the expiry date of the attributes. Consequently, it is hard for the key authority to control or revoke attributes that are no longer in use. Furthermore, it becomes hard for some users to decrypt information as they lack important private keys.
Attribute-based encryption system does not have a mechanism for key revocation. The system does not allow a sender to determine if the receiver has been withdrawn. Moreover, numerous receivers may have identical decryption policies, making it hard for the key authority to determine the right key to retract. The fact that multiple users may have similar decryption policies makes it hard for the attribute-based encryption system to have an efficient key coordination technique. The current ABE system uses attributes that do not support numerical values. Besides, the access policies do not execute integer assessments. Hence, it is hard for the system to accomplish efficient key management.
Performance of Attribute-Based Encryption
Numerous factors affect the performance of attribute-based encryption system. They include the security level, number of attributes and the quality of the device being used. The execution time of ABE relies on the number of attributes. On average, the ABE encryption operation takes less than four seconds. On the other hand, key generation process takes less two seconds. An increase in security level results in an increase in execution time. Attribute-based encryption system involves a pairing calculation that helps to match up private keys with particular attributes. The system entails various operations. They include encryption, key generation and decryption operations. Encryption comprises an algorithm that transforms a message, public parameters and a collection of attributes into ciphertexts. Key generation process constitutes an algorithm that uses public parameters, master key and access structure to generate the decryption key. On the other hand, the decryption operation consists of an algorithm that uses the decryption key to decode a ciphertext to obtain the original message. The operations of attribute-based encryption are complex in that they entail trade-off amid private key sizes and ciphertext. Besides, the operations entail exponentiations that depend on the number of attributes.
Attrapadung, Nuttapong, Benoit Libert, and Elie de Panafieu. “Expressive Key-Policy Attribute-Based Encryption with Constant-Size Ciphertexts.” Public Key Encryption 657, no. 36 (2011): 90-108. http://www.iacr.org/archive/pkc2011/65710093/65710093.pdf
Attrapadung, Nuttapong, Javier Herranz, Fabien Laguillaumie, Benoit Libert, Elie de Panafieu, and Caela Rafols. ”Attribute-Based Encryption Schemes with Constant-Size Ciphertexts.” Theoretical Computer Science 422, no. 7 (2012): 15-38. http://eds.a.ebscohost.com/ehost/detail/detail?sid=3c0f1cc1-3df3-4f6e-a67c-31072bba3e9e%40sessionmgr4005&vid=0&hid=4210&bdata=JnNpdGU9ZWhvc3QtbGl2ZQ%3d%3d#AN=71511584&db=aph
Bozovic, Vladimir, Daniel Socek, Rainer Steinwandt, and Viktoria Villanyi. “Multi-Authority Attribute-Based Encryption with Honest-but-Curious Central Authority.” International Journal of Computer Mathematics 89, no. 3 (2012): 268-283. http://eds.a.ebscohost.com/ehost/pdfviewer/pdfviewer?sid=fce10b14-bc99-46e9-a06c-0824c23f5968%40sessionmgr4001&vid=1&hid=4210
Deng, Hua, Qianhong Wu, Bo Qin, Joseph Domingo-Ferrer, Lei Zhang, Jianwei Liu, and Wenchang Shi. “Ciphertext-Policy Hierarchical Attribute-Based Encryption with Short Ciphertexts.” Information Sciences 275, no. 1 (2014): 370-384. http://eds.a.ebscohost.com/ehost/detail/detail?sid=e5a95093-5eba-4d5c-9a1e-4520e88a6693%40sessionmgr4003&vid=0&hid=4210&bdata=JnNpdGU9ZWhvc3QtbGl2ZQ%3d%3d#AN=96027717&db=aph
Gorbunov, Sergey, Vinod Vaikuntanathan, and Hoeteck Wee. “Attribute-Based Encryption for Circuits.” Journal of the Association for Computing Machinery 62, no. 6 (2015): 45-63. http://eds.a.ebscohost.com/ehost/pdfviewer/pdfviewer?sid=6069efa7-6dd0-4337-881e-ebb8c636d6f9%40sessionmgr4002&vid=1&hid=4210
Goyal, Vipul, Omkant Pandey, Amit Sahai, and Brent Waters. Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data. New York: ACM Conference on Computer and Communications Security, 2006. https://eprint.iacr.org/2006/309.pdf
