Data Querying with Ciphertext Policy Attribute Based Encryption

TL;DR

This paper explores using Ciphertext Policy Attribute-Based Encryption (CP-ABE) to enable secure, flexible, and efficient querying over encrypted data, balancing confidentiality with data accessibility.

Contribution

It demonstrates how CP-ABE can be used to achieve confidentiality, flexible access control, and query capabilities simultaneously in encrypted data systems.

Findings

CP-ABE enables secure querying over encrypted data.

The paper analyzes data leakage levels in CP-ABE.

It discusses operational limits based on data leakage.

Abstract

Data encryption limits the power and efficiency of queries. Direct processing of encrypted data should ideally be possible to avoid the need for data decryption, processing, and re-encryption. It is vital to keep the data searchable and sortable. That is, some information is intentionally leaked. This intentional leakage technology is known as "querying over encrypted data schemes", which offer confidentiality as well as querying over encrypted data, but it is not meant to provide flexible access control. This paper suggests the use of Ciphertext Policy Attributes Based Encryption (CP-ABE) to address three security requirements, namely: confidentiality, queries over encrypted data, and flexible access control. By combining flexible access control and data confidentiality, CP-ABE can authenticate who can access data and possess the secret key. Thus, this paper identifies how much data leakage there is in order to figure out what kinds of operations are allowed when data is encrypted by CP-ABE.