Attribute-based encryption for fine-grained access control of encrypted data

Vipul Goyal; Omkant Pandey; Amit Sahai; Brent Waters

doi:10.1145/1180405.1180418

Attribute-based encryption for fine-grained access control of encrypted data

Vipul Goyal
, Omkant Pandey
, Amit Sahai
, Brent Waters

Computer Science

University of California at Los Angeles
SRI International

Research output: Contribution to journal › Conference article › peer-review

4687 Scopus citations

Abstract

As more sensitive data is shared and stored by third-party sites on the Internet, there will be a need to encrypt data stored at these sites. One drawback of encrypting data, is that it can be selectively shared only at a coarse-grained level (i.e., giving another party your private key). We develop a new cryptosystem for fine-grained sharing of encrypted data that we call Key-Policy Attribute-Based Encryption (KP-ABE). In our cryptosystem, ciphertexts are labeled with sets of attributes and private keys are associated with access structures that control which ciphertexts a user is able to decrypt. We demonstrate the applicability of our construction to sharing of audit-log information and broadcast encryption. Our construction supports delegation of private keys which subsumesHierarchical Identity-Based Encryption (HIBE).

Original language	English
Article number	1180418
Pages (from-to)	89-98
Number of pages	10
Journal	Proceedings of the ACM Conference on Computer and Communications Security
DOIs	https://doi.org/10.1145/1180405.1180418
State	Published - 2006
Event	CCS 2006: 13th ACM Conference on Computer and Communications Security - Alexandria, VA, United States Duration: Oct 30 2006 → Nov 3 2006

Keywords

Access control
Attribute-based encryption
Audit logs
Broadcast encryption
Delegation
Hierarchical identity-based encryption

Access to Document

10.1145/1180405.1180418

Cite this

@article{8f07e17f283c43c7af74535f9f1103cc,

title = "Attribute-based encryption for fine-grained access control of encrypted data",

abstract = "As more sensitive data is shared and stored by third-party sites on the Internet, there will be a need to encrypt data stored at these sites. One drawback of encrypting data, is that it can be selectively shared only at a coarse-grained level (i.e., giving another party your private key). We develop a new cryptosystem for fine-grained sharing of encrypted data that we call Key-Policy Attribute-Based Encryption (KP-ABE). In our cryptosystem, ciphertexts are labeled with sets of attributes and private keys are associated with access structures that control which ciphertexts a user is able to decrypt. We demonstrate the applicability of our construction to sharing of audit-log information and broadcast encryption. Our construction supports delegation of private keys which subsumesHierarchical Identity-Based Encryption (HIBE).",

keywords = "Access control, Attribute-based encryption, Audit logs, Broadcast encryption, Delegation, Hierarchical identity-based encryption",

author = "Vipul Goyal and Omkant Pandey and Amit Sahai and Brent Waters",

year = "2006",

doi = "10.1145/1180405.1180418",

language = "English",

pages = "89--98",

journal = "Proceedings of the ACM Conference on Computer and Communications Security",

issn = "1543-7221",

note = "CCS 2006: 13th ACM Conference on Computer and Communications Security ; Conference date: 30-10-2006 Through 03-11-2006",

}

TY - JOUR

T1 - Attribute-based encryption for fine-grained access control of encrypted data

AU - Goyal, Vipul

AU - Pandey, Omkant

AU - Sahai, Amit

AU - Waters, Brent

PY - 2006

Y1 - 2006

N2 - As more sensitive data is shared and stored by third-party sites on the Internet, there will be a need to encrypt data stored at these sites. One drawback of encrypting data, is that it can be selectively shared only at a coarse-grained level (i.e., giving another party your private key). We develop a new cryptosystem for fine-grained sharing of encrypted data that we call Key-Policy Attribute-Based Encryption (KP-ABE). In our cryptosystem, ciphertexts are labeled with sets of attributes and private keys are associated with access structures that control which ciphertexts a user is able to decrypt. We demonstrate the applicability of our construction to sharing of audit-log information and broadcast encryption. Our construction supports delegation of private keys which subsumesHierarchical Identity-Based Encryption (HIBE).

AB - As more sensitive data is shared and stored by third-party sites on the Internet, there will be a need to encrypt data stored at these sites. One drawback of encrypting data, is that it can be selectively shared only at a coarse-grained level (i.e., giving another party your private key). We develop a new cryptosystem for fine-grained sharing of encrypted data that we call Key-Policy Attribute-Based Encryption (KP-ABE). In our cryptosystem, ciphertexts are labeled with sets of attributes and private keys are associated with access structures that control which ciphertexts a user is able to decrypt. We demonstrate the applicability of our construction to sharing of audit-log information and broadcast encryption. Our construction supports delegation of private keys which subsumesHierarchical Identity-Based Encryption (HIBE).

KW - Access control

KW - Attribute-based encryption

KW - Audit logs

KW - Broadcast encryption

KW - Delegation

KW - Hierarchical identity-based encryption

UR - https://www.scopus.com/pages/publications/34547273527

U2 - 10.1145/1180405.1180418

DO - 10.1145/1180405.1180418

M3 - Conference article

AN - SCOPUS:34547273527

SN - 1543-7221

SP - 89

EP - 98

JO - Proceedings of the ACM Conference on Computer and Communications Security

JF - Proceedings of the ACM Conference on Computer and Communications Security

M1 - 1180418

T2 - CCS 2006: 13th ACM Conference on Computer and Communications Security

Y2 - 30 October 2006 through 3 November 2006

ER -

Attribute-based encryption for fine-grained access control of encrypted data

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this