Abstract
In a ciphertext-policy attribute-based encryption (CP-ABE) system, the decryption keys are only related to attributes shared by multiple users and do not contain any identity information of their original holders. Hence, if a decryption key is leaked, there is no feasible method to trace the suspicious user. The user tracing problem has become an obstacle to the adoption of CP-ABE in practice. In order to address it, some traceable/accountable CP-ABE schemes have been established. However, considering the user tracing problem in multi-domain environment will face new challenges. Multi-domain environments usually have a two-layer structure, domains and intradomain users. When tracing a user, we should first trace the domain where the user is located, and then trace the user in the domain. Unfortunately, the existing traceable CP-ABE schemes only focus on one level of users tracing, and are not suitable for the two-layer structure of multi-domain environments. Therefore, a white-box traceable CP-ABE scheme in multi-domain environment is proposed in this paper. The proposed scheme obtains a so-called two-layer tracing. At the domain level, a short signature technique is used to prevent an attacker from forging the tracing parameter and realize the traceability for domains. Linkable ring signature technology is introduced at the user level to provide a tracing method for users by utilizing the linkability of the signature. The two signature structures are reasonably embedded in a user private key to support two-layer white-box tracing at both domains and intradomain users. The proposed scheme supports any monotone access structures and has full security against chosen plaintext attack in the standard model. Compared with related schemes, the asymptotic communication cost and the asymptotic computation cost of the proposed scheme are relatively low. These advantages make the proposed scheme more practical for solving the user tracing problem in multi-domain environment.
Highlights
With the rise of cloud technology, more and more enterprises, organizations, and project teams tend to outsource data to the cloud, which facilitates the data sharing among users
(3) KeyGen → SK : The algorithm takes as input the public parameter pp, the master secret key msk, a linkable ring signature σ of a user, and an domain attribute set S shared by the user, and outputs a user private key SK
WORK In order to address the problem of malicious user tracing in multi-domain environment, a ciphertext-policy attribute-based encryption (CP-attribute-based encryption (ABE)) scheme that supports both white-box tracing for domains and intradomain users is proposed in this paper
Summary
With the rise of cloud technology, more and more enterprises, organizations, and project teams tend to outsource data to the cloud, which facilitates the data sharing among users. Conventional CP-ABE schemes can implement data sharing among working groups, but the decryption key generation of them bases on the attributes of each individual user. The main work of this paper is to construct a white-box traceable CP-ABE scheme supporting two-layer tracing in multi-domain environment. (1) Setup (κ, U ) → (pp, msk) : The algorithm takes as input a security parameter κ and a domain attribute universe U , and outputs a public parameter pp and a master secret key msk It initializes the domain tracking table AT and every user tracing table DT. (3) KeyGen (pp, msk, σ, S) → SK : The algorithm takes as input the public parameter pp, the master secret key msk, a linkable ring signature σ of a user, and an domain attribute set S shared by the user, and outputs a user private key SK. Definition 4: The traceability for domains of our scheme holds if all polynomial time attackers win the above traceability game with at most negligible advantage
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
