Self-contained Data Protection Scheme Based on CP-ABE

Bo Lang,Runhua Xu,Yawei Duan
DOI: https://doi.org/10.1007/978-3-662-44788-8_18
2014-01-01
Abstract:Self-protection capabilities of outsourced data become noteworthily important in cloud computing. Ciphertext-Policy Attribute Based Encryption (CP-ABE) can dynamically control the user group of the encrypted data by defining decryption attributes; hence has certain ability of access control. Although there are different schemes of CP-ABE, as far as we know, most of these schemes can only express simple policies with AND, OR and threshold attribute operations, which cannot support traditional access control policies. In order to effectively integrate access control with encryption to build a self-contained data protection mechanism, this paper proposed an Extended CP-ABE (ECP-ABE) scheme based on the existing CP-ABE scheme. The ECP-ABE scheme can express any Attribute Based Access Control (ABAC) policies represented by arithmetic comparison and logical expressions that involve \(NOT,<,\le ,>,\ge , [\ ], (\ ), (\ ]\) and \([\ )\) operators in addition to AND, OR and threshold operators. We prove the Chosen-plaintext Attack (CPA) security of our scheme under the Decisional Bilinear Diffie-Hellman (DBDH) assumption in the standard model, and also discuss the experimental results of the efficiency of ECP-ABE.
What problem does this paper attempt to address?