Fucai Luo,Saif Al-Kuwari,Haiyan Wang,Fuqun Wang,Kefei Chen

DOI: https://doi.org/10.1016/j.csi.2022.103698

2023-03-01

Abstract:Attribute-based encryption (ABE) is an attractive extension of public key encryption, which provides fine-grained and role-based access to encrypted data. In its key-policy flavor, the secret key is associated with an access policy and the ciphertext is marked with a set of attributes. In many practical applications, and in order to address scenarios where users become malicious or their secret keys are compromised, it is necessary to design an efficient revocation mechanism for ABE. However, prior works on revocable key-policy ABE schemes are based on classical number-theoretic assumptions, which are vulnerable to quantum attacks. In this work, we propose the first revocable key-policy ABE scheme that offers an efficient revocation mechanism while maintaining fine-grained access control to encrypted data. Our scheme is based on the learning with errors (LWE) problem, which is widely believed to be quantum-resistant. Our scheme supports polynomial-depth policy function and has short secret keys, where the size of the keys depends only on the depth of the supported policy function. Furthermore, we prove that our scheme satisfies selective revocation list security in the standard model under the LWE assumption.

computer science, software engineering, hardware & architecture

Zechao Liu,Zoe L. Jiang,Xuan Wang,Yulin Wu,S.M. Yiu

DOI: https://doi.org/10.1109/BDCloud.2018.00146

2018-01-01

Abstract:Ciphertext policy attribute-based encryption (CP-ABE) is a promising cryptographic technology that provides fine-grained access control as well as data confidentiality. It enables one sender to encrypt the data for more receivers, and to specify a policy on who can decrypt the ciphertext using his/her attributes alone. However, most existing ABE schemes are constructed on bilinear maps and they cannot resist quantum attacks. In this paper, we propose a multi-authority CP-ABE (MA-CPABE) scheme on ideal lattices which is still secure in post-quantum era. On one hand, multiple attribute authorities are required when user's attributes cannot be managed by a central authority. On the other hand, compared with generic lattice, the ideal lattice has extra algebraic structure and can be used to construct more efficient cryptographic applications. By adding some virtual attributes for each authority, our scheme can support flexible threshold access policy. Security analysis shows that the proposed scheme is secure against chosen plaintext attack (CPA) in the standard model under the ring learning with errors (R-LWE) assumption.

Xiaohui Yang,Wenjie Li,Kai Fan

DOI: https://doi.org/10.1007/s12083-022-01387-4

2022-09-25

Abstract:With the development of digital healthcare, sharing electronic medical record data has become an indispensable part of improving medical conditions. Aiming at the centralized power caused by the single attribute authority in current CP-ABE schemes and the problem that cloud servers are curious and even malicious, we design a revocable CP-ABE EHR sharing scheme with multiple authorities (MA-RABE) in blockchain. In this solution, a group of authorities complete user attribute distribution, key generation and user management through secret sharing and transactions. Besides, we innovatively implemented a distributed one-way anonymous key agreement so that other participants cannot obtain useful information from the fully hidden policy embedded in the ciphertext. Taking into account the computational overhead of a large number of bilinear operations in the decryption process, the solution also supports the cloud server to pre-decrypt the ciphertext, and the data user only needs to perform exponentiation operation once to obtain the plaintext from the pre-decryption result. Theoretical analysis and performance evaluation show that the scheme has reliable security and lower user revocation and ciphertext update overhead.

computer science, information systems,telecommunications

Bo Qin,Hua Deng,Qianhong Wu,Josep Domingo-Ferrer,David Naccache,Yunya Zhou

DOI: https://doi.org/10.1007/s10207-014-0272-7

2015-01-01

International Journal of Information Security

Abstract:In e-healthcare record systems (EHRS), attribute-based encryption (ABE) appears as a natural way to achieve fine-grained access control on health records. Some proposals exploit key-policy ABE (KP-ABE) to protect privacy in such a way that all users are associated with specific access policies and only the ciphertexts matching the users' access policies can be decrypted. An issue with KP-ABE is that it requires an a priori formulation of access policies during key generation, which is not always practicable in EHRS because the policies to access health records are sometimes determined after key generation. In this paper, we revisit KP-ABE and propose a dynamic ABE paradigm, referred to as access policy redefinable ABE (APR-ABE). To address the above issue, APR-ABE allows users to redefine their access policies and delegate keys for the redefined ones; hence, a priori precise policies are no longer mandatory. We construct an APR-ABE scheme with short ciphertexts and prove its full security in the standard model under several static assumptions.

