hh.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Attribute-based encryption with enforceable obligations
University of Oslo, Oslo, Norway.ORCID iD: 0000-0003-3885-7408
Halmstad University, School of Information Technology. Chalmers University of Technology, Gothenburg, Sweden.ORCID iD: 0000-0002-0303-3858
Norwegian University of Science And Technology, Trondheim, Norway.ORCID iD: 0000-0002-1525-0307
University of Gothenburg, Gothenburg, Sweden.
2023 (English)In: Journal of Cryptographic Engineering, ISSN 2190-8516, Vol. 13, no 3, p. 343-371Article in journal (Refereed) Published
Abstract [en]

Attribute-based encryption (ABE) is a cryptographic mechanism that provides fine-grained access control to encrypted data, which can thus be stored in, e.g., public clouds. However, ABE schemes lack the notion of obligations, which is common in attribute-based access control systems such as eXtensible Access Control Markup Language and Usage Control. Obligations are used to define and enforce extra constraints that happen before approving or denying an access request. In this paper, we propose OB-ABE, a system for extending any classical ABE with enforceable obligations. Our system architecture has as core component trusted hardware enclaves, implemented with SGX, used for enforcing obligations. We employ ProVerif to formally model OB-ABE and verify its main property called “enforceable obligations,” i.e., if a message is encrypted along with an obligation, then the message can be decrypted only after enforcing the attached obligation. OB-ABE has two more properties: (i) OB-ABE is a “conservative extension” of the underlying ABE scheme, preserving its security properties; (ii) OB-ABE is “backward compatible” in the sense that any ciphertext produced by an ABE scheme can be decrypted by its extended OB-ABE version, and moreover, a ciphertext produced by an OB-ABE scheme can be decrypted by its underlying ABE scheme provided that the ciphertext does not have obligations attached. We also implement in C using Intel SGX a prototype of an OB-ABE extending the well-known ciphertext-policy ABE. © 2023, The Author(s), under exclusive licence to Springer-Verlag GmbH Germany, part of Springer Nature.

Place, publisher, year, edition, pages
Heidelberg: Springer, 2023. Vol. 13, no 3, p. 343-371
Keywords [en]
Attribute-based encryption, Enforceable obligations, Intel SGX, Security, Trusted hardware enclaves
National Category
Computer Systems
Identifiers
URN: urn:nbn:se:hh:diva-51967DOI: 10.1007/s13389-023-00317-1ISI: 000978486800001Scopus ID: 2-s2.0-85153764879OAI: oai:DiVA.org:hh-51967DiVA, id: diva2:1811515
Funder
Swedish Foundation for Strategic ResearchSwedish Research CouncilAvailable from: 2023-11-13 Created: 2023-11-13 Last updated: 2023-11-28Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full textScopus

Authority records

Picazo-Sanchez, Pablo

Search in DiVA

By author/editor
Arshad, HamedPicazo-Sanchez, PabloJohansen, Christian
By organisation
School of Information Technology
Computer Systems

Search outside of DiVA

GoogleGoogle Scholar

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 34 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf