One of our current goals is to develop secure, efficient and flexible access control systems for On-The-Fly Computing Data Centers and On-The-Fly service providers. A promising approach is to use attribute-based encryption schemes. These novel schemes use techniques from pairing-based cryptography and are related to identity-based cryptography too.
In the ciphertext-policy attribute-based encryption schemes, the owner of data defines an access policy for each data and encrypts it once using this policy. The policies for different data are Boolean formulas over predefined attributes. In order to provide access to the encrypted data, the owner of data gets each customer with a special decryption key. Every key is related to a set of attributes. A customer will be able to decrypt a ciphertext if and only if the attributes of his/her key satisfy the policy of the ciphertext.
The attribute-based approach simplifies the realization of data access control systems, which then can be even stored on an untrusted server. The data access control is completely realized by the encryption and all the data must be encrypted only once for all the customers.
In this area, our research focus is on the development of efficient and flexible attribute-based encryption schemes. The policies of the existing schemes are restricted to several classes of functions and are quite inefficient. On the one hand, we are interested in the development of schemes which can be applied to general function classes. On the other hand, we are looking for more efficient methods when realizing restricted function classes. Other modifications of the schemes will be also necessary when considering further questions arising from privacy protection and further legal requirements.