Practical Attacks Against Attribute-based Encryption

Presented at Black Hat Europe 2021, Nov. 10, 2021, 1:30 p.m. (40 minutes)

Attribute-based encryption (ABE) implements fine-grained access control on data where the ability to decrypt a ciphertext is determined by the attributes owned by a user of the system. Hence, data can be stored by an entity that is not necessarily trusted to enforce access control. Moreover, multi-authority variants of ABE extend these capabilities to multiple-domain settings and remove the requirement of having a trusted third party. ABE is typically exemplified in the healthcare setting, where all "nurses" of the hospital "A" can only decrypt certain records whereas "doctors" of the same hospital have access to additional information about the patients. Further, ABE has been proposed to secure the Internet of Things and enforce authorization in cloud systems.

At the CT-RSA 2021 conference, Venema and Alpár presented attacks against 11 ABE and MA-ABE schemes, including the highly cited DAC-MACS scheme with applications to the cloud. In this work, we demonstrate the practicality of the attacks. We have implemented three different types of attacks: a decryption attack against DAC-MACS, where a single user is able to decrypt ciphertexts with policies she cannot satisfy. This user does not even need to collude with other users or corrupt an authority. Second, a decryption attack with corruption of one of the authorities against the YJ14-MA-ABE scheme. And third, a decryption attack against the YCT14 scheme where two users collude in order to obtain a decryption key based on the work of Tan et al. and Herranz (2019).

We implement the attacks in the CHARM cryptographic library and show that the implementations of DAC-MACS, YJ14-MA-ABE and YCT14 schemes provided by this particular library are vulnerable to decryption attacks. Finally, we provide a library implementing the cryptanalytic attacks of Venema and Alpár against the aforementioned ABE schemes and Juypter notebooks, where ABE and the practical attacks against the ABE schemes are illustrated. This library can be used to learn more about the attacks in practice.


Presenters:

  • Marloes Venema - MSc, Radboud University
    Marloes Venema has been a PhD Student in the Digital Security group at the Institute for Computing and Information Sciences of the Radboud University since September 2018. She focuses on the enforcement of access control on a cryptographic level. To this end, she has mainly investigated attribute-based encryption
  • Antonio de la Piedra - Senior Cryptography Engineer, Kudelski Security
    Antonio de la Piedra's background is related to Cryptographic Engineering and Embedded Security. He has participated in the NIST Post-Quantum Cryptography Standardization project within the NewHope team and indifferent international and national-scale projects related to Privacy Enhancing Technologies. He obtained his PhD at Vrije Universiteit Brussel (VUB) in Belgium. Between 2013 and 2016 he worked as postdoctoral researcher at the Digital Security department of the Radboud University Nijmegen in the Netherlands. Currently, he works as Senior Cryptography Engineer at Kudelski Security.

Links: