Abstract
Verifying security of advanced cryptographic primitives such as attribute-based encryption (ABE) is often difficult. In this work, we show how to break eleven schemes: two single-authority and nine multi-authority (MA) ABE schemes. Notably, we break DAC-MACS, a highly-cited multi-authority scheme, published at TIFS. This suggests that, indeed, verifying security of complex schemes is complicated, and may require simpler tools. The multi-authority attacks also illustrate that mistakes are made in transforming single-authority schemes into multi-authority ones. To simplify verifying security, we systematize our methods to a linear approach to analyzing generic security of ABE. Our approach is not only useful in analyzing existing schemes, but can also be applied during the design and reviewing of new schemes. As such, it can prevent the employment of insecure (MA-)ABE schemes in the future.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Agrawal, S., Chase, M.: Simplifying design and analysis of complex predicate encryption schemes. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10210, pp. 627–656. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-56620-7_22
Ambrona, M., Barthe, G., Gay, R., Wee, H.: Attribute-based encryption in the generic group model: automated proofs and new constructions. In: CCS, pp. 647–664. ACM (2017)
Attrapadung, N.: Dual system encryption via doubly selective security: framework, fully secure functional encryption for regular languages, and more. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 557–577. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-55220-5_31
Beimel, A.: Secure schemes for secret sharing and key distribution (1996)
Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: S&P, pp. 321–334. IEEE (2007)
Boneh, D., Boyen, X., Goh, E.-J.: Hierarchical identity based encryption with constant size ciphertext. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 440–456. Springer, Heidelberg (2005). https://doi.org/10.1007/11426639_26
Boyen, X.: The uber-assumption family. In: Galbraith, S.D., Paterson, K.G. (eds.) Pairing 2008. LNCS, vol. 5209, pp. 39–56. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-85538-5_3
Chase, M.: Multi-authority attribute based encryption. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 515–534. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-70936-7_28
Chaudhari, P., Das, M.L., Mathuria, A.: On anonymous attribute based encryption. In: Jajodia, S., Mazumdar, C. (eds.) ICISS 2015. LNCS, vol. 9478, pp. 378–392. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-26961-0_23
Chen, J., Ma, H.: Efficient decentralized attribute-based access control for cloud storage with user revocation. In: ICC, pp. 3782–3787. IEEE (2014)
Ge, A., Zhang, J., Zhang, R., Ma, C., Zhang, Z.: Security analysis of a privacy-preserving decentralized key-policy attribute-based encryption scheme. IEEE TPDS 24(11), 2319–2321 (2013)
Han, J., Susilo, W., Mu, Y., Yan, J.: Privacy-preserving decentralized key-policy attribute-based encryption. IEEE TPDS 23(11), 2150–2162 (2012)
Han, J., Susilo, W., Mu, Y., Zhou, J., Au, M.H.: PPDCP-ABE: privacy-preserving decentralized ciphertext-policy attribute-based encryption. In: Kutyłowski, M., Vaidya, J. (eds.) ESORICS 2014. LNCS, vol. 8713, pp. 73–90. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11212-1_5
Han, J., Susilo, W., Mu, Y., Zhou, J., Au, M.H.A.: Improving privacy and security in decentralized ciphertext-policy attribute-based encryption. IEEE TIFS 10(3), 665–678 (2015)
Hong, J., Xue, K., Li, W.: Comments on DAC-MACS: Effective data access control for multiauthority cloud storage systems/security analysis of attribute revocation in multiauthority data access control for cloud storage systems. IEEE TIFS 10(6), 1315–1317 (2015)
Jung, T., Li, X.Y., Wan, Z., Wan, M.: Privacy preserving cloud data access with multi-authorities. In: INFOCOM, pp. 2625–2633. IEEE (2013)
Jung, T., Li, X.Y., Wan, Z., Wan, M.: Control cloud data access privilege and anonymity with fully anonymous attribute-based encryption. IEEE TIFS 10(1), 190–199 (2015)
Jung, T., Li, X.Y., Wan, Z., Wan, M.: Rebuttal to Comments on Control cloud data access privilege and anonymity with fully anonymous attribute-based encryption. IEEE TIFS 10(4), 868 (2016)
Lewko, A., Waters, B.: Decentralizing attribute-based encryption. In: EUROCRYPT. pp. 568–588. Springer (2011)
Li, J., Huang, Q., Chen, X., Chow, S.S.M., Wong, D.S., **e, D.: Multi-authority ciphertext-policy attribute-based encryption with accountability. In: AsiaCCS, pp. 386–390. ACM (2011)
Li, J., Ren, K., Zhu, B., Wan, Z.: Privacy-aware attribute-based encryption with user accountability. In: Samarati, P., Yung, M., Martinelli, F., Ardagna, C.A. (eds.) ISC 2009. LNCS, vol. 5735, pp. 347–362. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-04474-8_28
