Shida Shamsazad

2024-01-25

Abstract:In this paper, we present a novel ciphertext-policy attribute based encryption (CP-ABE) scheme that offers a flexible access structure. Our proposed scheme incorporates an access tree as its access control policy, enabling fine-grained access control over encrypted data. The security of our scheme is provable under the hardness assumption of the decisional Ring-Learning with Errors (R-LWE) problem, ensuring robust protection against unauthorized access. CP-ABE is a cryptographic technique that allows data owners to encrypt their data with access policies defined in terms of attributes. Only users possessing the required attributes can decrypt and access the encrypted data. Our scheme extends the capabilities of CP-ABE by introducing a flexible access structure based on an access tree. This structure enables more complex and customizable access policies, accommodating a wider range of real-world scenarios. To ensure the security of our scheme, we rely on the decisional R-LWE problem, a well-established hardness assumption in cryptography. By proving the security of our scheme under this assumption, we provide a strong guarantee of protection against potential attacks. Furthermore, our proposed scheme operates in the standard model, which means it does not rely on any additional assumptions or idealized cryptographic primitives. This enhances the practicality and applicability of our scheme, making it suitable for real-world deployment. We evaluate the performance and efficiency of our scheme through extensive simulations and comparisons with existing CP-ABE schemes. The results demonstrate the effectiveness and scalability of our proposed approach, highlighting its potential for secure and flexible data access control in various domains.

Cryptography and Security

Fugeng Zeng ,Chunxiang Xu ,Xinpeng Zhang

DOI: https://doi.org/10.4156/aiss.vol4.issue12.23

2012-01-01

Abstract:In the ciphertext-policy ABE (CP-ABE) schemes, attributes are associated with secret keys and access structures are associated with ciphertexts. The access structures are described with the attributes and therefore the concept of CP-ABE is closely related to Role-Based Access Control. Because it requires both of the encryptor and the key generalization center meeting the construction, it will be more difficult to design. Ibraimi et al.[7] allegedly proposed an efficient and provable secure CP-ABE schemes. They require that the simulator can not send back the private keys of attributes which overlap with challenging access attributes. We point out their fault of security proof and their requirement is a small probability event and it is unreasonable to reduce to standard DBDH assumption. However, we give a proof in the generic bilinear group model, which is weaker than DBDH assumption.

Yinghui Zhang,Robert H. Deng,Shengmin Xu,Jianfei Sun,Qi Li,Dong Zheng

DOI: https://doi.org/10.1145/3398036

IF: 16.6

2021-07-31

ACM Computing Surveys

Abstract:Attribute-based encryption (ABE) for cloud computing access control is reviewed in this article. A taxonomy and comprehensive assessment criteria of ABE are first proposed. In the taxonomy, ABE schemes are assorted into key-policy ABE (KP-ABE) schemes, ciphertext-policy ABE (CP-ABE) schemes, anti-quantum ABE schemes, and generic constructions. In accordance with cryptographically functional features, CP-ABE is further divided into nine subcategories with regard to basic functionality, revocation, accountability, policy hiding, policy updating, multi-authority, hierarchy, offline computation, and outsourced computation. In addition, a systematical methodology for discussing and comparing existing ABE schemes is proposed. For KP-ABE and each type of CP-ABE, the corresponding access control scenario is presented and explained by concrete examples. Specifically, the syntax of ABE is given followed by the adversarial model and security goals. ABE schemes are discussed according to the design strategies and special features and are compared in the light of the proposed assessment criteria with respect to security and performance. Compared to related state-of-the-art survey papers, this article not only provides a broader 12 categories of ABE schemes, but also makes a more comprehensive and holistic comparison. Finally, a number of open research challenges in ABE are pointed out.

computer science, theory & methods

Yang Zhao,Xin Xie,Xing Zhang,Yi Ding

DOI: https://doi.org/10.3934/mbe.2019211

2019-01-01

Mathematical Biosciences and Engineering

Abstract:The ciphertext policy attribute-based encryption (CP-ABE) is widely used in cloud storage. It not only provides a secure data sharing scheme but also has the characteristics of fine-grained access control. However, most CP-ABE schemes have problems such as the ciphertext length increases with the complexity of the access policy, the encryption scheme is complex, the computational efficiency is low, and the fine-grained revocation cannot be performed. In view of the above problems, this paper proposes an efficient CP-ABE scheme with fine-grained revocable storage and constant ciphertext length. The scheme combines proxy re-encryption with CP-ABE technology, adopts the flexible access strategy AND-gates on multi-valued attributes with wildcards (AND(m)*), and realizes revocable storage and fixed-length ciphertext. At the same time, in order to reduce the amount of user decryption calculation, the complex operation in the decryption process is outsourced to the third-party server and the decryption result is verified to ensure the correctness of the information. Finally, the security of the scheme is proved under the decisional bilinear Diffie-Hellman (DBDH) assumption. In addition, the performance analysis shows that the scheme is efficient and feasible in cloud storage.

