ATTRIBUTE-BASED AUTHENTICATION SCHEMES: A SURVEY
Keywords:Authentication, attribute-based authentication, attribute tree, anonymity.
AbstractAttribute-based authentication (ABA) is a way to authenticate users via attributes which are the properties of those to be authenticated, for example, resources, contextual information (time, location, etc.) or their combination. In ABA schemes, attributes instead of identity are requested to be presented or even evidence showing that users own the required attributes is enough, so it is more flexible and privacy-preserving compared with traditional identity-based authentication. In this paper, we first explain the general structure and security requirements of ABA schemes, and then give an example to demonstrate their cryptographic construction. Next, we analyze recent work and discuss future research topics on the construction of ABA schemes, including attribute tree building, cryptographic construction, security models, hierarchy, traceability and revocation.
V. C. Hu, D. Ferraiolo, R. Kuhn, A. Schnitzer, K. Sandlin, R. Miller, K. Scarfone, Guide to attribute based access control (ABAC) definition and considerations, available online on http://nvlpubs.nist.gov/nistpubs/specialpublications/NIST.sp.800-162.pdf, accessed June 2015.
H. Li, Y. Dai, L. Tian, and H. Yang, Identity-based authentication for cloud computing, Cloud Computing, Lecture Notes in Computer Science, (5931) (2009), pp. 157-166.
D. D. Khader, Attribute-based Authentication Scheme, PhD thesis, University of Bath, 2009.
C. Schlger, M. Sojer, B. Muschall, and G. Pernul, Attribute-based authentication and authorisation infrastructuresfor e-commerce providers, E-Commerce and Web Technologies, Lecture Notes in Computer Science, (4082) (2006), pp. 132-141.
J. Camenisch, M. Dubovitskaya, A. Lehmann, G. Neven, C. Paquin, and F.-S. Preiss, Concepts and languages for privacy-preserving attribute-based authentication, Policies and Research in Identity Management, IFIP Advances in Information and Communication Technology, (396) (2013), pp. 34-52.
M. Covington, M. Sastry, and D. Manohar, Attribute-based authentication model for dynamic mobile environments, Security in Pervasive Computing, Lecture Notes in Computer Science, (3934) (2006), pp. 227-242.
T. Priebe, W. Dobmeier, C. Schlger, and N. Kamprath, Supporting attribute-based access control in authorization and authentication infrastructures with ontologies, Journal of Software, (2) 1 (2007), pp. 27-38.
L. Guo, C. Zhang, J. Sun, and Y. Fang, Paas: Aprivacy-preserving attribute-based authentication system for ehealth networks, in Proceedings of the IEEE 32nd International Conference on Distributed Computing Systems (ICDCS), 2012, pp. 224-233.
V. Goyal, O. Pandey, A. Sahai, and B. Waters, Attribute-based encryption for fine-grained access control of encrypted data, in Proceedings of the 13th ACM Conference on Computer and Communications Security (CCS’06), 2006, pp. 89-98.
K. Emura, A. Miyaji, and K. Omote, A dynamic attribute-based group signature scheme and its applicationin an anonymous survey for the collection of attribute statistics, in Proceedings of International Conference on Availability, Reliability and Security (ARES’09), 2009, pp. 487-492.
H. Cohen, G. Frey, R. Avanzi, C. Doche, T. Lange, K. Nguyen, and F. Vercauteren, Handbook of Elliptic and Hyperelliptic Curve Cryptography, 2nd Edition, Chapman & Hall/CRC, 2012.
M. Armstrong, Lagranges theorem in Groups and Symmetry, Undergraduate Texts in Mathematics, Springer, New York. 1988, pp. 57-60.
J. Camenisch and M. Stadler, Efficient group signature schemes for large groups, Advances in Cryptology CRYPTO’97, Lecture Notes in Computer Science, (1294) (1997), pp. 410-424.
D. Chaum and E. van Heyst, Group signatures, Advances in Cryptology EUROCRYPT91, Lecture Notes in Computer Science, (547) (1991), pp. 257-265.
G. Ateniese, J. Camenisch, S. Hohenberger, and B. de Medeiros, Practical group signatures without random oracles, Cryptology ePrint Archive, Report 2005/385 (2005).
M. Bellare, D. Micciancio, and B. Warinschi, Foundations of group signatures: Formal definitions, simplified requirements, and a construction based on general assumptions, Advances in Cryptology EUROCRYPT’2003, Lecture Notes in Computer Science, (2656) (2013), pp. 614-629.
