Attribute-Based Encryption as a Service for Access Control in Large-Scale Organizations

  • Johannes Blömer
  • Peter Günther
  • Volker Krummel
  • Nils LökenEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10723)


In this work, we propose a service infrastructure that provides confidentiality of data in the cloud. It enables information sharing with fine-grained access control among multiple tenants based on attribute-based encryption. Compared to the standard approach based on access control lists, our encryption as a service approach allows us to use cheap standard cloud storage in the public cloud and to mitigate a single point of attack. We use hardware security modules to protect long-term secret keys in the cloud. Hardware security modules provide high security but only relatively low performance. Therefore, we use attribute-based encryption with outsourcing to integrate hardware security modules into our micro-service oriented cloud architecture. As a result, we achieve elasticity, high performance, and high security at the same time.


  1. 1.
    Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: 2007 IEEE Symposium on Security and Privacy, pp. 321–334 (2007)Google Scholar
  2. 2.
    Chase, M.: Multi-authority attribute based encryption. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 515–534. Springer, Heidelberg (2007). CrossRefGoogle Scholar
  3. 3.
    Chatterjee, S., Menezes, A.: On cryptographic protocols employing asymmetric pairings—the role of \(\varPsi \) revisited. Discret. Appl. Math. 159(13), 1311–1322 (2011)MathSciNetCrossRefzbMATHGoogle Scholar
  4. 4.
    Cloud Security Alliance: SecaaS implementation guidance category 8: Encryption (2012). Accessed 06 July 2017
  5. 5.
    Fujisaki, E., Okamoto, T.: Secure integration of asymmetric and symmetric encryption schemes. J. Cryptol. 26(1), 80–101 (2013)MathSciNetCrossRefzbMATHGoogle Scholar
  6. 6.
    Gennaro, R., Jarecki, S., Krawczyk, H., Rabin, T.: Secure distributed key generation for discrete-log based cryptosystems. J. Cryptol. 20(1), 51–83 (2007)MathSciNetCrossRefzbMATHGoogle Scholar
  7. 7.
    Green, M., Hohenberger, S., Waters, B.: Outsourcing the decryption of ABE ciphertexts. In: 20th USENIX Security Symposium. USENIX Association (2011)Google Scholar
  8. 8.
    Katz, J., Lindell, Y.: Introduction to Modern Cryptography, 2nd edn. Chapman and Hall/CRC Press, London/Boca Raton (2015)zbMATHGoogle Scholar
  9. 9.
    Mell, P., Grance, T.: The NIST definition of cloud computing (2011). Accessed 06 July 2017
  10. 10.
    Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1996)CrossRefzbMATHGoogle Scholar
  11. 11.
    Rouselakis, Y., Waters, B.: Practical constructions and new proof methods for large universe attribute-based encryption. In: CCS 2013, pp. 463–474. ACM (2013)Google Scholar
  12. 12.
    Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 457–473. Springer, Heidelberg (2005). CrossRefGoogle Scholar
  13. 13.
    Song, D.X., Wagner, D., Perrig, A.: Practical techniques for searches on encrypted data. In: 2000 IEEE Symposium on Security and Privacy, pp. 44–55. IEEE (2000)Google Scholar
  14. 14.
    Yang, K., Jia, X., Ren, K.: Attribute-based fine-grained access control with efficient revocation in cloud storage systems. In: ASIA CCS 2013, pp. 523–528. ACM (2013)Google Scholar
  15. 15.
    Yang, Y., Liu, J.K., Liang, K., Choo, K.-K.R., Zhou, J.: Extended proxy-assisted approach: achieving revocable fine-grained encryption of cloud data. In: Pernul, G., Ryan, P.Y.A., Weippl, E. (eds.) ESORICS 2015. LNCS, vol. 9327, pp. 146–166. Springer, Cham (2015). CrossRefGoogle Scholar
  16. 16.
    Yu, S., Wang, C., Ren, K., Lou, W.: Achieving secure, scalable, and fine-grained data access control in cloud computing. In: INFOCOM 2010, pp. 534–542. IEEE (2010)Google Scholar
  17. 17.
    Zhang, P., Chen, Z., Liu, J.K., Liang, K., Liu, H.: An efficient access control scheme with outsourcing capability and attribute update for fog computing. Future Gener. Comput. Syst. 78(2), 753–762 (2018)CrossRefGoogle Scholar
  18. 18.
    Zhao, F., Nishide, T., Sakurai, K.: Realizing fine-grained and flexible access control to outsourced data with attribute-based cryptosystems. In: Bao, F., Weng, J. (eds.) ISPEC 2011. LNCS, vol. 6672, pp. 83–97. Springer, Heidelberg (2011). CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  • Johannes Blömer
    • 1
  • Peter Günther
    • 2
  • Volker Krummel
    • 2
  • Nils Löken
    • 1
    Email author
  1. 1.Paderborn UniversityPaderbornGermany
  2. 2.Diebold NixdorfPaderbornGermany

Personalised recommendations