Secure attribute-based systems

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Secure attribute-based systems

Full text

Pdf (1.13 MB)

Source

Conference on Computer and Communications Security archive
Proceedings of the 13th ACM conference on Computer and communications security table of contents

Alexandria, Virginia, USA

SESSION: Data protection table of contents

Pages: 99 - 112

Year of Publication: 2006

ISBN:1-59593-518-5

Authors

Matthew Pirretti	Pennsylvania State University, University Park, PA
Patrick Traynor	Pennsylvania State University, University Park, PA
Patrick McDaniel	Pennsylvania State University, University Park, PA
Brent Waters	SRI International, Menlo Park, CA

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control
ACM: Association for Computing Machinery

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 20, Downloads (12 Months): 178, Citation Count: 9

Additional Information:

abstract references cited by index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1180405.1180419 What is a DOI?

ABSTRACT

Attributes define, classify, or annotate the datum to which they are assigned. However, traditional attribute architectures and cryptosystems are ill-equipped to provide security in the face of diverse access requirements and environments. In this paper, we introduce a novel secure information management architecture based on emerging attribute-based encryption (ABE) primitives. A policy system that meets the needs of complex policies is defined and illustrated. Based on the needs of those policies, we propose cryptographic optimizations that vastly improve enforcement efficiency. We further explore the use of such policies in two example applications: a HIPAA compliant distributed file system and a social network. A performance analysis of our ABE system and example applications demonstrates the ability to reduce cryptographic costs by as much as 98% over previously proposed constructions. Through this, we demonstrate that our attribute system is an efficient solution for securely managing information in large, loosely-coupled, distributed systems.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Friendster. http://www.friendster.com, 2006.
	2	The human genome project. http://www.ornl.gov/sci/techresources/Human_Genome/home.shtml, 2006.
	3	The OpenSSL project. http://www.openssl.org, 2006.
	4	Mihir Bellare , Phillip Rogaway, Random oracles are practical: a paradigm for designing efficient protocols, Proceedings of the 1st ACM conference on Computer and communications security, p.62-73, November 03-05, 1993, Fairfax, Virginia, United States [doi>10.1145/168588.168596]
	5	Dan Boneh , Matthew K. Franklin, Identity-Based Encryption from the Weil Pairing, Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology, p.213-229, August 19-23, 2001
	6	M. Bowman, C. Dharap, M. Baruah, B. Camargo, and S. Potti. A file system for information management. In Proceedings of the ISMM International Conference on Intelligent Information Management Systems, March 1994.
	7	R. Canetti, J. Garay, G. Itkis, D. Micciancio, M. Naor, and B. Pinkas. Multicast security: A taxonomy and some efficient constructions. In Proceedings of IEEE INFOCOM'99, 1999.
	8	Ran Canetti , Oded Goldreich , Shai Halevi, The random oracle methodology, revisited (preliminary version), Proceedings of the thirtieth annual ACM symposium on Theory of computing, p.209-218, May 24-26, 1998, Dallas, Texas, United States [doi>10.1145/276698.276741]
	9	Clifford Cocks, An Identity Based Encryption Scheme Based on Quadratic Residues, Proceedings of the 8th IMA International Conference on Cryptography and Coding, p.360-363, December 17-19, 2001
	10	Eric Cronin , Sugih Jamin , Tal Malkin , Patrick McDaniel, On the performance, feasibility, and use of forward-secure signatures, Proceedings of the 10th ACM conference on Computer and communications security, October 27-30, 2003, Washington D.C., USA [doi>10.1145/948109.948130]
	11	Dorothy E. Denning, A lattice model of secure information flow, Communications of the ACM, v.19 n.5, p.236-243, May 1976 [doi>10.1145/360051.360056]
	12	C. Ellison and B. Schneier. Ten Risks of PKI: What You're Not Being Told About Public i Key Infrastructure. Computer Security Journal, 16(1):1--7, 2000.
	13	David F. Ferraiolo , Ravi Sandhu , Serban Gavrila , D. Richard Kuhn , Ramaswamy Chandramouli, Proposed NIST standard for role-based access control, ACM Transactions on Information and System Security (TISSEC), v.4 n.3, p.224-274, August 2001 [doi>10.1145/501978.501980]
	14	Burra Gopal , Udi Manber, Integrating content-based access mechanisms with hierarchical file systems, Proceedings of the third symposium on Operating systems design and implementation, p.265-278, February 1999, New Orleans, Louisiana, United States
	15	T. Hardjono , B. Weis, The Multicast Group Security Architecture, RFC Editor, 2004
	16	D. R. Hardy and M. F. Schwartz. Essence: A resource discovery system based on semantic file indexing. In Proceedings of the USENIX Winter Conference, pages 361--374, Berkeley, CA, January 1993. USENIX Association.
	17	Frederick J. Hill , Gerald R. Peterson, Computer aided logical design with emphasis on VLSI (4th ed.), John Wiley & Sons, Inc., New York, NY, 1993
	18	B. Lampson. Protection. In Proceedings of the 5th Annual Princeton Conference on Information Sciences and Systems, pages 437--443, Princeton University, 1971.
	19	B. Lynn. PBC library. http://rooster.stanford.edu/ben/pbc/, 2006.
	20	P. McDaniel, A. Prakash, and P. Honeyman. A flexible framework for secure group communication. In USENIX Security Symposium, pages 99--114, 1999.
	21	Patrick McDaniel , Aviel D. Rubin, A Response to ''Can We Eliminate Certificate Revocation Lists?'', Proceedings of the 4th International Conference on Financial Cryptography, p.245-258, February 20-24, 2000
	22	A. J. Menezes, T. Okamoto, and S. A. Vanstone. Reducing elliptic curve logarithms to logarithms in a finite field. IEEE Transactions On Information Theory, 39(5):1639--1646, September 1993.
	23	A. Miyaji, M. Nakabayashi, and S. Takano. New explicit conditions of elliptic curve traces for FR-reduction. IEICE Transactions on Fundamentals, E84-A(5):1234--1243, 2001.
	24	M. Myers , R. Ankney , A. Malpani , S. Galperin , C. Adams, X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP, RFC Editor, 1999
	25	D. Nali, C. Adams, and A. Miri. Using threshold attribute-based encryption for practical biometric-based access control. 1(3):173--182, November 2005.
	26	A. Sahai and B. Waters. Fuzzy identity based encryption. In Eurocrypt 2005, 2005.
	27	Ravi S. Sandhu , Edward J. Coyne , Hal L. Feinstein , Charles E. Youman, Role-Based Access Control Models, Computer, v.29 n.2, p.38-47, February 1996 [doi>10.1109/2.485845]
	28	R. S. Sandhu and P. Samarati. Access control: Principles and practice. IEEE Communications Magazine, 32(9):40--48, 1994.
	29	Adi Shamir, How to share a secret, Communications of the ACM, v.22 n.11, p.612-613, Nov. 1979 [doi>10.1145/359168.359176]
	30	Adi Shamir, Identity-based cryptosystems and signature schemes, Proceedings of CRYPTO 84 on Advances in cryptology, p.47-53, August 1985, Santa Barbara, California, United States
	31	V. Shoup. Using hash functions as a hedge against chosen ciphertext attack. In EUROCRYPT, pages 275--288, 2000.
	32	United States Department of Health and Human Services. Health Insurance Portability and Accountability Act. http://aspe.hhs.gov/admnsimp/pl104191.htm, 1996.

