Abstract
Attribute-based encryption is a one-to-many, fine-grained access control mechanism, which is suitable for the modern data sharing model in clouds. To reduce the computation overhead, several attribute-based encryption schemes based elliptic curve cryptography have been proposed in the literatures. However, most of these schemes are not secure. In this manuscript, we review on the pairing-free ciphertext-policy attribute-based encryption proposed by Sowjanya et al. in 2021, and give the cryptanalysis on their scheme. More precisely, we demonstrate an attack method to their scheme, which allows a third party, called decryption server in their scheme, to generate private key of any chosen attribute set. Thus, by applying our attack, the decryption server is able to decrypt any ciphertext.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Boneh, D., Franklin, M.: Identity-based encryption from the weil pairing. In: Kilian, J. (ed.) Advances in Cryptology—CRYPTO 2001, pp. 213–229. Springer, Berlin, Heidelberg (2001)
Boyen, X.: Attribute-based functional encryption on lattices. In: Sahai, A. (ed.) Theory of Cryptography, pp. 122–142. Springer, Berlin, Heidelberg (2013)
Challagidad, P.S., Birje, M.N.: Efficient multi-authority access control using attribute-based encryption in cloud storage. Proc. Comput. Sci. 167, 840–849 (2020). https://doi.org/10.1016/j.procs.2020.03.423, https://www.sciencedirect.com/science/article/pii/S1877050920308899, International Conference on Computational Intelligence and Data Science
Cheng, R., Wu, K., Su, Y., Li, W., Cui, W., Tong, J.: An efficient ECC-based CP-ABE scheme for power IoT. Processes 9(7) (2021). https://doi.org/10.3390/pr9071176, https://www.mdpi.com/2227-9717/9/7/1176
Ding, S., Li, C., Li, H.: A novel efficient pairing-free CP-ABE based on elliptic curve cryptography for IoT. IEEE Access 6, 27336–27345 (2018). https://doi.org/10.1109/ACCESS.2018.2836350
ElGamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. In: Blakley, G.R., Chaum, D. (eds.) Advances in Cryptology, pp. 10–18. Springer, Berlin, Heidelberg (1985)
Ge, C., Susilo, W., Baek, J., Liu, Z., Xia, J., Fang, L.: Revocable attribute-based encryption with data integrity in clouds. IEEE Trans. Depend. Secure Comput. 1–1 (2021). https://doi.org/10.1109/TDSC.2021.3065999
Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of the ACM Conference on Computer and Communications Security, pp. 89–98 (2006). https://doi.org/10.1145/1180405.1180418
Herranz, J.: Attribute-based encryption implies identity-based encryption. IET Inf. Secur. 11(6), 332–337 (2017)
Hur, J.: Improving security and efficiency in attribute-based data sharing. IEEE Trans. Knowl. Data Eng. 25(10), 2271–2282 (2013). https://doi.org/10.1109/TKDE.2011.78
Karati, A., Amin, R., Biswas, G.P.: Provably secure threshold-based abe scheme without bilinear map. Arab. J. Sci. Eng. 41, 3201–3213 (2016)
Khandla, D., Shahy, H., Bz, M.K., Pais, A.R., Raj, N.: Expressive CP-ABE scheme satisfying constant-size keys and ciphertexts. Cryptology ePrint Archive, Report 2019/1257 (2019), https://ia.cr/2019/1257
Liu, S., Yu, J., Xiao, Y., Wan, Z., Wang, S., Yan, B.: BC-SABE: Blockchain-aided searchable attribute-based encryption for cloud-Iot. IEEE Internet Things J. 7(9), 7851–7867 (2020). https://doi.org/10.1109/JIOT.2020.2993231
Odelu, V., Das, A.K., Khurram Khan, M., Choo, K.R., Jo, M.: Expressive CP-ABE scheme for mobile devices in IoT satisfying constant-size keys and ciphertexts. IEEE Access 5, 3273–3283 (2017)
Odelu, V., Das, A.K.: Design of a new cp-abe with constant-size secret keys for lightweight devices using elliptic curve cryptography. Secur. Commun. Netw. 9(17), 4048–4059 (2016)
