An efficient biometrics-based remote user authentication scheme using smart cards

Attributes define, classify, or annotate the datum to which they are assigned. However, traditional attribute architectures and cryptosystems are ill-equipped to provide security in the face of diverse access requirements and environments. In this paper, we introduce a novel secure information management architecture based on emerging attribute-based encryption (ABE) primitives. A policy system that meets the needs of complex policies is defined and illustrated. Based on the needs of those policies, we propose cryptographic optimizations that vastly improve enforcement efficiency. We further explore the use of such policies in two example applications: a HIPAA compliant distributed file system and a social network. A performance analysis of our ABE system and example applications demonstrates the ability to reduce cryptographic costs by as much as 98% over previously proposed constructions. Through this, we demonstrate that our attribute system is an efficient solution for securely managing information in large, loosely-coupled, distributed systems.

https://www.cs.utexas.edu/~bwaters/publications/papers/attr_systems.pdf

Secure attribute-based systems

In Ciphertext-Policy Attribute-Based Encryption (CP-ABE),
a user secret key is associated with a set of attributes, and the ciphertext
is associated with an access policy over attributes. The user can decrypt
the ciphertext if and only if the attribute set of his secret key satisfies
the access policy specified in the ciphertext. Several CP-ABE schemes
have been proposed, however, some practical problems, such as attribute
revocation, still needs to be addressed. In this paper, we propose a mediated
Ciphertext-Policy Attribute-Based Encryption (mCP-ABE) which
extends CP-ABE with instantaneous attribute revocation. Furthermore,
we demonstrate how to apply the proposed mCP-ABE scheme to securely
manage Personal Health Records (PHRs).

/pdf/mediated-ciphertext-policy-attribute-based-encryption-and-26v9ryvcdh.pdf

Mediated Ciphertext-Policy Attribute-Based Encryption and its Application (extended version)

In Ciphertext-Policy Attribute-Based Encryption (CP-ABE), a user secret key is associated with a set of attributes, and the ciphertext is associated with an access policy over attributes. The user can decrypt the ciphertext if and only if the attribute set of his secret key satisfies the access policy specified in the ciphertext. Several CP-ABE schemes have been proposed, however, some practical problems, such as attribute revocation, still needs to be addressed. In this paper, we propose a mediated Ciphertext-Policy Attribute-Based Encryption (mCP-ABE) which extends CP-ABE with instantaneous attribute revocation. Furthermore, we demonstrate how to apply the proposed mCP-ABE scheme to securely manage Personal Health Records (PHRs).

Mediated Ciphertext-Policy Attribute-Based Encryption and Its Application

In Attribute-based Encryption (ABE) scheme, attributes play a very important role. Attributes have been exploited to generate a public key for encrypting data and have been used as an access policy to control users' access. The access policy can be categorized as either key-policy or ciphertext-policy. The key-policy is the access structure on the user's private key, and the ciphertext-policy is the access structure on the ciphertext. And the access structure can also be categorized as either monotonic or non-monotonic one. Using ABE schemes can have the advantages: (1) to reduce the communication overhead of the Internet, and (2) to provide a fine-grained access control. In this paper, we survey a basic attribute-based encryption scheme, two various access policy attribute-based encryption schemes, and two various access structures, which are analyzed for cloud environments. Finally, we list the comparisons of these schemes by some criteria for cloud environments.

/pdf/a-survey-on-attribute-based-encryption-schemes-of-access-4x3r3uxc38.pdf

A Survey on Attribute-based Encryption Schemes of Access Control in Cloud Environments

Threshold attribute-based encryption (thABE) is a variant of identity-based encryption which views identities as sets of descriptive attributes. If a thABE ciphertext c is computed for a set ω of attributes, then, to decrypt c, a user must have keys associated with a sufficiently large subset of ω. One application of thABE is biometric-based access control (BBAC). Practical BBAC applications impose the following constraints on the design of thABE schemes: first, a suitable thABE scheme must have an efficient decryption procedure; second, the proposed scheme must prevent colluding users from being able to decrypt ciphertexts which none of them could decrypt; third, the designed scheme must provide a mechanism whereby encryptors can, at encryption time, specify multiples sets of attributes with their corresponding threshold values. To the best of our knowledge, no scheme is known that simultaneously satisfies the aforementioned requirements. This paper describes an efficient and collusion-resistant thABE scheme featuring dynamically-specifiable threshold values. The proposed scheme is proven secure in the random oracle model, and its efficiency and flexibility are compared with Sahai and Waters'thABE scheme.

/pdf/using-threshold-attribute-based-encryption-for-practical-1ubrw8p0hj.pdf

Using Threshold Attribute-Based Encryption for Practical Biometric-Based Access Control

We suggest a scheme to cryptographically support role based access control (RBAC) in large organizations where user roles change frequently. To achieve this, we propose a secure method to manage role keys and we extend a recent pairing-based mediated identity-based cryptographic scheme to allow the enforcement of possession of multiple roles to access certain documents. We also design an architecture and a set of algorithms which cryptographically enforce RBAC and allow for role addition, revocation, and delegation. Finally, we briefly discuss the space requirements and security of our scheme.

Using Mediated Identity-Based Cryptography to Support Role-Based Access Control

This paper presents the first mediated hierarchical identity-based encryption and signature schemes. Both schemes are designed to support information access control in hierarchically structured communities of users whose access privileges change very dynamically.

Efficient Revocation of Dynamic Security Privileges in Hierarchically Structured Communities.

Rapid distribution of newly released confidential information is often impeded by network traffic jams, especially when the confidential information is either crucial or highly prized This is the case for stock market values, blind auction bidding amounts, many large corporations'strategic business plans, certain news agencies timed publications, and some licensed software updates Hierarchical timed-based information release (HTIR) schemes enable the gradual distribution of encrypted confidential information to large, distributed, (potentially) hierarchically structured user communities, and the subsequent publication of corresponding short decryption keys, at a predetermined time, so that users can rapidly access the confidential information This paper presents and analyzes the efficiency of a novel HTIR scheme

Time-based release of confidential information in hierarchical settings

Rapid distribution of newly released confidential information is often impeded by network traffic jams, especially when the confidential information is either crucial or highly prized. This is the case for stock market values, blind auction bidding amounts, many large corporations'strategic business plans, certain news agencies'timed publications, and some licensed software updates. Hierarchical time-based information release (HTIR) schemes enable the gradual distribution of encrypted confidential information to large, distributed, (potentially) hierarchically structured user communities, and the subsequent publication of corresponding short decryption keys, at a predetermined time, so that users can rapidly access the confidential information. This paper presents and analyzes the efficiency of a novel HTIR scheme.

Deholo Nali

Papers

Using Threshold Attribute-Based Encryption for Practical Biometric-Based Access Control

Using Mediated Identity-Based Cryptography to Support Role-Based Access Control

Efficient Revocation of Dynamic Security Privileges in Hierarchically Structured Communities.

Time-based release of confidential information in hierarchical settings

Hierarchical time-based information release