Security and Privacy in Communication Networks. 5th International ICST Conference, SecureComm 2009, Athens, Greece, September 14-18, 2009, Revised Selected Papers

Research Article

Defending against Key Abuse Attacks in KP-ABE Enabled Broadcast Systems

Download167 downloads
  • @INPROCEEDINGS{10.1007/978-3-642-05284-2_18,
        author={Shucheng Yu and Kui Ren and Wenjing Lou and Jin Li},
        title={Defending against Key Abuse Attacks in KP-ABE Enabled Broadcast Systems},
        proceedings={Security and Privacy in Communication Networks. 5th International ICST Conference, SecureComm 2009, Athens, Greece, September 14-18, 2009, Revised Selected Papers},
        proceedings_a={SECURECOMM},
        year={2012},
        month={5},
        keywords={},
        doi={10.1007/978-3-642-05284-2_18}
    }
    
  • Shucheng Yu
    Kui Ren
    Wenjing Lou
    Jin Li
    Year: 2012
    Defending against Key Abuse Attacks in KP-ABE Enabled Broadcast Systems
    SECURECOMM
    Springer
    DOI: 10.1007/978-3-642-05284-2_18
Shucheng Yu1,*, Kui Ren2,*, Wenjing Lou1,*, Jin Li2,*
  • 1: Worcester Polytechnic Institute
  • 2: Illinois Institute of Technology
*Contact email: yscheng@wpi.edu, kren@ece.iit.edu, wjlou@ece.wpi.edu, jin.li@ece.iit.edu

Abstract

Key-Policy Attribute-Based Encryption (KP-ABE) is a promising cryptographic primitive which enables fine-grained access control over sensitive data. However, key abuse attacks in KP-ABE may impede its wide application especially in copyright-sensitive systems. To defend against this kind of attacks, this paper proposes a novel KP-ABE scheme which is able to disclose any illegal key distributor’s ID when key abuse is detected. In our scheme, each bit of user ID is defined as an attribute and the user secret key is associated with his unique ID. The tracing algorithm fulfills its task by tricking the pirate device into decrypting the ciphertext associated with the corresponding bits of his ID. Our proposed scheme has the salient property of tracing, i.e., it traces back to the illegal key distributor’s ID only by observing the pirate device’s outputs on certain inputs. In addition, it does not require the pirate device’s secret keys to be as compared to some previous work. Our proposed scheme is provably secure under the Decisional Bilinear Diffie-Hellman (DBDH) assumption and the Decisional Linear (DL) assumption.