Attribute-Based Encryption with Break-Glass

  • Achim D. Brucker
  • Helmut Petritsch
  • Stefan G. Weber
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6033)


Attribute-based Encryption (abe) allows for implementing fine-grained decentralized access control based on properties or attributes a user has. Thus, there is no need for writing detailed, user-based policies in advance. This makes abe in particular interesting for implementing security mechanisms in dynamic environments such as ubiquitous computing, disaster management, or health-care. For supporting the latter two application areas, common abe approaches lack one important feature: break-glass, i. e., the controlled overriding of access control restrictions.

In this paper we present an integration of break-glass into an approach for end-to-end secure information sharing using abe techniques.


Access control break-glass attribute-based encryption disaster management trusted computing platform 


  1. 1.
    Break-glass: An approach to granting emergency access to healthcare systems. White paper, Joint NEMA/COCIR/JIRA Security and Privacy Committee (2004)Google Scholar
  2. 2.
    Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: IEEE Symposium on Security and Privacy, pp. 321–334. IEEE Computer Society Press, Los Alamitos (2007)Google Scholar
  3. 3.
    Brucker, A.D., Hutter, D.: Information flow in disaster management systems. In: International Conference on Availability, Reliability and Security (ares), IEEE Computer Society Press, Los Alamitos (2010)Google Scholar
  4. 4.
    Brucker, A.D., Petritsch, H.: Extending access control models with break-glass. In: Carminati, B., Joshi, J. (eds.) ACM symposium on access control models and technologies (sacmat), pp. 197–206. ACM Press, New York (2009)CrossRefGoogle Scholar
  5. 5.
    Ferreira, A., Cruz-Correia, R., Antunes, L., Farinha, P., Oliveira-Palhares, E., Chadwick, D., Costa-Pereira, A.: How to break access control in a controlled manner. In: IEEE International Symposium on Computer-Based Medical Systems (cbms), pp. 847–854 (2006)Google Scholar
  6. 6.
    Gardner, R.W., Garera, S., Pagano, M.W., Green, M., Rubin, A.D.: Securing medical records on smart phones. In: ACM workshop on Security and privacy in medical and home-care systems (spimacs), pp. 31–40. ACM Press, New York (2009)CrossRefGoogle Scholar
  7. 7.
    Gentry, C.: IBE (Identity-Based Encryption). In: Handbook of Information Security, vol. 2, pp. 575–592. John Wiley & Sons, Chichester (2006)Google Scholar
  8. 8.
    Huang, D., Verma, M.: aspe: attribute-based secure policy enforcement in vehicular ad hoc networks. Ad Hoc Networks 7(8), 1526–1535 (2009)CrossRefGoogle Scholar
  9. 9.
    Johnson, C.W.: Complexity, structured chaos and the importance of information management for mobile computing in the uk floods of 2007. In: [12], pp. 1–11 (2007)Google Scholar
  10. 10.
    Lachner, J., Hellwagner, H.: Information and communication systems for mobile emergency response. In: Kaschek, R., Kop, C., Steinberger, C., Fliedl, G. (eds.) Information Systems and e-Business Technologies (uniscon). LNBIP, vol. 5, pp. 213–224. Springer, Heidelberg (1974)CrossRefGoogle Scholar
  11. 11.
    Levin, T.E., Dwoskin, J.S., Bhaskara, G., Nguyen, T.D., Clark, P.C., Lee, R.B., Irvine, C.E., Benzel, T.: Securing the dissemination of emergency response data with an integrated hardware-software architecture. In: Chen, L., Mitchell, C.J., Martin, A. (eds.) Trust 2009. LNCS, vol. 5471, pp. 133–152. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  12. 12.
    Löffler, J., Klann, M. (eds.): Mobile Information Technology for Emergency Response (MobileResponse). LNCS, vol. 5424. Springer, Heidelberg (2009)Google Scholar
  13. 13.
    Pirretti, M., Traynor, P., McDaniel, P., Waters, B.: Secure attribute-based systems. In: ACM conference on Computer and communications security (ccs), pp. 99–112. ACM Press, New York (2006)Google Scholar
  14. 14.
    Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 457–473. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  15. 15.
    Weber, S.G.: Securing first response coordination with dynamic attribute-based encryption. In: World Congress on Privacy, Security, Trust and the Management of e-Business (congress), pp. 58–69. IEEE Computer Society Press, Los Alamitos (2009)CrossRefGoogle Scholar
  16. 16.
    Yu, S., Ren, K., Lou, W.: FDAC: Toward fine-grained distributed data access control in wireless sensor networks. In: IEEE Conference on Computer Communications (infocom). IEEE Computer Society Press, Los Alamitos (2009)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2010

Authors and Affiliations

  • Achim D. Brucker
    • 1
  • Helmut Petritsch
    • 1
  • Stefan G. Weber
    • 2
  1. 1.SAP ResearchKarlsruheGermany
  2. 2.Telecooperation GroupTechnische Universität DarmstadtDarmstadtGermany

Personalised recommendations