Bo Hong,Jie Chen,Kai Zhang,Haifeng Qian

DOI: https://doi.org/10.1109/access.2019.2950394

IF: 3.9

2019-01-01

IEEE Access

Abstract:The revelations of Snowden show that hardware and software of devices may corrupt users’ machine to compromise the security in various ways. To address this concern, Mironov and Stephen-Davidowitz introduce the Cryptographic Reverse Firewall (CRF) concept that is able to resist the ex-filtration of secret information for some compromised machine (Eurocrypt 2015). There are some applications of CRF deployed in many cryptosystems, but less studied and deployed in Attribute-Based Encryption (ABE) field, which attracts a wide range of attention and is employed in real-world scenarios (i.e., data sharing in cloud). In this work, we focus how to give a CRF security protection for a multi-authority ABE scheme and hence propose a multi-authority key-policy ABE scheme with CRF (acronym, MA-KP-ABE-CRF), which supports attribute distribution and non-monotonic access structure. To achieve this, beginning with revisiting a MA-KP-ABE with non-trivial combining non-monotonic formula, we then give the randomness of ciphertexts and secret keys with reverse firewall and give formal security analysis. Finally, we give a simulation on our MA-KP-ABE-CRF system based on Charm library whose the experimental results demonstrate practical efficiency.

Jin Li,Qiong Huang,Xiaofeng Chen,Sherman S. M. Chow,Duncan S. Wong,Dongqing Xie

DOI: https://doi.org/10.1145/1966913.1966964

2011-01-01

Abstract:Attribute-based encryption (ABE) is a promising tool for implementing fine-grained cryptographic access control. Very recently, motivated by reducing the trust assumption on the authority, and enhancing the privacy of users, a multiple-authority key-policy ABE system, together with a semi-generic anonymous key-issuing protocol, have been proposed by Chase and Chow in CCS 2009. Since ABE allows encryption for multiple users with attributes satisfying the same policy, it may not be always possible to associate a decryption key to a particular individual. A misbehaving user could abuse the anonymity by leaking the key to someone else, without worrying of being traced. In this paper, we propose a multi-authority ciphertext-policy (AND gates with wildcard) ABE scheme with accountability , which allows tracing the identity of a misbehaving user who leaked the decryption key to others, and thus reduces the trust assumptions not only on the authorities but also the users. The tracing process is efficient and its computational overhead is only proportional to the length of the identity.

Miao Wang,Zhenfu Cao,Xiaolei Dong,Runmeng Du,Jiasheng Chen

DOI: https://doi.org/10.1109/jiot.2024.3470322

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:In the distributed computing environment, it is important to efficiently achieve secure access to data. One of the widely applied encryption mechanisms is the multi-authority attribute-based encryption. However, most existing multi-authority setting schemes were relied on bilinear pairings, which causes the system to bear a relatively large burden in computation overhead. In this paper, we proposes a decentralized multi-authority key-policy attribute-based encryption scheme without bilinear pairings, its security is relied solely on the decisional Diffie-Hellman assumption. It removes the trusted central authority and prevents user collusion attacks. Except for the global coordination between the attribute authorities, any party can simply play the part of a standard attribute authority by generating public keys and issuing corresponding decryption key components for users. The proposed scheme provides heightened security and efficiency compared to the current pairing-free multi-authority ABE scheme, as well as superior computational efficiency when compared to those utilizing bilinear pairings.

Kang Yang,Guohua Wu,Chengcheng Dong,Xingbing Fu,Fagen Li,Ting Wu

2020-01-01

Abstract:Attribute-based encryption (ABE) can be used in many cloud storage and computing applications, and it is an attractive alternative to identity-based encryption. The feature of the ABE is that it provides a flexible mechanism to achieve fine-grained access control. The revocable ABE (RABE) is an extension of the ABE. The attribute revo-cation is essential because of the factors such as changes of user’s attributes, key exposures and key loss. In this paper, we propose a revocable ciphertext policy ABE (CP-RABE) scheme from lattices, which supports flexible access control and efficient revocation. In our scheme, a binary tree with an attribute revocation list is used to re-voke attributes, and key update is logarithmically related to the number of each user attribute. Finally, the security of the scheme is proved to be selective-attribute secure in the standard model and security can be reduced to hardness of learning with error assumption.

