Applying attribute-based encryption on mobile devices

The 21st century has witnessed the rapid development of small and convenient mobile devices such as smartphones, tablets, game players, sensor nodes, etc. The rise of such mobile devices indicates the increase of colossal data transmission through the Internet and online services along with the challenges of data security. It is common to think of a solution to protect sensitive data from unauthorized users, and the most popular solution is to use encryption. While many research activities in functional encryption have widely been applied to network devices, computers, and applications, mobile devices still attract much attention to security issues due to the limitations of system resources, connectivity, data transmission and power consumption that malicious users can exploit to launch attacks. Especially, mobile devices have become a principal tool to share data on the Internet through online services, such as Facebook, Youtube, DropBox, Amazon, Online Games, etc. This paper presents a study of the Attribute-Based Encryption (ABE) scheme that exploits user attributes to build the secret key and the ciphertext. ABE encryption is specified by a set of attributes or a policy defining attributes that users possess. The paper also describes a few implementations of ABE applied in the cryptography community and the challenges of integrating ABE into real-world applications. Finally, the paper proposes an implementation of ABE for Android mobile devices. This implementation associated with the Kerberos protocol can be applied to secured data sharing applications. The Kerberos protocol aims at providing mutual authentication for the client server model. Experiments have evaluated the proposed ABE implementation on Android mobile devices along with the Kerberos system. The evaluation also includes ABE performance with discussions and lessons learned.