Security Weaknesses of an "Anonymous Attribute Based Encryption" appeared in ASIACCS'13
نویسندگان
چکیده
Attribute-based Encryption (ABE) has found enormous application in fine-grained access control of shared data, particularly in public cloud. In 2013, Zhang et al proposed a scheme called match-then-decrypt [1], where before running the decryption algorithm the user requires to perform a match operation with attribute(s) that provides the required information to identify whether a particular user is the intended recipient for the ciphertext. As in [1], the match-then-decrypt operation saves the computational cost at the receiver and the scheme supports receivers’ anonymity. In this paper, we show that Zhang et al ’s scheme [1] does not support receivers’ anonymity. Any legitimate user or an adversary can successfully check whether an attribute is required in the matching phase, in turn, can reveal the receivers’ identity from the attribute.
منابع مشابه
DoS-Resistant Attribute-Based Encryption in Mobile Cloud Computing with Revocation
Security and privacy are very important challenges for outsourced private data over cloud storages. By taking Attribute-Based Encryption (ABE) for Access Control (AC) purpose we use fine-grained AC over cloud storage. In this paper, we extend previous Ciphertext Policy ABE (CP-ABE) schemes especially for mobile and resource-constrained devices in a cloud computing environment in two aspects, a ...
متن کاملUser Revocation Based Anonymous Access Provision for Efficient Cloud User Privacy
Cloud computing is a recent technology provides a flexible, on-demand and low cost feature of computing resources. The Main issue in Cloud Computing is user identity privacy and data content privacy. The User Privacy in Cloud Computing is achieved by various data access control Schemes. Existing Fully Anonymous Access control scheme with decentralized attribute authority provides data content p...
متن کاملAttribute-based Access Control for Cloud-based Electronic Health Record (EHR) Systems
Electronic health record (EHR) system facilitates integrating patients' medical information and improves service productivity. However, user access to patient data in a privacy-preserving manner is still challenging problem. Many studies concerned with security and privacy in EHR systems. Rezaeibagha and Mu [1] have proposed a hybrid architecture for privacy-preserving accessing patient records...
متن کاملCryptanalysis and improvements of an anonymous multi-receiver identity-based encryption scheme
In 2010, Fan et al. presented an anonymous multi-receiver identity-based encryption scheme where they adopt Lagrange interpolating polynomial mechanism. They showed that their scheme makes it impossible for an attacker or any other message receiver to derive the identity of a message receiver such that the privacy of every receiver can be guaranteed. They also formally showed that every receive...
متن کاملAn Attribute-Based Anonymous Broadcast Encryption Scheme with Adaptive Security in the Standard Model
In broadcast encryption schemes, a distribution center broadcasts an encrypted message to a subset S chosen from a universe of receivers and only the intended users are able to decrypt the message. Most broadcast encryption schemes do not provide anonymity and the identities of target receivers are sent in plaintext. However, in several applications, the authorized users’ identities has the sam...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2014 شماره
صفحات -
تاریخ انتشار 2014