Cloud computing security: Difference between revisions

Ciphertext-policy ABE (CP-ABE) is a type of public-key encryption. In the CP-ABE, the encryptor controls the access strategy. The main research work of CP-ABE is focused on the design of the access structure. A Ciphertext-policy attribute-based encryption scheme consists of four algorithms: Setup, Encrypt, KeyGen, and Decrypt.<ref>{{cite conference |last1=Bethencourt |first1=John |last2=Sahai |first2=Amit |last3=Waters |first3=Brent |title=2007 IEEE Symposium on Security and Privacy (SP '07) |chapter=Ciphertext-Policy Attribute-Based Encryption |conference=2007 IEEE Symposium on Security and Privacy (SP '07) |date=May 2007 |pages=321–334 |doi=10.1109/SP.2007.11 |isbn=978-0-7695-2848-9 |s2cid=6282684 |chapter-url=https://hal.archives-ouvertes.fr/hal-01788815/file/cp-abe.pdf }}</ref> The Setup algorithm takes security parameters and an attribute universe description as input and outputs public parameters and a master key. The encryption algorithm takes data as input. It then encrypts it to produce ciphertext that only a user that possesses a set of attributes that satisfies the access structure will decrypt the message. The KeyGen algorithm then takes the master key and the user's attributes to develop a private key. Finally, the Decrypt algorithm takes the public parameters, the ciphertext, the private key, and user attributes as input. With this information, the algorithm first checks if the users’ attributes satisfy the access structure and then decrypts the ciphertext to return the data.

Key-policy Attribute-Based Encryption, or KP-ABE, is an important type of [[Attribute-based encryption|Attribute-Based Encryption]]. KP-ABE allows senders to encrypt their messages under a set of attributes, much like any Attribute Based Encryption system. For each encryption, private user keys are then generated which contain decryption algorithms for deciphering the message and these private user keys grant users access to specific messages that they correspond to. In a KP-ABE system, [[ciphertext]]s, or the encrypted messages, are tagged by the creators with a set of attributes, while the user's private keys are issued that specify which type of ciphertexts the key can decrypt.<ref>{{cite journal |last1=Wang |first1=Changji |last2=Luo |first2=Jianfa |title=An Efficient Key-Policy Attribute-Based Encryption Scheme with Constant Ciphertext Length |journal=Mathematical Problems in Engineering |date=2013 |volume=2013 |pages=1–7 |doi=10.1155/2013/810969 |s2cid=55470802 |doi-access=free }}</ref> The private keys control which ciphertexts a user is able to decrypt.<ref>{{cite book |last1=Wang |first1=Chang-Ji |last2=Luo |first2=Jian-Fa |title=2012 Eighth International Conference on Computational Intelligence and Security |chapter=A Key-policy Attribute-based Encryption Scheme with Constant Size Ciphertext |date=November 2012 |pages=447–451 |doi=10.1109/CIS.2012.106 |isbn=978-1-4673-4725-9 |s2cid=1116590 }}</ref> In KP-ABE, the attribute sets are used to describe the encrypted texts and the private keys are associated to the specified policy that users will have for the decryption of the ciphertexts. A drawback to KP-ABE is that in KP-ABE the encryptor does not control who has access to the encrypted data, except through descriptive attributes, which creates a reliance on the key-issuer granting and denying access to users. Hence, the creation of other ABE systems such as Ciphertext-Policy Attribute-Based Encryption.<ref>{{cite conference |last1=Bethencourt |first1=John |last2=Sahai |first2=Amit |last3=Waters |first3=Brent |title=2007 IEEE Symposium on Security and Privacy (SP '07) |chapter=Ciphertext-Policy Attribute-Based Encryption |conference=2007 IEEE Symposium on Security and Privacy (SP '07) |date=May 2007 |pages=321–334 |doi=10.1109/SP.2007.11 |isbn=978-0-7695-2848-9 |s2cid=6282684 |chapter-url=https://hal.archives-ouvertes.fr/hal-01788815/file/cp-abe.pdf }}</ref>