Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

HetDAPAC: Distributed Attribute-Based Private Access Control with Heterogeneous Attributes

Shreya Meel, Sennur Ulukus

TL;DR

HetDAPAC introduces a hybrid, distributed-private access control framework that uses $D$ dedicated authorities plus a central verifier to handle $N$ attributes. By off-loading non-sensitive attributes to a central server that relays information to the dedicated servers, the paper achieves a higher download rate of $R= rac{1}{K+1}$ (versus $R= rac{1}{2K}$ in prior work) while incurring controlled privacy leakage for non-sensitive attributes. The proposed scheme uses per-message sub-packetization, private permutations, and asymmetric downloads to servers, with exact recovery of the designated message $W_{m{v}^*}$ and privacy guarantees, and demonstrates a specialized $(N,3,K)$ construction achieving $R= rac{2}{3K}$ at a load $ rac{2}{3}$. The results offer a flexible balance between communication efficiency and attribute privacy, and they extend to time-sharing combinations with existing DAPAC schemes for intermediate operating points.

Abstract

Verifying user attributes to provide fine-grained access control to databases is fundamental to an attribute-based authentication system. In such systems, either a single (central) authority verifies all attributes, or multiple independent authorities verify individual attributes distributedly to allow a user to access records stored on the servers. While a \emph{central} setup is more communication cost efficient, it causes privacy breach of \emph{all} user attributes to a central authority. Recently, Jafarpisheh et al. studied an information theoretic formulation of the \emph{distributed} multi-authority setup with $N$ non-colluding authorities, $N$ attributes and $K$ possible values for each attribute, called an $(N,K)$ distributed attribute-based private access control (DAPAC) system, where each server learns only one attribute value that it verifies, and remains oblivious to the remaining $N-1$ attributes. We show that off-loading a subset of attributes to a central server for verification improves the achievable rate from $\frac{1}{2K}$ in Jafarpisheh et al. to $\frac{1}{K+1}$ in this paper, thus \emph{almost doubling the rate} for relatively large $K$, while sacrificing the privacy of a few possibly non-sensitive attributes.

HetDAPAC: Distributed Attribute-Based Private Access Control with Heterogeneous Attributes

TL;DR

HetDAPAC introduces a hybrid, distributed-private access control framework that uses dedicated authorities plus a central verifier to handle attributes. By off-loading non-sensitive attributes to a central server that relays information to the dedicated servers, the paper achieves a higher download rate of (versus in prior work) while incurring controlled privacy leakage for non-sensitive attributes. The proposed scheme uses per-message sub-packetization, private permutations, and asymmetric downloads to servers, with exact recovery of the designated message and privacy guarantees, and demonstrates a specialized construction achieving at a load . The results offer a flexible balance between communication efficiency and attribute privacy, and they extend to time-sharing combinations with existing DAPAC schemes for intermediate operating points.

Abstract

Verifying user attributes to provide fine-grained access control to databases is fundamental to an attribute-based authentication system. In such systems, either a single (central) authority verifies all attributes, or multiple independent authorities verify individual attributes distributedly to allow a user to access records stored on the servers. While a \emph{central} setup is more communication cost efficient, it causes privacy breach of \emph{all} user attributes to a central authority. Recently, Jafarpisheh et al. studied an information theoretic formulation of the \emph{distributed} multi-authority setup with non-colluding authorities, attributes and possible values for each attribute, called an distributed attribute-based private access control (DAPAC) system, where each server learns only one attribute value that it verifies, and remains oblivious to the remaining attributes. We show that off-loading a subset of attributes to a central server for verification improves the achievable rate from in Jafarpisheh et al. to in this paper, thus \emph{almost doubling the rate} for relatively large , while sacrificing the privacy of a few possibly non-sensitive attributes.
Paper Structure (12 sections, 2 theorems, 19 equations, 1 figure, 4 tables)

This paper contains 12 sections, 2 theorems, 19 equations, 1 figure, 4 tables.

Table of Contents

  1. Introduction
  2. System Model
  3. Verification Phase
  4. Message Retrieval Phase
  5. Main Results
  6. Achievable Scheme
  7. Motivating Example
  8. Proof of Theorem 1
  9. Query Construction
  10. Answer Generation
  11. Proof of Remark \ref{['rmk3']}
  12. New Scheme for $(N,3,K)$ HetDAPAC System

Key Result

Theorem 1

For an $(N,D,K)$ HetDAPAC system, the following rate $R$ is achievable, at a load ratio of $\frac{1}{KD}$ with a minimum required common randomness size $H(\mathcal{S})\geq KL$.

Figures (1)

  • Figure 1: Formation of an $(N,D,K)$ HetDAPAC system.

Theorems & Definitions (9)

  • Example 1
  • Theorem 1
  • Remark 1
  • Remark 2
  • Remark 3
  • Theorem 2
  • Example 2
  • Remark 4
  • Example 3