J. Li,X. Chen,H. Tian,C. Gao

DOI: https://doi.org/10.1504/ijahuc.2014.065156

2014-01-01

International Journal of Ad Hoc and Ubiquitous Computing

Abstract:Since the notion of attribute-based encryption (ABE) was proposed, it has been found a lot of important applications such as fine-grained access control. However, the issue of key exposure problem in ABE has been solved completely. This problem is formally addressed and formulated in this paper. More specifically, we propose a new key-insulated ABE (KI-ABE) scheme as a solution to the key exposure problem. The definition and security model of KI-ABE is proposed. Then, a KI-ABE scheme is presented, which is provably secure under the proposed model. The scheme is secure in the remaining time periods against an adversary who compromises the insecure device and obtains secret keys for the periods of its choice. Finally, we show that the scheme also supports user delegation, which is critical when one wants to delegate part of attributes (privileges) to others.

XiaoFang Huang,Qi Tao,BaoDong Qin,ZhiQin Liu

DOI: https://doi.org/10.1109/icccn.2015.7288431

2015-01-01

Abstract:Attribute Based Encryption (ABE) scheme can achieve information sharing of one-to-many users, without considering the number of users and the users identity. But, the traditional single Attribute Authority (AA) ABE scheme can hardly meet requirements of different agencies in distributed application environment and it is easy to form the system performance bottlenecks. Based on ciphertext-policy ABE scheme, this paper proposes a multi-authority revocable ABE scheme, where the classification manages user attributes, effectively relieving the management burden of single organization. In addition, it can achieve fine grained access control of shared information by adopting tree access strategy and secret sharing scheme, and support system attribute revocation. Finally, we show that the scheme is secure against chosen plaintext attack under the Decisional Bilinear Diffie-Hellman (DBDH) assumption.

Kai Zhang,Tao Chen,Siyuan Chen,Lifei Wei,Jianting Ning

DOI: https://doi.org/10.1007/s10586-024-04464-w

2024-01-01

Cluster Computing

Abstract:EHRs sharing systems provide a secure and efficient way for patients and doctors to share information in smart healthcare. Due to the concern about data confidentiality and authorized access, the exploitation of attribute-based encryption (ABE) is widely adopted for EHRs sharing in cloud storage. However, most ABE-based EHRs sharing system only considered unilateral access control or supported non-flexible bilateral access control. Hence, we propose a lightwight and flexible healthcare data sharing system, LiVeRe, which enables fine-grained bilateral access control and moreover supports efficient user revocation and ciphertext integrity verification for the access control property. Technically, we employ the dual-policy framework to specify the access policy and pre-decryption techniques to alleviate the computational burden, and efficient revocation of user access rights by the KUNode algorithm. We also provide formal security models and correspondingly prove its security. Moreover, we conduct experiments on the cloud to demonstrate the practicality of our LiVeRe scheme.

Shida Shamsazad

2024-01-25

Abstract:In this paper, we present a novel ciphertext-policy attribute based encryption (CP-ABE) scheme that offers a flexible access structure. Our proposed scheme incorporates an access tree as its access control policy, enabling fine-grained access control over encrypted data. The security of our scheme is provable under the hardness assumption of the decisional Ring-Learning with Errors (R-LWE) problem, ensuring robust protection against unauthorized access. CP-ABE is a cryptographic technique that allows data owners to encrypt their data with access policies defined in terms of attributes. Only users possessing the required attributes can decrypt and access the encrypted data. Our scheme extends the capabilities of CP-ABE by introducing a flexible access structure based on an access tree. This structure enables more complex and customizable access policies, accommodating a wider range of real-world scenarios. To ensure the security of our scheme, we rely on the decisional R-LWE problem, a well-established hardness assumption in cryptography. By proving the security of our scheme under this assumption, we provide a strong guarantee of protection against potential attacks. Furthermore, our proposed scheme operates in the standard model, which means it does not rely on any additional assumptions or idealized cryptographic primitives. This enhances the practicality and applicability of our scheme, making it suitable for real-world deployment. We evaluate the performance and efficiency of our scheme through extensive simulations and comparisons with existing CP-ABE schemes. The results demonstrate the effectiveness and scalability of our proposed approach, highlighting its potential for secure and flexible data access control in various domains.

