On the security of the hierarchical attribute based encryption scheme proposed by Wang et al
This work exposes critical vulnerabilities in a foundational cryptographic scheme for cloud security, impacting data privacy and access control systems.
The paper identifies security weaknesses in Wang et al.'s CP-HABE scheme, demonstrating through two attacks that it fails to provide confidentiality and fine-grained access control, allowing anyone with a single attribute to recover encrypted data.
Ciphertext-policy hierarchical attribute-based encryption (CP-HABE) is a promising cryptographic primitive for enforcing the fine-grained access control with scalable key delegation and user revocation mechanisms on the outsourced encrypted data in a cloud. Wang et al. (2011) proposed the first CP-HABE scheme and showed that the scheme is semantically secure in the random oracle model [4, 5]. Due to some weakness in its key delegation mechanism, by presenting two attacks, we demonstrate the scheme does not offer any confidentiality and fine-grained access control. In this way, anyone who has just one attribute can recover any outsourced encrypted data in the cloud.