۱- Introduction

۲- Background

۳- Security-level switchable ABE framework and security models

۴- Generic SLS-ABE

۵- Discussion

۶- Conclusion

References

Abstract

Attribute-Based Encryption (ABE), a special type of public key encryption, efficiently shares sensitive data with fine-grained access control. ABE can be classified into two types: Ciphertext-Policy ABE (CP-ABE) and Key-Policy ABE (KP-ABE). However, the securities of most presented ABE systems were reduced to the q-type DBDH (Dicisional Diffie-Hellman Assumption) assumptions, which are stronger than the DBDH assumption. So, the abovementioned ABE systems become insecure if DBDH is proved to be insecure. We propose a new ABE framework, called security-level switchable ABE (SLS-ABE). In SLS-ABE framework, a series of ABE systems can be generated and their securities are reduced to a k-BDH assumption family proposed by Benson et al. The k-BDH assumption family has the following properties: 1) any assumption in the k-BDH assumption family is associated with a parameter k, and the assumption becomes strictly weaker as the parameter k increases. 2) the 1-BDH assumption is proved to be equivalent to the DBDH assumption. So, all the k-BDH assumptions where k > 1 are weaker than DBDH assumption. We apply the technique of Benson et al. to construct ABE on k-BDH assumption, furthermore, we design a new framework to support the flexible switchable security-level for users. Concretely, the master public key, the master secret key and core keys issued by the system are constant. A User can generate different security-level public key/secret key pairs if it holds the core key. We propose a public key forgery attack model (PKFA) to capture the behaviors of adversary for generating a forged public key. We formally prove the selective-CPA security and PKFA security of our ABE systems. We compare the performances of our systems with Waters’ ABE systems.

Introduction

Attribute Based Encryption (ABE), which has been presented by Sahai and Waters [17], is an influential paradigm for embedding complex access policy into the encrypted data. Key-Policy Attribute Based Encryption (KPABE) and Cipertext-Policy Attribute Based Encryption (CP-ABE) are two typical kinds of the ABE scheme [12]. In KP-ABE, the ciphertext is associated with the attributes set and the private key is associated with the access policy; In CP-ABE, the ciphertext is associated with the access policy and the private key is associated with the attributes set. ABEs attract increasing concerns on new functionalities[7, 14] or better performance[10, 11, 13] in recent years, however, most of them suffer from two indetectable secure problems described as follows: (1) The q-type DBDH assumptions can not guarantee the security of ABE while encountering Cheon’s attack [8]. Most of proposed ABEs are reduced to “q-type DBDH ” assumptions [7, 15, 13, 19, 12]. Nevertheless, Cheon[8] claimed that q-type assumptions (and surely the ABEs associated with them) might meet a special attack. Recently, Sakemi et al. showed that Cheon’s attack could be realized through executing a successful experiment. It means that the ABE system built on the q-type assumption might not be secure when encountering Cheon’s attack. (2) Any single assumption may become insecure when new attacks against this assumption are found. Almost all the frameworks of ABE are built to adapt to one assumption, the drawback of the above frameworks is that, they can not provide the property of “scalable”, that is, when the current assumption upon which the framework built becomes insecure, the existing ABEs can not provide the “plug and play” mechanism to switch the old framework to a new one which based on a more secure assumption. In other words, the existing ABE framework is relatively “fixed” for one assumption.