What is Attribute Based Encryption? has a nice explanation what both forms (Ciph

Question

What is Attribute Based Encryption? has a nice explanation what both forms (Ciphertext-policy Attribute-based Encryption and Key-policy Attribute-based Encryption) are.

My question is: what is the motivation/analogy behind Key-policy Attribute-based Encryption?

CPABE can be regarded as a variant of Attribute-based Access Control (ABAC) which is a well understood technique. What would be the KPABE equivalent, if there is one?

My take for an example key policy

(Student?CourseA)?Staff

would be that Student ? Course A and Staff can be seen as roles (RBAC) which will be activated through the attributes in the ciphertext. Is this an accurate analogy? Can you come up with a better one?

Explanation / Answer

CP-ABE fits naturally with RBAC, whereas KP-ABE not so much. Better analogies can be made if you think of attributes as "tags" of the encrypted object/document, instead of the users. For instance, imagine a confidential document about nuclear weapons which is encrypted under the attributes NUCLEAR and TOPSECRET. Then, only a user with a key for attributes NUCLEAR and TOPSECRET can decrypt the document, while users with TOPSECRET keys and NUCLEAR keys cannot.

Related Questions

Navigate

• Browse (All)
• Browse W
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.