Collusion Attacks on Decentralized Attributed-Based Encryption: Analyses and a Solution

TL;DR

This paper analyzes collusion attacks on decentralized attribute-based encryption systems, identifies vulnerabilities in existing schemes, introduces a new collusion type, and proposes a model to enhance security.

Contribution

It reviews existing collusion attacks, introduces a novel collusion scenario, and proposes a security model to protect a DABE scheme from such attacks.

Findings

Six existing DABE systems are vulnerable to the new collusion type.

A new collusion among authorities and data users is identified.

A security model is proposed to defend against this collusion.

Abstract

Attribute-based Encryption (ABE) is an information centric security solution that moves beyond traditional restrictions of point-to-point encryption by allowing for flexible, fine-grain policy-based and content-based access control that is cryptographically enforced. As the original ABE systems are managed by a single authority, several efforts have decentralized different ABE schemes to address the key escrow problem, where the authority can issue secret keys to itself to decrypt all the ciphertext. However, decentralized ABE (DABE) schemes raise the issue of collusion attacks. In this paper, we review two existing types of collusion attacks on DABE systems, and introduce a new type of collusion among authorities and data users. We show that six existing DABE systems are vulnerable to the newly introduced collusion and propose a model to secure one of the DABE schemes.