Ibraimi, Luan, Milan Petkovic, Svetla Nikova, Pieter Hartel, and Willem Jonker. “Mediated Ciphertext-Policy Attribute-Based Encryption and Its Applications.” Information Security Applications 593, no. 25 (2015): 309-323. https://pdfs.semanticscholar.org/4673/618e4b2ad83887caad6f0a127ee64378faf6.pdf
Koo, Dongyoung, Junbeom Hur, and Hyunsoo Yoon. “Secure and Efficient Data Retrieval Over Encrypted Data Using Attribute-Based Encryption in Cloud Storage.” Computers & Electrical Engineering 39, no. 1 (2013): 34-46. http://eds.a.ebscohost.com/ehost/detail/detail?sid=5ffb16e1-88f8-4307-b22f-9b353fd11096%40sessionmgr4005&vid=0&hid=4210&bdata=JnNpdGU9ZWhvc3QtbGl2ZQ%3d%3d#AN=85583192&db=aph
Lin, Huang, Zhenfu Cao, Xiaohui Liang, and Jun Shao. “Secure Threshold Multi-Authority Attribute-Based Encryption without a Central Authority.” Information Sciences 180, no. 13 (2010): 2618-2632. http://eds.a.ebscohost.com/ehost/detail/detail?vid=15&sid=56126c41-7c95-4d35-b512-d4a7e3ee8146%40sessionmgr4003&hid=4210&bdata=JnNpdGU9ZWhvc3QtbGl2ZQ%3d%3d#AN=49824144&db=aph
Stefan, Weber. “A Hybrid Attribute-Based Encryption Techniques Supporting Expressive Policies and Dynamic Attributes.” Information Security Journal: A Global Perspective 21, no. 6 (2012): 297-305. http://eds.a.ebscohost.com/ehost/pdfviewer/pdfviewer?sid=0b16fc89-624f-46e7-8764-1cf2af029788%40sessionmgr4002&vid=1&hid=4210
Wang, Changji, and Jianfa Luo. “An Efficient Key-Policy Attribute-Based Encryption Scheme with Constant Ciphertext Length.” Mathematical Problems in Engineering 2013, no. 23 (2013): 1-7. http://eds.a.ebscohost.com/ehost/detail/detail?vid=19&sid=56126c41-7c95-4d35-b512-d4a7e3ee8146%40sessionmgr4003&hid=4210&bdata=JnNpdGU9ZWhvc3QtbGl2ZQ%3d%3d#AN=94813963&db=aph
Wang, Guojun, Qin Liu, Jie Wu, and Minyi Guo. “Hierarchical Attribute-Based Encryption and Scalable User Revocation for Sharing Data in Cloud Servers.” Computers & Security 30, no. 5 (2011): 320-331. http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.459.9165&rep=rep1&type=pdf
. Vipul Goyal and et al., Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data (New York: ACM Conference on Computer and Communications Security, 2006), 93.
. Weber Stefan, “A Hybrid Attribute-Based Encryption Techniques Supporting Expressive Policies and Dynamic Attributes,” Information Security Journal: A Global Perspective 21, no. 6 (2012): 301.
. Nuttapong Attrapadung and et al., “Attribute-Based Encryption Schemes with Constant-Size Ciphertexts,” Theoretical Computer Science 422, no. 7 (2012): 19.
. Changji Wang and Jianfa Luo, “An Efficient Key-Policy Attribute-Based Encryption Scheme with Constant Ciphertext Length,” Mathematical Problems in Engineering 2013, no. 23 (2013): 4.
. Nuttapong Attrapadung, Benoit Libert and Elie de Panafieu, “Expressive Key-Policy Attribute-Based Encryption with Constant-Size Ciphertexts,” Public Key Encryption 657, no. 36 (2011): 97.
. Vladimir Bozovic and et al., “Multi-Authority Attribute-Based Encryption with Honest-but-Curious Central Authority,” International Journal of Computer Mathematics 89, no. 3 (2012): 273.
. Sergey Gorbunov, Vinod Vaikuntanathan and Hoeteck Wee, “Attribute-Based Encryption for Circuits,” Journal of the Association for Computing Machinery 62, no. 6 (2015): 51.
. Dongyoung Koo, Junbeom Hur and Hyunsoo Yoon, “Secure and Efficient Data Retrieval Over Encrypted Data Using Attribute-Based Encryption in Cloud Storage,” Computers & Electrical Engineering 39, no. 1 (2013): 39.
. Huang Lin and et al., “Secure Threshold Multi-Authority Attribute-Based Encryption without a Central Authority,” Information Sciences 180, no. 13 (2010): 2624.
. Hua Deng and et al., “Ciphertext-Policy Hierarchical Attribute-Based Encryption with Short Ciphertexts,” Information Sciences 275, no. 1 (2014): 375.
. Luan Ibraimi and et al., “Mediated Ciphertext-Policy Attribute-Based Encryption and Its Applications,” Information Security Applications 593, no. 25 (2015): 317.
. Guojun Wang and et al., “Hierarchical Attribute-Based Encryption and Scalable User Revocation for Sharing Data in Cloud Servers,” Computers & Security 30, no. 5 (2011): 324.