Ciphertext-Policy Attribute-Based Encryption

← Back to document page

Ciphertext-Policy Attribute-Based EncryptionJohn BethencourtCarnegie Mellon Sahai Waters SRI several distributed systems a user should only beable to access data if a user posses a certain set of cre-dentials or attributes. Currently, the only method forenforcing such policies is to employ a trusted server tostore the data and mediate access control. However, ifany server storing the data is compromised, then theconfidentiality of the data will be compromised. In thispaper we present a system for realizing complex accesscontrol on encrypted data that we call ciphertext -PolicyAttribute- based Encryption . By using our techniquesencrypted data can be kept confidential even if the stor-age server is untrusted; moreover, our methods aresecure against collusion attacks. Previous Attribute-Based Encryption systems used attributes to describethe encrypted data and built policies into user s keys;while in our system attributes are used to describe auser s credentials, and a party encrypting data deter-mines a policy for who can decrypt.

secure against collusion attacks. Previous Attribute-Based Encryption systems used attributes to describe the encrypted data and built policies into user’s keys; while in our system attributes are used to describe a user’s credentials, and a party encrypting data deter-mines a policy for who can decrypt. Thus, our meth-

  Policy, Based, Encryption, Secure, Attribute, Ciphertext policy attribute based encryption, Ciphertext