Abstract
Recently, cryptographic access control has received a lot of attention, mainly due to the availability of efficient Attribute-Based Encryption (ABE) schemes. ABE allows to get rid of a trusted reference monitor by enforcing access rules in a cryptographic way. However, ABE has a privacy problem: The access policies are sent in clear along with the ciphertexts. Further generalizing the idea of policy-hiding in cryptographic access control, we introduce policy anonymity where – similar to the well-understood concept of k-anonymity – the attacker can only see a large set of possible policies that might have been used to encrypt, but is not able to identify the one that was actually used. We show that using a concept from graph theory we can extend a known ABE construction to achieve the desired privacy property.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: IEEE Symposium on Security and Privacy, pp. 321–334 (2007)
Bille, P.: A survey on tree edit distance and related problems. Theor. Comput. Sci. 337(1-3), 217–239 (2005)
Boneh, D., Waters, B.: Conjunctive, Subset, and Range Queries on Encrypted Data. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 535–554. Springer, Heidelberg (2007)
Cheung, L., Newport, C.C.: Provably secure ciphertext policy ABE. In: Ning, P., di Vimercati, S.D.C., Syverson, P.F. (eds.) ACM Conference on Computer and Communications Security, pp. 456–465. ACM (2007)
Ciriani, V., di Vimercati, S.D.C., Foresti, S., Samarati, P.: k-anonymity. In: Yu, T., Jajodia, S. (eds.) Secure Data Management in Decentralized Systems. Advances in Information Security, vol. 33, pp. 323–353. Springer, Heidelberg (2007)
Frikken, K.B., Li, J., Atallah, M.J.: Trust negotiation with hidden credentials, hidden policies, and policy cycles. In: NDSS. The Internet Society (2006)
Katz, J., Sahai, A., Waters, B.: Predicate Encryption Supporting Disjunctions, Polynomial Equations, and Inner Products. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 146–162. Springer, Heidelberg (2008)
Lewko, A., Okamoto, T., Sahai, A., Takashima, K., Waters, B.: Fully Secure Functional Encryption: Attribute-Based Encryption and (Hierarchical) Inner Product Encryption. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 62–91. Springer, Heidelberg (2010)
Matula, D.W.: On the number of subtrees of a symmetric n-ary tree. SIAM Journal on Applied Mathematics 18(3), 668–703 (1970)
Müller, S., Katzenbeisser, S.: Hiding the policy in cryptographic access control. Technical report (2011), http://eprint.iacr.org/2011/255.pdf
Müller, S., Katzenbeisser, S.: A new DRM architecture with strong enforcement. In: ARES, pp. 397–403. IEEE Computer Society (2010)
Müller, S., Katzenbeisser, S., Eckert, C.: On multi-authority ciphertext-policy attribute-based encryption. Bulletin of the Korean Mathematical Society (B-KMS) 46(4), 803–819 (2009)
Nishide, T., Yoneyama, K., Ohta, K.: Attribute-based encryption with partially hidden ciphertext policies. IEICE Transactions 92-A(1), 22–32 (2009)
Nishimura, N., Ragde, P., Thilikos, D.M.: Finding Smallest Supertrees under Minor Containment. In: Widmayer, P., Neyer, G., Eidenbenz, S. (eds.) WG 1999. LNCS, vol. 1665, pp. 303–312. Springer, Heidelberg (1999)
Riesen, K., Bunke, H.: Approximate graph edit distance computation by means of bipartite graph matching. Image Vision Comput. 27(7), 950–959 (2009)
Rosselló, F., Valiente, G.: An algebraic view of the relation between largest common subtrees and smallest common supertrees. CoRR, abs/cs/0604108 (2006)
Sahai, A., Seyalioglu, H.: Worry-free encryption: functional encryption with public keys. In: Al-Shaer, E., Keromytis, A.D., Shmatikov, V. (eds.) ACM Conference on Computer and Communications Security, pp. 463–472. ACM, New York (2010)
Serjantov, A., Danezis, G.: Towards an Information Theoretic Metric for Anonymity. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 41–53. Springer, Heidelberg (2003)
Shi, E., Bethencourt, J., Chan, H.T.-H., Song, D.X., Perrig, A.: Multi-dimensional range query over encrypted data. In: IEEE Symposium on Security and Privacy, pp. 350–364 (2007)
Smart, N.P.: Access Control using Pairing Based Cryptography. In: Joye, M. (ed.) CT-RSA 2003. LNCS, vol. 2612, pp. 111–121. Springer, Heidelberg (2003)
Valiente, G.: Constrained tree inclusion. J. Discrete Algorithms 3(2-4), 431–447 (2005)
Waters, B.: Ciphertext-policy attribute-based encryption: An expressive, efficient, and provably secure realization. In: The 14th IACR International Conference on Practice and Theory of Public Key Cryptography, PKC (March 2008)
Yu, S., Ren, K., Lou, W.: Attribute-based content distribution with hidden policy. In: Secure Network Protocols, NPSEC 2008 (2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Müller, S., Katzenbeisser, S. (2012). Hiding the Policy in Cryptographic Access Control. In: Meadows, C., Fernandez-Gago, C. (eds) Security and Trust Management. STM 2011. Lecture Notes in Computer Science, vol 7170. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-29963-6_8
Download citation
DOI: https://doi.org/10.1007/978-3-642-29963-6_8
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-29962-9
Online ISBN: 978-3-642-29963-6
eBook Packages: Computer ScienceComputer Science (R0)