DEEP TECH NEWS: How ‘attribute-based encryption’ preserves privacy at a fined-grained level

By Byron V. Acohido

The ubiquity of smart surveillance systems has contributed greatly to public safety.

Related: Monetizing data lakes

Image capture devices embedded far and wide in public spaces help deter crime as well as aid first responders — but they also stir rising concerns about an individual’s right to privacy.

Enter attribute-based encryption (ABE) an advanced type of cryptography that’s now ready for prime time. I’ve had several discussions with scientists who’ve led the development of ABE over the past two decades.

Most recently, I had the chance to visit with Takashi Goto, Vice President, Strategy, and Fang Wu, Consultant, at NTT Research. We discussed how ABE is ready to help resolve some rather sticky privacy issues stemming from widespread digital surveillance – and also do much more.

For a full drill down on this leading-edge form of agile cryptography, please view the accompanying videocast. Here are my takeaways.

Customized decryption

ABE builds upon digital certificates and the Public Key Infrastructure (PKI) that underpins secure communications across the Internet. Traditionally, PKI issues a single key to decrypt a given digital asset, which is fine, if the correct person possesses the decryption key.

However, cybercriminals have perfected numerous ways to steal or subvert decryption keys. ABE makes it much more difficult to fraudulently decrypt an asset in its entirety; it does this by pulling user and data attributes into the encryption picture — in a way that allows decryption to be flexible.

For instance, ABE can correlate specific company attributes to certain user attributes. It can differentiate departments, such as HR, accounting or the executive suite, as well as keep track of user roles, such as manager, clerk or subcontractor. It can then apply policies so that only users with the proper attributes can decrypt certain assets and only in very specific ways.

Alternatively, the digital asset itself — such as an image or even a video stream — can be assigned detailed attributes, with each attribute assigned a separate decryption key. A user can decrypt specific parts of an image or video stream, but only if he or she has the correct key enabling that particular access.

“ABE enables fine-grained access control and policy setting at the data layer, so you can actually blur faces or any text shown in the image,” Goto says. “You can still get useful information from the image, but if you don’t have the correct key, you won’t be able to decrypt certain attributes, such as a face or a license plate number.”

Versatile benefits

It’s taken a while to get here. ABE has undergone significant theoretical advancements since 2005. But it has only been in the past couple of years that proof-of-concept projects have gotten underway. Today, Goto says, ABE is fully ready to validate in real world deployments.

NTT is partnering with the University of Technology Sydney to introduce an ABE service that fits with existing IT infrastructure, including cloud computing, healthcare, IoT and secure data sharing. This comes after the partners have spent the past couple of years fine tuning an architectural design that’s compatible with existing IT systems, he says.

Wu observes that ABE’s fine-grained access control capability could enhance any of the major areas of digital services that exists today, while also being future-proofed. We should soon begin to see examples of ABE being implemented in virtual computing and cloud storage scenarios — to help ensure that decryption happens only when the correct combination of attributes presents itself.

And when it comes to cloud collaboration, ABE holds promise to help improve both security and operational efficiencies — in everything from rapid software development to global supply chains to remote work scenarios.

“Attribute-based encryption can be utilized to do a number of things,” Wu noted. “It’s an advanced way to partition sensitive data into different groups and then allow the user to access only what he or she needs to access; this can play a vital role in helping to avoid large-scale data breaches.”

With ABE, encryption happens once, while decryption attributes can be amended, as needed. This adds complexity and computational overhead. But those are solvable challenges. There’s a clear path forward for ABE to improve security and help preserve privacy. I’ll keep watch and keep reporting.


Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)


Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone