New accepted conference contributions at 19th International Conference on Availability, Reliability and Security 2024. [22.08.24]
Christian Krupitzer from the Department of Food Informatics is Co-Author of the peer reviewed conference paper "Security Analysis of a Decentralized, Revocable and Verifiable Attribute‑Based Encryption Scheme" at 19th International Conference on Availability, Reliability and Security 2024 (CORE Rating: B (CORE2023); Peer reviewed).
The publication "Security Analysis of a Decentralized, Revocable and Verifiable Attribute‑Based Encryption Scheme" by Thomas Prantl (Julius-Maximilians-University Würzburg, Würzburg, Germany) with the co-authors, Marco Lauer (Julius-Maximilians-University Würzburg, Würzburg, Germany), Lukas Horn (Julius-Maximilians-University Würzburg, Würzburg, Germany), Simon Engel (Julius-Maximilians-University Würzburg, Würzburg, Germany), David Dingel (Julius-Maximilians-University Würzburg, Würzburg, Germany), André Bauer (University of Chicago, Chicago, USA), Christian Kruptizer (Department of Foodinformatics (150L), and Computational Science Hub (CSH), University of Hohenheim, Stuttgart, Germany), Samuel Kounev (Julius-Maximilians-University Würzburg, Würzburg, Germany) was accepted at 19th International Conference on Availability, Reliability and Security 2024 (CORE Rating: B (CORE2023); Peer reviewed).
In recent years, digital services have experienced significant growth, exemplified by platforms like Netflix achieving unprecedented revenue levels. Some of these services employ subscription models, with certain content requiring additional payments or offering third-party products. To ensure the widespread availability of diverse digital services anytime and anywhere, providers must have control over content accessibility. To address the multifaceted challenges in this domain, one promising solution is the adoption of attribute-based encryption (ABE). Over the years, various approaches have been proposed in the literature, offering a wide range of features. In a prior study, we assessed the security of one of these proposed approaches and identified one that did not meet its promised security standards. In this research we focuses on conducting a security analysis for another ABE scheme to pinpoint its shortcomings and emphasize the critical importance of evaluating the safety and effectiveness of newly proposed schemes. Specifically, we uncover an attack vector within this ABE scheme, which enables malicious users to decrypt content without the required permissions or attributes. Furthermore, we propose a solution to rectify this identified vulnerability.
The publication is available at: dl.acm.org/doi/10.1145/3664476.3664487
