HetDAPAC: Distributed Attribute-Based Private Access Control with Heterogeneous Attributes

Abstract

Verifying user attributes to provide fine-grained access control to databases is fundamental to an attribute-based authentication system. In such systems, either a single (central) authority verifies all attributes, or multiple independent authorities verify individual attributes distributedly to allow a user to access records stored on the servers. While a central setup is more communication cost efficient, it causes privacy breach of all user attributes to a central authority. Recently, Jafarpisheh et al. studied an information theoretic formulation of the distributed multi-authority setup with N non-colluding authorities, N attributes and K possible values for each attribute, called an (N,K) distributed attribute-based private access control (DAPAC) system, where each server learns only one attribute value that it verifies, and remains oblivious to the remaining N-1 attributes. We show that off-loading a subset of attributes to a central server for verification improves the achievable rate from 12K in Jafarpisheh et al. to 1K+1 in this paper, thus almost doubling the rate for relatively large K, while sacrificing the privacy of a few possibly non-sensitive attributes.