Cryptography and Security

Qiang Li,Dengguo Feng,Liwu Zhang

DOI: https://doi.org/10.1109/GLOCOM.2012.6503225

2012-01-01

Abstract:As a new public key primitive, attribute-based encryption (ABE) is envisioned to be a promising tool for implementing fine-grained access control. When applying ABE schemes to practical applications, revocation mechanism is very necessary for any ABE schemes involving many users. Revocation for ABE schemes is a challenge issue since each attribute is conceivably shared by multiple users. Revocation of any single user would affect others who share his attributes. In this paper, we propose a KP-ABE scheme with fine-grained attribute revocation under the direct revocation model. In our scheme, we can revoke one attribute of a user instead of all attributes issued to him and the user can complete decryption as long as the unrevoked attributes of the user satisfy the access structure. The revocation does not affect any other user's private key. Moreover, our scheme supports an important property for achieving the user accountability to prevent illegal key sharing among colluding users. We show how to construct such a KP-ABE scheme with fine-grained attribute revocation and prove its security under the q-BDHE assumption in the standard model.

Zhen Liu,Zhenfu Cao,Qiong Huang,Duncan S. Wong,Tsz Hon Yuen

DOI: https://doi.org/10.1007/978-3-642-23822-2_16

2011-01-01

Abstract:Recently Lewko and Waters proposed the first fully secure multi-authority ciphertext-policy attribute-based encryption (CP-ABE) system in the random oracle model, and leave the construction of a fully secure multi-authority CP-ABE in the standard model as an open problem. Also, there is no CP-ABE system which can completely prevent individual authorities from decrypting ciphertexts. In this paper, we propose a new multi-authority CP-ABE system which addresses these two problems positively. In this new system, there are multiple Central Authorities (CAs) and Attribute Authorities (AAs), the CAs issue identity-related keys to users and are not involved in any attribute related operations, AAs issue attribute-related keys to users and each AA manages a different domain of attributes. The AAs operate independently from each other and do not need to know the existence of other AAs. Messages can be encrypted under any monotone access structure over the entire attribute universe. The system is adaptively secure in the standard model with adaptive authority corruption, and can support large attribute universe.

Peng Zeng,Zhiting Zhang,Rongxing Lu,Kim-Kwang Raymond Choo

DOI: https://doi.org/10.1109/jiot.2021.3051362

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:Modern day medical systems are closely integrated and interconnected with other systems, such as those comprising Internet-of-Medical Things (IoMT) devices that facilitate remote healthcare services, say during pandemics (e.g., COVID-19). Attribute-based encryption (ABE) is a promising cryptographic primitive to support fine-grained access control in the ciphertext environment; in other words, ABE can potentially be used to ensure data confidentiality and user privacy in the IoMT ecosystem. In this article, we propose an efficient partially-policy-hidden and large universe ABE scheme with public traceability to construct a practical IoMT system (hereafter referred to as PTIoMT). The system is designed to achieve the following features: 1) the access policy is partially hidden: only nonsensitive attribute labels/names are displayed, while sensitive attribute values are hidden in the encrypted electronic health records (EHRs); 2) the number of the attributes is independent of the public parameters and, thus, can be arbitrarily large; 3) any user who discloses the decryption key can be efficiently tracked; and 4) fewer bilinear pairing operations are required during the decryption process. The security analysis and performance evaluation demonstrate the security and efficiency of PTIoMT.

Wei Zhang,Yi Wu,Hu Xiong,Zhiguang Qin

DOI: https://doi.org/10.3837/tiis.2021.01.017

2021-01-01

KSII Transactions on Internet and Information Systems

Abstract:In the system of ciphertext policy attribute-based encryption (CP-ABE), only when the attributes of data user meets the access structure established by the encrypter, the data user can perform decryption operation. So CP-ABE has been widely used in personal health record system (PHR). However, the problem of key abuse consists in the CP-ABE system. The semi-trusted authority or the authorized user to access the system may disclose the key because of personal interests, resulting in illegal users accessing the system. Consequently, aiming at two kinds of existing key abuse problems: (1) semi-trusted authority redistributes keys to unauthorized users, (2) authorized users disclose keys to unauthorized users, we put forward a CP-ABE scheme that has authority accountability, user traceability and supports arbitrary monotonous access structures. Specifically, we employ an auditor to make a fair ruling on the malicious behavior of users. Besides, to solve the problem of user leaving from the system, we use an indirect revocation method based on trust tree to implement user revocation. Compared with other existing schemes, we found that our solution achieved user revocation at an acceptable time cost. In addition, our scheme is proved to be fully secure in the standard model.