D. Boneh and H. Shacham, Group signatures with verifier-local revocation, in Proceedings of the 11th ACM Conference on Computer and Communications Security, CCS’04, 2004, pp. 168-177.
H. Maji, M. Prabhakaran, and M. Rosulek, Attribute-based signatures, Topics in Cryptology CT-RSA 2011, Lecture Notes in Computer Science, (6558) (2011), pp. 376-392.
N. Smart, Cryptography: An Introduction, Mcgraw-Hill College, USA, 2004.
Y. Lian, L. Xu, and X. Huang, Attribute-based signatures with efficient revocation, in Proceedings of 2013 5th International Conference on Intelligent Networking and Collaborative Systems (INCoS), 2013, pp. 573-577.
W. Wenqiang, C. Shaozhen, Attribute-based ring signature scheme with constant-size signature, Information Security, IET, (4) 2 (2010), pp. 104-110.
J. Li, M. H. Au, W. Susilo, D. Xie, and K. Ren, Attribute-based signature and its applications, in Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, (ASIACCS’10), 2010, pp. 60-69.
X. Liu, Y. Xia, S. Jiang, F. Xia, and Y. Wang, Hierarchical attribute-based access control with authentication for outsourced data in cloud computing, in Proceedings of the 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), 2013, pp. 477-484.
A.-J. Ge, C.-G. Ma, and Z.-F. Zhang, Attribute-based signature scheme with constant size signature in the standard model, Information Security, IET, (6) 2 (2012), pp. 47-54.
Z. Wan, J. Liu, and R.-H. Deng, Hasbe: A hierarchical attribute-based solution for flexible and scalable access control in cloud computing, IEEE Transactions on Information Forensics and Security, (7) 2 (2012), pp. 743-754.
M. Trolin and D. Wikstrm, Hierarchical group signatures, Automata, Languages and Programming, Lecture Notes in Computer Science, (3580) (2005), pp. 446-458.
D. Boneh, X. Boyen, and H. Shacham, Shortgroup signatures, Advances in Cryptology CRYPTO’2004, Lecture Notes in Computer Science, (3152) (2004), pp. 41-55.
R. Rivest, A. Shamir, and Y. Tauman, How to leaka secret: Theory and applications of ring signatures, Theoretical Computer Science, Lecture Notes in Computer Science, (3895) (2006), pp. 164-186.
A. Boldyreva, V. Goyal, and V. Kumar, Identity-based encryption with efficient revocation, in Proceedings of the 15th ACM Conference on Computer and Communications Security, (CCS’08), 2008, pp. 417-426.
S. Yu, C. Wang, K. Ren, and W. Lou, Attribute based data sharing with attribute revocation, in Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, (ASIACCS’10), 2010, pp. 261-270.
J. Hur and D. K. Noh, Attribute-based access control with efficient revocation in data outsourcing systems, IEEE Transactions on Parallel and Distributed Systems, (22) 7 (2011), pp. 1214-1221.
L. Guo, C. Zhang, J. Sun, andY. Fang, A privacy-preserving attribute-based authentication system for mobile health networks, IEEE Transactions on Mobile Computing, (13) (2014), pp. 1927-1941.
N. Takeru, M. Masami, and S. Yoshiaki, Attribute-based encryption with attribute revocation and grant function using proxy re-encryption and attribute key for updating, Future Information Technology, Lecture Notes in Computer Science, (276) (2014), pp. 119-125.
J. Ye, W. J. Zhang, S. L. Wu, Y. Y. Gao, and J. T. Qiu, Attribute-based fine-grained access control with user revocation, Information and Communication Technology, Lecture Notes in Computer Science, (8407) (2014), pp. 586-595.
A. Hiroaki, A. Seiko, and S. Kouichi, Attribute-based signatures without pairings via the fiat-shamir paradigm, in Proceedings of the 2nd ACM Workshop on ASIA Public-Key Cryptography (ASIAPKC’14), 2014, pp. 49-58.
M. Abdalla, J. H. An, M. Bellare, and C. Namprempre, From identification to signatures via the Fiat-Shamir transform: minimizing assumptions for security and forward-security, in EUROCRYPT2002, Lecture Notes in Computer Science, (2332) (2002), pp. 418-433.
H. H. Yang, and V. Oleshchuk, A dynamic attribute-based authentication scheme, Codes, Cryptology, and Information Security, Lecture Notes in Computer Science, (9084) (2015), pp. 106-118.
How to Cite
LicenseInternational Journal of Computing is an open access journal. Authors who publish with this journal agree to the following terms:
• Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
• Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
• Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work.