On the Decentralization of Attribute-Based Encryption Schemes

Nowadays, cloud services are used for outsourcing the high processing and storage requirements demanded under Internet of Things (IoT) application scenarios. However, since cloud storage providers are not fully trustworthy, the major security concerns within this context are confidentiality and access control of outsourced sensitive data. In this sense, AttributeBased Encryption (ABE) is a type of cryptographically enabled access control that allows secure and fine-grained data-sharing with multiple users. With ABE, simultaneous provision of access control and confidentiality features is achieved by means of (1) access control policies used for data encryption, and (2) attribute sets that further describe the users' access capabilities. Despite the advantages provided by ABE, some issues still limit its efficient deployment in practical applications. One of these constraints is the centralized approach and dependency on a single trusted authority. In this work, we cope with the strong dependency of ABE schemes on a single trusted authority. Our decentralization approach aims to eliminate single points of failure by distributing between multiple entities the ABE trusted authority's tasks, namely users' secret key generation, and management. In this approach, we focus on a permissioned blockchain solution compliant with ABE typical deployments where system users are known and belong to specific organizational domains.