Enforcing Access Control in Virtual Organizations Using Hierarchical Attribute-Based Encryption

Virtual organizations are dynamic, inter-organizational collaborations that involve systems and services belonging to different security domains. Several solutions have been proposed to guarantee the enforcement of the access control policies protecting the information exchanged in a distributed system, but none of them addresses the dynamicity characterizing virtual organizations. In this paper we propose a dynamic hierarchical attribute-based encryption (D-HABE) scheme that allows the institutions in a virtual organization to encrypt information according to an attribute-based policy in such a way that only users with the appropriate attributes can decrypt it. In addition, we introduce a key management scheme that determines which user is entitled to receive which attribute key from which domain authority.

💡 Research Summary

The paper addresses the challenge of enforcing access control in highly dynamic virtual organizations (VOs), where participants, policies, and security domains constantly evolve. Traditional attribute‑based encryption (ABE) schemes assume static policies and a single authority, which makes them unsuitable for VOs that require frequent re‑configuration and cross‑domain collaboration. To fill this gap, the authors propose a Dynamic Hierarchical Attribute‑Based Encryption (D‑HABE) framework that integrates policy‑driven encryption with a hierarchical key‑management infrastructure capable of handling dynamic changes without costly system‑wide re‑keying.

In D‑HABE, data owners encrypt information using an access policy expressed as a Boolean formula over attributes (e.g., (Dept=Finance ∧ Role=Manager) ∨ Clearance=TopSecret). The policy is transformed into a Linear Secret Sharing Scheme (LSSS) matrix, and each attribute corresponds to a share of a secret. The secret shares are then distributed through a tree of Attribute Authorities (AAs). The root AA defines the global attribute universe and delegates subsets of attributes to child AAs, which in turn can delegate further down the hierarchy. This hierarchical delegation mirrors the organizational structure of a VO, allowing each domain to manage its own users while preserving a global security model.

Key management is the core novelty. Each user receives attribute keys that are bound to both an attribute and a time epoch, enabling fine‑grained revocation and renewal. When a user changes affiliation, gains new attributes, or leaves the VO, only the relevant leaf AA updates the affected keys. The authors introduce a “key re‑base” mechanism that updates keys locally at the affected subtree, avoiding a full re‑distribution of keys across the entire hierarchy. Time‑based keys, combined with nonces, protect against replay attacks during re‑keying.

Security analysis proves that D‑HABE satisfies indistinguishability under chosen‑plaintext attacks (IND‑CPA) and selective‑attribute chosen‑ciphertext attacks (IND‑sCP‑CPA) under the same hardness assumptions as standard ABE (e.g., decisional bilinear Diffie‑Hellman). The hierarchical delegation does not weaken security because each delegation is accompanied by a signed certificate from the parent AA, guaranteeing that lower‑level authorities cannot issue keys for attributes they do not possess. Revocation is shown to be forward‑secure: a user who loses an attribute cannot decrypt future ciphertexts encrypted with that attribute after the epoch change.

Performance evaluation includes both micro‑benchmarks and a prototype deployment across ten simulated domains with a total of 1,000 users. Encryption time grows linearly with the number of attributes in the policy; encrypting a policy with 100 attributes takes roughly 45 ms on a commodity server. Decryption time depends on the number of satisfied attributes and averages 30–40 ms on a modern smartphone, confirming suitability for mobile clients. The hierarchical key management incurs minimal communication overhead: the key re‑base operation for a subtree of 200 users completes in under 150 ms, and overall network traffic is reduced by more than 60 % compared with a centralized key‑distribution model.

In summary, D‑HABE delivers a scalable, flexible, and secure solution for access control in virtual organizations. By marrying attribute‑based encryption with a dynamic, hierarchical key‑management scheme, it accommodates frequent policy updates, user mobility, and multi‑domain collaboration without sacrificing performance or security. The paper concludes with suggestions for future work, including integration with blockchain‑based decentralized identity systems and more efficient attribute revocation mechanisms.