Li, W., Xue, K., Xue, Y., Hong, J.: TMACS: a robust and verifiable threshold multi-authority access control system in public cloud storage. IEEE TPDS 27(5), 1484–1496 (2016)
Ma, C., Ge, A., Zhang, J.: Fully secure decentralized ciphertext-policy attribute-based encryption in standard model. In: Guo, F., Huang, X., Yung, M. (eds.) Inscrypt 2018. LNCS, vol. 11449, pp. 427–447. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-14234-6_23
Ma, H., Zhang, R., Yuan, W.: Comments on Control cloud data access privilege and anonymity with fully anonymous attribute-based encryption. IEEE TIFS 11(4), 866–867 (2016)
Malluhi, Q.M., Shikfa, A., Trinh, V.C.: Ciphertext-policy attribute-based encryption scheme with optimized ciphertext size and fast decryption. In: AsiaCCS, pp. 230–240. ACM (2017)
Ning, J., Dong, X., Cao, Z., Wei, L.: Accountable authority ciphertext-policy attribute-based encryption with white-box traceability and public auditing in the cloud. In: ESORICS. pp. 270–289. Springer (2015)
Pussewalage, H.S.G., Oleshchuk, V.A.: A distributed multi-authority attribute based encryption scheme for secure sharing of personal health records. In: SACMAT, pp. 255–262. ACM (2017)
Qian, H., Li, J., Zhang, Y.: Privacy-preserving decentralized ciphertext-policy attribute-based encryption with fully hidden access structure. In: Qing, S., Zhou, J., Liu, D. (eds.) ICICS 2013. LNCS, vol. 8233, pp. 363–372. Springer, Cham (2013). https://doi.org/10.1007/978-3-319-02726-5_26
Qian, H., Li, J., Zhang, Y., Han, J.: Privacy-preserving personal health record using multi-authority attribute-based encryption with revocation. Int. J. Inf. Security 14(6), 487–497 (2014). https://doi.org/10.1007/s10207-014-0270-9
Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 457–473. Springer, Heidelberg (2005). https://doi.org/10.1007/11426639_27
Venema, M., Alpár, G.: A bunch of broken schemes: A simple yet powerful linear approach to analyzing security of attribute-based encryption. Cryptology ePrint Archive, Report 2020/460 (2020)
Wang, M., Zhang, Z., Chen, C.: Security analysis of a privacy-preserving decentralized ciphertext-policy attribute-based encryption scheme. Concurrency and Computation 28(4), 1237–1245 (2015)
Waters, B.: Ciphertext-policy attribute-based encryption: an expressive, efficient, and provably secure realization. In: Catalano, D., Fazio, N., Gennaro, R., Nicolosi, A. (eds.) PKC 2011. LNCS, vol. 6571, pp. 53–70. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-19379-8_4
Wee, H.: Dual system encryption via predicate encodings. In: Lindell, Y. (ed.) TCC 2014. LNCS, vol. 8349, pp. 616–637. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-54242-8_26
Wu, X., Jiang, R., Bhargava, B.: On the security of data access control for multiauthority cloud storage systems. IEEE Trans. Serv. Comput. 10(2), 258–272 (2017)
Xhafa, F., Feng, J., Zhang, Y., Chen, X., Li, J.: Privacy-aware attribute-based phr sharing with user accountability in cloud computing. J. Supercomput. 71, 1607–1619 (2014)
Yang, K., Jia, X.: Attribute-based access control for multi-authority systems in cloud storage. In: IEEE Distributed Computing Systems, pp. 536–545. IEEE Computer Society (2012)
Yang, K., Jia, X.: Expressive, efficient, and revocable data access control for multi-authority cloud storage. IEEE TPDS 25(7), 1735–1744 (2014)
Yang, K., Jia, X., Ren, K., Zhang, B.: DAC-MACS: effective data access control for multiauthority cloud storage systems. In: INFOCOM, pp. 2895–2903. IEEE (2013)
Yang, K., Jia, X., Ren, K., Zhang, B., **e, R.: DAC-MACS: effective data access control for multiauthority cloud storage systems. IEEE TIFS 8(11), 1790–1801 (2013)
Zhang, Y., Chen, X., Li, J., Wong, D., Li, H.: Anonymous attribute-based encryption supporting efficient decryption test. In: AsiaCCS, pp. 511–516. ACM (2013)
Zhou, Z., Huang, D.: On efficient ciphertext-policy attribute based encryption and broadcast encryption. In: CCS (poster), pp. 753–755. ACM (2010)
Zhou, Z., Huang, D.: On efficient ciphertext-policy attribute based encryption and broadcast encryption. Cryptology ePrint Archive, Report 2010/395 (2010)
Zhou, Z., Huang, D., Wang, Z.: Efficient privacy-preserving ciphertext-policy attribute based-encryption and broadcast encryption. IEEE Trans. Comput. 64(1), 126–138 (2015)
Acknowledgments
The authors would like to thank the anonymous reviewers for their helpful comments and suggestions.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Venema, M., Alpár, G. (2021). A Bunch of Broken Schemes: A Simple yet Powerful Linear Approach to Analyzing Security of Attribute-Based Encryption. In: Paterson, K.G. (eds) Topics in Cryptology – CT-RSA 2021. CT-RSA 2021. Lecture Notes in Computer Science(), vol 12704. Springer, Cham. https://doi.org/10.1007/978-3-030-75539-3_5
Download citation
DOI: https://doi.org/10.1007/978-3-030-75539-3_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-75538-6
Online ISBN: 978-3-030-75539-3
eBook Packages: Computer ScienceComputer Science (R0)