Meiyan Xiao,Hongbo Li,Qiong Huang,Shui Yu,Willy Susilo

DOI: https://doi.org/10.1109/tifs.2022.3173412

IF: 7.231

2022-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Attribute-based encryption scheme is a promising mechanism to realize one-to-many fine-grained access control which strengthens the security in cloud computing. However, massive amounts of data and various data sharing requirements bring great challenges to the complex but isolated and fixed access structures in most of the existing attribute-based encryption schemes. In this paper, we propose an attribute-based hierarchical encryption scheme with extendable policy, called Extendable Hierarchical Ciphertext-Policy Attribute-Based Encryption (EH-CP-ABE), to improve the data sharing efficiency and security simultaneously. The scheme realizes the function of hierarchical encryption, in which, data with hierarchical access control relationships could be encrypted together flexibly to improve the efficiency. The scheme also achieves external and internal extension of the access structure to further encrypt newly added hierarchical data without updating the original ciphertexts or with only a minor update depending on the data sharing requirements, which simplifies the encryption process and greatly reduces the computation overhead. We formally prove the security of the scheme is IND-CCA secure in the random oracle model based on bilinear Diffie-Hellman assumption, and we also implement our scheme to demonstrate its efficiency and practicality.

Shucheng Yu,Cong Wang,Kui Ren,Wenjing Lou

DOI: https://doi.org/10.1145/1755688.1755720

2010-01-01

Abstract:Ciphertext-Policy Attribute Based Encryption (CP-ABE) is a promising cryptographic primitive for fine-grained access control of shared data. In CP-ABE, each user is associated with a set of attributes and data are encrypted with access structures on attributes. A user is able to decrypt a ciphertext if and only if his attributes satisfy the ciphertext access structure. Beside this basic property, practical applications usually have other requirements. In this paper we focus on an important issue of attribute revocation which is cumbersome for CP-ABE schemes. In particular, we resolve this challenging issue by considering more practical scenarios in which semi-trustable on-line proxy servers are available. As compared to existing schemes, our proposed solution enables the authority to revoke user attributes with minimal effort. We achieve this by uniquely integrating the technique of proxy re-encryption with CP-ABE, and enable the authority to delegate most of laborious tasks to proxy servers. Formal analysis shows that our proposed scheme is provably secure against chosen ciphertext attacks. In addition, we show that our technique can also be applicable to the Key-Policy Attribute Based Encryption (KP-ABE) counterpart.

Kaiping Xue,Na Gai,Jianan Hong,David S. L. Wei,Peilin Hong,Nenghai Yu

DOI: https://doi.org/10.1109/tdsc.2020.2987903

2022-01-01

Abstract:Under the assumption of honest-but-curious cloud service provider, various cryptographic techniques have been used to address the issues of data access control and confidentiality in public cloud storage. Among which, attribute-based encryption (ABE) has been shown to be an attractive scheme. Although the technique of ABE brings in various benefits, its onerous overhead should not be ignored. In this article, based on an improved LSSS (linear secret sharing scheme) matrix expression integrated in CP-ABE (Ciphertext-Policy Attribute-Based Encryption) algorithm, we present an efficient and secure attribute-based access control scheme for the scenarios where multiple data are shared and encrypted with frequently used sub-policies. In the scheme, a user can store the parameters about a specific sub-policy in his/her first decryption, which can be reused in the subsequent data decryptions whose embedded access policies include the same sub-policy so as to significantly reduce the computation cost. Our proposed scheme is proved to be semantically secure under chosen plaintext attacks and can well preserve the confidentiality of the data sharing system. Our analysis and experimentation also show that our scheme does significantly reduce the decryption time and while trades in only very little storage overhead, and thus effectively promotes the efficiency.

