Data encryption is what happens when you take the text or data you use and convert it to a code (also called “ciphertext”) that can’t be understood by those who do not have the correct key. For the data to be useable, it must be changed back or decrypted.
For the data to be decrypted, it needs a key, which authorized users will have.
Cloud computing has raised the interest in access control on even 'encrypted data' over the past decade. Storing data in encrypted form protects their confidentiality but creates a key management challenge. Attribute-Based Encryption (ABE) addresses this challenge by constructing encryption schemes that enforce attribute-based decryption policies.
Attribute-Based Access Control is an access control method where subject requests to perform operations on objects are granted or denied based on:
-
assigned attributes of the subject
-
assigned attributes of the object
-
environmental conditions
-
a set of policies that are specified in terms of those attributes and conditions
Policies are logical predicates over attributes, represented as access structures. The Key Generator is a Trusted
Third Party that generates private keys and has to check a user’s policy / attributes before issuing a private key. The Key Generator is thus in a position to recreate private keys.
Key-Policy Attribute-Based Encryption (KP-ABE) works with policies that define a user’s access rights. From the corresponding access structure, the Key Generator creates a private decryption key. Documents are encrypted under a set of attributes.
In Ciphertext-Policy Attribute-Based Encryption (CP-ABE), the policy refers to the document and the access structure is used for encryption. The user’s private key created by the Key Generator depends on the user’s attribute set. In both variants, decryption is possible if and only if the given attribute set satisfies the given access structure.
A study of the feasibility of ABE in realistic dynamic settings had concluded that the overheads incurred by those schemes were still prohibitive. Efficient encryption and decryption do not necessarily imply an efficient access control system.
This Article Was Written & published by Meena R, Senior Manager - IT, at Luminis Consulting Services Pvt. Ltd, India.
Over the past 16 years, Meena has built a following of IT professionals, particularly in Cybersecurity, Cisco Technologies, and Networking...
She is so obsessed with Cybersecurity domain that she is going out of her way and sharing hugely valuable posts and writings about Cybersecurity on website, and social media platforms.
34,000+ professionals are following her on Facebook and mesmerized by the quality of content of her posts on Facebook.
If you haven't yet been touched by her enthusiastic work of sharing quality info about Cybersecurity, then you can follow her on Facebook:
Click Here to follow her: Cybersecurity PRISM