Premkamal, P.K., Pasupuleti, S.K., Alphonse, P.J.A.: Dynamic traceable CP-ABE with revocation for outsourced big data in cloud storage. Int. J. Commun. Syst. 34 (2021)
Rivest, R.L., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2), 120–126 (1978)
Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Cramer, R. (ed.) Advances in Cryptology—EUROCRYPT 2005, pp. 457–473. Springer, Berlin, Heidelberg (2005)
Sowjanya, K., Dasgupta, M., Ray, S.: A lightweight key management scheme for key-escrow-free ecc-based CP-ABE for IoT healthcare systems. J. Syst. Architect. 117, 102108 (2021)
Sowjanya, K., Dasgupta, M., Ray, S., Obaidat, M.S.: An efficient elliptic curve cryptography-based without pairing KPABE for internet of things. IEEE Syst. J. 14(2), 2154–2163 (2020). https://doi.org/10.1109/JSYST.2019.2944240
Tan, S.Y., Yeow, K.W., Hwang, S.O.: Enhancement of a lightweight attribute-based encryption scheme for the internet of things. IEEE Internet Things J. 6(4), 6384–6395 (2019). https://doi.org/10.1109/JIOT.2019.2900631
Wang, G., Liu, Z., Gu, D.: Ciphertext policy attribute-based encryption for circuits from LWE assumption. In: Zhou, J., Luo, X., Shen, Q., Xu, Z. (eds.) Information and Communications Security, pp. 378–396. Springer International Publishing, Cham (2020)
Wang, Y., Chen, B., Li, L., Ma, Q., Li, H., He, D.: Efficient and secure ciphertext-policy attribute-based encryption without pairing for cloud-assisted smart grid. IEEE Access 8, 40704–40713 (2020). https://doi.org/10.1109/ACCESS.2020.2976746
Xu, S., Yuan, J., Xu, G., Li, Y., Liu, X., Zhang, Y., Ying, Z.: Efficient ciphertext-policy attribute-based encryption with blackbox traceability. Inf. Sci. 538 (2020). https://doi.org/10.1016/j.ins.2020.05.115
Yao, X., Chen, Z., Tian, Y.: A lightweight attribute-based encryption scheme for the internet of things. Future Gener. Comput. Syst. 49, 104–112 (2015)
Yu, Y., Guo, L., Liu, S., Zheng, J., Wang, H.: Privacy protection scheme based on cp-abe in crowdsourcing-iot for smart ocean. IEEE Internet Things J. 7(10), 10061–10071 (2020). https://doi.org/10.1109/JIOT.2020.2989476
Zhang, J., Zhang, Z., Ge, A.: Ciphertext policy attribute-based encryption from lattices. In: ASIACCS ’12, Association for Computing Machinery, pp. 16–17. New York, NY, USA (2012). https://doi.org/10.1145/2414456.2414464
Zhang, S., Li, W., Wen, Q., Zhang, H., Jin, Z.: A flexible KP-ABE suit for mobile user realizing decryption outsourcing and attribute revocation. Wireless Pers. Commun. 114(4), 2783–2800 (2020)
Zhang, Y., Deng, R.H., Xu, S., Sun, J., Li, Q., Zheng, D.: Attribute-based encryption for cloud computing access control: a survey. ACM Comput. Surv. 53(4) (2020). https://doi.org/10.1145/3398036
Zhang, Z., Zeng, P., Pan, B., Choo, K.K.R.: Large-universe attribute-based encryption with public traceability for cloud storage. IEEE Internet Things J. 7(10), 10314–10323 (2020). https://doi.org/10.1109/JIOT.2020.2986303
Acknowledgement
This work was partially supported by the Ministry of Science and Technology of Taiwan under grants MOST 109-2221-E-004-011-MY3, MOST 109-3111-8-004-001-,, MOST 110-2221-E-004-003-, MOST110-2218-E-004-001-MBK.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Tseng, YF. (2023). Cryptanaylsis to Sowjanya et al.’s ABEs from ECC. In: Tsihrintzis, G.A., Wang, SJ., Lin, IC. (eds) 2021 International Conference on Security and Information Technologies with AI, Internet Computing and Big-data Applications. Smart Innovation, Systems and Technologies, vol 314. Springer, Cham. https://doi.org/10.1007/978-3-031-05491-4_29
Download citation
DOI: https://doi.org/10.1007/978-3-031-05491-4_29
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-05490-7
Online ISBN: 978-3-031-05491-4
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)