Ting Guo,Abdugeni Abduxkur,Nurmamat Helil

DOI: https://doi.org/10.1049/2024/6963475

2024-06-20

IET Information Security

Abstract:Ciphertext‐policy attribute‐based encryption (CP‐ABE) is a cryptographic scheme suitable for secure data sharing on cloud storage. The CP‐ABE based on lattice theory has the property of resisting quantum attack. Some data objects uploaded to the cloud by the same data owner may cause conflicts of interest, or their combination may expose sensitive information. This paper proposes a revocable CP‐ABE scheme on the lattice, based on ring learning with error (R‐LWE) problem, to enforce access control constraints on user access to such data objects. In this scheme, first, the access policies of such data objects are amended by adding dummy attributes. Second, we control the secret key components associated with the dummy attributes or revoke the dummy attributes to prevent users from continuously accessing specific parts or all data objects from this kind of data set. Finally, we carry on the efficiency and security analysis of the scheme. The analysis results show that the scheme is efficient and safe.

computer science, information systems, theory & methods

Praveen Kumar Premkamal,Syam Kumar Pasupuleti,P. J. A. Alphonse

DOI: https://doi.org/10.1007/s12652-018-0967-0

IF: 3.662

2018-08-14

Journal of Ambient Intelligence and Humanized Computing

Abstract:The foremost security concerns for big data in the cloud are privacy and access control. Ciphertext-policy attribute based encryption (CP-ABE) is an effective cryptographic solution for above concerns, but the existing CP-ABE schemes are not suitable for big data in the cloud as they require huge computation time for encryption and decryption process. In this paper, we propose a new verifiable outsourced CP-ABE for big data privacy and access control in the cloud. Our scheme reduces the computational overhead of encryption and decryption by outsourcing the heavy computations to the proxy server. Our scheme also verifies the correctness of the data along with the outsourcing computations. Further, our scheme limits the data access for a set of users instead of providing an infinite number of times data access, which is essentially required for commercial applications. In security analysis, we prove that our scheme is secure against chosen plain-text attack, collusion and proxy attacks. Performance analysis proves that our scheme is efficient.

computer science, information systems,telecommunications, artificial intelligence

Ningyu Chen,Jiguo Li,Yichen Zhang,Yuyan Guo

DOI: https://doi.org/10.1109/tc.2020.3043950

IF: 3.183

2022-01-01

IEEE Transactions on Computers

Abstract:Attribute-based encryption (ABE) is a preferred technology used to access control the data stored in the cloud servers. However, in many cases, the authorized decryption user may be unable to decrypt the ciphertext in time for some reason. To be on the safe side, several alternate users are delegated to cooperate to decrypt the ciphertext, instead of one user doing that. We provide a ciphertext-policy ABE scheme with shared decryption in this article. An authorized user can recover the messages independently. At the same time, these alternate users (semi-authorized users) can work together to get the messages. We also improve the basic scheme to ensure that the semi-authorized users perform the decryption tasks honestly. An integrated access tree is used to improve the efficiency for our scheme. The new scheme is proved CPA-secure in the standard model. The experimental result shows that our scheme is very efficient on both computational overhead and storage cost.

engineering, electrical & electronic,computer science, hardware & architecture

A. Balu,K. Kuppusamy

DOI: https://doi.org/10.48550/arXiv.1011.0527

2010-11-02

Abstract:In Ciphertext Policy Attribute based Encryption scheme, the encryptor can fix the policy, who can decrypt the encrypted message. The policy can be formed with the help of attributes. In CP-ABE, access policy is sent along with the ciphertext. We propose a method in which the access policy need not be sent along with the ciphertext, by which we are able to preserve the privacy of the encryptor. The proposed construction is provably secure under Decision Bilinear Diffe-Hellman assumption.

Cryptography and Security

Xing Zhang,Cancan Jin,Cong Li,Zilong Wen,Qingni Shen,Yuejian Fang,Zhonghai Wu

DOI: https://doi.org/10.1007/978-3-319-28865-9_27

2015-01-01

Abstract:To ensure the security of sensitive data, people need to encrypt them before uploading them to the public storage. Attribute-based encryption (ABE) is a promising cryptographic primitive for fine-grained sharing of encrypted data. However, ABE lacks user and authority accountability. The user can share his/her secret key without being identified, while key generation center (KGC) can generate any user’s secret key. In this paper, we propose a practical large universe ciphertext-policy ABE (CP-ABE) with user and authority accountability in the white-box model. As embedding the user’s identity information into this user’s secret key directly, the trace stage has only O(1) time overhead. The property of accountability is proved against the dishonest user and KGC in the standard model. We implement our scheme in Charm. Experiments show that CP-ABE of Rouselakis and Waters in CCS 2013 is enhanced in user and authority accountability by our method with small computational cost.

