Authors: Geng Wang
Addresses: Science and Technology on Information Assurance Laboratory, No. 3 Yard, 5th Zhujiafen Road, Fengtai District, Beijing, 100072, China
Abstract: Key management is essential in using attribute-based encryption (ABE) for dynamic access control in the practical world. Although user or key delegation has been widely discussed for ABE, it cannot solve all the key management problems. In this paper, we give a time-based key management scheme for ABE, providing the ABE scheme has piecewise key generation and ciphertext delegation, based on the revocation scheme in Sahai et al. (2012). In detail, we introduce a public time-related key generated by KDS, which stores the beginning time of the currently valid secret key for each user. For any ciphertext, user must download a time-related key which is generated later than the ciphertext, and use the time-related key along with the user private key to decrypt the ciphertext successfully. The user private key must be generated at the time stored in the time-related key, so any user cannot use outdated or revoked private keys to decrypt new ciphertexts, and ciphertext delegation is used to renew any ciphertext up to the current time. We also prove the security of the ABE schemes with time-based key management based on the security of piecewise key generation, for both KP-ABE and CP-ABE schemes.
Keywords: attribute-based encryption; ABE; key management; dynamic access control.
International Journal of Information and Computer Security, 2021 Vol.16 No.1/2, pp.103 - 119
Received: 22 Aug 2018
Accepted: 23 Nov 2018
Published online: 27 Aug 2021 *