Information Technology Reference
In-Depth Information
sender has the access policy built into it. The receiver has attributes, and its
secret keys are constructed using the attributes it has. A receiver can decrypt
messages if its set of attributes satisfies the access policy of the sender.
The access policies in these protocols are monotonic access structures that
have AND, OR, or general
t
-out-of-
n
threshold structures. Nonmonotonic
access structures have been studied by Ostrovsky et al. [27].
We discuss the CP-ABE technique because it has been largely used for
access control in clouds.
3.3.2 Ciphertext-Policy Attribute-Based Encryption
The CP-ABE consists of the following algorithms: setup, which initializes the
public key
PK
and master secret key
MK
parameters; encrypt, which encrypts
the message
M
using the public parameters
PK
and the access policy A and
outputs a ciphertext
CT
; key generation, which generates the secret key
SK
of the users using the master secret key
MK
and a set of attributes
S
that
describe the key. The decrypt algorithm takes as input the public param-
eters
PK
and a ciphertext
CT
, which contains an access policy A. If the set of
attributes satisfies the access policy, then the decrypt algorithm returns the
message
M
. The access policy is represented as an access tree, with attributes
at the leaves and AND, OR, and
t
-out-of-
n
threshold gates at the intermedi-
ate nodes. Note that AND and OR are special cases of threshold structures
where
t
=
n
and
t
= 1, respectively.
The details of the protocol are as follows:
Setup
: This algorithm chooses a bilinear group
G
of prime order
p
and
generator
g
. Let α, ∈
p
be chosen at random. A hash function
H
(.)
is defined as
H
: {0, 1}* →
G
, which maps binary strings to elements
of
G
. The public key is given by
(
)
(
)
α
β
PK
=
Gghgegg
,,
=
,
,
.
The master key is given by
MK
= (β,
g
α
).
Encrypt
(
PK
,
M
,A): The encryption algorithm takes as input the mes-
sage
M
, the public key
PK,
and the access policy A and returns
the ciphertext
CT
. The algorithm chooses a polynomial
P
x
for each
node
x
in the tree. The degree of the root node
R
is set to
k
R
− 1,
where
k
R
is the threshold of the root. For any node, the degree of
the polynomial is
d
x
=
k
x
− 1, where
k
x
is the threshold of the node.
The polynomial
P
R
(0) =
s
, where
s
is randomly chosen in
p
. For
each node
x
,
P
x
(0) =
P
parent
(
x
)
(
index
(
x
)), where
parent
(
x
) is the parent
of
x
. All other coefficients of the polynomial are chosen at random
from
p
.
Search WWH ::
Custom Search