Date Published: May 9, 2023
Comments Due:
Email Questions to:
Author(s)
Vincent Hu (NIST)
Announcement
Access control based on attribute encryption addresses an issue with traditional public-key encryption (PKE) wherein keys need to dynamically change whenever access policies and/or attributes change, which could cause inefficient system performance.
Access control based on attribute encryption supports fine-grained access control for encrypted data and is a cryptographic scheme that goes beyond the all-or-nothing approach of public-key encryption. This document reviews the interplay between cryptography and the access control of attribute-based encryption, including the fundamental theories on which the scheme is based; the various main algorithms of IBE, CP-ABE, and KP-ABE; and considerations for deploying access control systems based on encryption.
NOTE: A call for patent claims is included on page ii of this draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy – Inclusion of Patents in ITL Publications.
Encryption technology can be incorporated into access control mechanisms based on user identities, user attributes, or resource attributes. Traditional public-key encryption requires different data to have different keys that can be distributed to users who satisfy perspective access control policies along with the encrypted version of the data. However, some distributed or pervasive system environments wish to avoid the public-key encryption’s all-or-nothing data access limitation when considering their performance requirements. Attribute-based encryption incorporates access control policies and attributes with encryption and decryption functions and a one-to-many authorization scheme that requires fewer keys than public-key encryption. It also utilizes collusion-resistance, which provides a more efficient and flexible attribute-based access control mechanism that supports high-performance systems (e.g., cloud, IoT, disrupt-tolerant networks, wireless sensor networks, mobile ad-hoc networks, and public search service systems).
Encryption technology can be incorporated into access control mechanisms based on user identities, user attributes, or resource attributes. Traditional public-key encryption requires different data to have different keys that can be distributed to users who satisfy perspective access control...
See full abstract
Encryption technology can be incorporated into access control mechanisms based on user identities, user attributes, or resource attributes. Traditional public-key encryption requires different data to have different keys that can be distributed to users who satisfy perspective access control policies along with the encrypted version of the data. However, some distributed or pervasive system environments wish to avoid the public-key encryption’s all-or-nothing data access limitation when considering their performance requirements. Attribute-based encryption incorporates access control policies and attributes with encryption and decryption functions and a one-to-many authorization scheme that requires fewer keys than public-key encryption. It also utilizes collusion-resistance, which provides a more efficient and flexible attribute-based access control mechanism that supports high-performance systems (e.g., cloud, IoT, disrupt-tolerant networks, wireless sensor networks, mobile ad-hoc networks, and public search service systems).
Hide full abstract
Keywords
access control; attribute-based access control; attribute-based encryption; authorization; encryptions; identity-based encryption; public-key encryption
Control Families
None selected