CITED BY 9

	Vipul Goyal , Omkant Pandey , Amit Sahai , Brent Waters, Attribute-based encryption for fine-grained access control of encrypted data, Proceedings of the 13th ACM conference on Computer and communications security, October 30-November 03, 2006, Alexandria, Virginia, USA
	Joonsang Baek , Willy Susilo , Jianying Zhou, New constructions of fuzzy identity-based encryption, Proceedings of the 2nd ACM symposium on Information, computer and communications security, March 20-22, 2007, Singapore
	Jason Crampton , Hoon Wei Lim , Kenneth G. Paterson, What can identity-based cryptography offer to web services?, Proceedings of the 2007 ACM workshop on Secure web services, November 02-02, 2007, Fairfax, Virginia, USA
	Rafail Ostrovsky , Amit Sahai , Brent Waters, Attribute-based encryption with non-monotonic access structures, Proceedings of the 14th ACM conference on Computer and communications security, October 28-31, 2007, Alexandria, Virginia, USA
	Ling Cheung , Calvin Newport, Provably secure ciphertext policy ABE, Proceedings of the 14th ACM conference on Computer and communications security, October 28-31, 2007, Alexandria, Virginia, USA
	Alexandra Boldyreva , Vipul Goyal , Virendra Kumar, Identity-based encryption with efficient revocation, Proceedings of the 15th ACM conference on Computer and communications security, October 27-31, 2008, Alexandria, Virginia, USA
	Xiaohui Liang , Zhenfu Cao , Huang Lin , Jun Shao, Attribute based proxy re-encryption with delegating capabilities, Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, March 10-12, 2009, Sydney, Australia
	Randy Baden , Adam Bender , Neil Spring , Bobby Bhattacharjee , Daniel Starin, Persona: an online social network with user-defined privacy, ACM SIGCOMM Computer Communication Review, v.39 n.4, October 2009
	Dijiang Huang , Mayank Verma, ASPE: attribute-based secure policy enforcement in vehicular ad hoc networks, Ad Hoc Networks, v.7 n.8, p.1526-1535, November, 2009