Authors: Peng Wang; Chinya V. Ravishankar
Addresses: Department of Computer Science and Engineering, University of California, Riverside, USA ' Department of Computer Science and Engineering, University of California, Riverside, USA
Abstract: We present HM-ABE, a hierarchical multi-authority attribute-based encryption scheme with policy delegation that generalises current work significantly. Current methods require encryptors to build ciphertext access policies themselves, using attributes published by authority domains. This causes problems, both since authorities may not publish sensitive attributes, and since users may not understand their internal policies. We permit encryptors to delegate parts of their access policies to authorities, who can construct appropriate policies on their behalf, using sensitive attributes, if needed. Delegation can be recursive. Delegation helps encryptors build more accurate access policies, especially when they must include attributes from multiple authorities. HMABE greatly reduces the chances that ineligible users gain access to data, or that eligible users are denied. Delegation lets authorities hide sensitive attributes, while still allowing users indirect access to their semantics. We show that HM-ABE achieves recursive attribute delegation, selective attribute hiding, and prove that it is secure.
Keywords: attribute-based encryption; ABE; policy delegation; multiple authorities; cryptography; access policies; recursive attribute delegation; selective attribute hiding; security.
International Journal of Information and Computer Security, 2015 Vol.7 No.2/3/4, pp.140 - 159
Accepted: 25 Feb 2015
Published online: 12 Nov 2015 *