Systematizing core properties of pairing-based attribute-based encryption to uncover remaining challenges in enforcing access control in practice

Venema, Marloes; Alpár, Greg; Hoepman, Jaap-Henk

doi:10.1007/s10623-022-01093-5

Cited by 12 publications

(6 citation statements)

References 138 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Moreover, ABE functions enables a high level of user independence, as authorized users can independently obtain access by decrypting ciphertexts once they possess the appropriate secret key. In this way, users can avoid interacting further with any policy-enforcing entities that may be unavailable at the time of an access request [63].…”

Section: A Ciphertext-policy Attribute-based Encryptionmentioning

confidence: 99%

“…This enables the inclusion of logical expressions involving conjunctions, disjunctions, and negations. This expanded capability is outlined in the taxonomy of ABE schemes presented in [63].…”

Section: ) Expanding Policy Expressiveness With Abementioning

confidence: 99%

“…The user global identity (GID) ties together the portions of the secret key generated by different authorities [31]. This is related to two crucial functions: (1) ensures that a user must use all the pieces of the private key together for successful decryption, (2) prevents users from exchanging key portions, thus mitigating collusion attacks [63].…”

Section: ) Expanding Policy Expressiveness With Abementioning

confidence: 99%

See 2 more Smart Citations

Attribute-Based Management of Secure Kubernetes Cloud Bursting

Femminella,

Palmucci,

Reali

et al. 2024

IEEE Open J. Commun. Soc.

View full text Add to dashboard Cite

In modern cloud computing, the need for flexible and scalable orchestration of services, combined with robust security measures, is paramount. In this paper, we propose an innovative approach for managing secure cloud bursting in Kubernetes, combining Attribute-Based Encryption (ABE) with Kubernetes labeling. Our model addresses the challenges of complexity, cost, and data protection compliance by leveraging both Kubernetes and ABE. We introduce an attribute-based bursting component that uses Kubernetes labels for orchestration, and an encryption component that employs ABE for data protection. This unified management model ensures data confidentiality while enabling efficient cloud bursting. Our approach combines the strengths of label-based orchestration with fine-grained encryption, providing a technologically advanced yet user-friendly solution for secure cloud bursting. We present a proof-of-concept implementation that demonstrates the feasibility and effectiveness of our model. Our approach offers a unified solution that complies with security and privacy laws while meeting the needs of contemporary cloud-based systems.

show abstract

Section: A Ciphertext-policy Attribute-based Encryptionmentioning

confidence: 99%

Section: ) Expanding Policy Expressiveness With Abementioning

confidence: 99%

Section: ) Expanding Policy Expressiveness With Abementioning

confidence: 99%

See 1 more Smart Citation

Attribute-Based Management of Secure Kubernetes Cloud Bursting

Femminella,

Palmucci,

Reali

et al. 2024

IEEE Open J. Commun. Soc.

View full text Add to dashboard Cite

show abstract

“…As a result, our techniques exhibit conceptual parallels with traditional access control approaches like Role-Based Access Control (RBAC). [19] Furthermore, we offer a practical execution of our system and present performance measurements to exhibit its efficiency in real-world scenarios. Mediated cryptography was initially proposed to enable instant revocation of public keys.…”

Section: Introductionmentioning

confidence: 99%

A Novel Approach to Strengthening Web-Based Cloud Services: Two-Factor Access Control

Kumar,

Raghavendra,

Dodda

et al. 2024

E3S Web Conf.

View full text Add to dashboard Cite

In this paper we introduce a recent and evolved two-factor authentication (2FA) access govern system specially designed for webbased cloud computing services. Our innovative system encompasses an attribute-based access govern mechanism that combines a user’s secret key with a lightweight safety device. Our system significantly improves security, particularly in scenarios where multiple users share a single computer for web-based cloud services, as access is contingent on the presence of both components. In addition, the attribute-based govern mechanism enables the cloud server to enforce access constraints based on users with identical attributes, while maintaining the highest extent of user confidentiality protection. The server’s verification procedure focuses exclusively on verifying that users meet the necessitated criteria, without accessing their exact identities. To further confirm the practicability and usefulness of our 2FA system, we conduct an in-depth simulation as a portion of our study.

show abstract

“…CP-ABE has proven to be a valuable primitive in the enforcement of fine-grained access control on a cryptographic level [16,35,47]. It allows the encrypting device to determine who gets access to the plaintext, without requiring an online trusted third party to act as an intermediary [52]. Instead, it requires a trusted entity to issue secret keys to eligible users, which can be used to access the data for which those are authorized.…”

Section: Introductionmentioning

confidence: 99%

TinyABE: Unrestricted Ciphertext-Policy Attribute-Based Encryption for Embedded Devices and Low-Quality Networks

Venema

Alpár

2022

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Ciphertext-policy attribute-based encryption (CP-ABE) has attracted much interest from the practical community to enforce access control in distributed settings such as the Internet of Things (IoT). In such settings, encryption devices are often constrained, having small memories and little computational power, and the associated networks are lossy. To optimize both the ciphertext sizes and the encryption speed is therefore paramount. In addition, the master public key needs to be small enough to fit in the encryption device's memory. At the same time, the scheme needs to be expressive enough to support common access control models. Currently, however, the state of the art incurs undesirable efficiency trade-offs. Existing schemes often have linear ciphertexts, and consequently, the ciphertexts may be too large and encryption may be too slow. In contrast, schemes with small ciphertexts have extremely large master public keys, and are generally computationally inefficient. In this work, we propose TinyABE: a novel CP-ABE scheme that is expressive and can be configured to be efficient enough for settings with embedded devices and low-quality networks. In particular, we demonstrate that our scheme can be configured such that the ciphertexts are small, encryption is fast and the master public key is small enough to fit in memory. From a theoretical standpoint, the new scheme and its security proof are non-trivial generalizations of the expressive scheme with constant-size ciphertexts by Agrawal and Chase (TCC'16, Eurocrypt'17) and its proof to the unbounded setting. By using techniques of Rouselakis and Waters (CCS'13), we remove the restrictions that the Agrawal-Chase scheme imposes on the keys and ciphertexts, making it thus more flexible. In this way, TinyABE is especially suitable for IoT.

show abstract

Systematizing core properties of pairing-based attribute-based encryption to uncover remaining challenges in enforcing access control in practice

Cited by 12 publications

References 138 publications

Attribute-Based Management of Secure Kubernetes Cloud Bursting

Attribute-Based Management of Secure Kubernetes Cloud Bursting

A Novel Approach to Strengthening Web-Based Cloud Services: Two-Factor Access Control

TinyABE: Unrestricted Ciphertext-Policy Attribute-Based Encryption for Embedded Devices and Low-Quality Networks

Contact Info

Product

Resources

About