Show simple item record

dc.contributor.authorArshad, Hamed
dc.contributor.authorPicazo Sanchez, Pablo
dc.contributor.authorJohansen, Christian
dc.contributor.authorSchneider, Gerardo
dc.date.accessioned2024-02-13T08:01:56Z
dc.date.available2024-02-13T08:01:56Z
dc.date.created2023-05-15T14:46:45Z
dc.date.issued2023
dc.identifier.citationJournal of Cryptographic Engineering (JCEN). 2023, .en_US
dc.identifier.issn2190-8508
dc.identifier.urihttps://hdl.handle.net/11250/3117117
dc.description.abstractAttribute-based encryption (ABE) is a cryptographic mechanism that provides fine-grained access control to encrypted data, which can thus be stored in, e.g., public clouds. However, ABE schemes lack the notion of obligations, which is common in attribute-based access control systems such as eXtensible Access Control Markup Language and Usage Control. Obligations are used to define and enforce extra constraints that happen before approving or denying an access request. In this paper, we propose OB-ABE, a system for extending any classical ABE with enforceable obligations. Our system architecture has as core component trusted hardware enclaves, implemented with SGX, used for enforcing obligations. We employ ProVerif to formally model OB-ABE and verify its main property called “enforceable obligations,” i.e., if a message is encrypted along with an obligation, then the message can be decrypted only after enforcing the attached obligation. OB-ABE has two more properties: (i) OB-ABE is a “conservative extension” of the underlying ABE scheme, preserving its security properties; (ii) OB-ABE is “backward compatible” in the sense that any ciphertext produced by an ABE scheme can be decrypted by its extended OB-ABE version, and moreover, a ciphertext produced by an OB-ABE scheme can be decrypted by its underlying ABE scheme provided that the ciphertext does not have obligations attached. We also implement in C using Intel SGX a prototype of an OB-ABE extending the well-known ciphertext-policy ABE.en_US
dc.language.isoengen_US
dc.publisherSpringeren_US
dc.titleAttribute-based encryption with enforceable obligationsen_US
dc.title.alternativeAttribute-based encryption with enforceable obligationsen_US
dc.typePeer revieweden_US
dc.typeJournal articleen_US
dc.description.versionpublishedVersionen_US
dc.source.pagenumber0en_US
dc.source.journalJournal of Cryptographic Engineering (JCEN)en_US
dc.identifier.doi10.1007/s13389-023-00317-1
dc.identifier.cristin2147628
cristin.ispublishedtrue
cristin.fulltextpostprint
cristin.qualitycode1


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record