Yuzhao Cui,Qiong Huang,Jianye Huang,Hongbo Li,Guomin Yang

DOI: https://doi.org/10.1007/978-3-030-14234-6_24

2018-01-01

Abstract:In the cloud era people get used to store their data to the cloud server, and would use encryption technique to protect their sensitive data from leakage. However, encrypted data management is a challenging problem, for example, encrypted data classification. Besides, how to effectively control the access to the encrypted data is also an important problem. Ciphertext-policy attribute-based encryption with equality test (CP-ABEET) is an efficient solution to the aforementioned problems, which enjoys the advantage of attribute-based encryption, and in the meanwhile supports the test of whether two different ciphertexts contain the same message without the need of decryption. However, the existing CP-ABEET schemes suffer from high computation costs. In this paper, we study how to outsource the heavy computation in CP-ABEET scheme to a third-party server. We introduce the notion of CP-ABEET supporting outsourced decryption (OCP-ABEET), which saves a lot of local computation loads of CP-ABEET. We propose a concrete construction of OCP-ABEET, and prove its security based on a reasonable number-theoretic assumption in the random oracle model. Compared with the existing CP-ABEET schemes, our scheme is more computationally .

Maryam Almarwani,Boris Konev,Alexei Lisitsa

DOI: https://doi.org/10.48550/arXiv.2209.15103

2022-09-29

Cryptography and Security

Abstract:Data encryption limits the power and efficiency of queries. Direct processing of encrypted data should ideally be possible to avoid the need for data decryption, processing, and re-encryption. It is vital to keep the data searchable and sortable. That is, some information is intentionally leaked. This intentional leakage technology is known as "querying over encrypted data schemes", which offer confidentiality as well as querying over encrypted data, but it is not meant to provide flexible access control. This paper suggests the use of Ciphertext Policy Attributes Based Encryption (CP-ABE) to address three security requirements, namely: confidentiality, queries over encrypted data, and flexible access control. By combining flexible access control and data confidentiality, CP-ABE can authenticate who can access data and possess the secret key. Thus, this paper identifies how much data leakage there is in order to figure out what kinds of operations are allowed when data is encrypted by CP-ABE.

Hao Wang,Bo Yang,Yilei Wang

DOI: https://doi.org/10.1109/waina.2015.11

2015-01-01

Abstract:Attribute-based encryption (ABE) is a type of public key encryption that allows users to encrypt and decrypt messages based on user attributes. One drawback is that encryption and decryption computational costs scale with the complexity of the access policy or number of attributes. In practice, this makes encryption and decryption a possible bottleneck for some applications. In this work, we aim to mitigate this problem for cipher text-policy ABE (CP-ABE). We introduce the serve raided CP-ABE (SA-CP-ABE) system. In this system, users can precompute an intermediate cipher text before actual encryption to improve efficiency, and stores it on its storage server. Before decryption, user can call its computing server to transform the ciphertext to the partially decrypted ciphertext. This is significant for mobile devices to save local storage resources and computational resources. Then, we propose an SA-CP-ABE scheme, and prove its security in the standard model.

Yuzhao Cui,Qiong Huang,Jianye Huang,Hongbo Li,Guomin Yang

DOI: https://doi.org/10.1093/comjnl/bxz036

2019-01-01

The Computer Journal

Abstract:Thanks to the ease of access and low expenses, it is now popular for people to store data in cloud servers. To protect sensitive data from being leaked to the outside, people usually encrypt the data in the cloud. However, management of these encrypted data becomes a challenging problem, e.g. data classification. Besides, how to selectively share data with other users is also an important and interesting problem in cloud storage. In this paper, we focus on ciphertext-policy attribute based encryption with equality test (CP-ABEET). People can use CP-ABEET to implement not only flexible authorization for the access to encrypted data, but also efficient data label classification, i.e. test of whether two encrypted data contain the same message. We construct an efficient CP-ABEET scheme, and prove its security based on a reasonable number-theoretic assumption. Compared with the only existing CP-ABEET scheme, our construction is more efficient in key generation, and has shorter attribute-related secret keys and better security.

Chao Luo,Jiaoli Shi,Minchen Xie,Chao Hu,Lihua Wang,Zhuolin Mei,Shimao Yao,Hui Li

DOI: https://doi.org/10.1007/978-981-97-0942-7_22

2024-01-01

Abstract:Traditional CP-ABE (Ciphertext-Policy Attribute-Based Encryption) schemes require the access policy to be uploaded to the cloud along with the ciphertext, but access policies often also involve some private information, which can lead to privacy leakage. Moreover, the decryption cost of the traditional CP-ABE scheme is too high, which is not suitable for source-limited end devices, such as medical monitoring terminals. To achieve policy hiding, decryption lightening, and high expressiveness of access policy all at the same time, we present a new CP-ABE scheme, in which a PBF (Path Bloom Filter) is designed based on ROBDD (Reduced Ordered Binary Decision Diagram). The ROBDD, as the access structure, can provide more vital and more flexible expressiveness. Then the PBF can hide the access policy, reduce the decryption cost, and accelerate the decryption speed. Analysis and simulation study show that our proposed scheme is secure under Decisional q-BDHE assumption and superior to previous schemes concerning computational cost.

