Attribute-based encryption(ABE)is a cryptographic framework that provides flexible access control by allowing encryption based on user attributes.ABE is widely applied in cloud storage,file sharing,e-Health,and digita...Attribute-based encryption(ABE)is a cryptographic framework that provides flexible access control by allowing encryption based on user attributes.ABE is widely applied in cloud storage,file sharing,e-Health,and digital rightsmanagement.ABE schemes rely on hard cryptographic assumptions such as pairings and others(pairingfree)to ensure their security against external and internal attacks.Internal attacks are carried out by authorized users who misuse their access to compromise security with potentially malicious intent.One common internal attack is the attribute collusion attack,in which users with different attribute keys collaborate to decrypt data they could not individually access.This paper focuses on the ciphertext-policy ABE(CP-ABE),a type of ABE where ciphertexts are produced with access policies.Our firstwork is to carry out the attribute collusion attack against several existing pairingfree CP-ABE schemes.As a main contribution,we introduce a novel attack,termed the anonymous key-leakage attack,concerning the context in which users could anonymously publish their secret keys associated with certain attributes on public platforms without the risk of detection.This kind of internal attack has not been defined or investigated in the literature.We then show that several prominent pairing-based CP-ABE schemes are vulnerable to this attack.We believe that this work will contribute to helping the community evaluate suitable CP-ABE schemes for secure deployment in real-life applications.展开更多
文摘Attribute-based encryption(ABE)is a cryptographic framework that provides flexible access control by allowing encryption based on user attributes.ABE is widely applied in cloud storage,file sharing,e-Health,and digital rightsmanagement.ABE schemes rely on hard cryptographic assumptions such as pairings and others(pairingfree)to ensure their security against external and internal attacks.Internal attacks are carried out by authorized users who misuse their access to compromise security with potentially malicious intent.One common internal attack is the attribute collusion attack,in which users with different attribute keys collaborate to decrypt data they could not individually access.This paper focuses on the ciphertext-policy ABE(CP-ABE),a type of ABE where ciphertexts are produced with access policies.Our firstwork is to carry out the attribute collusion attack against several existing pairingfree CP-ABE schemes.As a main contribution,we introduce a novel attack,termed the anonymous key-leakage attack,concerning the context in which users could anonymously publish their secret keys associated with certain attributes on public platforms without the risk of detection.This kind of internal attack has not been defined or investigated in the literature.We then show that several prominent pairing-based CP-ABE schemes are vulnerable to this attack.We believe that this work will contribute to helping the community evaluate suitable CP-ABE schemes for secure deployment in real-life applications.
