CYPHERTEXT POLICY ATTRIBUTE BASED ENCRYPTION
This component provides a CP-ABE (Ciphertext Policy Attribute Based Encryption) based service to protect information using more sophisticated encryption techniques that avoid having to share keys among users and that can encrypt the information according to a specific access policy the encrypting user has to specify.
Access policies specify which characteristics the user’s profiles must have in order to be able to decrypt the file. User’s decryption keys are generated based on user’s profiles stored in an LDAP service.
The decryption process will succeed only if the user’s characteristics (i.e., user’s profile attributes) used to generate the decryption key meet the access policy embedded in the protected information.
The CP-ABE component provides the following features.
Registration and Login features
This features permit to register new users and the access to encryption/decryption functionalities.
Generates the personal decryption key for the logged in user. The generated key is based on the user’s attributes as stored in the LDAP server.
Policy Generation and Encryption
The system provides an easy to use, graphical UI to create access policies. An access policy has to be specified when encrypting a file.
The user can upload an encrypted file, provide his/her Personal Decryption Key, and, if the key satisfies the access policy, get back the decrypted file.