Jiguo Li,Yichen Zhang,Jianting Ning,Xinyi Huang,Geong Sen Poh,Debang Wang

DOI: https://doi.org/10.1109/tcc.2020.2975184

IF: 5.697

2020-01-01

IEEE Transactions on Cloud Computing

Abstract:The pervasive, ubiquitous, and heterogeneous properties of IoT make securing IoT systems a very challenging task. More so when access and storage are performed through a cloud-based IoT system. IoT data stored on cloud should be encrypted to ensure data privacy. It is also crucial to allow only authorized entities to access and decrypt the encrypted data. In this article, we propose a ciphertext-policy attribute-based encryption (CP-ABE) scheme that enables fine-grained access control of encrypted IoT data on cloud. CP-ABE is regarded as a highly promising approach to provide flexible and fine-grained access control, which is quite suited to secure cloud based IoT systems. We first present an access control system model of CloudIoT platform based on ABE. Based on the presented system model, we construct a ciphertext-policy hiding CP-ABE scheme, which guarantees the privacy of the users. We further construct a white-box traceable CP-ABE scheme with accountability in order to address the user key abuse and authorization center key abuse. Experiment illustrates the proposed systems are efficient.

computer science, information systems, theory & methods

Kaiping Xue,Weikeng Chen,Wei Li,Jianan Hong,Peilin Hong

DOI: https://doi.org/10.1109/tifs.2018.2809679

IF: 7.231

2018-01-01

IEEE Transactions on Information Forensics and Security

Abstract:People endorse the great power of cloud computing, but cannot fully trust the cloud providers to host privacy-sensitive data, due to the absence of user-to-cloud controllability. To ensure confidentiality, data owners outsource encrypted data instead of plaintexts. To share the encrypted files with other users, ciphertext-policy attribute-based encryption (CP-ABE) can be utilized to conduct fine-grained and owner-centric access control. But this does not sufficiently become secure against other attacks. Many previous schemes did not grant the cloud provider the capability to verify whether a downloader can decrypt. Therefore, these files should be available to everyone accessible to the cloud storage. A malicious attacker can download thousands of files to launch economic denial of sustainability (EDoS) attacks, which will largely consume the cloud resource. The payer of the cloud service bears the expense. Besides, the cloud provider serves both as the accountant and the payee of resource consumption fee, lacking the transparency to data owners. These concerns should be resolved in real-world public cloud storage. In this paper, we propose a solution to secure encrypted cloud storages from EDoS attacks and provide resource consumption accountability. It uses CP-ABE schemes in a black-box manner and complies with arbitrary access policy of the CP-ABE. We present two protocols for different settings, followed by performance and security analysis.

Zhaoqian Zhang,Jianbiao Zhang,Yilin Yuan,Zheng Li

DOI: https://doi.org/10.1109/jiot.2021.3117378

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:As the public cloud becomes one of the leading ways in data-sharing nowadays, data confidentiality and user privacy are increasingly critical. Partially policy-hidden ciphertext policy attribute-based encryption (CP-ABE) can effectively protect data confidentiality while reducing privacy leakage by hiding part of the access structure. However, it cannot satisfy the need of data sharing in the public cloud with complex users and large amounts of data, both in terms of less expressive access structures and limited granularity of policy hiding. Moreover, the verification of access right to shared data and correctness of decryption are ignored or conducted by an untrusted third party, and the prime-order groups are seldom considered in the expressive policy-hidden schemes. This article proposes a fully policy-hidden CP-ABE scheme constructed on linear secret sharing scheme (LSSS) access structure and prime-order groups for public cloud data sharing. To help users decrypt, hidden vector encryption (HVE) with a "convert step" is applied, which is more compatible with CP-ABE. Meanwhile, decentralized credible verification of access right to shared data and correctness of decryption based on blockchain are also provided. We prove the security of our scheme rigorously and compare the scheme with others comprehensively. The results show that our scheme performs better.

computer science, information systems,telecommunications,engineering, electrical & electronic