Author
Ning Shang, Federica Paci, Mohamed Nabeel, Elisa Bertino
Abstract
We propose a novel scheme for selective distribution of content, encoded
as documents, that preserves the privacy of the users to whom the documents
are delivered and is based on an efficient and novel group key management
scheme.
Our document broadcasting approach is based on access control policies
specifying which users can access which documents, or subdocuments. Based on
such policies, a broadcast document is segmented into multiple subdocuments,
each encrypted with a different key. In line with modern attribute-based
access control, policies are specified against identity attributes of users.
However our broadcasting approach is privacy-preserving in that users are
granted access to a specific document, or subdocument, according to the
policies without the need of providing in clear information about their
identity attributes to the document publisher. Under our approach, not only does
the document publisher not learn the values of the identity attributes
of users, but it also does not learn which policy conditions are verified by
which users, thus inferences about the values of identity attributes are
prevented. Moreover, our key management scheme on which the proposed
broadcasting
approach is based is efficient in that it does not require to send the
decryption keys to the users along with the encrypted document. Users are
able to reconstruct the keys to decrypt the authorized portions of a document
based on subscription information they have received from the document
publisher. The scheme also efficiently handles new subscription of users and
revocation of subscriptions.
Key alpha
Privacy, Identity, Document Broadcast, Policy, Key Management, Access Control