Xing Zhang,Cancan Jin,Cong Li,Zilong Wen,Qingni Shen,Yuejian Fang,Zhonghai Wu

DOI: https://doi.org/10.1007/978-3-319-28865-9_27

2015-01-01

Abstract:To ensure the security of sensitive data, people need to encrypt them before uploading them to the public storage. Attribute-based encryption (ABE) is a promising cryptographic primitive for fine-grained sharing of encrypted data. However, ABE lacks user and authority accountability. The user can share his/her secret key without being identified, while key generation center (KGC) can generate any user’s secret key. In this paper, we propose a practical large universe ciphertext-policy ABE (CP-ABE) with user and authority accountability in the white-box model. As embedding the user’s identity information into this user’s secret key directly, the trace stage has only O(1) time overhead. The property of accountability is proved against the dishonest user and KGC in the standard model. We implement our scheme in Charm. Experiments show that CP-ABE of Rouselakis and Waters in CCS 2013 is enhanced in user and authority accountability by our method with small computational cost.

Liangxuan Zhang,Hui Li,Yinghui Zhang,Fawad Khan

DOI: https://doi.org/10.1109/infcomw.2017.8116436

2017-01-01

Abstract:Decentralized multi-authority attribute-based encryption (ABE) has been adopted to protect outsourced data. However, there are some security issues. Firstly, the user's attributes information is leaked to the authorities and secondly, the access structure being sent along with ciphertext violates its privacy. To address these issues, an efficient decentralized attribute-based encryption scheme with features of privacy preservation and expressive access structures is proposed. The proposed scheme cannot only prevent user's attributes information leakage, but it also provides a hidden, flexible and expressive structure realizable by Linear Secret Sharing Scheme (LSSS). Moreover, we prove the proposed scheme to be secure against Chosen-Ciphertexts Attacks (CCA) under the standard Decisional Bilinear Diffie-Hellman (DBDH) assumption. In addition, proposed scheme performs efficiently in comparison to existing schemes shown by theoretical and experimental analysis.

Ying He,Haiyan Wang,Yuan Li,Ke Huang,Victor C. M. Leung,F. Richard Yu,Zhong Ming

DOI: https://doi.org/10.1109/jiot.2021.3099171

IF: 10.6

2022-02-15

IEEE Internet of Things Journal

Abstract:In the last few decades, ciphertext-policy attribute-based encryption (CP-ABE) technology has attracted great interest, since it can provide fine-grained, flexible, and access control for sensitive data to implement a high secure and efficient data-sharing mechanism. In this article, based on the linear secret sharing scheme (LSSS), an efficient scheme is proposed to realize a collaborative decryption function. For any user group, when the user's attribute set cannot access the ciphertext alone, the private key of other users in the same group can be used for collaborative decryption with the permission of the data owner. Our scheme uses the LSSS matrix that can significantly reduce the computation and storage overhead when comparing with the existing schemes. Then, a multiauthorization model is created based on the Bohen–Lynn–Shacham technology in order to solve the key-management issue. Finally, we implemented the specific functions of the framework through JAVA, and built a private chain to verify the feasibility of data transfer between users.

computer science, information systems,telecommunications,engineering, electrical & electronic

Zhang Wei,Zhang Zhishuo,Xiong Hu,Qin Zhiguang

DOI: https://doi.org/10.1007/s12652-021-02922-6

2021-01-01

Abstract:In recent years, attribute-based encryption (ABE) provides a new idea to help researchers solving the problem of data privacy protection in cloud. But there are two issues in traditional ABE, the first issue is that the attributes in the access structures will be sent to users in cleartext together with the ciphertext. So a attacker has the opportunity to obtain some of the private information from the plaintext access structure. And the other issue is the traditional ABE scheme cannot revoke the users' illegal keys in an efficient way. To handle both of the above challenges, we come up with a large universe ciphertext-policy ABE (CP-ABE) scheme which supports partially hidden access structures (PHAS) and highly efficient key revocation at the same time in this paper. What's more, unlike most previous schemes, first our access structure is based on the expressive linear secret sharing scheme (LSSS) which supports both AND and OR gates in access formulas and second our scheme is built from the prime-order bilinear pairing groups. The comparison with other relevant works presents that our scheme is more comprehensive and efficient. Finally we rigorously prove and analyze that our scheme is selectively indistinguishable secure under chosen plaintext attacks (IND-CPA) in the random oracle model (ROM) and our access structure is really anonymous against off-line dictionary attacks.